Achieve Sarbanes-Oxley compliance and subsequently comply with a newly implemented operational risk management framework
Change Envisioned :
Our client initially engaged Protiviti to deliver the first phase of a project to transform the governance and assurance processes
Increased risk management effectiveness and improved audit position through an improved control culture
Our client is a global bank with operations covering retail and commercial banking, investment banking and investment management. Its information technology (IT) department had made significant investments to achieve Sarbanes-Oxley compliance and subsequently, had to comply with a newly implemented operational risk management framework.
The client recognized a number of weaknesses in its IT governance and assurance processes, including:
Difficulty in demonstrating effective management of risks deemed significant across the organization due to a lack of an operating model to link the IT control universe to wider business risks
IT risks were not communicated or considered by the business
Lack of a formalized process to consistently and accurately identify, assess and aggregate the risk and control position for internal attestation purposes
Recurring service outages due to an inadequate root cause analysis process
Our client initially engaged Protiviti to deliver the first phase of a project to transform the governance and assurance processes of the retail and commercial banking arm’s IT department. Due to the success of this phase, Protiviti’s team will continue to lead subsequent phases as follows:
Phase 1 – Design. Our professionals designed governance and assurance processes and an overarching operating model for the IT department. The scope at this stage was limited to the United Kingdom. We provided insight through an extensive operating manual, as well as procedural documentation, reports and user awareness sessions.
Phase 2 – U.K. Implementation. We managed and supported the implementation of the processes and operating model designed in Phase I. Our professionals supported the “business as usual” staff as the new processes became live, and began an extensive training program.
Phase 3 – Global Implementation. Our team managed the implementation of the governance and assurance processes and operating model. We assisted with the current operating model to improve the IT department’s alignment and interaction with the business. We expanded the scope of the training and awareness program globally and provided an appropriate tool kit for the management and reporting of risk.
As a result of this project the client reports:
Increased risk management effectiveness over its more than £1 billion capital provision.
Improved audit position through an improved control culture.
Transparency through communication and by quantifying risk exposures as they relate to the business. This has led to improved decision-making based on risk and control.
The ability to perform root cause analysis to identify the control failures behind service outages, resulting in a reduction in the recurrences of service outages.
How We Help Companies Succeed
Organizations are faced with increasing risks and costs in delivering technology that supports the business. While technology is increasingly critical to achieving business objectives, the risks of managing the technology are not well understood or defined.
Protiviti's team of technology professionals enable clients to clearly define the risks of technology, reduce or manage the costs of risk identification, and enable the monitoring of business performance while managing technology risks.