ECM – End User Computing

Classification, Implementation Control and Reporting by a Central Software Solution

ECM (End User Computing) is the actual use of non-standardized software in companies. ECM is often created by consultants or employees for improving and accelerating business processes. In Excel and other applications, important lists and calculations are programmed, which may have shortcomings in terms of documentation, traceability and compulsory archiving. If nothing else, it is the relevance of reports and risks that make ECM the basis for decisions and audits by internal and external auditors as well as by the regulatory authorities. Largely, ECM ’s data processing and management are not centrally controlled and not part of the standardized IT processes. Can you be sure that ECM of this type has been adequately tested and duly documented? Not only is there an increased risk of error susceptibility but also the latent accusation of organizational negligence. After all, some results and evaluations must be traceable for up to 10 years to ensure auditing acceptability.

Legal norms, such as, §91(2) AktG of the German corporation law, §146(5) and §147(6) AO of the German tax code oblige companies to integrate such risks into their risk management.
 Practical surveys show that hundreds or even thousands of ECM applications are used by medium-sized financial services providers. Even though companies encourage the use of standardized software, in practice, individual end user computing will be indispensable. Thus, it is very important to keep track of ECM and to integrate it adequately into the risk management. Basic rules should be defined in order to help employees classify ECM and keep suitable measures depending on the risk class. New and old versions of the ECM application should be restorable and traceable.

As a solution to ECM management, interexa AG has developed a modular intranet application. It allows for the decentralized collection of ECM via web browser and for risk criteria classification during data input. Adequate measures can be defined according to basic rules and their implementation can be reviewed. ECM reports provide a picture of the measure implementation and an overview of the vast range of End User Computing (reports). Historical and current versions of the ECM applications can be archived together with accompanying concepts, test results, documentations and all additional files (full revision-safe historization).

interexa AG has programmed the solution to ECM management on proven standard software, which was developed over the past 10 years as web-based software for risk management with financial services providers and which is successfully being used by most of the 30 largest banks of Germany. ECM management contains a role-based authorization system, is platform-independent, cost-effective and intuitively operable.