END-USER COMPUTING KNOWLEDGE BASE

basel iii imgThe International Regulatory Framework for Banks (Basel III) is a comprehensive set of reform measures developed by the Basel Committee on Banking Supervision to strengthen the regulation, supervision and risk management of the banking sector.

In 2013, the Basel Committee on Banking Supervision published the BCBS 239 paper: 'Principles for effective risk data aggregation and risk reporting'. This paper outlines fourteen principles meant to provide guidance to banks to improve their ability to aggregate risk data and in turn, improve their resolvability.

"Where a bank relies on manual processes and desktop applications (e.g. spreadsheets, databases) and has specific risk units that use these applications for software development, it should have effective mitigants in place (e.g. end-user computing policies and procedures) and other effective controls that are consistently applied across the bank's processes.

– Basel Committee on Banking Supervision, Principle 3

How CIMCON Supports the Basel III Regulation

CIMCON Software offers solutions to help banks meet these Principles for effective risk data aggregation and risk reporting.

Implementation Of Structured Process

CIMCON provides a comprehensive set of EUC management solutions from discover, risk assessment, analysis, and controls, to archiving and record retention. Use of these tools will help implement a structured process to manage EUCs including spreadsheets for reduced errors, quick analysis and review of spreadsheets and databases.

Spreadsheet Comparisons

XLAudit is a comprehensive and graphical auditing tool that provides spreadsheet developers and users with an easy to use, highly graphical and intuitive tool to detect current and potential errors, warnings and inconsistencies in their spreadsheets. It also allows users to perform a logic inspection of the spreadsheets, understand the data flows between cells, view all external links into the spreadsheet, and perform spreadsheet comparisons.

Remediation & Controls

Our XLRisk product helps in the first step towards compliance and control of your spreadsheets and other end user computing (EUC) files by automatically creating an inventory of all EUCs in the organization and performing an initial risk assessment of them. Once XLRisk identifies all EUCs, it assigns a risk scorecard based on file analysis and pre-configured criteria, so that a uniform compliance framework can be used for remediation and controls.

Security, Access & Monitoring

SOX-XL is a web-based solution that implements internal controls for EUCs including Excel spreadsheets. These controls include security, role-based access, monitoring via cell-level audit trails, and workflow tools. SOX-XL is a highly effective solution that has minimal impact on existing business processes as files do not need to be moved from their current locations. Applications are secure via role-based security. Businesses can identify owners, reviewers, users etc, for the EUCs and limit the access to the EUCs. SOX-XL allows an additional layer of security that is completely secure and traceable, in addition to the NTFS security that is not completely secure and traceable.

Comprehensive Reporting

These tools also have comprehensive reporting abilities, with over 70 out-of-the -box reports. Web-based dashboards are available for audit trail, workflow, and exception review, each with drill-down capabilities to show detailed information. In addition, multi-dimensional report builders are available in the application(s) to allow users to build relevant reports covering reporting requirements from the businesses. Users can also schedule reports to be emailed directly to their mailbox.

EFFECTIVE RISK DATA AGGREGATION AND RISK REPORTING

Principle 3: Accuracy and Integrity – A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimize the probability of errors.

– Basel Committee on Banking Supervision, Principle 3

OVERVIEW OF AN INTERNAL CONTROL AUDIT