A leading US-based Regional and Community bank of USD 122 billion in asset size that offers services to retail consumers, corporations, and non-profits through traditional and digital banking.
The bank had a deadline to complete the testing of key controls for the Gramm-Leach-Bliley Act (GLBA) before the internal due date to meet MRIA requirements and establish a Shared Services Setup for ongoing testing as a part of the exercise.
- Hire a team of ~25 qualified testers, supervisors, and managers in 3-4 weeks based in Atlanta, GA.
- Onboard and train the team in one week.
- Help control owners review controls, draft control descriptions, test the scripts, and make decisions.
- Test ~150 key GLBA and non-key controls as a part of the 1st line-of-defense (information technology ITO and operations controls).
- Conduct the test of design, including the test of one.
- Conduct the test of effectiveness.
- Management reporting to the stakeholders.
- Review and provide recommendations on the Enterprise Control Management Program (ECMP) – IT document.
- Leveraged our Talent Acquisition engine accelerated by ClearedTalent™ to hire professionals from a pre-vetted talent community.
- Completed the staffing of ~25 qualified control testers, supervisors, and managers with hands-on expertise and proficiency in testing the IT and operations controls and upskilled them within the timeline.
- Coordinated with Control Owners to review each control’s evaluation against ECMP requirements and determined the controls.
- Conducted Quality Control (QC) before testing based on the feedback received from Control Owners.
- Determined control adequacy and evidence.
- Developed a customized randomizer tool for sampling the controls.
- Conducted GLBA peer-to-peer QA testing on 50% of the controls enabled by pre-defined QA checklists to demonstrate performance attributability.
- Successfully met the internal audit obligations and established Shared Services setup.
- Tagged 52 GLBA controls for retirement within the first 60 days.
- Continual updating of ECMP document and QA/QC methodology.
- Leveraged best practices from a Shared Services and Enterprise Risk Management perspective, such as:
- Knowledge dissemination is based on existing digital knowledge repositories powered by Fluent (proprietary digital knowledge management solution).
- Reporting of Service Levels as well as Control Effectiveness measures amongst others through Factum (proprietary digital dashboarding system).
- Optimization of Control Testing and subsequent digitization by “Overlap Identification” and subsequent RPA implementation powered by Uipath – ~ 10 % efficiency benefits through Non-Value Add elimination in the testing processes.