The purpose of this policy is to establish control guidelines for key end-user computing (EUC) tools at Stamford International University (“STIU” or “Stamford”). The intent is to define a series of guidelines and procedures to deal with the security and use of EUC tools such as spreadsheets, databases, report writers, etc. This policy is to be used in conjunction with other applicable policies and practices.
This policy applies to all employees of STIU in all locations including the temporary employees, part-time and contractors, who use Electronic Tools that are:
- Developed and managed by users and process owners, typically within office automation software like spreadsheets, databases, and report tools (e.g. Crystal Reports);
- Not subject to IT general controls; and
- Used to assist with the calculation of an amount that is recorded in the general ledger or as the basis for disclosure in the financial statements (which has a significant financial impact), or
- Used in the execution of a control that is relied upon by management to support their assessment of the effectiveness of internal controls over financial reporting (e.g., a spreadsheet used to prepare and review reconciliation).