Best end-user computing risk management solution: CIMCON
Computing systems within insurance organisations largely fall into two camps: the systems that are formally managed by the IT department; and the end-users that develop applications and use them for some purpose.
For insurers, spreadsheets often form a core part of models and analysis, and actuaries will often develop new tools in these and other end-user computing applications (EUCs).
In some cases, these EUCs become critical to running the business and comprise collections of interlinked systems, touched by many people and used across multiple areas of the company. Needless to say, any errors arising from EUCs can have material consequences - and it is almost impossible to manually find all the mistakes within these complex processes.
There are other reasons to improve the governance around these processes beyond material financial errors: insurers run the risk of business disruption, fraud, losing data, regulatory fines and reputational damage.
CIMCON's approach is to solve this from both ends of the spectrum. First, to safeguard EUC integrity on an enterprise level, helping risk professionals automatically discover, control and report on highest risk spreadsheets and EUCs; second, to eliminate errors on an individual EUC level, helping fix all types of errors in spreadsheets used in critical business processes.
This not only mitigates operational risk to the business, but improves productivity for the first, second and third lines of defence. The first line spends less time checking their spreadsheets and participating in EUC risk management only takes seconds. The second line of defence just needs to look at automated reports to confirm compliance with EUC policy. And the third line can spend less time evaluating the effectiveness of controls.
Historically such EUC control systems have been the domain of very large firms, but CIMCON reports more smaller firms are coming on board.
There are other drivers emerging, such as cyber risk. While the system is not aimed at stopping breaches, having control over computing applications is an important aspect to an overall IT security strategy.
CIMCON's latest developments have focused on accessibility via the cloud, as more companies shift away from on-premises systems for storing and processing data.