Case Study

SIFI IT Governance And Health Metrics

By February 5, 2019 November 18th, 2024 No Comments

Fortune 25 Financial Company Combats Risk By Implementing an IT Governance Solution

Our client, a systemically important financial institution (SIFI), was struggling to meet increasingly stringent regulatory and audit requirements and to reduce business operational risk. SDG implemented TruOps, a product that provides a comprehensive approach to regulatory compliance, risk, and audit management. The resulting solution helped our client manage and mitigate risks, improve efficiencies, and protect their brand using a single enterprise-wide GRC platform.

Download Case Study

Key Challenges:

In the aftermath of the financial crisis, consumer protection laws intensified the supervision of SIFIs by the Federal Reserve Board. The resulting enhanced regulatory reporting requirements, together with the need to understand the efficacy of their IT investments, require businesses to gather suitable metrics, the leading indicators of IT Health.

Our client was doing this by manually uploading data from hundreds of spreadsheets to a reporting tool to create performance reports for federal regulators and for management to peruse. The process, executed every quarter, across 12 business units was inconsistent, often incomplete or late, and prone to errors. An especially arduous task was the creation of a business-wide, hard-copy report that could take several weeks to collate and create. They saw the need for an IT governance framework and contracted SDG to implement a GRC solution that would automate the process of gathering consistent metrics from multiple business units and provide comprehensive, accurate and timely information to help them manage all their operational, risk and compliance needs.

Result

Wand icon

The overall process time has been reduced from 2 months to 2 weeks.

Wand icon

Data is now accurate and consistent across the businesses.

Wand icon

Executives can respond quickly and confidently to the information demands of the regulatory authorities.

Wand icon

The all-important hard copy management report is created instantly.

Wand icon

Reporting filter flexibility and drill-downs provide the process team and business owners with additional insights into the data.

Wand icon

The process log tracks all activities and is continuously used to make improvements to the process SOA roadmap.

SDG Solution

The SDG technical team built a multifaceted audit and approval workflow system that is automatically triggered every quarter. Self-service functionality allows data to be uploaded from each business. It then goes through a validation and approval process that results in consistent and complete data recorded from each of the businesses. During this process, the following are observed:

  • Data validation, integrity, and quality rules are enforced at all times.
  • All user actions are recorded. This log is used for reporting the progress of the process.
  • Email alerts and notifications are sent out to prompt users to take action.
  • Super users assign roles to the other users. These roles determine their access as well as responsibilities in the workflow.
  • Super users can control the timing of the workflow.

Once the data has been gathered, it is available for reporting. The SDG team created an elegant reporting facility that coalesces the data from all the businesses for display in the management dashboard and for the generation of hard-copy reports instantly and on demand.

  • Data is available for display based on the role and the access for that role within the business.
  • Reports can be viewed only when all the data from the businesses has been loaded.
  • The parent company can view a summation of data from all the businesses.
  • Allows for drill-down to show any underlying data.

Download Case Study

About SDG

SDG is a global cybersecurity, identity governance, risk consulting, and advisory firm that advises and partners with clients to address their complex security, compliance, and technology needs and delivers on strategy, transformation, and long-term management of their cybersecurity and IAM programs.

SDG [Technology + Passion] - Risk