This paper explores the operational and compliance risks associated with critical End-User Computing tools such as spreadsheets, databases and scripts widely used in actuarial, finance and risk functions. It proposes a pragmatic, risk-based framework to transform undocumented “shadow tools” into documented and auditable assets, while showing how Generative AI can accelerate documentation and support regulatory compliance.