National Healthcare Firm, >$50 Billion Revenue, >125K employees
Management was continually caught unaware of basic IT control execution failures resulting in poor audit outcomes. Significant, unplanned remediation spend occurred outside of a centralized organizational function and costs continued to spiral upwards.
Our personnel worked with key client stakeholders to understand the scope of the problem, identified appropriate triage opportunities by applying Pareto principlesto the situation (i.e. pin-point where small immediate investments yielded significant, out-sized returns on risk reduction/controls improvement) and developed a larger maturity program. We co-developed and helped implement a multi-year program designed to drive immediate controls enhancements, sustain those enhancements, and increase management knowledge of compliance effectiveness.
The client was able to build a scalable early-warning program that identified where controls were operating outside of tolerances and take timely action to remediate. Over time, control maturity spend moved from reactionary to planned and predictable and was focused in areas that provided broad benefit.