End User Developed Applications (EUDAs) allow users to directly manage, control, and manipulate data as well as quickly deploy solutions in response to shifting market conditions, industry changes, or evolving regulations.
EUDAs are not new, considering there’s this 1986 research paper about the organisational, technical, or user factors that contribute to their effectiveness. Of course, over the last decade, there has been a significant increase in the development of end-user applications since the current end-user tools offer rich and intuitive functionality for data processing and visualisation.
However, the same benefits also induce certain risks to the EUDAs since the user-developed and user-controlled applications do not undergo the same development, monitoring, and reporting rigor as traditional applications. More so, the management often lacks visibility into the use of EUDAs throughout the enterprise.
The Risks and Challenges of End User Developed Applications
For example, most wealth management firms have thousands of business-critical End User Developed Applications. The distributed knowledge makes the core IP either hidden or unsecure. Additionally, it is also a regulatory risk since client information, including PII, floats in EUDAs outside of the organisation’s privacy and compliance ecosystem. These applications are also prone to data handling and data processing errors.
While the firms realise the risk, they leave it to the technology teams for resolution. However, these teams struggle to fix the issues because of lack of documentation of the business logic and moving targets due to daily user activity. And of course, the proliferation of EUDAs result stretched technology teams as well as a prioritisation challenge to work on these user-developed applications.
Of course, compliance teams can solve this problem in collaboration with the technology teams by creating appropriate EUDA policies and raising organisation-wide awareness of the risks associated with the EUDAs. Organisations must also work towards replacing critical EUDAs with enterprise tools, especially where key business processes are supported by EUDAs or engage with critical client information.
The Simplex Workstream
Simplex helps our clients develop a EUDA policy that governs the development and control of these applications.
At Simplex, our experts collaborate with our clients to identify critical EUDAs, document them on a central register and ensure that they are managed by business areas in compliance with the organisation’s EUDA policy as well as aligned with operational resilience needs. Further on, we analyse the scope and dependencies of these applications and ensure that they work within the Microsoft 365 environment.
Photo courtesy: Isaac Smith