Sanjay is the Founder and CEO of CIMCON Software, a company specializing in reducing risks from spreadsheets and other End User Computing tools. Sanjay will be delivering key insights at the 5th Annual Risk EMEA 2016, and ahead of the Summit, we interviewed Sanjay on some of the challenges currently facing Risk professionals.
Sanjay, can you tell the Center for Financial Professionals readers about your background, expertise and experience?
I have over 24 years of experience in risk management, data governance, and compliance. Early in my career, I performed risk assessments for large enterprise data management systems, to determine areas of high risk. Around this time, I discovered that while a lot of time and resources were focused on enterprise systems, no attention was being paid to the unstructured information stored on shared drives that contained critical data and regulatory information, creating grave business and regulatory risk for the firm. Spreadsheets were a big part of this unstructured landscape, and CIMCON was founded to reduce EUC risks. Over the last 20 years, much of my time has been dedicated to developing and advancing the End User Computing (EUC) market, and in developing innovative tools and technologies that improve data quality and compliance.
For readers that are not familiar with End User Computing GRC, could you provide some background and context on why it is important?
End User Computing (EUCs) refers to powerful computing applications that are easily available to users on their desktops without the traditional controls that are applied when using source code. These include spreadsheets, Access databases, and other reporting and querying applications. Spreadsheets are used heavily to develop stress testing models, determine capital requirements, and many core financial processes. Many of these processes, data, and outputs are subject to regulations such as Stress Testing, Basel, Solvency II, Sarbanes-Oxley, and hence are of interest to regulators, internal auditors and external auditors. Further, EUC errors have resulted in major financial losses to firms in millions or even billions of dollars. Hence, implementing an adequate Governance, Risk and Compliance (GRC) framework over the use of these EUCs is very important.
What is your response to those that say that spreadsheets will go away?
We don’t hear that much anymore for several reasons. The business and regulatory climate has become more dynamic, data sources have become more complex, and the reporting requirements have increased, all of which have increased the dependency on spreadsheets. Spreadsheets also serve as vital connecting links between disparate enterprise systems and data sources to perform final consolidation. Even if they can be replaced at any given point of time, new spreadsheets will come up to meet market, management and regulatory pressures.