Building user acceptance and confidence to earn executive trust
Iceberg recently worked with a large commercial bank based in New England to rejuvenate their GRC program.
The solution, once seen as a tactical point solution, is now expanding to become a trusted enterprise platform that’s a key tool for strategic risk management activities.
The bank purchased and implemented RSA Archer several years ago, working with an outside consulting firm that had limited GRC experience. The initial implementation didn’t fully align to the bank’s business requirements. Their program was supported by one in-house certified Archer administrator who had basic knowledge of the software, but not enough experience to make the configuration changes required to meet the ongoing operational and support requirements. As a result, the organization was not seeing the full value from their investment, and stakeholders were losing confidence in the platform to support mission-critical risk management activities.
The RSA Archer team recommended that the bank engage Iceberg to help. They signed up to Iceberg’s APS program in the summer of 2016 with a goal of creating better alignment between their Archer program and their risk management processes, and to regain user confidence in the value of the investment and usefulness of the solution. Initially, the bank tasked Iceberg with “quick fixes”, supporting their internal resource to complete minor adjustments to a vendor management solution that supported vendor assessments and contract management. We collaborated with various stakeholders to identify current gaps in the configured solution and suggest improvements based on best practices. We prioritized configuration changes based on the resources available and the potential to increase the strategic value of the platform within the organization.
Once these changes were approved, Iceberg delivered a package to the bank’s in-house RSA Archer resource to migrate it into production. Throughout the engagement, Iceberg also mentored the bank’s RSA Archer administrator, building her comfort level particularly around developing reports and dashboards.
The bank now has a vendor management solution that meets their requirements, and is being used effectively by a variety of stakeholders to understand and manage risk in the organization. Minor updates to the solution can now be completed in-house, allowing the bank to quickly adapt to any new requirements. Iceberg has since worked with the company to make improvements to application risk assessments and business process assessments. The success of these early improvements has increased confidence in the platform, and achieved “buy-in” from various business units to migrate additional risk management processes and activities to RSA Archer.
The bank is now well along the journey to make Archer the central tool for risk management across the enterprise. They employ one full time resource to support the Archer program, augmented by Iceberg’s remote APS team. Several legacy GRC platforms are now being retired and migrated to RSA Archer as they continue to expand the platform. Between Iceberg and the bank’s internal team, they now have the depth and resiliency of resources to earn the confidence and trust of senior management, allowing RSA Archer to be accepted as an enterprise-level application.
They recognized that they needed a solution to streamline the audit process, create one central repository for all their IT controls, and provide greater oversight to ensure compliance. They also had a broader vision to leverage ServiceNow to support a more extensive integrated risk management program in the future.
Iceberg’s team worked closely with the customer’s team to develop requirements, map roles and processes, design a solution, and configure and test ServiceNow. We used the company’s existing ServiceNow deployment as a foundation, and leveraged out-of-box GRC functionality wherever possible for the implementation. By implementing ServiceNow for their IT audit and compliance activities, the organization will now be able to reduce the length of the ITGC audit by half, thanks to a reduction of manual work and streamlining activities. This solution will be deployed initially at two facilities, where they expect to free up the equivalent of at least one FTE, representing a savings of at least $100,000 per year.
“I want to thank Iceberg Networks for the professional and thorough approach you take in your work. I am sincere in saying you are easily one of the most impressive vendors I have worked with in my career.”
Customer’s ServiceNow Director and Project Leader