Defining and Adopting an End User Computing Policy: A Case Study

TL;DR

This case study details the development and implementation of a risk-based End User Computing policy at Wesleyan Assurance Society, including a custom risk assessment tool to prioritize and mitigate risks effectively.

Contribution

It introduces a novel risk assessment application and demonstrates how a risk-based policy can effectively address End User Computing risks in an organizational setting.

Findings

Successful policy implementation at Wesleyan Assurance Society

Development of a risk rating application based on complexity, materiality, and control

Effective mitigation of high risks through prioritized actions

Abstract

End User Computing carries significant risks if not well controlled. This paper is a case study of the introduction of an updated End User Computing policy at the Wesleyan Assurance Society. The paper outlines the plan and identifies various challenges. The paper explains how these challenges were overcome. We wrote an End User Computing Risk Assessment Application which calculates a risk rating band based on the Complexity, Materiality and Control (or lack of it) pertaining to any given application and the basis of assessment is given in this paper. The policy uses a risk based approach for assessing and mitigating against the highest risks first and obtaining the quickest benefit.