Building IT Governance to Meet Internal and Regulator Demands
Challenge
A large mortgage securitization solution provider needed to build and operationalize IT governance and software development lifecycle (SDLC) processes to support external audits, regulator exams, and quick remediation of SDLC and compliance issues.
Solution
Established a unified IT governance and SLDC program, which included:
Detailing guidelines of roles, responsibilities, policies, procedures, and standards
Creating project artifacts, metrics, and management dashboards to track the software development progress
Standardizing artifact templates, such as scope documents, requirements documents, and test summary reports to streamline
Monitoring controls for compliance and operational effectiveness
Implementing a production readiness review to improve release governance effectiveness
Creating a governance framework that included managing future SDLC remediation issues, risks, and controls and supporting audit readiness and release governance
Delivering education sessions for current employees to be trained on the new processes, controls, and standards, which in turn positively impacted the culture
Outcome
Set up new programs to uphold the new governance and programs, which included:
Lowering this client’s risk profile as it relates to IT governance and SDLC
Creating a risk profile tool that the organization could use on-going to determine proper project risk level and required SDLC artifacts
Enabled the organization to maintain its SDLC compliance via custom online training courses