top of page
Accountant at Work

Governance Risk and Controls


Client Profile:

A global management consulting firm based in New York with +2000 employees valued at over $2.5 billion.

Client Challenge:

Because of a professional services firm’s rapid growth and valued brand name they were purchased by a private equity firm. The private equity firm wanted to improve some processes and position the firm for an IPO. The CIO of the firm did not feel their IT operations had adequate internal controls in place to comply with the additional regulatory scrutiny public companies undergo. The CIO approached Herndonwood to develop a plan specifically around IT security controls.

Management brought in Herndonwood to manage the resolution of the gaps because they understood the need to supplement existing staff, obtain missing skills, act quickly, and create structure around the process.

Approach & Solution:

Herndonwood consultants leveraged their experience with compliance programs, control environments, IT security and tools to develop a solution that could be managed with limited effort by the small IT department and still easily demonstrate compliance considering the new increased scrutiny they were soon to be under.


Herndonwood services:

  • Developed a compliance matrix to identify key systems and infrastructure

  • Inventoried employee skillsets and current tools

  • Created a suite of controls based off recognized security standards

  • Developed minimum security baselines for all identified key systems and infrastructure

  • Provided guidance on pushing configuration changes through the environment

  • Configured an existing tool to perform regular automated audits based off minimum security baselines

  • Developed a process to manage and remediate exceptions to the automated audits

Business Impact:

Herndonwood created an internal controls environment leveraging the organization’s IT department’s current skill set and toolset.  Provided training to fill skillet gaps and how to leverage the newly configured tools. The processes put in place maintain compliance with the controls, added rigor to change management and did not create a burden requiring additional headcount.

bottom of page