After a major loss-event, a European head-quartered global bank approached Citihub to help improve their level of IT control and risk management by implementing a bank-wide certification process covering the whole IT estate. The bank was at the time under intense regulatory scrutiny, not least from a high profile rogue trader incident. Because of this, the initiative had aggressive implementation timelines, a very high profile and was politically charged.
Have a similar challenge?
How Citihub Consulting Helped
Citihub provided a team of 12 highly experienced consultants with a blend of audit, banking application architecture and process expertise. The banking experience of the application architects and process consultants allowed us to reshape the in-flight project to make it more relevant and efficient to its end users, thus ensuring success of adoption. We also identified >50 controls falling between the gaps in the existing approach during quality assurance. The repeatable process included a catalogue (listing in-scope controls), process documentation, assessment tooling and operating model, central analysis and reporting, and mobilisation and tracking of remediation activities.
The process was defined and deployed successfully across 3,000 IT controls with assessment repeating quarterly. Once the assessment had been successfully piloted and implemented, Citihub helped to define an ongoing service which was transitioned to an internal off-shore service centre.