Case Study

End User Computing Tool (EUCT) Framework


The Model Risk team performed an Audit on the enterprise EUCT framework in order to assess and provide credible challenge for Indepnendent Risk Management (IRM) and frontline approach to manage EUCT risk across the enterprise. Audit reviewed enterprise process for identifying and dispositioning potential EUCTs and archive them into a central repository. Audit reviewed the current state processes and noted that identification for EUCTs is performed on a annual basis and heavy reliance is placed on training frontline personnel on identifying potential EUCTs. Furthermore, the Model Risk Audit team understands that in a rapidly changing environment more EUCTs tools/ Models are being created to support Artificial Intelligence/ Machine learning solutions across the enterprise. This increases the risk of EUCTs and Models that have to be identified, certified, and validated in a centralized system of record and furthermore, increases cost for maintaining the program, and increases EUCT risk which can lead to reputational, financial, and operational impact for the enterprise. Recognizing the increasing risk Audit understands that IRM and frontline business partners have to identify ways on tracking EUCTs through KPI/KRIs, retirement, and managed automated EUCTs through technology applications.


Siloed teams: This bank lines of business operate in the siloed process where IT business partners do not collaborate with Model Risk Management teams and other frontline lines of business. This creates inefficiencies and cost the enterprise in operational cost to manage EUCT tools.  

Inefficient Monitoring and Reporting: The lack of developing reporting capabilities for IRM leads to a lack of visibility for managing EUCTs across the enterprise. Implementation of KRI/KPIs requires IRM to streamline data across the multiple source systems and ensure the completeness and accuracy of the data that is being ingested for reporting.  

Lack of Risk and Control Self-Assessment (RSCA): This exercise is used to identify and assess various risk types faced by the enterprise. The exercise is performed by IRM collaborating with business partners and self-identify potential risk and issues and manage such risk in the centralized issue repository.  


Direct Collaboration: To tackle these challenges, this bank implemented an RSCA program and established annual RSCA exercise that is performed annually by IRM and business partners.  

Enhanced Governance for EUCT risk management: The enterprise implemented a quarterly governance process that allows collaboration with both business and IT partners for addressing risk pertaining to EUCTs and identifying opportunities for potential EUCT retirement and managing such tools in a technology application.  

Enhanced IRM monitoring and reporting capabilities: Model Risk Management team developed KRI/KPI reports and reviewed them on a quarterly basis in order to gain understanding of potential EUCT risks for various lines of business. Through developing KRIs/KPIs, IRM has oversight of all lines of business throughout the EUCT lifecycle from Identification through retirement.  


Enhanced Oversight Efficiency and reduction of EUCT Risk: The initiative led to an enhanced oversight over the various EUCT lifecycles across the enterprise. This met internal Audit requirements for an Enhanced EUCT risk management program. This has streamlined the process for identifying EUCT risk and remediation required to manage the risk within the enterprise risk appetite.  

Improved Collaboration: The establishment of a collaborative environment between risk managers and technology teams resulted in the elimination of the number of EUCTs across the enterprise. This has lead to the bank reducing operational cost such as headcount, and cloud service cost across the enterprise. Furthermore, by managing both Model and EUCTs in a centralized repository system of record has enhanced the enterprise approach to managing EUCTs and enhanced reporting capabilities.  


This banks comprehensive approach for managing EUCT risk has yielded significant benefits including enhanced reporting efficiency, improved collaboration, reduction of headcount, and improved collaboration between all three lines of businesses across the enterprise. This case study exemplifies the critical importance of integrating business processes with technology solutions to create further collaboration with all lines of defense across the enterprise and managed EUCT risk in a centralized repository.

Our services are not just solutions;
They're catalysts for growth, innovation, and resilience.