Unlocking a higher standard of financial oversight, our Finance End-User Computing Policy is crafted to help organizations proactively manage and control the use of critical spreadsheets, databases and similar applications within finance functions. By embedding clear guidelines and detective controls, this resource enables companies to reduce the risk of errors, enhance data integrity and meet demanding compliance requirements, all while streamlining internal processes. Its practical focus on security, version management and analytics ensures that sensitive financial information remains reliable and well-protected, making it an essential addition for any organization seeking to bolster its control environment.

This tool includes three samples, each providing targeted guidance for strengthening end-user computing (EUC) practices. Sample 1 defines the essential control activities required to improve the dependability of EUC applications, supporting accuracy and regulatory compliance. Sample 2 elaborates on the procedures for handling critical end-user tools, detailing steps for change documentation, version control and access management. Sample 3 introduces methods for ongoing analytics, risk assessment and structured inventory of EUC tools, establishing a repeatable approach for identifying and mitigating risks. Each section offers a focused yet comprehensive framework for managing the unique challenges posed by end-user computing in finance.

Sample procedures include:

• Maintain historical files no longer available for update in a segregated drive and lock them as “read-only.”
• Implement analytics as a detective control to find errors in spreadsheets used for calculations.
• Maintain all EUC applications in the restricted access folder on the organization’s finance shared directory designated for critical applications for each process area.
• Ensure that only current and approved versions of EUC tools are used by creating naming conventions and directory structures.