Defining and Adopting an End User Computing Policy: A Case Study

Abstract

End User Computing carries significant risks if not well controlled. This paper is a case study of the introduction of an updated End User Computing policy at the Wesleyan Assurance Society. The paper outlines the plan and identifies various challenges. The paper explains how these challenges were overcome. We wrote an End User Computing Risk Assessment Application which calculates a risk rating band based on the Complexity, Materiality and Control (or lack of it) pertaining to any given application and the basis of assessment is given in this paper. The policy uses a risk based approach for assessing and mitigating against the highest risks first and obtaining the quickest benefit.