Enterprise Risk Management/Internal Controls for NASDAQ Firm

Challenge

The Risk and Compliance Division within a firm with a market capitalization of $2.67B was tasked with implementing an Enterprise Risk Management (ERM) function. The firm had recently become a publicly traded corporation and had to comply with Sarbanes-Oxley (SOX) by implement GRC processes. Specific services included developing an ERM Plan which outlined as detailed risk management methodology as well as how to embed ERM in firm practices, outlining how the Archer GRC tool could be tailored for the organization, developing staff and executive briefings, and developing a roadmap for implementing ERM.

Core Services

  • Governance, Risk and Compliance
  • Strategies and Frameworks (NIST, SOX, ISO, GDPR, HIPAA, PCI DSS)
  • Current State/Gap Analysis
  • Risk Identification and Assessment
  • Risk Analysis and Evaluation
  • Risk Monitoring and Reporting

Approach

  • Developed a project management plan
  • Leveraged existing ERM assets from prior client engagements
  • Reviewed Archer capabilities
  • Conducted client meetings
  • Developed a comprehensive ERM methodology and implementation plan that was tailored for their organization

Brilliant Outcome Resulted in a Long-term Cooperation

Results

  • The firm was able to identify critical risks and make progress towards SOX compliance 
  • Firm managers and other stakeholders have a greater awareness of ERM and its importance
  • Risk Management practices have improved due to Board and Executive buy in

Want to Bring your Ideas to Life?

Lets discuss how to do that

Explore More Case Studies

  • PMO

    Program Management Office

    Read More
  • Capability Development

    Capability Development

    Read More