Summary
We designed a Systems Architecture and an automated data aggregation process that provided structure and clarity to our client’s technology risk management programs.
Situation
A leading global investment bank engaged us to build a flexible risk management data aggregation process and supporting systems. The process and systems were to provide technology risk information to the decision-makers who needed it, when they needed it, and to conduct scenario-based analyses. Furthermore, the process needed to be flexible enough to respond to new regulations, threats, and an increasingly complex operating environment, all while aligning with other risk management efforts within the bank.
Satori Solution
Our first step was to design a detailed project roadmap and a communications plan that would keep executives and senior managers informed. Next, we gathered business and system requirements and translated them into a Systems Architecture, including functional, information, and integration blueprints. Based upon the architecture, we performed an evaluation of over 30 vendors and assisted the bank with its selection process.
We also developed an automated assessment process to evaluate the risk of applications, reducing the amount of time to conduct assessments. In support of the new process, we drafted the initial content for an information technology controls library, which provided common content for all technology teams to leverage as they develop firm policies, procedures, and assessments.
Results
The engagement improved communication and collaboration between technology teams and business divisions, which reduced duplicate efforts and allowed the Technology division to provide a clearer, more consistent message to its business clients throughout the firm.