AY: 2019/20

CIS7014 – End User Computing Risk Management -20 credits

Block 2 and 3

Module Leader: Simon Thorne

Assessment Brief

Assessment Title: CCI Case Study Group Presentation

WRIT1

HAND-IN DATE: CHECK MOODLE

Contents

Learning Outcomes 3

Assessment Requirements / Tasks (include all guidance notes) 3

Submission Details 5

Feedback 6

Marking Criteria 7

Additional Information 7

Referencing Requirements (Harvard) 7

Mitigating Circumstances 7

Unfair Practice 8

Learning Outcomes

This assessment is designed to demonstrate a student’s completion of the following Learning Outcomes:

• Critically evaluate the role of EUC in modern organisations
• Demonstrate understanding of the risks associated with EUC, specifically spreadsheet error.
• Understand the role Human Factors plays in spreadsheet development.
• Evaluate and discuss methods applied to spreadsheets to reduce errors presented in academic research.
• Formulate suitable management strategies for management of EUC in organisations
• Understand the role of legal, management and technological policies for the control of EUC in organisations.

Assessment Requirements / Tasks (include all guidance notes)

1. Background

Cymru Capital Investments (CCI) is a mid sized bank working in corporate and investment Banking. The bank has offices located throughout Europe and USA employing 20,000 people in over 500 offices, and is regulated by the Financial Services Authority (FSA). The bank has enjoyed rapid growth in the last five years and at the end of the last financial year recorded a profit of £2.9 Billion.

CCI’s core business is securities underwriting although it does also trade in derivatives, foreign exchange and commodities. The bank underwrites newly issued securities (Bonds and shares) from corporations and governments on the capital markets. In addition, CCI also underwrites loans and credit to various customers through a detailed process of credit analysis, this is known as Bank underwriting.

The bank’s actuaries are the employees responsible for assessing the risks of its investments and subsequently pricing the products and services sold to clients.

2. The use of Information Systems at CCI for underwriting

CCI is a typical investment bank, making extensive use of information systems to support its business functions. The bank has a formal system for officially recording agreements between CCI and clients called the “Deal Capture System”. The bank also has a bespoke financial modelling system called “Aladin model builder”.

The Deal Capture System is a regulatory requirement of the FSA that allows the CCI to make a formal record of the details of all deals brokered by the bank including the correspondence between the bank and the client whilst the deal was negotiated. This system is designed to be live so that the bank has a real time view on deals progressing at any one time.

Aladin is a model building tool that calculates the risk of a deal based on variables input into the system. Once the user has collected the relevant data, Aladin gives an indication of the risk levels CCI exposes themselves to with each investment.

In addition, the organisation has a central information systems department that services the organisations hardware, software and users. Each year the IS department conducts an audit of the data processing activities of the staff.

3. Internal audit

During a recent internal audit, it was noted that the bank had a high dependency on the use of spreadsheets and that some spreadsheets are used for mission critical decision-making. The audit revealed that CCI has in excess of 50,000 operational spreadsheets across the organisation which range from trivial expenses claims through to complex financial spreadsheet models.

The auditors asked the risk modellers why they rarely used the data capture system and the Aladin model builder. The users complained that these systems are slow and inflexible. In particular the Aladin model builder is too restrictive, it lacks the ability to define the model in great detail and requires extensive re-configuration to be kept up to date with changing commercial conditions. This has led to the pervasive use of spreadsheet software as the primary means of calculating risk levels, pricing levels and negotiations.

Further investigations by the auditors revealed spreadsheets are used in almost every underwriting deal CCI makes. Frequently, the corporate systems are engaged after the deal has been negotiated and agreed on a spreadsheet. The users complain that they would not be able to do their jobs competitively without using spreadsheets as their primary tool for brokering deals.

The auditors examined a small sample of spreadsheets used day to day by the employees. The sample contained various types of spreadsheets including: Simple administration duties such as expenses, Data stores for holding client contact information, Decision support spreadsheets used by heads of departments for resource planning and financial modelling spreadsheets used by actuaries for assessing risk and pricing deals.

The auditors found no evidence that any of the spreadsheets had been developed: using a methodology; undergone testing; been formally documented. When the auditors asked the heads of departments how spreadsheet model integrity is ensured at a department level, most cited the CCI End User Computing policy signed by all staff.

The End User Computing policy was introduced to ensure that CCI complies with the U.S. Sarbanes Oxley Act (2007). The current EUC policy simply tracks where the EUC artefacts (such as spreadsheets and databases) exist on the company network and requires the heads of department and the author of the work to sign a document declaring that the information held in the EUC artefact is accurate. The EUC policy makes heads of departments and authors accountable for the accuracy of the data held in the spreadsheets. When asked about the effectiveness of the EUC policy, heads of departments explained that since they have limited expertise in spreadsheets and databases, it is impossible to objectively determine if the information presented is accurate. They therefore trust that the actuaries work is accurate and sign the document in good faith.

The auditors passed on their observations to the senior management team who in turn have requested a presentation outlining the risks to CCI and a pragmatic approach to managing the risks to which the bank is exposed.

4. The task

You are to produce a 15 minute video presentation covering the following two points:

1. Firstly (50%), you must outline the risks associated with spreadsheet use and relate this to CCI’s spreadsheet activities and practices that are evident in the case study. Your video presentation should also highlight the specific risks CCI faces and comment on any poor practice evident. Make use of citations to the literature and examples in your presentation.
2. Secondly (50%), you must recommend a new approach to managing CCI’s spreadsheets risk. You are free to adopt any approach you see fit with the exception of removing spreadsheet use from CCI completely. Your approach should take into account the fact that CCI has some 50,000 operational spreadsheets.

