Building IT Governance to Meet Internal and Regulator Demands


A large mortgage securitization solution provider needed to build and operationalize IT governance and software development lifecycle (SDLC) processes to support external audits, regulator exams, and quick remediation of SDLC and compliance issues.


Established a unified IT governance and SLDC program, which included:
  • Detailing guidelines of roles, responsibilities, policies, procedures, and standards
  • Creating project artifacts, metrics, and management dashboards to track the software development progress
  • Standardizing artifact templates, such as scope documents, requirements documents, and test summary reports to streamline
  • Monitoring controls for compliance and operational effectiveness
  • Implementing a production readiness review to improve release governance effectiveness
  • Creating a governance framework that included managing future SDLC remediation issues, risks, and controls and supporting audit readiness and release governance
  • Delivering education sessions for current employees to be trained on the new processes, controls, and standards, which in turn positively impacted the culture


Set up new programs to uphold the new governance and programs, which included:  
  • Lowering this client’s risk profile as it relates to IT governance and SDLC
  • Creating a risk profile tool that the organization could use on-going to determine proper project risk level and required SDLC artifacts
  • Enabled the organization to maintain its SDLC compliance via custom online training courses
Published May 12, 2020