Clients

Career

Contact

Intero Consulting
Arabellastraße 30
81925 Munich
Germany

info@intero-consulting.de
+49 89 273 7014 0

Get in contact Apply now
Protection and Control Made Simple

Effective Risk Management for Low Code/No Code Applications

Get Advice Now

Profesional Consulting for Risk Management for Low Code/No Code Applications Your Solution from Intero Consulting

How to Reduce Risks Associated with Non-IT Managed Applications

 

Whether it's an Excel tool for analysing financial data, automated processes, or a dashboard in Power BI connecting various data sources, Low Code/No Code Applications are an integral part of daily work.

However, Low Code/No Code Applications pose significant risks, as they are developed and operated by the users themselves, rather than being managed and overseen by the IT department like standard business applications. This brings the risk that, in the event of a disruption or failure of such an application, no appropriate measures have been taken to prevent this, which could lead to further consequences like financial losses or reputational damage.

For this reason, every company should identify Low Code/No Code Applications to effectively identify and manage potential risks.

External content - Typeform survey

Here you will find content from a third-party provider that you can display with one click

This may result in personal data being transmitted to the third-party provider. You can find more information in our privacy policy

A Short Overview

What Are Low Code/No Code Applications?

Low Code/No Code Applications are created with minimal or no manual programming effort. Unlike standard software, which is typically developed by the IT department, Low Code/No Code Applications are developed and operated directly by staff in the relevant departments. Consequently, the responsibility for development and operation rests entirely with the respective departments. Such applications are particularly relevant where they allow for the aggregation, manipulation, and/or modelling of data using formulas, scripts, and workflows.

 

Examples include:

 

  • Data analysis and processing using Excel, Power BI, Python, etc.
  • Workflow automation and process streamlining with Power Automate or Zapier
  • Creating intranet portals and project management platforms with SharePoint
  • Developing databases and interfaces
  • Web design, CMS, and e-commerce solutions

Why Should Low Code/No Code Applications Be Managed?

The use of Low Code/No Code Applications offers numerous advantages and enables rapid, flexible solution development. However, especially in a corporate context, they can also bring risks. Particularly in areas such as controlling, finance, or IT, many companies rely on Excel tools to support or even completely handle processes.

Errors within an application or even a complete failure can have serious impacts on business processes, lead to wrong decisions, and result in financial losses.

 

A recent study published in Frontiers of Computer Science reveals that 94% of Excel spreadsheets used for business decision-making contain errors.

 

Through monitoring Low Code/No Code Applications and implementing appropriate safeguards, these risks and their impacts can be significantly minimised. At the same time, the confidentiality, availability, and integrity of the processed data are enhanced, and errors can be identified early. Critical Low-Code / No-Code applications can further be standardised into conventional business applications.

For financial service providers, effective risk management of Low Code/No Code Applications is essential, as it is mandated by specific regulatory provisions (DORA/VAIT/BAIT/KAIT) from the Federal Financial Supervisory Authority (BaFin). However, the risks posed by Low Code/No Code Applications are not limited to the financial industry; they concern all data-processing sectors.

For this reason, every company should implement a robust governance structure for Low Code/No Code Applications to effectively manage and mitigate associated risks.

Implementation & Benefits How Can a Governance Framework Be Implemented for Low Code/No Code Applications?

Find Out More About the Regulations in Our Blog Post
  • 1. Create a Policy
    • Develop a lifecycle
    • Define roles and responsibilities within the lifecycle
    • Establish criteria for risk classification and protective measures

    Outcome: Overarching governance structure including a lifecycle for applications

  • 2. Register and Inventory Low Code/No Code Applications
    • Develop a process to identify existing applications
    • Create a registration form to register future applications before their development
    • Gather and document all relevant information for each application.

    Outcome: Inventory of all Low Code/No Code Applications

  • 3. Identify Protective Needs
    • Create and customise a questionnaire to assess the application's protective needs based on various parameters (confidentiality, availability, integrity, authenticity)

    Outcome: Criticality / Specific risk of each application

  • 4. Determine Protective Measures and Controls
    • Create a catalogue of specific protective measures for applications
    • Set thresholds at which protective measures must be implemented
    • Develop a process for regular assessment and control of the implementation of protective measures

    Outcome: Specific protective applications for each Low Code/No Code Applications

    -> Minimisation of risks

External content - Typeform survey

Here you will find content from a third-party provider that you can display with one click

This may result in personal data being transmitted to the third-party provider. You can find more information in our privacy policy

Your Low Code/No Code Experts

[Translate to English:]

Jochen Friedrich

Partner
[Translate to English:]

Philipp Fackler

Associate Manager
Dies ist ein Porträtfoto von Benedikt Winklhofer.

Benedikt Winklhofer

Senior Consultant

Our Competence Center GRC