masventa euc-governance-risk-compliance-business-analysis-march-2014

Tel. +49 2404 91391 0

Fax +49 2404 91391 31

[email protected]

www.masventa.de

IIBA®, the IIBA® logo, BABOK® and Business Analysis Body of Knowledge® are registered trademarks owned by International Insti tute of Business Analysis. CBAP® and the CBAP® logo are registered certification

marks owned by International Institute of Business Analysis. Certified Business Analysis Professional™, EEP™ and the EEP™ logo are trademarks owned by International Institute of Business Analysis. Certification

of Competency in Business Analysis™, CCBA™ and the CCBA™ logo are trademarks owned by International Institute of Business Ana lysis.

End User Computing & Business Analysis Management of large Excel landscapes with Business-oriented Requirements Management

Rainer Wendt, CBAP, PMP, March 2014, v1.1

mailto:[email protected]

End User Computing & Business Analysis 2

Agenda

Brief company profile

Introduction to End-User-Computing

The EUC Dilemma

The EUC Management Approach

Business Analysis for End User Computing

Solutions and Tools in Action

Conclusion


masVenta Business GmbH – Brief Profile

Established in 2007

Located in Aachen, Germany

Owner Rainer Wendt, PMP, CBAP

Training and Consultancy in Business

and Technology. Projects in Banking,

Energy, Telecom and Hi-Tech…

Business Analysis

Business-driven Requirements

Management and Communication

IIBA® Endorsed Education ProviderTM

Business Intelligence

BI-Requirements Analysis, Reporting

Data Warehousing, Performance

Management

Project Management

Successful Management of Projects by

applying Best Practices

Process Optimization

Sustainable Process Improvements by

satisfying Customer and Business Needs


End-User-Computing - Definition

End User Computing (EUC) or User

Developed Applications (UDA) refers to

systems in which non-programmers can

create working applications

The majority of EUC is based on the

Microsoft Office applications Excel and

Access using VBA programming language.


Why is EUC a „hot spot“?


Are there any concerns?

Who is using

spreadsheets?

Which reports

depend on

spreadsheets?

What data is

maintained in

spreadsheets?

Who controls our

spreadsheets?

What impact can

spreadsheet errors

have?

Do I really

know?


EUC Stakeholder Needs

Source: ClusterSeven, Inc. Used with permission


The EUC Dilemma

End U

sers

IT

GR

C


The EUC Dilemma End Users need quick solutions but they cannot wait for IT projects

On the long-term, End Users are unable to cope with the complexity of

spreadsheets if they are not fully dedicated to programming

Typical situation: When an “End-User-Programmer” leaves the department,

nobody is there to look after the application anymore. Risk!

End User developed applications are mostly not compliant, audit findings are

very likely and can cause a lot of additional work in Business

IT does not consider End User applications “real” applications, but in fact they

are used in all Business departments – sometimes more than Core-IT

IT Application support with its Core applications does not look closer on the

Business processes which use spreadsheets – it’s-not-our-job-mentality

Level 1 Support cannot help with VBA issues as they are not trained for that

IT would like to get rid of the unsupported VBA applications but they cannot as

Business is not willing to resign

Governance, Risk & Compliance needs to make sure that laws and policies

are met, e.g. Sarbanes Oxley Act, Basel, Solvency II and many more.

Without EUC inventories and compliancy processes neither GRC nor external

auditors are able to assess the risks of End User Computing

EUC without control is a “hot spot” for auditors and will for sure lead to findings

If these audit findings are not handled properly, companies can be forced to

(partly, temporarily, completely) stop their Business!

End U

sers

IT

G

RC



Locate all EUC

applications

Create a

company-wide

Inventory

Classify

spreadsheets

Continuously

run this process

Business

Criticality

Financial &

Operational

Risks

SDLC

Processes

Compliancy

Issues

Clarify roles

Establish

approval

processes

Set standards

Log all changes

Separate data

and code

Consider re-

design of large

EUC solutions

Run projects to

decommission

EUC apps

Consolidate

similar EUC

applications


1. Discover

Locate all EUC applications

Create a company-wide Inventory

Classify spreadsheets

Continuously run this

process


2. Assess

Business Criticality

Financial & Operational Risks

SDLC Processes

Compliancy Issues


3. Control

Clarify roles

Establish approval processes

Set standards

Log all changes

Separate data and code


4. Replace

Consider re-design of large EUC

solutions

Run projects to decommission

EUC apps

Consolidate similar EUC

applications



Locate all EUC

applications

Create a

company-wide

Inventory

Classify

spreadsheets

Continuously

run this process

Business

Criticality

Financial &

Operational

Risks

SDLC

Processes

Compliancy

Issues

Clarify roles

Establish

approval

processes

Set standards

Log all changes

Separate data

and code

Consider re-

design of large

EUC solutions

Run projects to

decommission

EUC apps

Consolidate

similar EUC

applications

I. Establish a small team responsible for End User Computing support

II. Run proof-of-concept pilot project with a limited amount of EUC

applications, e.g. for one department

III. Create a new service for End User Computing support


Business Analysis - Definition

“Business Analysis is a set of techniques

and tasks used to work as a liaison among

stakeholders in order to understand the

structure, policies, and operations of an

organization, and to recommend solutions

that enable the organization to achieve its

goals.”

