Accountant at Work

Technology Risk and Control Framework

CLIENT SUCCESS STORIES

Client Profile:

A captive auto finance company, which was purchased by a private equity firm and restructured to sell to a multi-national bank.

 

Client Challenge:

A large automotive financial company was acquired and rebranded, requiring them to adopt their new parent company’s Technology Risk and Control Framework. The process required an extensive review of their existing procedural documentation and alignment to nearly 30 control statements from the new parent company.

Management brought in Herndonwood to manage the resolution of the gaps because they understood the need to supplement existing staff, obtain missing skills, act quickly, and create structure around the process.


Approach & Solution:

Herndonwood consultants worked with management and control owners to perform a detailed assessment of the current state of their policy and procedure documentation and to gain an understanding of their operating environment. Herndonwood leveraged SOX, COBIT, and industry-leading practice knowledge of compliance programs, to identify critical controls, allowing their management to prioritize efforts.

Herndonwood services:

  • Reviewed existing documentation and mapping to control statements

  • Interviewed control owners

  • Identified under-controlled processes

  • Mapped controls to industry standards

  • Recommended enhancements, updates, and next steps

  • Developed control testing activities
     

Business Impact:

Herndonwood created a risk control library which provided control owners, management, and auditors with the ability to see the origin of each legacy control, how it mapped to the new framework, how the risk was mitigated and what the control owner’s responsibilities are in executing the control.  Through this process Herndonwood was able to decrease the overall quantity of controls while reducing the risk exposure and providing clearer expectations to the auditors resulting in a reduction of the burden to operations during audits.