Live Demo

Frequently Asked Questions about EUC’s

  • What is End User Computing (EUC)?
    • EUCs are the applications used by people who may or may not have a technical background to accomplish tasks within the environment of their organization.
  • What are the different types of EUCs?
    • EUC’s refer to systems in which non-programmers can create working applications. Some common types of applications include:
      • Spreadsheets
      • Databases
      • Programming/Scripting Tools
      • BI Tools
      • Workflow Automation Apps
  • Can EUCs help reduce IT costs?
    • They can if they are implemented properly and overseen by the organization. Hardware costs can be mitigated by allowing end-users to access shared computing and storage capabilities. Once applications are migrated into the EUC environment, only 1 person is required to take ownership of the application, potentially saving considerable costs.
  • What are the risks involved in EUCs?
    • While EUCs are largely a net positive, unmanaged EUCs can pose a significant risk to organizations. This is especially true for highly regulated industries. Some risks of unmanaged EUCs include:
      • Lack of testing
        • EUCs are built by users and thus are largely outside of the QA requirements for purpose-built enterprise software. For instance, models built in Excel Spreadsheets can be highly susceptible to human errors, logical errors, faulty formulas, and pulling data from incorrect places. Essential data used by EUCs can also bypass a testing procedure, contributing to “garbage in, garbage out”.
      • Lack of version and change control
        • Lack of version control can adversely affect the decision making and reporting capabilities at the management level, leading to financial and reputational losses, in addition to potential fines and regulatory non-compliance. When employees can each be working on their own version of a file, it becomes imperative that teams and management can be able to reference a “Single point of truth” for essential data that drives decisions and gets reported to regulators and stakeholders.
      • Lack of documentation and “key-person” dependencies
        • By nature, EUCs can be developed by the people working with them. Unlike traditionally developed software, that means that working or build docs may not be present. Over time, this can mean that an EUC that becomes critical to the organization can only be understood by one person, exposing the organization to risk if that person leaves the team for any reason.
      • Lack of security
        • EUCs can contain sensitive information like PII, confidential data, and other sensitive information. Unauthorized access can at best, lead to someone viewing something they shouldn’t be able to and at worst, allow them to alter or steal data. “Shadow IT” comes into play here as well, since those applications are operating inside of the environment and can potentially be allowing data to flow outside of the organization since IT did not know they were there in the first place, thus not subject to the same controls as other software tools.
      • Lack of audit trail
        • An audit trail allows organizations and regulators to easily identify sources of errors. This is important not only for internal use but many regulators are increasingly requiring organizations to prove data lineage from source to output. Failure to produce these trails can lead to penalties and fines.
      • Costs of manual controls
        • Manually controlling EUC inventories is incredibly costly on the personnel level. When organizations rely on thousands of EUCs and have teams of hundreds of people working on them, IT can easily be overwhelmed with controlling and managing all those systems. Without automation, manual controls open up the management side of the operation to human errors as well. In addition to a formula error produced by an end-user, processes such as versioning, access, and more can wind up compromised. Without automation, controls can also be subject to a lack of standardization throughout the organization.
  • How can these risks be managed?
    • The simplest answer to this question is that EUC risks can be effectively mitigated through a combination of automation and procedure/policy modification. Incisve’s Automated Governance Suite can address issues such as discovering what EUCs or “Shadow IT” applications are currently operating unmanaged and migrating the entire existing EUC inventory to a unified control dashboard, where every spreadsheet and application can owned by a “single point of truth”.

At Incisive Software, we’re committed to helping organizations build a strong foundation for success based on accurate and trustworthy data. With the growing reliance on End User Computing assets, open-source tools, and complex spreadsheets, the risks of data errors and mismanagement have become greater than ever before. We’re dedicated to providing innovative solutions that empower organizations to reduce their exposure to these risks, improve data quality and enable confident decision-making. By combining automation, modern technologies, and proven practices, our solutions bring greater accuracy, control, and insight to the management of an organization’s most complex, critical, and sensitive data resources. To learn more, please visit https://www.incisive.com

Resources

A Framework for Shadow IT

In the high-stakes environment of regulated industries, the tension between workforce agility and IT control often manifests as “Shadow IT”, that can introduce critical risks

Mitgate Risk. Accelerate Innovation.
Grow Opportunities. With Incisive Software.

Free Trial
Live Demo