IT Audit Controls

AI & EUC Governance in
Banking

Let's Chat
IT Audit & Controls

CIMCON for IT Audit Controls

Almost every auditor has suspicions, if not first-hand knowledge that the spreadsheet and other EUC controls in their company aren’t effective. For some companies, EUC specific risk policy and controls may not even exist. Regardless, every organization uses spreadsheets. At a minimum, Accounting, Treasury, Tax and FP&A all use spreadsheets to some degree. Furthermore, the use of models for operational decision creates yet another area prone to excessive EUC risk. Putting Sarbanes-Oxley and other internal policy compliance aside, the primary objective is preventing errors. Reducing the likelihood of sensitive data loss is also critical. Reducing fraud in those tools that are under end user control (EUC) is a valid goal, but it’s typically not the top priority.

By far and away, the #1 EUC file type is spreadsheets. There are ubiquitous, almost every employee has Excel or Google Sheets and thus testing any controls can seem daunting. It needs people and the time to perform specific tasks and that costs money. In addition, there is a cultural inhibitor in that the talented, innovative employee who is driving the use of an end-user controlled application is often reluctant to have any type of oversight on their work. This is ironic given that they have a lot to lose if something goes wrong like a material error.

  • We have had tremendous success with CIMCON's EUC Insight Discovery Software. Unlike other vendor's products that we tested, EUC Insight Discovery provided us with an enormous amount of valuable data right out of the box, within a few days. EUC Insight Discovery gave us the information that we needed to identify and eliminate a significant number of potential opportunities for a security breach. We have successfully deployed EUC Insight Discovery globally in Paris, New York and London for a major French bank for risk monitoring with over 20 million files scanned to date. I am highly impressed with the performance and scalability of such a tool and the outstanding level of support received from CIMCON at all stages of deployment.

    - Christian Delmotte, Project Manager, EUC Controls Project for $58 billion Major French Bank

Our Customers

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

1

Top 3 US Bank

$2.4t in assets

Regulatory Compliance

IT and architecture leaders must navigate a complex regulatory landscape to ensure AI systems comply with both local and global standards.

    • GDPR
    • HIPAA
    • California Consumer Privacy Act (CCPA)
    • EU AI Act
    • Various cybersecurity standards and industry-specific regulations

Resources

AI Risk Management Policy

Leveraging collective wisdom from experts in the domain, regulatory recommendations, and our 25+ years of experience, this policy outlines step by step recommendations for AI & GenAI Risk Assessment, Controls, Testing, Monitoring, Compliance Reporting and everything in between.

Download

Why EUC Risk Matters

EUC risk, often seen as errors or confidential data loss, can have a material impact. Based on our experience with hundreds of customers, this white paper outlines how to understand your risk level, implement best practices, and align stakeholders on Why EUC Risk Matters?

Download

Quick Question? Get in Touch.

    footer logo
    x