This course is divided into five topics and an end-of-course assessment.
The Home button at the end of each topic takes you to the Home page.
The Menu button provides access to the individual topics.
The Resources button provides a list of useful links.
The Switch Language button lets you switch to a different language.
The Close button ends your training session and closes the course window.
What are the risks associated with using EUCs?
The use of EUCs introduces risk into Citi’s environment because an EUC lacks controls found in formal applications managed by a centralized technology group.
Select each tab to examine the risks of using EUCs, the Risk Levels of an EUC and how to reduce our reliance on EUCs.
EUCs are used for Business Processes that:
As EUCs are typically developed, used, and managed by End Users, there are multiple inherent risks stemming from improper management, such as, but not limited to:
go to next button
The inherent risks associated with the use of EUCs can only be mitigated after an EUC is identified, registered and risk assessed. EUCs can be classified into the following four Risk Levels: Critical, High, Medium, and Low.
We will take a closer look at these Risk Levels and the methods to evaluate the need to create an EUC and ways to risk reduce an EUC in the topic: EUC Prevention and Risk Reduction.
go to next button
EUCs must be seen as interim solutions to business needs, with an end goal of reducing the use of EUCs through approved Risk Reduction methods, as appropriate.
One of these Risk Reduction methods is IT-enabled Smart Solutions (ITeSS) as an alternative to EUCs.
The tool is only used for a one-time or ad hoc purpose if:
Note:
Tools that are created on a repeated basis to support a Business or Function process are not considered as one-time or ad hoc purpose (i.e., spreadsheets created for individual deals).
Decision
If Yes, the tool is not an EUC or ITeSS.
If No, move to question B.
Examples of Logic include but are not limited to:
Note:
Tools only containing filters and no other Logic are not EUCs.
Decision
If Yes, move to question C.
If No, Tool is not an EUC or ITeSS.
Examples of material reporting impact include but are not limited to:
Note:
Materiality is determined by the Business and Function Process Owners or the In-Business Risk & Control committee.
Decision
If Yes, move to question F.
If No, move to question D.
Decision
If Yes, move to question F.
If No, move to question E.
Tools that do not support a Business Process/activity or control in the Assessment Unit’s MCA, with an inherent risk of 1-3 are not considered to satisfy the definition of an EUC.
Decision
If Yes, move to question F.
If No, Tool is not an EUC or ITeSS.
Business and Function HEAP (Head of Enterprise and Architecture Planning) and CIO (Chief Information Officer) may provide special provisions to classify tools that are developed, implemented, and maintained following CSDLC-like controls such as Core IT System.
Decision
If Yes, Tool is a Core IT System, and not an ITeSS or EUC as it was developed, implemented and/or maintained in compliance with the CSDLC.
If No, move to question G.
An ITeSS Platform is an application or system developed with Citi approved software to create, test, maintain, and execute ITeSS Use Cases. ITeSS Platforms must be registered in Citi System Inventory (CSI) and are owned and managed by Citi IT.
Decision
If Yes, Tool is an ITeSS.
If No, Tool is an EUC.
Before an EUC is created, Citi Staff should consider these initial steps for reducing EUC risk exposure and limiting the firm’s overall reliance on EUCs:
Select each tab to take a closer look at both steps involved in the prevention process for creating an EUC.
All Citi Staff must submit an EUC creation request to the EUC Accountable Business Owner (ABO) for review and approval prior to creating a new EUC.
An EUC Accountable Business Owner (ABO) is accountable for the compliance with the EUC Standard for all EUCs under their purview. Staff should consult with Business and Function IT and assess if the need for a new EUC can be met using an alternative technology solution or enhancing a Core IT System within the required timeframe to meet the business requirements.
go to next button
All Citi Staff must identify all EUCs within their Business Process.
An EUC ABO should ensure that all tools used within the Business Processes are reviewed to identify all EUCs at least annually using the EUC & ITeSS Decision Tree.
Business re-structuring/Process re-engineering is a change or modification of the business such as divestiture.
It is also the change or modification of the Business Process(es) resulting from, but not limited to:
As a result of process re-engineering, the whole process undergoes a major change and the EUC is eliminated.
An EUC is eliminated via Migration/Enhancement to Core IT when the IT system or application is managed by Enterprise or Business and Function IT and the application complies with Citi Solution Delivery Life Cycle Standard (CSDLC) and all applicable Citi IT policies.
The CSDLC can be accessed within the Resources section.
ITeSS Use Cases are built on approved ITeSS platforms managed by Business and Function IT. ITeSS Use Case Owners build Use Cases, but these Use Cases must comply with the ITeSS Standard and must be approved by Business and Function IT prior to deployment on the ITeSS platform.
ITeSS is one of the three Risk Reduction methods to replace Critical, High, and Medium Risk EUCs.
Which of the following selections does this statement describe:
It is a series of questions and criteria that is used to determine if a tool is an EUC or ITeSS.
Select the best response and then select Submit.
Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key to resume using the Space key.
