Gaining Control Over End User Computing
Increased Pressure to Control Spreadsheets and Documents
[tabs style=”default”] [tab title=”Executive Summary”]
Use of end user computing applications such as spreadsheets, emails, and other document types has revolutionized how technology creates value for organizations. However, this brings a significant challenge to govern and control information and technology in a distributed and dynamic environment. Organizations are facing increased pressures from regulators and auditors to ensure that they have adequate controls over end user computing applications, particularly spreadsheets used in accounting and finance processes. This specifically has caught the attention of the Public Company Accounting Oversight Board (PCAOB) and external auditors. This scrutiny is leading to new SOX failings for companies that had previously had no such failings. Organizations face a challenge: spreadsheets are a strategic, useful, and flexible business application but require significant amounts of checking and review to mitigate errors and risk. Despite these challenges and risks, many organizations lack a thorough understanding of end-user computing solutions that present a risk to an organization’s financial reports. In a recent GRC 20/20 survey of 109 organizations, nearly half of organizations responding (49%) state they do not have a grasp on end user computing risks and controls in their environment impacting financial reporting. In context of this increased pressure from tougher audit standards, most organizations (60%) responding to the survey state they are undertaking new process and technology improvements to address end user computing controls. This indicates significant changes within organizations to gain control over spreadsheets and documents that are used in financial and accounting processes. GRC technologies that discover, monitor, and enforce control of end user computing solutions are a key component of how to address this growing need.
[/tab] [tab title=”Table of Contents”]
- Pervasiveness of End User Computing Brings Risk
- Specific Challenges and Risks in the Use of Spreadsheets
- Increased Pressure to Gain Control over End User Computing
- GRC 20/20’s Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.