CARDIFFSCHOOL OF MANAGEMENT: ASSIGNMENT FEEDBACK PROFORMA
STUDENT NAME: PROGRAMME:
STUDENT NUMBER: YEAR: GROUP:
1,2&3 Module Title:
End User Computing Risk Management
Tutor Responsible For Marking This Assignment: Dr Simon Thorne
Module Leader: As above
Assignment Due Date: Hand In Date:
ASSIGNMENT TITLE:Cymru Capital investments
SECTION A: SELF ASSESSMENT (TO BE COMPLETED BY THE STUDENT)
In relation to each of the set assessment criteria, please identify the areas in which you feel you have strengths and those in which you need to improve. Provide evidence to support your self-assessment with reference to the content of your assignment.
STRENGTHS AREAS FOR IMPROVEMENT
I certify that this assignment is a result of my own work and that all sources have been acknowledged:
SECTION B: TUTOR FEEDBACK
(based on assignment criteria, key skills and where appropriate, reference to professional standards)
AREAS FOR IMPROVEMENT AND TARGETS FOR FUTURE ASSIGNMENTS
MARK/GRADE AWARDED DATE: SIGNED
ASSIGNMENT MODERATED BY: DATE
Learning outcomes addressed in this assignment:
• Critically evaluate the role of EUC in modern organisations
• Demonstrate understanding of the risks associated with EUC, specifically spreadsheet error.
• Understand the role Human Factors plays in spreadsheet development.
• Evaluate and discuss methods applied to spreadsheets to reduce errors presented in academic research.
• Formulate suitable management strategies for management of EUC in organisations
• Understand the role of legal, management and technological policies for the control of EUC in organisations.
Cyrmru Capital Investments (CCI)
CymruCapital Investments (CCI) is a mid sized bank working in corporate andinvestment Banking. The bank has offices located throughout Europe and USA employing 20,000 people in over 500 offices, and is regulated by the Financial Services Authority (FSA).The bank has enjoyed rapid growth in the last five years and at the end of the last financial year recorded a profit of £2.9 Billion.
CCI’s core business is securities underwriting although it does also trade in derivatives, foreign exchange and commodities. The bank underwrites newly issued securities (Bonds and shares) from corporations and governments on the capital markets. In addition, CCI also underwrites loans and credit to various customers through a detailed process of credit analysis, this is known as Bank underwriting.
The bank’s actuaries are the employees responsible for assessing the risks of its investments and subsequently pricing the products and services sold to clients.
2. The use of Information Systems at CCI for underwriting
CCI is a typical investment bank,making extensive use of information systems to support its business functions. The bank has a formal system for officially recording agreements between CCI and clients called the “Deal Capture System”. The bank also has abespoke financial modelling systemcalled “Aladin model builder”.
The Deal Capture System is a regulatory requirement of the FSA that allows the CCI to make a formal record of the details of all deals brokered by the bank including the correspondence between the bank and the client whilst the deal was negotiated. This system is designed to be live so that the bank has a real time view on deals progressing at any one time.
Aladin is a model building tool that calculates the risk of a deal based on variables input into the system. Once the user has collected the relevant data, Aladin gives an indication of the risk levels CCI exposes themselves to with each investment.
In addition, the organisation has a central information systems department that services the organisations hardware, software and users. Each year the IS department conducts an audit of the data processing activities of the staff.
3. Internal audit
During a recent internal audit, it was noted that the bank had a high dependency on the use of spreadsheets and that some spreadsheets are used for mission critical decision-making. The audit revealed that CCI has in excess of 50,000 operational spreadsheets across the organisation which range from trivial expenses claims through to complex financial spreadsheet models.
The auditors asked the risk modellers why they rarely used the data capture system and the Aladin model builder. The users complained that these systems are slow and inflexible. In particular the Aladin model builder is too restrictive, it lacks the ability to define the model in great detail and requires extensive re-configuration to be kept up to date with changing commercial conditions. This has led to the pervasive use of spreadsheet software as the primary means of calculating risk levels, pricing levels and negotiations.
Further investigations by the auditors revealed spreadsheets are used in almost every underwriting deal CCI makes. Frequently, the corporate systems are engaged after the deal has been negotiated and agreed on a spreadsheet. The users complain that they would not be able to do their jobs competitively without using spreadsheets as their primary tool for brokering deals.
The auditors examined a small sample of spreadsheets used day to day by the employees. The sample contained various types of spreadsheets including: Simple administration duties such as expenses, Data stores for holding client contact information, Decision support spreadsheets used by heads of departments for resource planning and financial modelling spreadsheets used by actuaries for assessing risk and pricing deals.
The auditors found no evidence that any of the spreadsheets had been developed: using a methodology; undergone testing;been formally documented. When the auditors asked the heads of departments how spreadsheet model integrity is ensured at a department level, most cited the CCI End User Computing policy signed by all staff.
The End User Computing policy was introduced to ensure that CCI complies with theU.S. Sarbanes Oxley Act (2007). The current EUC policy simply tracks where the EUC artefacts (such as spreadsheets and databases) exist on the company network and requires the heads of department and the author of the work to sign a document declaring that the information held in the EUC artefact is accurate. The EUC policy makes heads of departments and authors accountable for the accuracy of the data held in the spreadsheets. When asked about the effectiveness of the EUC policy, heads of departments explained that since they have limited expertise in spreadsheets and databases, it is impossible to objectively determine if the information presented is accurate. They therefore trust that the actuaries work is accurate and sign the document in good faith.
The auditors passed on their observations to the senior management team who in turn have requested a report outlining the risks to CCI and a pragmatic approach to managing the risks to which the bank is exposed.
4. The task
You are to compile a 5000 report for the senior management that addresses the problems CCI faces.
1. Firstly (50%), you mustoutline the risks associated with spreadsheet use and relate this to CCI’s spreadsheet activities and practices. Your report should alsohighlight the specific risks CCI faces and comment on any poor practice evident. Make use of citations to the literature and examples in your report.
2. Secondly (50%), you must recommend a new approach to managingCCI’s spreadsheets risk. You are free to adopt any approach you see fit with the exception of removing spreadsheet use from CCI completely. Your approach should take into account the fact that CCI has some 50,000 operational spreadsheets.
A (70+) A comprehensive submission. Spreadsheet literature is covered in sufficient breadth and depth with a strong critical focus using a range of sources and citations. The realisation of the specific risks CCI pose is well explained and justified. The suggested approach to mitigating and controlling the risks is well considered, innovative and practically feasible.
(60-69) A good quality submission. Spreadsheet literature is covered in breadth and depth with some critical focus and a good number of citations. The realisation of the specific risks CCI pose is explained and justified. The suggested approach to mitigating and controlling the risks is well considered and practically feasible.
(50-59) A reasonable submission. Spreadsheet literature is covered in adequate depth but is mostly descriptive and contains fewer citations. Some realisation of the specific risks CCI pose with some explanation and justification. The suggested approach to mitigating and controlling the risks is moderately well considered.
(40-49) A passable submission. Spreadsheet literature is covered in limited breadth and depth and lacks critical comment. A limited number of citations are used. The realisation of the specific risks CCI pose is adequate but with little justification or explanation. The suggested approach to mitigating and controlling the risks is acceptable but contains evidence of misunderstanding and impracticalities
Fail<40 The submission fails to achieve minimum criteria described in D grade
Hand in requirements
All assignments must be handed in electronically using the Virtual Learning Environment.