SCOPE OF ENGAGEMENT
A major Banking Client called on BASG to bring in a Team of skilled Technology and Operational Risk Consultants to help complete a refresh of the RCSA (Risk Control Self-Assessment) process across all Technology RAUs. Additionally, they asked the Team to develop a complete, authoritative, and governed IT controls library that could be adopted and utilized as the single source of IT controls for the RCSA process, IT Quality Management System, the GRC Platform, and other key users of IT control information.
The Risk Management Team members were selected for their very specific experience in managing projects of this type and for their deep knowledge of banking. The initial focus was on defining Technology RAUs and their owners and building the trust needed to partner with them to complete the required RCSAs. They accomplished those goals quickly.
The Team also gathered a current inventory of IT controls and mapped to both the Technology Risk Framework and the Operational Risk Framework plus the organization’s established IT policies. Their review included identifying gaps, what additional controls would be needed and developing a solid governance process for ongoing maintenance of the IT controls library.
Finally, they took a long look at gaps in existing policies and procedures and worked to enhance and deepen them to serve the existing environment and support future growth.
The RCSA Refresh was 100% successful. The Client was confident it now had a firm risk foundation and the Controls in place to continue its growth and service expansion.