Success Story
Client Introduction
A well-known community bank based in the US, offering loan servicing, finance and accounting, retail banking, electronic banking, and other services.Problem Statement
- 31 CFR Chapter X-related leakages identified in CTR & SAR filing
- Legal and operational risks with potential reputational implications
- Minimal cross-functional coordination
Key requirements:
- Hire a team of ~25 qualified testers, supervisors, and managers in 3-4 weeks based in Atlanta, GA.
- Onboard and train the team in one week.
- Help control owners review controls, draft control descriptions, test the scripts, and make decisions.
- Test ~150 key GLBA and non-key controls as a part of the 1st line-of-defense (information technology ITO and operations controls).
- Conduct the test of design, including the test of one.
- Conduct the test of effectiveness.
- Management reporting to the stakeholders.
- Review and provide recommendations on the Enterprise Control Management Program (ECMP) – IT document.
Solution Offered
- Leveraged our Talent Acquisition engine accelerated by ClearedTalent™ to hire professionals from a pre-vetted talent community.
- Completed the staffing of ~25 qualified control testers, supervisors, and managers with hands-on expertise and proficiency in testing the IT and operations controls and upskilled them within the timeline.
- Coordinated with Control Owners to review each control’s evaluation against ECMP requirements and determined the controls.
- Conducted Quality Control (QC) before testing based on the feedback received from Control Owners.
- Determined control adequacy and evidence.
- Developed a customized randomizer tool for sampling the controls.
- Conducted GLBA peer-to-peer QA testing on 50% of the controls enabled by pre-defined QA checklists to demonstrate performance attributability.
Business Outcomes
- Successfully met the internal audit obligations and established Shared Services setup.
- Tagged 52 GLBA controls for retirement within the first 60 days.
- Continual updating of ECMP document and QA/QC methodology.
- Leveraged best practices from a Shared Services and Enterprise Risk Management perspective, such as:
- Knowledge dissemination is based on existing digital knowledge repositories powered by Fluent (proprietary digital knowledge management solution).
- Reporting of Service Levels as well as Control Effectiveness measures amongst others through Factum (proprietary digital dashboarding system).
- Optimization of Control Testing and subsequent digitization by “Overlap Identification” and subsequent RPA implementation powered by Uipath – ~ 10 % efficiency benefits through Non-Value Add elimination in the testing processes.
Want to learn more or need a solution?
Write to us: info@anaptyss.com