Defining and Adopting an End User Computing Policy: A Case Study
It tackles policy implementation challenges for risk management in organizational computing, but is incremental as a specific case study.
This paper presents a case study of implementing an updated End User Computing policy at the Wesleyan Assurance Society to address risks, developing a risk assessment application that calculates risk ratings based on complexity, materiality, and control.
End User Computing carries significant risks if not well controlled. This paper is a case study of the introduction of an updated End User Computing policy at the Wesleyan Assurance Society. The paper outlines the plan and identifies various challenges. The paper explains how these challenges were overcome. We wrote an End User Computing Risk Assessment Application which calculates a risk rating band based on the Complexity, Materiality and Control (or lack of it) pertaining to any given application and the basis of assessment is given in this paper. The policy uses a risk based approach for assessing and mitigating against the highest risks first and obtaining the quickest benefit.