SCOPE OF ENGAGEMENT
A national banking client asked BASG to lead a key internal Technology Risk Team on an interim basis. This role would include both day to day leadership plus a series of projects to develop and implement needed reports and processes.
The elite Risk Consultant tasked with this challenging assignment had to begin by earning the respect and trust of the existing Team in the midst of a fair amount of turbulence within the organization.
His leadership put everyone at ease so that he could move to duties beyond just the day-to-day problem solving and decision making. Working with the Team, he led a series of critical initiatives including:
- Development of monthly Technology Risk Committee (TRC) package.
- Development of quarterly Technology Business Risk Report.
- Resolving self-identified audit issue related to the ISM process.
- Conversion of selected issues to the Archer GRC platform.
- Development and execution of a plan to remediate all previously approved (> 1 year) policy exceptions.
- Development and implementation of Board-level KRIs related to past due issues and previously approved policy exceptions.
- Development of a plan to differentiate sensitive and general PII, per requirements from the Privacy team.
- Development of a plan to complete Technology RCSAs.
Client satisfaction with the work performed was exceptionally high. The BASG Consultant’s expertise, approach to building Team consensus, strong knowledge of the various areas to be addressed within the organization, and ability to reach across multiple areas within the organization, moved the various projects forward even faster than the Client’s anticipated timeline.