Develop SDLC Standards Aligned with Enterprise Risk Taxonomy
Fortune 50 Financial Institution
Technology Risk Governance
The Client sought expertise to develop and implement new Software Development Life Cycle (SDLC) standards that aligned with the new enterprise risk taxonomy to improve technology change risk management.
- Both audit findings and a recent assessment of existing SDLC standards identified major gaps and a need for the Client's IT organization to develop new IT policies and standards.
- The client needed outside subject matter expertise to develop the necessary standards for technology change that aligned with industry best practices and the enterprise's risk taxonomy.
- Reference Point deployed a team of consultants with expertise in technology implementation and change management to develop SDLC-related policies for the Client's IT organization.
- The team leveraged prior work experience and industry best practices to develop 8 standards documents and 18 risk statements for the SDLC as well as a target operating model for governance and oversight of risks and standards.
- Reference Point partnered with the Client's Enterprise Risk Management team to ensure the new standards linked to the future state risk taxonomy, policies, and internal controls.
- The Client received fully defined standards for technology change linked to the enterprise risk taxonomy, resulting in a reduced cost of technology change risk management and standards compliance.
- The business, IT, and other key stakeholders accepted the new SDLC policies and standards, allowing for a shift in ownership of controls to functions and organizations where risk is introduced to the firm.
- The Client was able to effectively socialize the project results with senior leadership, and Reference Point was later engaged to perform control design, development, and pilot planning for the IT organization.