InnoVest Group

Consulting & Professional Services

Situation

A leading global investment bank needed an independent organization to conduct risk assessments of third-party relationships globally.

Client needed assurance of service providers protecting personally identifiable, confidential, and highly confidential information.

Wide variation in partner size ranging from as few as 3 employees to more than 10,000 employees.

Vast amount of data shared between the client and 3rd party service providers.

Needed the ability to scale up to 200-300 reviews on an annual basis.

Action

InnoVest Group reviewed business requirements and deliverables and analyzed existing process, tools, and work products for the client.
Implemented a governance model and prioritized service provider using a custom developed tool.
Developed a client-centric 3rd party assessment based on the Shared Assessments Program framework mapping to COBIT, PCI-DSS and ISO27002 industry standards covering 25 security components.

Results

InnoVest Group has partnered with this client for more than 6 years and successfully conducted more than 350 3rd party service provider reviews.
Improved budgeting and reduced fixed cost per assessment.

A large mortgage guarantee company was struggling to maintain compliance with the Gramm-Leech-Blilely Act.

Business unit owners were aggressively pursuing new partners, putting tremendous stress on the IT audit function.

Current approach was too difficult to quantify and analyze.

Client was concerned about implementing an overly complex solution.

Action

InnoVest Group performed an assessment of the client’s current approach and tools.
Created a customized assessment tool-kit, leveraging the best of client and InnoVest Group’s work.
Client initiated a 5-site pilot to prove value of new tools and approach.

Results

Pilot exceeded client’s expectations
Client signed an 18 month agreement with InnoVest Group to complete 15 to 20 audits for 2010 and additional reviews in 2011.