The document provides information on several key projects and areas of expertise for The Growth Partners:
1. They built the governance process for migrating a large payment platform from data center to AWS Cloud, including certification, testing, and communications.
2. They championed the adoption of a risk management framework for a large corporation to meet various compliance standards and customized it for their needs.
3. They developed workflows and tools to help manage a complex financial systems consolidation and outsourcing project for a global $20B organization.
Learn how to reduce financial fraud and improve risks management. What are the most common risks for activities and business processes? How a SoD repository is commonly set up? Learn the top 3 SoD conflict types and how to implement a methodology in order to leverage your SAP governance.
Main points covered:
• How to reduce financial fraud and improve risks management
• What are the most common risks for activities and business processes?
• How a SoD repository is commonly set up?
• Learn the top 3 SoD conflict types
Presenter:
The webinar was presented by M. Roseau, director of business development for In Fidem, a Canadian company based in Montreal, Quebec.
Link of the recorded session published on YouTube: https://youtu.be/bRsiWx2NodA
In this webinar, we will discuss how to leverage on the ISO 22301 standard and other key standards to build a strong BCM programme, which focuses on critical success factors from top management to core teams, and to the organization as a whole. We will focus on how to ensure sustainability and continuous improvement.
Main points covered:
• How to leverage on the ISO 22301 standard
• Key standards to build a strong BCM programme
• How to ensure sustainability and continuous improvement
Presenter:
Winifred Dela Setor Smith(Mrs.) is a Business Risk and Governance Professional with over 15 years’ experience in Information technology, Business Continuity and Enterprise Risk Management in Telecoms sector. She is certified in various fields including ISO 22301 as a Lead Implementer, Risk Analysis, ITILV@3 and a PECB certified Trainer. Winifred has completed the Leadership training in Telecoms Mini MBA with Neotelis (Canada).
Link of the recorded session published on YouTube: https://youtu.be/PDcZPSso8YQ
Legal Register / Compliance Obligations ISO 14001Nimonik
https://nimonik.com
An overview of why your organization should equip itself with a robust and integrated Legal Register (Compliance Obligations). Reviews of the purpose, intent and benefits of a Legal Register.
Learn how to reduce financial fraud and improve risks management. What are the most common risks for activities and business processes? How a SoD repository is commonly set up? Learn the top 3 SoD conflict types and how to implement a methodology in order to leverage your SAP governance.
Main points covered:
• How to reduce financial fraud and improve risks management
• What are the most common risks for activities and business processes?
• How a SoD repository is commonly set up?
• Learn the top 3 SoD conflict types
Presenter:
The webinar was presented by M. Roseau, director of business development for In Fidem, a Canadian company based in Montreal, Quebec.
Link of the recorded session published on YouTube: https://youtu.be/bRsiWx2NodA
In this webinar, we will discuss how to leverage on the ISO 22301 standard and other key standards to build a strong BCM programme, which focuses on critical success factors from top management to core teams, and to the organization as a whole. We will focus on how to ensure sustainability and continuous improvement.
Main points covered:
• How to leverage on the ISO 22301 standard
• Key standards to build a strong BCM programme
• How to ensure sustainability and continuous improvement
Presenter:
Winifred Dela Setor Smith(Mrs.) is a Business Risk and Governance Professional with over 15 years’ experience in Information technology, Business Continuity and Enterprise Risk Management in Telecoms sector. She is certified in various fields including ISO 22301 as a Lead Implementer, Risk Analysis, ITILV@3 and a PECB certified Trainer. Winifred has completed the Leadership training in Telecoms Mini MBA with Neotelis (Canada).
Link of the recorded session published on YouTube: https://youtu.be/PDcZPSso8YQ
Legal Register / Compliance Obligations ISO 14001Nimonik
https://nimonik.com
An overview of why your organization should equip itself with a robust and integrated Legal Register (Compliance Obligations). Reviews of the purpose, intent and benefits of a Legal Register.
Social media offers some surprising health benefits. Kathy Sipple uses Maslow's Hierarchy of Needs to demonstrate how blogging, Facebooking and tweeting can lead to greater happiness and even self actualization.
Reportaje publicado en la revista Robb Report acerca del libro "In the spirit of New Orleans". Con él, la editorial Aussoline nos brinda la oportunidad de vivir más de cerca la historia de esta mítica ciudad a orillas del río Misisipi. Su autora, Debra Shriver, nos relata lo que hace que la ciudad de la media luna sea tan especial, desde su fascinante historia a su rico legado musical, sus
tradiciones perdurables y monumentos culturales. Para nativos y visitantes por igual, este volumen presenta un panorama completo de este atractivo destino.
