Your Business News

Infusing risk and governance into digital transformation

June 6, 2023

Authored by RSM Canada LLP

Joel A. Humphrey, CPA, CA shared this article

CASE STUDY | June 06, 2023

To keep up with changing times, a 115-year-old financial services giant planned a massive $350 million, multiyear digital transformation project. The company, which provides innovative insurance and financial products to the consumer market, had several modernization goals, including a new ERP system, a data warehouse for a single source of truth, updated policy administration systems, and a new reporting platform for the actuarial and finance teams.

Two years into the planning process, to bring its ambitious strategic road map to fruition, the firm contracted RSM for project management and boots-on-the-ground implementation support. A successful launch of the first phase of this large digital transformation needed to occur in six months—no small feat.

Uncovering a critical omission: governance, risk, and compliance

As RSM began its work, an internal conversation between management and risk consulting colleagues led to questions about the financial services firm’s incorporation of risk and governance into its strategic transformation plans. RSM advisors interviewed the executive sponsor, who immediately realized that critical governance, risk, and compliance (GRC) components were missing from the overall design.

As with many digital transformation initiatives, a team of finance and IT professionals led the strategic planning and design phase before the company hired RSM. These teams gathered business requirements, but business stakeholders rarely have the necessary perspective on the controls checks that need to be built into modern technologies, as it is not their domain of expertise.

Ideally, GRC experts should have a seat at the table of all digital transformation projects to create well-thought-out controls every step of the way. If they are brought in closer to the go-live date—or worse yet, after the go-live—organizations end up with a fire drill as they realize they are missing critical privacy, compliance, audit, and other controls. These problems are compounded in highly regulated industries, like finance and insurance.

When this situation occurs, IT or the implementation partner jumps in with bolted-on solutions to fix the gaps as best as they can with emergency, stop-gap solutions that cause unexpected costs and serious delays. And when solutions aren’t conscientiously designed to be well-integrated from the get-go, these bandages become permanent additions that are expensive to maintain, lack automation and well-crafted integration, and add to the technical debt organizations are seeking to eliminate with the digital transformation.

Ideally, GRC experts should have a seat at the table of all digital transformation projects to create well-thought-out controls every step of the way.

Time for triage: Creating well-built solutions on a tight deadline

When the oversight was detected, the firm sought help from our professionals, which quickly created a triage team drawn from a deep bench of experts within finance, technology, data, and end-to-end data flow.

This team fast-tracked the requirements gathering phase and focused specifically on building controls—including Sarbanes-Oxley, operational, and security—that could be implemented within the tight, impending deadline that lay just a few months away.

The goal was to avoid the pitfalls of stopgap measures and to create solutions that were just as well-thought-out, integrated, airtight, and automated as they would have been if included in the original digital transformation design. Overall, both our management and GRC teams met the first phase deadline. When a few unforeseen gaps caused by the initial oversight in planning were discovered closer to launch, the team had 20 days prior to the first month’s close to formulate thorough solutions; they met that goal as well.

Throughout the project, RSM also educated the firm’s leadership team about these risk and governance capabilities, arming the team with the right information so that they could better inform and answer questions about the digital transformation project from the internal audit committee and external auditors.

While this project wasn’t without its challenges, RSM was equipped to leap into action to strategically fill in gaps that were missed in the client’s original planning process.

The benefits of deep and broad experience

While this project wasn’t without its challenges, our team was equipped to leap into action to strategically fill in gaps that were missed in the client’s original planning process.  Because we have advisors with deep functional knowledge across many areas, the team could quickly come together to design, build and integrate the GRC components the firm needed for a cohesive digital transformation within an appropriate timeline. With RSM’s guidance, the company was able to shore itself against GRC risk and avoid the many technical issues that can plague companies when security and compliance functionality is added later.

Let's Talk!

Call us at 1 855 363 3526 or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

FCR a proud member of RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how FCR can assist you, please call us at 1 855 363 3526

Important Notice:

FCR will now redirect you to CCH Portal where your FCR Client Portal login is located.

Share This