The EUC and ITeSS Decision Tree is a series of questions and criteria used to determine if a tool is an EUC or ITeSS.
Use the Decision Tree to review all tools in your group, identify if any EUC or ITeSS is in use, and register any unregistered EUC in the EUC Inventory Tool.
The EUC and ITeSS Decision Tree is a series of questions and criteria used to determine if a tool is an EUC or ITeSS.
Use the Decision Tree to review all tools in your group, identify if any EUC or ITeSS is in use, and register any unregistered EUC in the EUC Inventory Tool.
The EUC and ITeSS Decision Tree is a series of questions and criteria used to determine if a tool is an EUC or ITeSS.
Use the Decision Tree to review all tools in your group, identify if any EUC or ITeSS is in use, and register any unregistered EUC in the EUC Inventory Tool.
That's right.
The EUC and ITeSS Decision Tree is a series of questions and criteria used to determine if a tool is an EUC or ITeSS.
Use the Decision Tree to review all tools in your group, identify if any EUC or ITeSS is in use, and register any unregistered EUC in the EUC Inventory Tool.
Not quite. Refer to EUC and ITeSS for more information.
Not quite. Refer to EUC and ITeSS for more information.
According to the Decision Tree, which criteria support correctly defining an End User Computing or IT-enabled Smart Solution?
Select all that apply and then select Submit.
Below are the criteria used to determine EUCs and ITeSS.
Below are the criteria used to determine EUCs and ITeSS.
Below are the criteria used to determine EUCs and ITeSS.
That’s right.
Below are the criteria used to determine EUCs and ITeSS.
Not quite. Refer to EUC and ITeSS for more information.
Not quite. Refer to EUC and ITeSS for more information.
What are the initial steps for reducing EUC risk exposure and limiting the firm’s over-all reliance on EUCs?
Select all that apply and then select Submit.
Citi Staff should consider these initial steps for reducing EUC risk exposure and limiting the firm’s overall reliance on EUCs:
Citi Staff should consider these initial steps for reducing EUC risk exposure and limiting the firm’s overall reliance on EUCs:
Citi Staff should consider these initial steps for reducing EUC risk exposure and limiting the firm’s overall reliance on EUCs:
That’s right.
Citi Staff should consider these initial steps for reducing EUC risk exposure and limiting the firm’s overall reliance on EUCs:
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
Which of the following are examples of inherent risks presented by End User developed tools such as EUCs?
Select all that apply and then select Submit.
Each of the correct options can be considered as inherent risks, however, these are not the only risks that can occur in the case of improper management of EUC usage.
Each of the correct options can be considered as inherent risks, however, these are not the only risks that can occur in the case of improper management of EUC usage.
Each of the correct options can be considered as inherent risks, however, these are not the only risks that can occur in the case of improper management of EUC usage.
That’s right.
Each of the correct options can be considered as inherent risks, however, these are not the only risks that can occur in the case of improper management of EUC usage.
Not quite. Refer to EUC and ITeSS for more information.
Not quite. Refer to EUC and ITeSS for more information.
What should all Citi Staff do prior to creating a new EUC?
Select the best option and then select Submit.
Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key to resume using the Space key.
We should always consult Business and Function IT teams and consider alternative solutions for our Business Solution requirement(s) prior to creating a new EUC.
Not quite.
We should always consult Business and Function IT teams and consider alternative solutions for our Business Solution requirement(s) prior to creating a new EUC.
Not quite.
We should always consult Business and Function IT teams and consider alternative solutions for our Business Solution requirement(s) prior to creating a new EUC.
That’s right.
We should always consult Business and Function IT teams and consider alternative solutions for our Business Solution requirement(s) prior to creating a new EUC.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
Once you have determined that a tool you are using to support your business process is an EUC, what is the first action to take?
Select the best option and then select Submit.
Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key to resume using the Space key.
All EUCs must be registered, risk assessed, and controlled throughout their use and must have a Risk Reduction plan in place.
Once you have determined that the tool you are using is an EUC, the first action to take is to register and risk assess your EUC in the EUC Inventory Tool.
Not quite.
All EUCs must be registered, risk assessed, and controlled throughout their use and must have a Risk Reduction plan in place.
Once you have determined that the tool you are using is an EUC, the first action to take is to register and risk assess your EUC in the EUC Inventory Tool.
Not quite.
All EUCs must be registered, risk assessed, and controlled throughout their use and must have a Risk Reduction plan in place.
Once you have determined that the tool you are using is an EUC, the first action to take is to register and risk assess your EUC in the EUC Inventory Tool.
That’s right.
All EUCs must be registered, risk assessed, and controlled throughout their use and must have a Risk Reduction plan in place.
Once you have determined that the tool you are using is an EUC, the first action to take is to register and risk assess your EUC in the EUC Inventory Tool.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
What are the Risk Reduction methods prescribed by the EUC Standard to reduce reliance on EUCs?
Select all that apply and then select Submit.