BABOK ® Guide, v2.0, pg.15


Business Analysis for EUC Why Business Analysis for EUC?

As other solutions, EUCs start to exist because

of a Business Need

Typical “EUC Business Need” can often not be

satisfied by IT since there is no Business

Analysis at all for this kind of small apps

With a tailored Business Analysis approach for

EUC, Shadow-IT can be avoided effectively


EUC - with or without a BA?

BA

I want to have a

green button

here

Ah, this is not what I expected . I

have changed my mind. I want two

red sliders now!

I want to have a

green button

here

Ok, I trust that you have

understood my real need now

…please let me know what

concept we can agree on

Green? Button?

Please explain

your problem first!

OK, no problem,

here you are…

Later… OK, I will do an

estimation for

both until

tomorrow

Hi Mike, please let

me know the effort

for green buttons

and red sliders

Why didn’t you tell

before? Grrr …


Business Analysis for EUC Looking closer, we see that for

most of the EUC Management

process items, supporting

BABOK® tasks and techniques

can be identified


Solutions and Tools in Action

Source: ClusterSeven, Inc. Used with permission


Solutions and Tools in Action S

ourc

e: C

luste

rSeven,

Inc. U

sed w

ith p

erm

issio

n


Conclusion End User Computing is here to stay. Excel and Access

applications will never disappear completely.

Unknown EUC means unknown risks, unknown impact.

The closer Business and IT collaborate, the lower the risks are.

Business Analysis for EUC facilitates the partnership between

Business and IT in order to have EUC under control.

The EUC Business Analyst understands the “real” Business

Need and conceptualizes or helps to build tailored, compliant

EUC solutions with very low “time-to-market”.

Managing EUC applications requires IT tool support, otherwise

many EUC artifacts cannot be controlled and handled efficiently.

For some spreadsheets, logging of changes for reliable audit

trails is mandatorily needed to fulfill compliancy demands.


masVenta Portfolio

Academia Business Solutions & Consulting

Business Analysis based on IIBA®

Project Management based on PMI®

Business Intelligence , Data Warehousing

Business Process Optimization

Consulting and Expert Provisioning

Coaching & Inhouse Trainings

Public courses and Online Seminars

End User Computing and Compliance


Your contacts

masVenta Business GmbH

Fon +49 2404 91391- 0

Fax +49 2404 91391- 31

von-Blanckart-Str. 9

52477 Alsdorf

Germany

[email protected]

www.masventa.de

Rainer Wendt, PMP, CBAP

Managing Director

+49 (175) 26 13 148

[email protected]

Sabine Ostlender

Back Office & Human Resources

+49 (171) 812 7333

[email protected]


http://www.masventa.eu/en




Questions?


End Users need to… Create temporary lists, import data from Core-IT-

systems (e.g., SAP, CRM, Trading Systems)

Perform quick ad-hoc calculations

Create nice reports for Management

Reconcile different source systems

Manage and control projects, evaluate performance

Manage Sales and Marketing processes …

but… IT cannot change Core-IT-systems quickly – often too slow for Business

One-time-needs do not justify expensive changes in Core-IT and involvement of

project personnel – no business case, no pay-off, no Go!

Projects cannot easily start – they have to be budgeted, planned and assigned to

available personnel – resource and timing issues, no budget, no personnel

IT does not understand Business Needs – or – is not listening appropriately


IT needs to… Provide effective and efficient services – offer the

right IT-services at reasonable cost

Manage the application lifecycle

Maintain inventories of all supported applications

Make sure that security is sufficient

Make sure data is consistent and of good quality

Support users in their day-to-day business …

but… Business cannot wait for changes in IT-Core systems, they need quick solutions

Business applications based on Excel and Access typically do not follow an

application lifecycle and thus are not registered in any inventories

Excel and Access data is typically not secure, not protected against manipulation

Spreadsheets often contain outdated, wrong data as there are not updated

IT cannot help as they do not know about EUC applications

masventa euc-governance-risk-compliance-business-analysis-march-2014

Business

business processes

business analysislocated

business departments

end user computing solutions

euc apps

majority of euc

euc inventories

similar euc applications10