End-user computing tools (EUC) are those that give anyone the power to build or modify an application. It can be as simple as recording a macro or entering a formula, and as complex as writing detailed scripts or using a drag-and-drop programming interface. But, whatever the method, EUC turns end users into citizen developers who can build and execute easily repeatable tasks and processes.
Common EUC tools include spreadsheets such as Google Sheets and Microsoft Excel, databases, reporting tools such as Tableau, and more. Generally, these applications are used outside of core IT systems and are used across the enterprise for financial computations, data collection and cleansing, financial and regulatory reporting, and much more. It’s no wonder they’re frequently referred to as “shadow IT.”
Where EUC Adds Risk
EUC tools stand out from disconnected and inflexible core systems precisely because they are nimble, efficient, and easy to use. That’s why they’re ubiquitous in today’s modern workplace and which enterprises have no choice but to support. Financial Services Institutions (FSI) are no different, and maybe even more tied to the usability and flexibility of EUCs since they are used so heavily for financial calculations, reporting, and data analysis.
EUCs do, however, pose important risks and challenges, especially if your enterprise lacks on-going governance to detect granular process execution from such applications. The lack of governance introduces immense risk with EUCs that are complex, generate critical data, or are used to make business decisions. Undetected errors, incorrect computations, and inaccurate reports can result in poor decisions, operational losses, and regulatory scrutiny and fines.
But is this really a risk FSIs should care about? A large global bank was recently fined over $400 million by the regulators. The ruling pointed to the institution’s failure to implement and maintain an enterprise-wide risk management and compliance program, adequate internal controls, or a data governance program commensurate with the bank’s size, complexity, and risk profile.
Determining Your EUC Exposure
The goal is not to start finding and eliminating EUCs, since that is nearly impossible and counterproductive. Instead, FSIs must begin to explore where operational issues are cropping up, and then begin drilling down to determine if EUCs are at the core of those issues.
Here are a few areas where FSIs can start to dig into their exposure to EUC-induced risk:
- Reporting Delays: Are manual processes and workarounds causing delays in producing critical reports important to the management?
- Late Regulatory Reports: Are delays in regulatory reporting submissions due to lack of standardized processes, disconnected applications, and legacy systems?
- Underperformance: Have there been operational losses or near misses due to manual and complex processes?
- Bad Decisions: Are there recurring instances of sub-optimal decisions being made due to incorrect reports, inaccurate data, and/or incorrect financial calculations?
- Governance: How do you ensure effective governance and controls over identification and management of EUC tools?
- Data Integration and Hygiene: Is your team spending too much time manually collecting, cleansing, and transforming data before it enters a process?
Mitigating EUC Risk with Microsoft and FortressIQ
Across business and support functions, anecdotal evidence shows nearly half of workers’ time can be spent in collaborative applications, such as email, spreadsheets and databases, chat, and others. These are all considered EUCs, and they produce a large amount of unstructured data which is manually collected, shared, and transformed to execute tasks and processes. While enterprises spend millions of dollars annually on core applications, it’s within these EUC tools that most of your critical day-to-day work happens.
But, while these office productivity applications enable flexibility, they lack the rigor and structure of core systems and applications. Therefore, they cannot generate the click-level data logs and rigidity that legacy applications offer. To discover how your enterprise is using EUCs requires either slow, expensive, manual process discovery, or something more modern.
FortressIQ combines AI and computer vision to capture and discover relevant process data, even within EUCs. This is human-level observability that brings the required context and meaning to organizational process data. It’s called process intelligence, and can be used to automatically discover, map, model, and document the granular details behind every digital process executed across every application. EUCs included.
Once you’ve used FortressIQ to decode how your business works, across your entire organization, you have the power to automate data flow and processes, increase compliance and controls, and substantially reduce operational risks with Microsoft Power Apps. The combination enables you to quickly build the custom, no-code applications needed to ensure both flexibility and control, while removing the risks of redundant, tedious, and error-prone tasks.
5 Ways to Use Process Intelligence
Process intelligence provides visibility into how your business runs. Not how it’s supposed to run, but how it actually runs. This gap creates immense amounts of risk, all of it unknown unless you can capture an accurate as-is picture of your enterprise.
Here are just a few ways FSIs are leveraging FortressIQ to reign in their EUC risk:
- Intelligent SOPs. FortressIQ documents processes at the most granular level provides the basis for automatically created process detail documentation (PDDs).
- Automation. FortressIQ surfaces repeatable, predictable tasks and the variations of how tasks are executed by different users. The insights are an automation generator at scale when coupled with Microsoft Power Apps.
- Strategic Insights. FortressIQ creates an organizational blueprint to inform decisions on system usage, employee experience, application interconnectedness, third-party vs. in-house applications, digital strategy, data governance, and more.
- Strengthening Internal Controls. Process intelligence delivers granular insights to identify and manage risks by reducing dependence on EUCs or through automation with Microsoft Power Apps.
- System Optimization. Process intelligence delivers macro insights to spot process slowdowns and bottlenecks, opportunities for enhanced decision-making, and areas where the employee experience can be improved through automation with Microsoft Power Apps.
To learn more about process intelligence for FSIs, read how it accelerates GRC efforts and how it helps to transform BSA/AML and KYC.