Industry: Multi-National Manufacturing

Scope: Disaster Recovery and Business Continuity Planning

Background: Although certain business practices were in place, this CTS client lacked a formal disaster recovery program to manage its enterprise-wide risk. Once designed, the operational effectiveness of the controls needed to be evaluated.

CTS Solution:

• Identify and map existing systems & processes
• Document standard operating procedures
• Perform testing of emergency procedures, based on risk assessment
• Contingency planning
• Develop business continuity planning framework

Industry: Fortune 500 Global Manufacturing

Scope: IT Governance Policy Development

Background: With over 850 business units globally, this de-centralized IT function needed to establish formal IT governance standards and guidelines as part of its Enterprise Risk Management program.

CTS Solution: Using the COBIT / ITGI standard framework as a best practice, CTS performed the following:

• Conduct risk assessment
• Develop and document IT policies and guidelines
• Disaster recovery and business continuity
• Physical, environmental and system security
• Access controls
• IT operations
• Change management – applications and technical infrastructure
• Data management
• SLA compliance
• Monitor and review compliance
• Coordinate self-assessments on annual basis
• Perform testing of high risk business units
• SAS 70 review of significant third-party providers
  

Industry: Multi-National Financial Services

Scope: SAS 70 & SOC 1 Readiness

Background: In preparation for its SAS 70 review, this CTS client needed to develop its approach and prepare for its subsequent review.

CTS Solution: Led by a CTS Project Manager with deep financial services experience, the following services were provided. As a result, this client received a SAS 70 Type 2 report.

• Perform risk assessment to identify key controls
• Documentation of key controls and underlying processes
• Pre-audit plan development
• Perform testing to identify areas of exposure
• Remediation of control gaps
• Liaison to Big 4 external auditors

Subsequently, CTS provided project management and financial services expertise to help this client prepare for an expanded review as part of its SOC 1 reporting requirements.

Industry: On-line Travel Services

Scope: IT Security Remediation

Background: In a technology-centric operation, this CTS client had identified significant internal control weaknesses which required disclosure in its annual report to the SEC.  Due to the dynamic nature of the client’s environment, numerous applications, hardware, networks and other technical infrastructure were in place due in part to informal IT governance.

CTS Solution: In order to remediate the material controls weaknesses, the first step was to identify ALL systems in use, understanding their connectivity and interaction, and then to address the controls deficiencies. CTS provided a Project Manager and staff to perform the following:

• System mapping
• Identify critical systems (software, hardware, networks, interfaces)
• Document comprehensive systems in use (over 100 identified)
• Identify gaps and inefficiencies
• Analysis and Remediation
• Perform risk assessment
• Documentation of key controls
• Perform IT compliance testing
• Remediation planning and execution, including development of standard operating procedures

Given the depth of understanding of this client’s systems, business processes, culture and overall environment, CTS also assisted this client with the following other projects:

• IT project management
• Payment Card Industry (PCI) data security compliance
• Treasury workstation design, roll-out and user-training
• Interim Business Analyst — financial systems

Industry: Multi-National Print Manufacturing

Scope: Business Analyst Center of Excellence – Program Development

Background: In order to manage the large volume of user requests across all corporate administrative functions (e.g. finance, legal, human resources, marketing, etc.), reporting and analysis tools were needed to define user requirements, estimate resource requirements and allocations, estimate level of effort, prioritize concurrent and potentially conflicting activities and analyze the business case to evaluate the return on investment for new projects.

CTS Solution: Using industry best practices, CTS performed the following:

• Project management
• Develop and prepare project plans
• Status reporting and updates to Steering Committee
• Program design and development
• Design standard tools & templates
• Develop prioritization model to evaluate organizational impact and level of effort
• Formalized communications plan for frequent updates to user-community
• Deployment of request management tracking tool (Primavera) to manage in-flight projects
• Conduct pilot
• Meet with business owners to define requirements
• Develop business cases to analyze ROI
• Prepare project charters and project plans
• Liaison to IT and business community
• Program roll-out and on-going support
• Train new Business Analysts on usage of standard processes and tools
• Provide Interim Business Analysts to perform day-to-day activities

Click here to view more in-depth project highlights.