Project Case Study:Bringing Clarity, Coordination, and Efficiency to IT Risk Management
Case Study at a Glance
- Customer: Investment Bank and Financial Services Firm
- Organization Size: Corporate (10,000+ employees)
- Industry: Investment Services
- Project: IT Risk Management Procedure Update
- Deliverables: Improved Processes and Procedures; Explanative Infographic
- Timeline: 12 Weeks
A fast-growing Fortune 500 investment services company was beginning to feel the effects of growing pains around an essential component of their business: IT risk management. It all began when the IT Risk team was asked to provide documentation that showed how the department managed its technology risks. However, the current state of the procedural documentation was less than ideal: it had not been updated in more than two years. It was incomplete, out of date, and no longer in adherence to procedural documentation requirements.
Like many large firms, the document had more than one contributor, which led to natural inconsistencies in process flow and organization. Several sections had processes that were incomplete or had even undergone changes since the last revision. The document’s owner was aware of the deficiencies within the document, however they did not have the time nor resources to review it as a whole.
The Main Digital Solution
Starting with a clean slate: Main Digital initially approached the project by mapping out the overall process. Client review exercises of this process map revealed that there could be a clearer understanding of the end-to-end process and all of the touchpoints. Once consensus of what the process flow should resemble was reached, the Main Digital team was able to identify gaps and opportunities.
Adapting to the client’s needs: As is often the case when working with IT Risk teams, their experts are always working hard to prevent fires and their schedules always yield to external examiners or security issues. Catching a moving target was no easy task, but the Main Digital team was able to leverage their deep expertise in financial services IT risk and controls in order to complete 80% of the work before asking for input from clients. This allowed us to be fast and efficient while preserving the time of the client team for what they needed to focus on: the security of their organization.
Bringing all the pieces together: The Main Digital team was able to reorganize the flow of the document to match a process flow and include sections previously missed. Each individual contributor had the chance to review and approve their section of the procedure, including the opportunity to provide updates as the project progressed. In addition to the original request, a RACI matrix (defining roles and responsibilities) was created and included in the process document.
Going above and beyond: Once the procedure document was approved, there was one more opportunity to provide efficiency and make their team’s job easier. To streamline communication about the newly defined risk management process, a one-page infographic was created to help visually demonstrate how the organization managed its risks. Instead of just publishing a 30+ page procedural document, the accompanying infographic provides an executive summary that helps increase awareness of risk management, as well as improve use and adoption throughout the organization.
The document is now up-to-date and maintainable in its current state, manageable by a single resource, and has been registered for monitoring and regular review. Plus, the team will be able to easily use this new documentation to report on their IT risk management processes and procedures at a moment’s notice.
“Not only were we able to help our client immediately improve their processes, we also helped them improve their organization’s security in the long run — which was the best part of this entire project.
– Sanam Boroumand, Main Digital CEO