Client background
The client is a large financial services provider with annual revenue over $7 billion, providing savings and checking accounts, various loan options and credit facilities with more than 350 branches worldwide.
The business challenge
The client was recently awarded a contract to service and manage a federal program. Before taking over the program, the client desired to perform an assessment of the operations and IT environment to understand areas of risk and/or needed investment.
The client’s goal was to understand the current processes and methodologies in use by the program and identify any potential risks or discrepancies before assuming full management. Detecting these issues early would allow the client to take proactive steps, allocate resources and effectively address and mitigate concerns to support a successful adoption. Because the client only had a few months before the program would need to be transitioned, the assessment process would have to be both thorough and swift.
Strategy and solution
In anticipation of the client’s expansion, Baker Tilly conducted a comprehensive IT assessment of the program, consisting of five domains:
- Governance and management
- People and organization
- Technical infrastructure
- Cybersecurity
- Applications and data
Employing a structured approach, Baker Tilly conducted a comprehensive analysis of the program’s key components. This involved document reviews, client interviews and thorough data collection and analysis. Due to the accelerated timeline for the assessment, the Baker Tilly team met early and often with client leadership to review findings and ensure that its most detailed analysis was prioritized on areas with the highest potential risk.
As a result of this approach, Baker Tilly identified over 30 risks and gaps across five domains associated with the acquired program. The team also provided the client with recommendations to address them, including updates and improvements to employee training, policy and procedures, vendor management and security requirements.