End User Developments (EUDs) are applications that are developed by the End Users themselves outside of the Software Development Life Cycle (SDLC) process typically followed by the IT Department within the company to develop applications in a standardized and controlled manner.
EUDs typically range from simple excel files embedded with macro to full-fledged applications coded in Java or DotNet.
All EUDs within a firm should be assessed for IT risks.
Particular care should be given to EUDs which are used to generate output / reports to be sent to Downstream Applications / Higher Management / Customers / Regulatory Bodies / Partner Organizations, especially when the contents of the output / reports are not manually verified by a human. Such EUDs should be classified as “Key EUDs”. An inventory should be kept by the company of all Key EUDs.
Key EUDs should be assessed and tested thoroughly before they are used, to ensure the integrity and reliability of their output. Access Controls, Data Protection Controls and Recovery Measures should be planned and implemented for all Key EUDs.