Governance Risk and Controls
CLIENT SUCCESS STORIES
A global management consulting firm based in New York with +2000 employees valued at over $2.5 billion.
Because of a professional services firm’s rapid growth and valued brand name they were purchased by a private equity firm. The private equity firm wanted to improve some processes and position the firm for an IPO. The CIO of the firm did not feel their IT operations had adequate internal controls in place to comply with the additional regulatory scrutiny public companies undergo. The CIO approached Herndonwood to develop a plan specifically around IT security controls.
Management brought in Herndonwood to manage the resolution of the gaps because they understood the need to supplement existing staff, obtain missing skills, act quickly, and create structure around the process.
Approach & Solution:
Herndonwood consultants leveraged their experience with compliance programs, control environments, IT security and tools to develop a solution that could be managed with limited effort by the small IT department and still easily demonstrate compliance considering the new increased scrutiny they were soon to be under.
Developed a compliance matrix to identify key systems and infrastructure
Inventoried employee skillsets and current tools
Created a suite of controls based off recognized security standards
Developed minimum security baselines for all identified key systems and infrastructure
Provided guidance on pushing configuration changes through the environment
Configured an existing tool to perform regular automated audits based off minimum security baselines
Developed a process to manage and remediate exceptions to the automated audits
Herndonwood created an internal controls environment leveraging the organization’s IT department’s current skill set and toolset. Provided training to fill skillet gaps and how to leverage the newly configured tools. The processes put in place maintain compliance with the controls, added rigor to change management and did not create a burden requiring additional headcount.