International Insurer, >$31 Billion Revenue, >60K employees, 170 countries
The client had not been successful in identifying or implementing a global risk model and as a result was unable to effectively coordinate or prioritize global risk management investments. Spend was unmanaged, driven by reaction, rather than in accordance with a broader plan.
Our personnel worked with key global stakeholders to identify and negotiate key characteristics of the information risk model and developed an overarching framework that was deemed acceptable by key parties for articulation of security and regulatory compliance investment needs. We organized and led the implementation of the assessment protocol globally, gathered the results, and presented these results to various committees and management groups including Enterprise Risk Management, ultimately helping to define several focused programs aimed at driving out regulatory and security risk over a multi-year period.
The client was able to leverage the results of the assessment to have a comprehensive global snapshot of risk for the first time and prioritize resources to address the areas that were of most concern. This approach provided senior management with an appreciation of information risk and allowed remediative cost efficiencies while improving the reputation of the global IT risk function throughout the organization.