CASE STUDY | June 06, 2023
To keep up with changing times, a 115-year-old financial services giant planned a massive $350 million, multiyear digital transformation project. The company, which provides innovative insurance and financial products to the consumer market, had several modernization goals, including a new ERP system, a data warehouse for a single source of truth, updated policy administration systems, and a new reporting platform for the actuarial and finance teams.
Two years into the planning process, to bring its ambitious strategic road map to fruition, the firm contracted RSM for project management and boots-on-the-ground implementation support. A successful launch of the first phase of this large digital transformation needed to occur in six months—no small feat.
Uncovering a critical omission: governance, risk, and compliance
As RSM began its work, an internal conversation between management and risk consulting colleagues led to questions about the financial services firm’s incorporation of risk and governance into its strategic transformation plans. RSM advisors interviewed the executive sponsor, who immediately realized that critical governance, risk, and compliance (GRC) components were missing from the overall design.
As with many digital transformation initiatives, a team of finance and IT professionals led the strategic planning and design phase before the company hired RSM. These teams gathered business requirements, but business stakeholders rarely have the necessary perspective on the controls checks that need to be built into modern technologies, as it is not their domain of expertise.
Ideally, GRC experts should have a seat at the table of all digital transformation projects to create well-thought-out controls every step of the way. If they are brought in closer to the go-live date—or worse yet, after the go-live—organizations end up with a fire drill as they realize they are missing critical privacy, compliance, audit, and other controls. These problems are compounded in highly regulated industries, like finance and insurance.
When this situation occurs, IT or the implementation partner jumps in with bolted-on solutions to fix the gaps as best as they can with emergency, stop-gap solutions that cause unexpected costs and serious delays. And when solutions aren’t conscientiously designed to be well-integrated from the get-go, these bandages become permanent additions that are expensive to maintain, lack automation and well-crafted integration, and add to the technical debt organizations are seeking to eliminate with the digital transformation.
Ideally, GRC experts should have a seat at the table of all digital transformation projects to create well-thought-out controls every step of the way.
Time for triage: Creating well-built solutions on a tight deadline
When the oversight was detected, the firm sought help from our professionals, which quickly created a triage team drawn from a deep bench of experts within finance, technology, data, and end-to-end data flow.
This team fast-tracked the requirements gathering phase and focused specifically on building controls—including Sarbanes-Oxley, operational, and security—that could be implemented within the tight, impending deadline that lay just a few months away.
The goal was to avoid the pitfalls of stopgap measures and to create solutions that were just as well-thought-out, integrated, airtight, and automated as they would have been if included in the original digital transformation design. Overall, both our management and GRC teams met the first phase deadline. When a few unforeseen gaps caused by the initial oversight in planning were discovered closer to launch, the team had 20 days prior to the first month’s close to formulate thorough solutions; they met that goal as well.
Throughout the project, RSM also educated the firm’s leadership team about these risk and governance capabilities, arming the team with the right information so that they could better inform and answer questions about the digital transformation project from the internal audit committee and external auditors.
While this project wasn’t without its challenges, RSM was equipped to leap into action to strategically fill in gaps that were missed in the client’s original planning process.
The benefits of deep and broad experience
While this project wasn’t without its challenges, our team was equipped to leap into action to strategically fill in gaps that were missed in the client’s original planning process. Because we have advisors with deep functional knowledge across many areas, the team could quickly come together to design, build and integrate the GRC components the firm needed for a cohesive digital transformation within an appropriate timeline. With RSM’s guidance, the company was able to shore itself against GRC risk and avoid the many technical issues that can plague companies when security and compliance functionality is added later.
Let’s Talk!
Call us at 1 855 363 3526 or fill out the form below and we’ll contact you to discuss your specific situation.
Source: RSM Canada LLP.
Reprinted with permission from RSM Canada LLP.
© 2024 RSM Canada LLP. All rights reserved. https://rsmcanada.com/insights/services/risk-fraud-cybersecurity/infusing-risk-and-governance-into-digital-transformation.html
RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent assurance, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.