LOWER EUC RISK WITH AUTOMATED CONTROLS

Managing the Risks of Shadow AI

Shadow AI is a term that describes the unsanctioned or ad-hoc use of generative AI within an organization, which is outside of IT governance. This can occur when AI applications are developed or used without being officially sanctioned or monitored by an organization’s IT department.

In many ways Shadow AI is the next generation of Shadow IT. Likewise Shadow IT also refers to employees using desktop applications that are outside the control of an organization’s IT department. However, the rapid pace of the deployment of AI is unprecedented. Thus, the potential for business users to build and develop AI apps that compromise an organization’s ability to detect, risk assess, and mitigate AI risk is equally unprecedented.

Read More
Automated AI Risk Assessment & Mitigation

Financial institutions are rapidly adopting AI within their inventory of complex models. We believe, along with most internal auditors and risk managers, that it is imperative to identify and manage the new business and regulatory challenges that accompany the use of AI.

At its core, AI models are simply another form of an End User Computing (EUC) Application.

Read More
A Quick Snapshot of the White House Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (Issued October 30, 2023)

The recent Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence marks a significant step towards regulating and harnessing the power of AI.

Understanding the Executive Order: The executive order outlines a comprehensive framework for the responsible development and deployment of AI, emphasizing the importance of addressing potential risks associated with its use. From privacy concerns to algorithmic biases, the order aims to create a safer and more transparent environment for AI applications across various industries.

Read More
PRA Issues Supervisory statement SS1/23: Model Risk management principles for banks

Author: Adrian Maconick, Director of UK Sales and Marketing

The Prudential Regulatory Authority (PRA) has issued a new supervisory statement (SS) – “Model risk management principles for banks” in May 2023. It sets out the PRA’s expectations for banks model risk management (MRM) and is effective from 17 May 2024. Banks will need to move quicky to have revised MRM processes in place by then.

The SS applies to all regulated UK-incorporated banks, building societies, and PRA-designated investment firms.

Read More
The Startling Reality of Errors of Accounting: Why They Happen and How to Prevent Them

Errors of accounting are comparable to weeds in a garden—easy to overlook but potentially disastrous if left unattended. The majority of accounting tasks are completed through spreadsheets, and it's startling to know that 90% of spreadsheets with over 150 rows contain errors of accounting. Even seasoned professionals can only spot around 54% of these errors on average. These errors can originate from data entry, flawed formulas, spreadsheet logic, or even incorrect links to other data sources.

Read More
Got LIBOR?

The London Interbank Offered Rate – commonly known as LIBOR – will expire by December 31, 2021. The move is the result of major manipulation scandals and reduced trading based on the rate, which is linked to everything from credit cards to leveraged loans. Libor is deeply embedded in financial markets. Some $200 trillion of derivatives are tied to the U.S. dollar benchmark alone and most major global banks will spend more than $100 million this year preparing for the switch.

Read More
What provides the Lowest Total Cost of Ownership (TCO) - Best of Breed Packaged Software vs. an Internally Developed Solution?

Anyone who has bought computer systems over the last 30 years has come up against the same dilemma – shall we go for a ‘best of breed’ packaged solution, or shall we build it internally, using the skills of the internal IT teams? It is the classic “Make or Buy” dilemma.

You talk about your requirements with IT. They look at the problem – it looks like a few database tables with a couple of front-end screens for data entry/update will do the job. Chuck in a couple of reports and hey - the job’s done. It won’t take more than a couple of months, tops. Surely that’s better than spending more money on what looks like an expensive solution from a vendor?

Read More
CIMCON Support for BaFin Requirements

At the start of November 2017, BaFin published the Supervisory Requirements for IT in Financial Institutions (Bankaufsichtliche Anforderungen an die IT – BAIT, see BaFinJournal November 2017).

The BAIT have now become the cornerstone of IT supervision for all credit and financial services institutions in Germany. The requirements are directed at the management boards of such companies. They specify what BaFin considers to be adequate technical and organisational resources for IT systems, particularly in relation to the requirements for information security and suitable contingency management.

Read More
EUC Risk Management & Controls in the Cloud

Is your organization moving towards cloud computing solutions? If so, these initiatives can typically be viewed as two different types of projects.

  1. Moving application servers and databases to cloud servers such as Amazon AWS or Microsoft Azure.
  2. Migrating files and data into cloud storage.

How can this be done without disrupting your current EUC and Model controls? CIMCON can help.

Read More
How to Safeguard  your Data in Excel

There are numerous, well-publicized incidents of data loss and data breach associated with the use of spreadsheets. This perpetual information security risk has led many to call for doing away with spreadsheets entirely. But before you go disrupting any critical business processes that aren’t really broken, consider taking advantage of a new Excel add-in that is available at no cost via Microsoft AppSource.

Read More