Challenge
Solution
Infinitive’s risk management advisory and assurance consultants developed and tailored a process-based Failure Modes and Effects Analysis (FMEA) methodology that enhanced the organization’s control assurance model and testing practices. By breaking controls down into their component parts, the FMEA model enabled Infinitive to proactively simplify and structure discussions with control owners and SMEs to gain powerful and precise insights into the organization’s control environment and risk posture. Infinitive’s SMEs used the FMEA model and approach to facilitate numerous workshops with cross-functional teams of engineers, testers, risk managers and cyber SMEs, resulting in:
- Assessments of more than 120 unique controls
- Identification of several hundred failure modes
- Detailed findings with recommended priorities for remediation
- Action plans and timelines for addressing failure modes with moderate+ findings
- Executive summaries highlighting continuous improvement opportunities
Outcome
Infinitive’s FMEA methodology enhanced the client’s control model and testing process. By the end of Infinitive’s engagement:
- 98% of the organization’s controls tested effective (up from 75%)
- Significant reductions to remediation work and cost of retesting controls
- A controls assurance organization fully trained in the new approach
- Near-term goals and objectives for the bank’s enterprise services technology environment
- A vision for optimizing the bank’s control environment
