Technology Risk and Control Framework
CLIENT SUCCESS STORIES
A captive auto finance company, which was purchased by a private equity firm and restructured to sell to a multi-national bank.
A large automotive financial company was acquired and rebranded, requiring them to adopt their new parent company’s Technology Risk and Control Framework. The process required an extensive review of their existing procedural documentation and alignment to nearly 30 control statements from the new parent company.
Management brought in Herndonwood to manage the resolution of the gaps because they understood the need to supplement existing staff, obtain missing skills, act quickly, and create structure around the process.
Approach & Solution:
Herndonwood consultants worked with management and control owners to perform a detailed assessment of the current state of their policy and procedure documentation and to gain an understanding of their operating environment. Herndonwood leveraged SOX, COBIT, and industry-leading practice knowledge of compliance programs, to identify critical controls, allowing their management to prioritize efforts.
Reviewed existing documentation and mapping to control statements
Interviewed control owners
Identified under-controlled processes
Mapped controls to industry standards
Recommended enhancements, updates, and next steps
Developed control testing activities
Herndonwood created a risk control library which provided control owners, management, and auditors with the ability to see the origin of each legacy control, how it mapped to the new framework, how the risk was mitigated and what the control owner’s responsibilities are in executing the control. Through this process Herndonwood was able to decrease the overall quantity of controls while reducing the risk exposure and providing clearer expectations to the auditors resulting in a reduction of the burden to operations during audits.