As a result of the increasing regulatory focus on the control environment of financial services providers, a large investment bank was presented with a series of negative findings from the Federal and the firm’s external auditor. These findings highlighted deficiencies in the firm’s entitlement management primary controls. Additionally, some of the shortcomings called into question the efficacy of the firm’s compensating control environment for managing access to the firm’s applications. The deficiencies resulted in a Matter Requiring Attention (MRA) and several open audit points which required a tactical response to address the highlighted items as well as a strategic approach to enhance the privilege management program and strengthen the firm’s entitlements management environment.
We established a structure to enable tactical responses to the issues highlighted by the auditors and regulators while simultaneously laying the groundwork for a strategic uplift of the entire program. We instituted effective governance, high standards, and best practices for this high profile initiative. Our team led a three-pronged effort to establish program governance, implement a program management framework, and develop a strategic roadmap. Working with the program owners, we established Steering and Operating Committees as well as work streams that drove the effort to close the open MRA, addressed the concerns of the external auditor and laid the foundation for the advancement of program maturity. Elements of the strategic architecture including a new entitlements recertification tool, a metrics dashboard and an entitlements repository.
Our contribution to the client’s entitlements management program formalized the program structure, improved accountability, delivered necessary solutions and minimized the risk associated with unauthorized system entitlements.