masventa euc-governance-risk-compliance-business-analysis-march-2014
DESCRIPTION
Governance, Risk and Compliance for large Excel and Access landscapesTRANSCRIPT
Tel. +49 2404 91391 0
Fax +49 2404 91391 31
www.masventa.de
IIBA®, the IIBA® logo, BABOK® and Business Analysis Body of Knowledge® are registered trademarks owned by International Insti tute of Business Analysis. CBAP® and the CBAP® logo are registered certification
marks owned by International Institute of Business Analysis. Certified Business Analysis Professional™, EEP™ and the EEP™ logo are trademarks owned by International Institute of Business Analysis. Certification
of Competency in Business Analysis™, CCBA™ and the CCBA™ logo are trademarks owned by International Institute of Business Ana lysis.
End User Computing & Business Analysis Management of large Excel landscapes with Business-oriented Requirements Management
Rainer Wendt, CBAP, PMP, March 2014, v1.1
End User Computing & Business Analysis 2
Agenda
Brief company profile
Introduction to End-User-Computing
The EUC Dilemma
The EUC Management Approach
Business Analysis for End User Computing
Solutions and Tools in Action
Conclusion
End User Computing & Business Analysis 3
masVenta Business GmbH – Brief Profile
Established in 2007
Located in Aachen, Germany
Owner Rainer Wendt, PMP, CBAP
Training and Consultancy in Business
and Technology. Projects in Banking,
Energy, Telecom and Hi-Tech…
Business Analysis
Business-driven Requirements
Management and Communication
IIBA® Endorsed Education ProviderTM
Business Intelligence
BI-Requirements Analysis, Reporting
Data Warehousing, Performance
Management
Project Management
Successful Management of Projects by
applying Best Practices
Process Optimization
Sustainable Process Improvements by
satisfying Customer and Business Needs
End User Computing & Business Analysis 4
End-User-Computing - Definition
End User Computing (EUC) or User
Developed Applications (UDA) refers to
systems in which non-programmers can
create working applications
The majority of EUC is based on the
Microsoft Office applications Excel and
Access using VBA programming language.
End User Computing & Business Analysis 5
Why is EUC a „hot spot“?
End User Computing & Business Analysis 6
Are there any concerns?
Who is using
spreadsheets?
Which reports
depend on
spreadsheets?
What data is
maintained in
spreadsheets?
Who controls our
spreadsheets?
What impact can
spreadsheet errors
have?
Do I really
know?
End User Computing & Business Analysis 7
EUC Stakeholder Needs
Source: ClusterSeven, Inc. Used with permission
End User Computing & Business Analysis 8
The EUC Dilemma
End U
sers
IT
GR
C
End User Computing & Business Analysis 9
The EUC Dilemma End Users need quick solutions but they cannot wait for IT projects
On the long-term, End Users are unable to cope with the complexity of
spreadsheets if they are not fully dedicated to programming
Typical situation: When an “End-User-Programmer” leaves the department,
nobody is there to look after the application anymore. Risk!
End User developed applications are mostly not compliant, audit findings are
very likely and can cause a lot of additional work in Business
IT does not consider End User applications “real” applications, but in fact they
are used in all Business departments – sometimes more than Core-IT
IT Application support with its Core applications does not look closer on the
Business processes which use spreadsheets – it’s-not-our-job-mentality
Level 1 Support cannot help with VBA issues as they are not trained for that
IT would like to get rid of the unsupported VBA applications but they cannot as
Business is not willing to resign
Governance, Risk & Compliance needs to make sure that laws and policies
are met, e.g. Sarbanes Oxley Act, Basel, Solvency II and many more.
Without EUC inventories and compliancy processes neither GRC nor external
auditors are able to assess the risks of End User Computing
EUC without control is a “hot spot” for auditors and will for sure lead to findings
If these audit findings are not handled properly, companies can be forced to
(partly, temporarily, completely) stop their Business!
End U
sers
IT
G
RC
End User Computing & Business Analysis 10
The EUC Management Approach
Locate all EUC
applications
Create a
company-wide
Inventory
Classify
spreadsheets
Continuously
run this process
Business
Criticality
Financial &
Operational
Risks
SDLC
Processes
Compliancy
Issues
Clarify roles
Establish
approval
processes
Set standards
Log all changes
Separate data
and code
Consider re-
design of large
EUC solutions
Run projects to
decommission
EUC apps
Consolidate
similar EUC
applications
End User Computing & Business Analysis 11
1. Discover
Locate all EUC applications
Create a company-wide Inventory
Classify spreadsheets
Continuously run this
process
End User Computing & Business Analysis 12
2. Assess
Business Criticality
Financial & Operational Risks
SDLC Processes
Compliancy Issues
End User Computing & Business Analysis 13
3. Control
Clarify roles
Establish approval processes
Set standards
Log all changes
Separate data and code
End User Computing & Business Analysis 14
4. Replace
Consider re-design of large EUC
solutions
Run projects to decommission
EUC apps
Consolidate similar EUC
applications
End User Computing & Business Analysis 15
The EUC Management Approach
Locate all EUC
applications
Create a
company-wide
Inventory
Classify
spreadsheets
Continuously
run this process
Business
Criticality
Financial &
Operational
Risks
SDLC
Processes
Compliancy
Issues
Clarify roles
Establish
approval
processes
Set standards
Log all changes
Separate data
and code
Consider re-
design of large
EUC solutions
Run projects to
decommission
EUC apps
Consolidate
similar EUC
applications
I. Establish a small team responsible for End User Computing support
II. Run proof-of-concept pilot project with a limited amount of EUC
applications, e.g. for one department
III. Create a new service for End User Computing support
End User Computing & Business Analysis 16
Business Analysis - Definition
“Business Analysis is a set of techniques
and tasks used to work as a liaison among
stakeholders in order to understand the
structure, policies, and operations of an
organization, and to recommend solutions
that enable the organization to achieve its
goals.”
