Remediating Regulator Findings and Protecting the Organization


A top 3 U.S. residential mortgage provider recently had Federal Financial Institutions Examination Council (FFIEC) findings referencing the lack of formal policies, procedures, controls, and standards (PPCS) in the their IT environment.


Assessed and remediated these technology risk management findings by:
  • Deploying financial services risk management experts who understand regulations
  • Assessing the current state of PPCS against regulatory standards
  • Collaborating with CIO, CISO, and other IT executives and leaders to create and implement the “to be” state under regulatory oversight
  • Implementing new rules, which included 15 IT policies, 69 procedures, 57 standards, 25 job aids, 113 control objectives, 357 control requirements, and 81 goal state action plans over seven months
  • Providing real-time visibility to allow effective decision making for the IT governance committee and other stakeholders through dashboard reports, metrics, and status updates


With our assistance, the client was able to meet board and regulatory commitments on time by:
  • Providing a new tech risk management framework that the client could use moving forward, which consisted of policies, standards, procedures, job aids, control objectives, and controls across 15 areas and the enterprise
  • Enabling the client survive current and future audits by ensuring the organization could show documentation and evidence of plans, progress, and results
  • Allowing the achieve organizational change and maturity
Published January 16, 2020