In today’s technology realm, despite large amounts of money being spent on both corporate financial reporting systems and banking MIS systems, the majority of both environments are still heavily populated with spreadsheets, macros, CSVs. There has been a rapid growth in organizations seeking to establish control over business-critical spreadsheets, Excel Macros and MS Access databases – collectively called End User Computing (EUC) or User Developed Applications (UDA) or End User Developed Applications (EUDAs). Why? Simply because there is a sharp increase of high profile instances of data mismanagement and fraud. These EUDAs are seen as an incubator for compounding issues leading to an avalanche of misinformation. There is an intense focus on data management by banks and insurers, particularly in light of Basel III, Solvency II and other regulatory norms.
In this global scenario the Reserve Bank of India has formulated IT Vision 2011-2018. This IT Vision of RBI demands the BFSI Sector in India to put more emphasis in areas like Data Governance. The implementors of this IT vision (the auditors and regulators), on an operational mode, really want to ensure that the end users have –
- A better understanding of what these spreadsheets and macros do for their routine operations
- A better operational mode
- An awareness of pitfalls
- A clear audit trail (a tamper proof record of changes)
- Version control
- Segregation of duties
- Code checking
- Testing and maintainability
Many industry experts, who have made efforts to do a root cause analysis have reported that the sudden surge of EUDAs was primarily due to –
- Quality - Systems not being flexible enough to provide the reports that they really need
- Time - More time needed to facilitate the development, testing, deployment and other complexities within IT security practices
Resources - Availability of resources who can understand the real need and give ‘what they want’ and not just ‘what they might want’
Having this in mind, KGiSL has invested its best of resources to come out with a Controlled - User Developed Application – Automation Framework (CUDAAF). CUDAAF is a simple, fit-for-purpose automation framework that is capable of facilitating software development by allowing designers and programmers to devote their time to meeting the user’s real requirements rather than dealing with the more standard low-level details of providing a working system, thereby reducing overall development time. In simple terms CUDAAF is an application by itself.
CUDAAF provides you with
- Logic documentation
- Access control
- Backups and archival
- Change control
- Logic inspection
- Version control
- Security and integrity of data
Ultimately, a better (and dependable) decision making through better data governance.
In addition to providing robust, performing, and maintainable applications, CUDAAF proves to be more cost effective by reducing the development-testing-implementation time by nearly 50%. CUDAAF can addresses requirements ranging from audit and control, through to rich data analysis, reconciliation and validation. This ensures control way beyond a specific spreadsheet or other types of user developed application, bringing integrity and efficiency across complete, end-to-end business processes.
Call for a demo: To begin on a journey towards control of Spreadsheets and EUDAs, contact info@KGiSL.com
- Change Control- A complete dashboard of applications, changes made are maintained. Reports are configured for any changes made to the logics.
- Version Control- Provides automated version control for all files & formats (Input/output). The version of computation logics also can be maintained.
- Access Control- Access to the applications is provided on a ‘need to access’ basis. Changes to access controls lists are also traceable.
- Input Control- All inputs can be validated and monitored against definable tolerance levels.
- Security and Integrity of Data- Provides facility to ensure user authentication, function specific access controls, maker/checker facility, transactional integrity, ACID compliance.
- Documentation- Facilitates the preparation of documentation on the objectives and functions of the spreadsheet and ensures that it is maintained.
- Backups- Backup is automated as part of the version control process for the applications.
- Archiving- Files may be archived according to corporate retention policies in a protected, segregated location as defined by the user (IT Personnel).
- Logic Inspection- Independent logic analysis.
- Segregation of Duties- Procedures such as ownership, escalation and multi-level sign-off are supported.
- Modular and highly scalable
- Enhanced security and control
- Higher productivity
- Cost effective
- Lower risk
- Easily integrated
- Reduced testing and debugging
- Rapid development