BABOK ® Guide, v2.0, pg.15
End User Computing & Business Analysis 17
Business Analysis for EUC Why Business Analysis for EUC?
As other solutions, EUCs start to exist because
of a Business Need
Typical “EUC Business Need” can often not be
satisfied by IT since there is no Business
Analysis at all for this kind of small apps
With a tailored Business Analysis approach for
EUC, Shadow-IT can be avoided effectively
End User Computing & Business Analysis 18
EUC - with or without a BA?
BA
I want to have a
green button
here
Ah, this is not what I expected . I
have changed my mind. I want two
red sliders now!
I want to have a
green button
here
Ok, I trust that you have
understood my real need now
…please let me know what
concept we can agree on
Green? Button?
Please explain
your problem first!
OK, no problem,
here you are…
Later… OK, I will do an
estimation for
both until
tomorrow
Hi Mike, please let
me know the effort
for green buttons
and red sliders
Why didn’t you tell
before? Grrr …
End User Computing & Business Analysis 19
Business Analysis for EUC Looking closer, we see that for
most of the EUC Management
process items, supporting
BABOK® tasks and techniques
can be identified
End User Computing & Business Analysis 20
Solutions and Tools in Action
Source: ClusterSeven, Inc. Used with permission
End User Computing & Business Analysis 21
Solutions and Tools in Action S
ourc
e: C
luste
rSeven,
Inc. U
sed w
ith p
erm
issio
n
End User Computing & Business Analysis 22
Conclusion End User Computing is here to stay. Excel and Access
applications will never disappear completely.
Unknown EUC means unknown risks, unknown impact.
The closer Business and IT collaborate, the lower the risks are.
Business Analysis for EUC facilitates the partnership between
Business and IT in order to have EUC under control.
The EUC Business Analyst understands the “real” Business
Need and conceptualizes or helps to build tailored, compliant
EUC solutions with very low “time-to-market”.
Managing EUC applications requires IT tool support, otherwise
many EUC artifacts cannot be controlled and handled efficiently.
For some spreadsheets, logging of changes for reliable audit
trails is mandatorily needed to fulfill compliancy demands.
End User Computing & Business Analysis 23
masVenta Portfolio
Academia Business Solutions & Consulting
Business Analysis based on IIBA®
Project Management based on PMI®
Business Intelligence , Data Warehousing
Business Process Optimization
Consulting and Expert Provisioning
Coaching & Inhouse Trainings
Public courses and Online Seminars
End User Computing and Compliance
End User Computing & Business Analysis 24
Your contacts
masVenta Business GmbH
Fon +49 2404 91391- 0
Fax +49 2404 91391- 31
von-Blanckart-Str. 9
52477 Alsdorf
Germany
www.masventa.de
Rainer Wendt, PMP, CBAP
Managing Director
+49 (175) 26 13 148
Sabine Ostlender
Back Office & Human Resources
+49 (171) 812 7333
End User Computing & Business Analysis 25
Questions?
End User Computing & Business Analysis 26
End Users need to… Create temporary lists, import data from Core-IT-
systems (e.g., SAP, CRM, Trading Systems)
Perform quick ad-hoc calculations
Create nice reports for Management
Reconcile different source systems
Manage and control projects, evaluate performance
Manage Sales and Marketing processes …
but… IT cannot change Core-IT-systems quickly – often too slow for Business
One-time-needs do not justify expensive changes in Core-IT and involvement of
project personnel – no business case, no pay-off, no Go!
Projects cannot easily start – they have to be budgeted, planned and assigned to
available personnel – resource and timing issues, no budget, no personnel
IT does not understand Business Needs – or – is not listening appropriately
End User Computing & Business Analysis 27
IT needs to… Provide effective and efficient services – offer the
right IT-services at reasonable cost
Manage the application lifecycle
Maintain inventories of all supported applications
Make sure that security is sufficient
Make sure data is consistent and of good quality
Support users in their day-to-day business …
but… Business cannot wait for changes in IT-Core systems, they need quick solutions
Business applications based on Excel and Access typically do not follow an
application lifecycle and thus are not registered in any inventories
Excel and Access data is typically not secure, not protected against manipulation
Spreadsheets often contain outdated, wrong data as there are not updated
IT cannot help as they do not know about EUC applications