Situation
Gaps in standardization and program management methodology were causing problems for the Technology Risk division of a premier US bank. There was an ever-increasing disparity in new documentation and a large backlog of outdated materials. The division was being asked to expand its project management and consulting services to include new firm-wide initiatives, including creating a Risk and Control Library for managing information security risk and overseeing the internal development of software for ensuring information security. Complicating the situation was the division’s need to respond to new regulatory requirements, which developed as a result of increased oversight of the financial services industry.
Satori Solution
We established a streamlined program of policy and standard creation and review. This included tools for automatic document status tracking as well as real-time dashboard management reporting, and the establishment of clear program metrics. We managed several software development projects, coordinating the functional requirements-gathering across various Technology Risk teams and driving the creation of functional specifications for the products. We created standardized templates for outlining the firm’s security standards and mapped the standards to industry best practices, leading to improved coverage of risk areas, a roadmap for regulators’ assessment of the firm’s documentation, and the creation of the Risk and Control Library.
Finally, we created a Technology Governance Handbook for the client’s worldwide Technology organization. The Handbook articulated the setup and underlying philosophy of Technology division governance.
Results
Our efforts were instrumental in streamlining the client’s information security policy program and in positioning the Technology Risk division for an enhanced role within the company. The number of outdated documents decreased from 75% to 8%, while the introduction of standardized templates eliminated numerous inconsistencies. The Handbook proved essential for internal reference and regulatory inquiries.
The firm at large is now seen as the information security leader within the financial services industry.