Reduce Operational Risk from Technology Change with Rightsized Control Design
Fortune 50 Financial Services Institution
The Client’s Information Technology organization sought expertise in support of its Technology Change Life Cycle (TCLC) program to reduce operational risk resulting from technology change. Reference Point focused on rightsized control design and development in order to control risk based on the inherent risk of the change.
- The Client’s existing technology change controls were rigid and owned centrally, limiting innovation from teams that executed technology changes.
- The Client recently established a TCLC program to reduce operational risk introduced to the firm by technology change.
- The Client required subject matter expertise to redesign and develop controls to not only strengthen the first line of defense but also to allow for flexibility and foster innovation across the TCLC.
- Reference Point deployed a team of consultants and industry experts, including the former head of Citi’s IT Risk & Control Group and the former Chief Data Officer for Asset Management at JPMC to perform control design, development and pilot planning for the IT organization.
- The team partnered with the Client’s first line of defense to develop a TCLC risk appetite framework and risk criteria scoring methodology to facilitate proactive management of technology change risk across the first line of defense.
- Reference Point also reviewed recent change history and incidents and developed new controls for TCLC methodologies that appropriately mitigated the ‘right’ risks but also fully complied with the newly developed standards.
- The new TCLC assessment and model delivered not only a risk scoring methodology aligned with the enterprise risk management framework but also flexible, risk-based controls and divisional standards, which strengthened the first line of defense and allowed for flexibility and innovation in execution.
- The changes enabled project managers and development teams to focus on true project risks and eliminated excess overhead within the project management and development methodologies.