The three Risk Reduction methods are essential for the completing of the ultimate objective to eliminate Critical and High Risk EUCs as much as possible and reduce the reliance on EUCs.
The three Risk Reduction methods are essential for the completing of the ultimate objective to eliminate Critical and High Risk EUCs as much as possible and reduce the reliance on EUCs.
The three Risk Reduction methods are essential for the completing of the ultimate objective to eliminate Critical and High Risk EUCs as much as possible and reduce the reliance on EUCs.
That’s right.
The three Risk Reduction methods are essential for the completing of the ultimate objective to eliminate Critical and High Risk EUCs as much as possible and reduce the reliance on EUCs.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
Not quite. Refer to EUC Prevention and Risk Reduction for more information.
In contrast to EUCs, ITeSS enables a path for End User developed tools to reduce risk for Citi.
Which of the following statements is also true about ITeSS?
Select the best option and then select Submit.
Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key to resume using the Space key.
ITeSS are lower risk alternatives than EUCs as they have higher levels of controls due to being developed on a Citigroup Solutions Inventory (CSI) registered platform. Any risks of End User developed tools, such as EUCs, are mitigated during the ITeSS development cycle.
Not quite.
ITeSS are lower risk alternatives than EUCs as they have higher levels of controls due to being developed on a Citigroup Solutions Inventory (CSI) registered platform. Any risks of End User developed tools, such as EUCs, are mitigated during the ITeSS development cycle.
Not quite.
ITeSS are lower risk alternatives than EUCs as they have higher levels of controls due to being developed on a Citigroup Solutions Inventory (CSI) registered platform. Any risks of End User developed tools, such as EUCs, are mitigated during the ITeSS development cycle.
That’s right.
ITeSS are lower risk alternatives than EUCs as they have higher levels of controls due to being developed on a Citigroup Solutions Inventory (CSI) registered platform. Any risks of End User developed tools, such as EUCs, are mitigated during the ITeSS development cycle.
Not quite. Refer to EUC and ITeSS for more information.
Not quite. Refer to EUC and ITeSS for more information.
What is the risk level classification of an EUC that is involved in the direct data input, data correction, or report production of the Citigroup, and/or CBNA BCBS 239 Report?
Select the best option and then select Submit.
Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key to resume using the Space key.
An EUC is classified as Critical if it is involved in the direct data input, data correction, or report production of the Citigroup, and/or CBNA BCBS 239 Report.
Not quite.
An EUC is classified as Critical if it is involved in the direct data input, data correction, or report production of the Citigroup, and/or CBNA BCBS 239 Report.
Not quite.
An EUC is classified as Critical if it is involved in the direct data input, data correction, or report production of the Citigroup, and/or CBNA BCBS 239 Report.
That’s right.
An EUC is classified as Critical if it is involved in the direct data input, data correction, or report production of the Citigroup, and/or CBNA BCBS 239 Report.
Not quite. Refer to EUC and ITeSS for more information.
Not quite. Refer to EUC and ITeSS for more information.
Which of the following statements accurately describes ITeSS?
Select the best option and then select Submit.
Please use the Space key only when selecting a radio option with the keyboard. The Enter key is not fully supported. If the Enter key has been used to select a radio option, please use the Escape key to resume using the Space key.
An IT-enabled Smart Solution (ITeSS) is developed on an approved ITeSS Platform and compliant with the ITeSS Standard. Solutions approved in ITeSS platforms reduce inherent risks associated with the creation of EUCs.
Not quite.
An IT-enabled Smart Solution (ITeSS) is developed on an approved ITeSS Platform and compliant with the ITeSS Standard. Solutions approved in ITeSS platforms reduce inherent risks associated with the creation of EUCs.
Not quite.
An IT-enabled Smart Solution (ITeSS) is developed on an approved ITeSS Platform and compliant with the ITeSS Standard. Solutions approved in ITeSS platforms reduce inherent risks associated with the creation of EUCs.
That’s right.
An IT-enabled Smart Solution (ITeSS) is developed on an approved ITeSS Platform and compliant with the ITeSS Standard. Solutions approved in ITeSS platforms reduce inherent risks associated with the creation of EUCs.
Not quite. Refer to EUC and ITeSS for more information.
Not quite. Refer to EUC and ITeSS for more information.
This course provides an overview of End User Computing (EUC) and Citi’s effort in reducing the risk and reliance on EUCs by considering alternative technology solutions including approved IT-enabled Smart Solutions (ITeSS).
This training will take approximately 20 minutes to complete.
Scroll down to view the topic list, then select the Introduction topic to begin. Select the Home button at any time to return to this menu.
This course is divided into four topics and an end-of-course assessment. After completing the training content, you must score 80% or higher in the assessment to receive credit for this course.
A list of useful links is available at any time by selecting the Resources button .
If you are accessing the course from a personal device directly over the Internet (outside of the Citi network), some links may not work if they link to content within Citi’s network. This will not impact your ability to complete the course.
go to close menu button
go to close button
