2013 GRC Value Award: Risk Management
GRC 20/20 Research awarded Modulo Risk Manager its 2013 GRC Value award in the Enterprise Risk Management category. The financial services company used Modulo Risk Manager to help it comply with HIPAA, PCI and SOX, and its consolidation of its 350 independently chartered bank branches, with 6,700 employees and a heterogeneous environment spanning a variety of operating systems, servers and application platforms as well as legacy systems for each of the back-end core banking platforms. Benefits from the first phase of its Modulo Risk Manager implementation included:
- Creating efficiencies and consistency by unifying silos of data into one automated governance, risk and compliance program
- Completed 40 percent more risk assessments without adding any additional resources
- Finished risk assessments two months ahead of schedule
- Accomplished twice as much work with the same resources
- Attained a complete picture of the company-wide risk posture for improved business decision making
The second phase of the implementation, now in progress, is developing and integrating processes for GLBA compliance assessments, business continuity management and vendor risk management.
A new system that brings together scattered ERM
The financial services company was challenged with finding an automated GRC process to eliminate manual costs associated with risk assessments, consolidate GRC data into a common format and automate workflow. It wanted a system that could communicate risk in a timely and consistent fashion with different information for different stake holders, as appropriate. The solution needed to rationalize IT controls and create efficiencies around design, testing and reporting to meet increased regulatory scrutiny across all disciplines including HIPAA, PCI and SOX.
Modulo Risk Manager enabled the company to achieve its GRC audit goals on time, on budget and do twice as much with the same resources. It is also leveraging Modulo to mature its information risk process into an operational discipline, providing a more complete picture of the companyʼs risk posture.
Modulo’s Risk Manager™ software solution helped streamline the company’s risk assessments, reduced its control testing and expenses, and improved its communication of risk to various lines. The solution helps manage complex and dynamic dependencies of IT resources to supports critical system availability and confidentiality. The company’s feedback is that they regard Modulo as a strategic partner with extremely well trained and responsive staff.
Looking forward with a clearer view
With close to $30 billion in assets, this regional financial services company’s banking divisions provide commercial and retail banking, investment and mortgage services. It recently consolidated its 350 independently chartered bank branches. With 6,700 employees at the time and a heterogeneous environment spanning a variety of operating systems, servers and application platforms as well as legacy systems for each of the back end core banking platforms, the infrastructure of the multi-bank model was complex. As a result of this consolidation as well as an increasing number of regulations to comply with — from PCI, HIPPA, FFIAC, OCC, SOX, GLBA, FFIEC and SECISO to FDIC as well as other federal and state government requirements — the company was responsible for completing twice the number of audits with the same resources, and streamlining its overall GRC program.
Faced with increased regulatory scrutiny and an exponentially more complex environment, the company was under pressure to complete more risk assessments. Additionally, it was in the process of evolving its information risk practice into a broader, more mature operational risk discipline in order to get a complete picture of the organizationʼs risk posture.
The company’s team expects to continually find new uses for the flexible Modulo Risk Manager platform that streamlines and improves security, risk and compliance management initiatives. It will extend the program to tie company policies and industry controls (such as those for COBIT and SOX) to the Modulo framework for more efficient rationalization. It also plans to integrate data from third-party vulnerability scanning systems into the model for a more complete picture of gaps and risks. They also plan to record and report data losses due to process and technology failures or fraud to identify exposures before they impact the business. With the Modulo Risk Manager Web-based platform, the financial services company can easily customize and scale to meet the growing needs of the organization and integrate it with existing processes and technologies.
To learn more about the GRC 20/20 2013 GRC Value Awards and other recipients, please visit this post: GRC 20/20 Announces 2013 GRC Value Award Recipients