10-17-11 Lunch and learn presentation by Kathy Sipple, Founder/CEO of My Social Media Coach. Sponsored by Business Women United Network, in conjunction with the
Reportaje publicado en la revista Robb Report sobre el libro de fotografías de Esther Cidoncha "When lights are low. Retratos de Jazz" editado por La Fábrica.
Social Media Specialist Kathy Sipple was invited to present "Technology for the 21st Century" for the Michigan City Chapter of American Association of University Women on 11-8-10.
THESE bags are woven with unique patterns found in the druze community. the druze are a moslem offshoot -neither sunni or shite. communities found in israel, lebanon and syria. beautiful fabric and interesting patterns utilizing the 'hamsa' design. a real find.
Client case studies: Where will your company find top talent? Look to the cloudPwC
A large entertainment, media & communications company found that its five semi-autonomous divisions each had its own vastly different talent management needs and processes, and that was a problem when it came to identifying and retaining top talent across all the operating units. Although the enterprise technically owned the core HR solution for four of the divisions, the support model was handled at the division level and did not use a Shared Services model, leading to inefficiencies and redundant efforts. The company wanted to develop standardized processes, procedures, and technologies across the divisions to create a cross-divisional view of talent focusing on operational excellence and employee engagement.
How Morgan Stanley is Using Apps to Transform the WorkplaceDreamforce
Join us to learn how IT can be the hero and help accelerate HR transformations. Learn how to create a seamless experience for employees on the front end, all completely integrated with your core HR systems on the back end. Join us to hear from Morgan Stanley on how they're building and deploying apps to better service, engage, and retain employees. Speakers: Brian Kelly, Morgan Stanley's Executive Director of HR IT and Ashvin Parmar, Capgemini's Business Information Management Principal
Developing End State Vision
Advice and Planning Strategy
Driving a Business Architecture
Provisioning a Portfolio of Projects
eGRC Operation Control
Minimizing Financial Risk
Aggregating Financial Risk
Managing Mainframe Entitlements
Implementing Data Governance
Understanding Data Lineage
Defining Global Customer Strategy
A Fortune 50 financial services company was in need of improving the maturity and effectiveness of their operational risk reporting function. This case study shows the approach that Premier Alliance took.
Ahead of the marcus evans National Healthcare CFO Summit Fall 2019, read here an interview with Joni Noel discussing how healthcare CFOs can ensure their health system is compliant with the new lease accounting standard under ASC 842 or GASB 87
Managing a professional services firm is hard work. Firm leaders must juggle marketing, business development, client service, staff recruiting, development and retention to a successful outcome for everyone involved. There is one thing that
firm leaders must feel comfortable with that links all of these firm management initiatives together — technology.
A Financial Planning Leader Streamlines Audit, Risk and Compliance MetricStream Inc
Case Study - A Financial Planning Leader selected MetricStream to automate and streamline audit, risk and compliance management (GRC) across the Enterprise.
Social media offers some surprising health benefits. Kathy Sipple uses Maslow's Hierarchy of Needs to demonstrate how blogging, Facebooking and tweeting can lead to greater happiness and even self actualization.
Reportaje publicado en la revista Robb Report acerca del libro "In the spirit of New Orleans". Con él, la editorial Aussoline nos brinda la oportunidad de vivir más de cerca la historia de esta mítica ciudad a orillas del río Misisipi. Su autora, Debra Shriver, nos relata lo que hace que la ciudad de la media luna sea tan especial, desde su fascinante historia a su rico legado musical, sus
tradiciones perdurables y monumentos culturales. Para nativos y visitantes por igual, este volumen presenta un panorama completo de este atractivo destino.
10-17-11 Lunch and learn presentation by Kathy Sipple, Founder/CEO of My Social Media Coach. Sponsored by Business Women United Network, in conjunction with the
Reportaje publicado en la revista Robb Report sobre el libro de fotografías de Esther Cidoncha "When lights are low. Retratos de Jazz" editado por La Fábrica.
Social Media Specialist Kathy Sipple was invited to present "Technology for the 21st Century" for the Michigan City Chapter of American Association of University Women on 11-8-10.
THESE bags are woven with unique patterns found in the druze community. the druze are a moslem offshoot -neither sunni or shite. communities found in israel, lebanon and syria. beautiful fabric and interesting patterns utilizing the 'hamsa' design. a real find.
