National Healthcare Firm, >$50 Billion Revenue, >125K employees
Compliance spend was out of control. Each regulation and ensuing treatment was considered individually, resulting in duplication of efforts in some cases and little overall coordination amongst the teams responsible for each individual regulation. The IT control owners were unable to deal with conflicting guidance and control effectiveness suffered.
Our personnel worked with key client stakeholders to understand the scope of the problem, identify commonalities across regulatory requirements, develop and socialize multiple iterations of a key controls model, and realize common controls specifications to support implementation in a highly heterogenous environment. A broad training and awareness program was developed to ensure key controls owners across several organizations understood the distinctions and commonalities amongst regulations, were exposed to the control framework, and had actionable guidance in the form of in-person and web-based training plus compliance manuals.
The client was able to reduce uncertainty and minimizing duplicative spend by developing common controls that were applicable for a wide variety of regulations.