Assess SDLC Standards Against Enterprise Risk Taxonomy
Fortune 50 Financial Institution
Policies & Standards Review, Technology Risk Governance
The Client's Information Technology organization needed a partner to assess existing Software Development Life Cycle (SDLC) standards against the new enterprise risk taxonomy and provide recommendations on how to improve technology change risk management.
- The Client's software development standards existed in various formats without clear ownership and were not always complete or fully implemented.
- The Client's Enterprise Risk team identified technology change as a key risk within the new process-centric risk taxonomy.
- The Client required subject matter expertise to assess current IT standards, identify gaps, and recommend new policies and standards to mitigate technology change risk.
- Reference Point deployed a team led by the Former Managing Director of Transformation and Strategy at Citi to conduct a detailed review and analysis of the Client's IT policies, standards, and requirements across IT delivery methodologies.
- The team evaluated current SDLC practices, identified gaps, and prepared a recommended list of new SDLC policies and standards, using prior experience and industry best practices from top financial services SDLC practices.
- Reference Point also reviewed existing SDLC risks and controls, developed risk statements to align the new IT requirements with the new enterprise risk taxonomy and technology change policies, and included standards from existing partner organizations, as applicable.
- The Client received a clear recommendation on how to address software development standards gaps and how to respond to technology change risk.
- Reference Point also developed a roadmap, project plan and governance process to draft, develop, and maintain these standards, which enabled the organization to better understand how to plan for the policy and standard updates.
- Reference Point was later engaged to develop the recommended SDLC-related policies for the Client's IT organization.