Video Presentation Rules

1. Everyone in the group must pull their weight and contribute to the task, those that do not contribute will not be carried by other members. Please report all instances of non-engagement to Dr Thorne
2. The first slide other than the title should list who is in the group and what their role was in researching, writing and presenting the video
3. You are free to use any method to generate the video, you may want to cut together sections of people talking or perhaps provide narration over some slides. The choice is yours
4. Check Moodle for a list of groups and members of those groups. No changes unless authorised by Dr Thorne
5. The presentation is 2000 words of effort not literal words.

Assessment Criteria

Presentation
Identification, contextualisation and exemplification of risks CCI expose themselves to	50%
Solution that addresses the identified risks	50%

Submission Details

Please see Moodle for confirmation of the Assessment submission date.

Submission will be by 4:00pm on the deadline day.

Any assessments submitted after the deadline will not be marked and will be recorded as a Non-Attempt.

The assessment must be submitted through the submission point in Moodle

Your assessment should be titled with your groups Student ID Numbers, module code and assessment id, e.g. st12345678 CIS4000 WRIT1

Feedback

Feedback for the assessment will be provided electronically via Moodle, and will normally be available 4 working weeks after initial submission. The feedback return date will be confirmed on Moodle.

Feedback will be provided in the form of a rubric and supported with comments on your strengths and the areas which you improve.

All marks are preliminary and are subject to quality assurance processes and confirmation at the Examination Board.

Further information on the Academic and Feedback Policy in available in the Academic Handbook (Vol 1, Section 4.0)

Marking Criteria

A (70+)	A comprehensive Presentation. Spreadsheet literature is covered in sufficient breadth and depth with a strong critical focus using a range of sources and citations. The realisation of the specific risks CCI pose is well explained and justified. The suggested approach to mitigating and controlling the risks is well considered, innovative and practically feasible. The presentation is exceptionally well constructed in content and delivery, and meets the requirements of the assignment brief
B (60-69)	A good quality presentation. Spreadsheet literature is covered in breadth and depth with some critical focus and a good number of citations. The realisation of the specific risks CCI pose is explained and justified. The suggested approach to mitigating and controlling the risks is well considered and practically feasible. The presentation is well constructed in content and delivery, and meets the requirements of the assignment brief
C (50-59)	A reasonable presentation. Spreadsheet literature is covered in adequate depth but is mostly descriptive and contains fewer citations. Some realisation of the specific risks CCI pose with some explanation and justification. The suggested approach to mitigating and controlling the risks is moderately well considered. The presentation is reasonably well constructed and contains and meets some of the requirements of the assignment brief
D (40-49)	A passable presentation. Spreadsheet literature is covered in limited breadth and depth and lacks critical comment. A limited number of citations are used. The realisation of the specific risks CCI pose is adequate but with little justification or explanation. The suggested approach to mitigating and controlling the risks is acceptable but contains evidence of misunderstanding and impracticalities. The presentation is adequate, with adequate content and delivery, and it meets the requirements of the assignment brief
Fail <40	The submission fails to achieve minimum criteria described in D grade

Additional Information

Referencing Requirements (Harvard)

The Harvard (or author-date) format should be used for all references (including images).

Further information on Referencing can be found at Cardiff Met’s Academic Skills website.

Mitigating Circumstances

If you have experienced changes or events which have adversely affected your academic performance on the assessment, you may be eligible for Mitigating Circumstances (MCs). You should contact your Module Leader, Personal Tutor or Year Tutor in the first instance.

An application for MCs, along with appropriate supporting evidence, can be submitted via the following link to the MCs Dashboard

Applications for MCs should ideally be submitted as soon as possible after circumstances occur & at the time of the assessment. Applications must be submitted before the relevant Examination Board.

Further information on the Mitigating Circumstances procedure is available in the Academic Handbook (Volume 1, Section 5)

Unfair Practice

Cardiff Metropolitan University takes issues of unfair practice extremely seriously. The University has distinct procedures and penalties for dealing with unfair practice in examination or non-examination conditions. These are explained in full in the University’s Unfair Practice Procedure (Academic Handbook: Vol 1, Section 8)

Types of Unfair Practice, include:

Plagiarism, which can be defined as using without acknowledgement another person’s words or ideas and submitting them for assessment as though it were one’s own work, for instance by copying, translating from one language to another or unacknowledged paraphrasing. Further examples include:

• Use of any quotation(s) from the published or unpublished work of other persons, whether published in textbooks, articles, the Web, or in any other format, which quotations have not been clearly identified as such by being placed in quotation marks and acknowledged.
• Use of another person’s words or ideas that have been slightly changed or paraphrased to make it look different from the original.
• Summarising another person’s ideas, judgments, diagrams, figures, or computer programmes without reference to that person in the text and the source in a bibliography or reference list.
• Use of services of essay banks and/or any other agencies.
• Use of unacknowledged material downloaded from the Internet.
• Re-use of one’s own material except as authorised by the department.

Collusion, which can be defined as when work that that has been undertaken with others is submitted and passed off as solely the work of one person. An example of this would be where several students work together on an assessment and individually submit work which contains sections which are the same. Assessments briefs will clearly identify where joint preparation and joint submission is specifically permitted, in all other cases it is not.

Fabrication of data, making false claims to have carried out experiments, observations, interviews or other forms of data collection and analysis, or acting dishonestly in any other way.