Increasing GRC Demands and Efficiency Imperatives Will Make End User Computing Risk Management an Important Consideration in 2017

Henry Umney, Director, ClusterSeven, highlights his views on the technology trends in the banking and financial services sector in 2017:

• CFOs will drive transformation to align EUC models and enterprise systems

With ever-growing financial regulation, CFOs are under increasing pressure to demonstrate with certainty that they have full knowledge of data sources used for reported statements, to rule out errors and misreporting. However, due to the ubiquitous, uncontrolled and unmonitored use of spreadsheets and end user computing (EUC) applications, many CFOs are struggling to offer such cast-iron guarantees. In 2017, CFOs will drive transformation initiatives to align and integrate EUC models with enterprise systems to achieve end-to-end transparency of business-critical processes – right from the creation of an EUC application by a user, visibility of data lineage between EUCs through to its retirement in the corporate system.

• Tangible efficiency-led cost savings will drive automation of business critical financial and compliance processes

With a vast number of day-to-day, but critical operational business processes, being undertaken in often poorly undocumented spreadsheets, the benefits accrued to users is reaching a tipping point whereby the very reasons for using such EUC applications – i.e. flexibility, agility, efficiency and productivity – are negating as they are becoming a drain on the time and resources of users. The latest ClusterSeven survey report entitled, ‘The Spreadsheet is Here to Stay’, finds that internal audit, finance, compliance and risk management professionals spend, on average, 43% of their time monitoring and validating information on spreadsheets. Those in management, spend closer to 47% of their time on this activity. With the use of spreadsheets for business-critical processes slated to grow over the next two years, financial institutions will look to streamline and automate the management of the financial and compliance processes in the EUC environment to optimise the efficiency and productivity gains such applications genuinely offer; and thereby make tangible financial savings as a result of reduced manual effort.

• EUC risk management will be a key component of broader GRC strategies of financial institutions

To deliver against stringent governance, risk management and compliance (GRC) reporting and management goals, financial institutions regularly deploy GRC solutions to understand the organisation’s overall operational risk posture. With many regulators demanding transparency around the ecosystem of EUC tools (e.g. BCBS239, CCAR, DFASR) that feed models, in 2017, financial institutions will look to make EUC risk management a key component of their broader GRC strategy. Presently, through enterprise GRC solutions alone, organisations are hampered in their ability to monitor the EUC landscape with the granularity that regulators are expecting.

• Momentum will build to move core financial and compliance processes to the secure cloud

Research shows that with the adoption of Microsoft Office 365 in business, a large amount of sensitive data is already (and perhaps inadvertently) stored in the cloud. With employees now collaborating on critical spreadsheets via the cloud, the proliferation of uncontrolled EUCs will likely increase. To meet workforce demands of 24x7 anytime, anywhere and from any device access to business information, financial institutions will be compelled to devise and execute on a broader cloud strategy, in order to formally move business critical spreadsheet and EUC-related operational processes to the secure cloud.