GRC Solution for South West Financial Institution
Iceberg recently worked with a large Bank in the south west to help them rejuvenate and fully leverage the financial investment they made with their GRC solution, ultimately driving greater adoption and value.
In a previous GRC implementation, they had challenges with previous PS groups that promised “we can get you up and running in X days” and they pigeon-holed their implementation in certain areas that would have caused a lot of work to backtrack and fix. There was a big concern in making sure they were not implemented in a way that would inhibit the ability for future growth.
During the evaluations with the implementation with Archer, they considered RSA’s references regarding success with Iceberg as a partner.
They recognized that they needed a solution to streamline the audit process, create one central repository for all their IT controls, and provide greater oversight to ensure compliance. They also had a broader vision to leverage ServiceNow to support a more extensive integrated risk management program in the future.
The client wanted to make sure there was more attention, depth and detail put in the implementation – as opposed to a quick “pop it up” mentality.
From the very first kickoff, the on-site walk-through discussion to understand exactly what they wanted developed into the solution was a vital part of the success.
We made sure to listen to exactly what they wanted but also used our expertise to make sure they did not pigeon hole themselves for future development, while also keeping the other streams of implementation in mind to ensure they grew Archer collectively.
“Flexibility, Iceberg has been pretty agile and able to take feedback and the knowledge, the knowledge from past financial institution implementations.”
By aggregating all of the workpapers, evidence, and control documentation into one central repository, the organization now has a more accurate view into their compliance and risk posture. Audit managers have greater visibility into the state of evidence collection and audit processes thanks to a centralized dashboard, and many redundant and manual tasks have been eliminated. As a publicly traded company, it was important to achieve a higher level of confidence that they are fully compliant with key regulations, including SOX.
With more time freed up to focus on other areas of risk, the company expects to see significant improvements to job satisfaction and morale, and the overall effectiveness of the internal audit group. The implementation also standardizes work activities, improving continuity between resources and driving greater overall process resiliency.
They plan to use this “Phase 1” implementation as a foundation to migrate other audit and compliance processes onto the ServiceNow platform, and eventually extend the program to their facilities around the world. Longer term, this use case will also be a foundation for a broader enterprise risk management program built on ServiceNow. The next phase, currently in progress, includes the implementation of an extensive control framework, and future phases will include expansion into other areas of ServiceNow, including SecOps.
“I want to thank Iceberg Networks for the professional and thorough approach you take in your work. I am sincere in saying you are easily one of the most impressive vendors I have worked with in my career.”
– Director and Project Leader