This document discusses challenges around end-user computing (EUC) applications and provides guidance on controlling and managing them. It notes that while EUCs provide benefits like flexibility, they can be difficult to manage and control effectively. It then provides objectives for EUC control, such as maintaining an inventory of applications and appropriately managing security, development, and data validation for critical applications. Finally, it outlines steps for assessing EUC control, including reviewing areas like validation, access control, backup procedures, and input controls. The overall purpose is to help organizations better govern user-developed applications and safeguard the reliability of information and financial reporting.

1. END USER
COMPUTING (EUC)
END-USER COMPUTING APPLICATIONS (EUCS)
CONTINUE TO PRESENT CHALLENGES FOR
ORGANIZATIONS.
Jashisha K Gupta

2. CHALLENGES & OPPORTUNITIES
• EUCs provide a great benefits:
• allowing users to directly manage, control, and manipulate
data;
• quickly deploy solutions in response to shifting market and
economic conditions, industry changes, or evolving
regulations; and
• help plug functionality gaps for ERP systems.
• Challenging to manage and control effectively.
• User-developed and user-controlled applications, are not
subject to the same development, monitoring, and
reporting rigor and control as traditional applications.
• Management lacks visibility into exactly how pervasive
the use of EUCs has become throughout the enterprise.
Jashisha K Gupta

3. WHY EUC CONTROL ?
• In the financial reporting process, through closing
entries or preparing financial statements, sometimes
users establish a business system using by spreadsheet
software, and operate it by themselves (calculating,
aggregating, analyzing and processing numeric data for
the closing and consolidation process). In this case, it is
a purpose of ‘EUC control’ to assure the reliability of
financial reporting through verification of calculation
program, calculation result, access control, backup
control, etc.
• Concerning EUC, it is necessary to evaluate the following
points.
If spreadsheet are used to prepare supporting documents for
financial reporting, the accuracy of macros, calculation
formulas, etc., embedded in the spreadsheets are verified.
If the accuracy of the macros, calculation formulas, etc., can
not be properly verified, alternative or compensating
procedures, such as manual calculations, are performed.
Jashisha K Gupta

4. EUC – CONTROL OBJECTIVES
• The inventory of organization’s end user computing
applications is appropriately managed in accordance with
established policies to ensure it remains complete,
accurate, and valid.
• Organization’s critical end user computing applications
are appropriately managed during the storage process to
ensure data remains complete, accurate, and valid.
• End user computing application security is appropriately
implemented and administered to protect against
unauthorized modifications that can result in incomplete,
inaccurate, or invalid processing or recording of
information.
• Critical end user computing applications containing
sensitive (private, confidential) information are
Jashisha K Gupta

5. EUC – CONTROL OBJECTIVES
• New (or changes to) critical end user computing
applications are appropriately developed to ensure
applications are functioning as intended and to minimize
the likelihood of inappropriate alterations and errors in
order to ensure complete, accurate, and valid processing
and recording of information.
• Changes to critical end user computing applications are
appropriately implemented to ensure complete, accurate,
and valid processing and recording of recording of
information.
• End user computing applications are subject to a robust
data and processing validation process to ensure
completeness, accuracy and validity of data.
Jashisha K Gupta

6. EUC – CONTROL OBJECTIVES
Jashisha K Gupta

7. EUC CONTROL ASSESSMENT
STEPS
• Listing up End Under Computing
• Assessment of Listed EUC with reference to
following area: Validation
Safeguard of
Program
Backup
Access control
Protection of
worksheet
Saved folder of
original file
Performance of validation
Retention of
revision history
Version control
clarification of
operation and
input procedure
Input Control
Backup of program
information
Periodical backup
1. Files should be
protected by
password, or
2. Files should be
reside in controlled
folder so that only
privileged user can
access the file.
1. Files should be
protected from
unintentional
change of
calculation formula
and other
structures by
protection of sheet
or cell.
1. Files should be
saved only in
common folder. It
is prohibited to
save in personal
PC.
1. After clarification of
reviewing procedure, it
should be performed to
review file, for example,
certification of summarize
range, cross check of row
and column, reviewing
modification of calculation
formulas.
2. If it is too difficult to
review an file / Programs
because of complicated
calculations or macros, the
detailed design of the
macros and calculation
formulas should be verified
and documented.
1. In order to clarify
changes made to
file, the revision
history of
calculation
formulas and
macros should be
documented and
maintained.
1. Creation or
modification date of
calculation
formulas or macro
should be clearly
displayed on file or
changes histry file
so that tracking
canbe done.
1. Instructions to
users(e.g., how
to operate and
input data into the
file) should be
clarified and kept
up to date.
1. Consider whether
data input check is
necessary.
2. Implementing data
input check, its logic
and design should
be clearly defined
and documented.
1. Information necessary
to reconstruct file /
program should be
documented and
maintained. The
information includes, but
not limited to:
- source of information,
- explanation of calculation
formulas,
- explanation of relation of
link etc,
- explanation of MACRO,
- definition of DB table and
- explanation of query.
1. Backup should
be performed
periodically in order
to prevent troubles.
Security
Verification of calculation's
accuracy
Master file management
Jashisha K Gupta

8. Take remediation to identified deficiencies
Thank you
Jashisha K Gupta