End user computing (EUC) encompasses files utilised outside dedicated applications for computation or record-keeping, such as MS spreadsheets, MS-Access files, and application-generated files like those from Alteryx or Anaplan. These files can be stored either offline on user desktops or online on SharePoint or other cloud-hosted destinations.

Many organisations have several end user computing files that lack proper control, housing sensitive and confidential information. Despite the potential regulatory and reputational risks associated with these files, organisations are often unprepared to address the complexities surrounding EUC governance.

Why is effective management of end user computing critical?

  • EUCs frequently lack essential controls for data and processing integrity, making them susceptible to errors.
  • When employed in financial data processing, EUCs can significantly elevate the risk of misstatements in statutory or regulatory financial reporting. This risk is heightened when EUCs are owned upstream of finance, potentially with less awareness of how their outputs are utilised.
  • EUCs may handle sensitive data, and inadequate management could result in breaches of data privacy regulations such as General Data Protection Regulation (GDPR) in Europe or Digital Personal Data Protection Act in India (DPDPA). Poor oversight of critical data on EUC devices may lead to non-compliance and penalties.
  • Compromised or mishandled EUCs, leading to data breaches or privacy violations, can undermine trust in the organisation's ability to protect sensitive information. This erosion of customer trust can result in a negative public perception and damage the overall reputation of the organisation.

How Grant Thornton Bharat can help?

Grant Thornton Bharat brings in tried and tested models for assessment and execution, coupled with thought leadership and an experienced team of professionals. We leverage technology alliances, employing a proven model for implementation and integration. Our approach is questionnaire-based, supported by templates and frameworks for efficient execution.

Key design principles

1.

EUC Policy

Define the boundaries of EUC management by setting guidelines, rules, and protocols to govern the storage of crtical information.

  • What is EUC for an organisation?
  • Location restrictions, if any
  • Critical information list (High, medium vs low)
  • Review and approval mechanism
  • EUC demise policy
2.

Visibility

Implement processes that enable continuous monitoring of End-User Computing (EUCs) across various user groups, both online and offline.

  • Audit control on EUC movement
  • Data changes
  • Hygiene alerts (Formula errors, unlinked pivots, in-active tabs)
  • Data linkages
  • Worflow for change approval
3.

Control and monitoring

Create a monitoring workgroup that not only notifies about critical changes but also manages behaviour.

  • Analytics to support monitoring
  • Workflow based exception management
  • Regular candence to track action items
  • Constant review

Our EUC solution model

We have also collaborated with Apparity, a leading EUC data governance platform to effectively manage and co-deliver end-to-end IT & finance solutions.

Apparity's EUC management tool integrates cutting-edge technology with personalised customer support, ensuring seamless end-to-end integration and optimised performance for businesses navigating complex end-user computing environments.

Systematic EUC Identification

Systematic identification and data collection of high-likelihood EUCs.

EUC Inventory and Reporting

Gather and maintain relevant EUC data and controls tracking.

Manage and remediate EUC Risk

Reduce EUC Risk and the burden on users through automated controls.

Our leaders

Suresh Venkatesan

Suresh Venkatesan

Partner – FS Consulting/ Transformation
Chennai
View full profile
Vinay Shukla

Vinay Shukla

Executive Director - FS Consulting
Gurugram
View full profile