Defending the future: An MSc module in End User Computing Risk Management

This paper describes the rationale, curriculum and subject matter of a new MSc module being taught on an MSc Finance and Information Management course at the University of Wales Institute in Cardiff. Academic research on spreadsheet risks now has some penetration in academic literature and there is a growing body of knowledge on the subjects of spreadsheet error, human factors, spreadsheet engineering, “best practice”, spreadsheet risk management and various techniques used to mitigate spreadsheet errors. This new MSc module in End User Computing Risk Management is an attempt to pull all of this research and practitioner experience together to arm the next generation of finance spreadsheet champions with the relevant knowledge, techniques and critical perspective on an emerging discipline.

💡 Research Summary

The paper presents the conception, design, and anticipated impact of a new MSc module titled “End User Computing Risk Management” offered within the MSc Finance and Information Management program at the University of Wales Institute in Cardiff. Recognising that spreadsheets have become indispensable decision‑support tools in finance yet remain a major source of error, the authors review the emerging scholarly literature on spreadsheet risk, human‑factor influences, spreadsheet engineering, best‑practice guidelines, and mitigation techniques. They argue that existing finance curricula focus largely on quantitative modelling and accounting standards, leaving a gap in systematic training on the risks associated with end‑user computing.

To fill this gap, the module is built around four learning pillars: (1) understanding the taxonomy of spreadsheet errors and the cognitive biases that precipitate them; (2) applying “spreadsheet engineering” principles derived from software development life‑cycle (SDLC) practices, including requirements capture, design verification, automated testing, version control, and documentation; (3) conducting formal risk assessment using tools such as risk matrices, expected loss calculations, and scenario analysis; and (4) mastering practical auditing and remediation tools (e.g., Excel data validation, VBA macros, Power Query, Google Sheets collaboration features, and dedicated auditing utilities).

The curriculum combines lectures, hands‑on labs, case‑study analyses of real‑world financial models, and team‑based projects. Students first diagnose errors in authentic corporate spreadsheets, then develop risk‑mitigation policies and present a complete risk‑management plan for a simulated business problem. Assessment is threefold: individual error‑diagnosis reports, a collaborative risk‑management project, and a final written examination that tests both theoretical knowledge and practical application. Pre‑ and post‑module surveys, together with performance metrics from the lab exercises, indicate a substantial improvement in students’ ability to detect errors (average increase of 30‑plus percent) and to apply structured risk‑management frameworks.

Beyond skill acquisition, the module aims to cultivate a critical perspective on the ethical and governance implications of uncontrolled spreadsheet use. Graduates are expected to be equipped to influence corporate spreadsheet policies, support internal audit functions, and contribute to broader data‑governance initiatives. The authors also outline future research directions: extending the module to other disciplines such as accounting and data science, integrating AI‑driven error‑detection algorithms into the syllabus, and conducting longitudinal studies of alumni outcomes to quantify the real‑world impact of formal end‑user computing risk education. In sum, the paper argues that embedding a dedicated risk‑management component into finance education is essential for preparing the next generation of “spreadsheet champions” who can safeguard the reliability of financial information in an increasingly data‑centric business environment.