Automating IT Risk Management For A Financial Services Leader

This financial services giant, a part of a Fortune 5 global conglomerate, had manual risk assessment and response processes for 1,400 mission-critical applications across 14 business units spread around the globe. Asset owners were responding to generic questionnaires for risk assessment; and the process overall was inefficient, inconsistent, and error-prone. The customer engaged SDG to implement the TruOps Risk Management solution from SDG, which allowed them to assimilate thousands of mission-critical assets across the business units into a common platform, with dynamic form-based assessments, workflow approvals, configurable calculations, and insightful reporting for management and Federal regulators.

Key Challenges:

Heightened federal regulatory requirements and scrutiny of financial institutions in the post-financial crisis era.
Pressure to grow business due to increased competition and economic uncertainty.
Existing risk management processes were haphazard and inconsistent.
Risk assessments were done manually with a lack of standardization across the organization, resulting in errors and inconsistencies.
Productivity loss because each year the process was started from scratch, with no sharing and reuse of components.
End-to-end process took several months to complete, resulting in dangerous delays in the identification, analysis, and remediation of threats.

Benefits

The end-to-end audit process time has been reduced from 7 months to 7 weeks.

Risk management is more consistent and uniformly executed across the organization.

Emerging risks are proactively identified, analyzed, and acted on earlier.

Process automation, shared artifacts, and workflow across the organization have resulted in efficiency and reduced cost of compliance.

Management dashboards provide an aggregate view across the organization, and promote a broader understanding of risk.

SDG Solution

SDG provided an integrated solution for risk management by implementing an enterprise-wide, centralized global solution. This solution leveraged existing knowledge and programs to establish a unified, consistent, and comprehensive framework across the enterprise for:

Managing the inventory of all relevant IT assets and their risk tolerance.

Identifying and classifying all possible threats to each asset and the risk exposure for each threat.

Building a comprehensive enterprise risk plan by identifying and mapping risk response options for assets based on the assessed threat.

Implementing the plan to mitigate, minimize, or accept the risk.

Ongoing monitoring of the risk management processes.

Enhancing risk awareness through the use of predefined, dynamic risk analysis dashboards and reports.

About SDG

SDG is a global cybersecurity, identity governance, risk consulting, and advisory firm that advises and partners with clients to address their complex security, compliance, and technology needs and delivers on strategy, transformation, and long-term management of their cybersecurity and IAM programs.