Client case studies: Where will your company find top talent? Look to the cloudPwC
A large entertainment, media & communications company found that its five semi-autonomous divisions each had its own vastly different talent management needs and processes, and that was a problem when it came to identifying and retaining top talent across all the operating units. Although the enterprise technically owned the core HR solution for four of the divisions, the support model was handled at the division level and did not use a Shared Services model, leading to inefficiencies and redundant efforts. The company wanted to develop standardized processes, procedures, and technologies across the divisions to create a cross-divisional view of talent focusing on operational excellence and employee engagement.
How Morgan Stanley is Using Apps to Transform the WorkplaceDreamforce
Join us to learn how IT can be the hero and help accelerate HR transformations. Learn how to create a seamless experience for employees on the front end, all completely integrated with your core HR systems on the back end. Join us to hear from Morgan Stanley on how they're building and deploying apps to better service, engage, and retain employees. Speakers: Brian Kelly, Morgan Stanley's Executive Director of HR IT and Ashvin Parmar, Capgemini's Business Information Management Principal
Developing End State Vision
Advice and Planning Strategy
Driving a Business Architecture
Provisioning a Portfolio of Projects
eGRC Operation Control
Minimizing Financial Risk
Aggregating Financial Risk
Managing Mainframe Entitlements
Implementing Data Governance
Understanding Data Lineage
Defining Global Customer Strategy
A Fortune 50 financial services company was in need of improving the maturity and effectiveness of their operational risk reporting function. This case study shows the approach that Premier Alliance took.
Ahead of the marcus evans National Healthcare CFO Summit Fall 2019, read here an interview with Joni Noel discussing how healthcare CFOs can ensure their health system is compliant with the new lease accounting standard under ASC 842 or GASB 87
Managing a professional services firm is hard work. Firm leaders must juggle marketing, business development, client service, staff recruiting, development and retention to a successful outcome for everyone involved. There is one thing that
firm leaders must feel comfortable with that links all of these firm management initiatives together — technology.
A Financial Planning Leader Streamlines Audit, Risk and Compliance MetricStream Inc
Case Study - A Financial Planning Leader selected MetricStream to automate and streamline audit, risk and compliance management (GRC) across the Enterprise.
A New Era of Compliance: Innovations in ServiceNow GRC Aelum Consulting
ServiceNow GRC automates various GRC processes, reducing the manual effort and time required for tasks such as risk assessment, audit management, and compliance reporting. This automation not only saves resources but also enhances the speed and accuracy of GRC activities.
2. Built the end-to-end governance process to manage the migration of a large payment processing platform from data-
center to AWS Cloud. Key components were Vendor Evaluation, Roadmap and Milestones, Testing, PCI DSS & HIPAA
certification, DR Testing, Load Testing, and go-live go-no-go decision tree. Developed and managed a complex
communications program to notify 200+ clients, auditors, and partners over the entire journey to ensure acceptance by a
large group of influential stakeholders.
CLOUD MIGRATION & GOVERNANCE
RISK MANAGEMENT FRAMEWORK
Championed to C level executives the adoption of a harmonized RMF to meet the expectations of influential stakeholder
groups, adopted the NIST SP 800 framework (of 18 control families and over 160 individual controls) and customized to
meet FISMA, FedRAMP, HIPAA, Data Privacy and Process integrity expectations. Implemented a formal process for risk
filtering (ATMA) and classification. The framework is in use for the past four years, meeting and exceeding client, external
auditor and engineering groups to deliver ahead-of-the-curve governance and regulatory compliance. The largest client
chose the organization as a Model Vendor to coach other vendors to come up the curve.
Developed a single view across the organization of policies needed to manage all business and technology operations,
procedures to comply with policies in different organizational units and a comprehensive log and evident management
program to provide proof to auditors, clients, partners and executives that procedures were being followed in every
operation of the organization. A semi-automated system ensures ‘permanent audit readiness’ for the organization.
POLICY, PROCEDURES AND PROOF LIFECYCLE
3. RISK MANAGEMENT LIFECYCLE IN A GLOBAL ORGANIZATION
A very large corporation, serving 3,000+ corporate clients globally, faced many challenges in technology risk
identification, prioritization and resource allocation. We were tasked by the Chief Risk Officer to help his team define the
entire risk management lifecycle and deep-dive into some aspects where weaknesses existed. We reviewed the existing
practices, the substantial audit reports and findings in different geographies and against different regulations and SLAs to
define the ‘Expectation Baseline’, presented to a global executive audience (technology, legal, compliance, risk, business,
finance and operations) and after substantial brain-storming, achieved an agreement on ‘what is expected’. This was a
stormy process and the wisdom of our effort was questioned many times but we were convinced of what we were doing
and persevered. The end result provided a better-than-expected foundation for the subsequent efforts as by the time we
started defining the workflows and tools and controls, the entire team felt ownership towards what we were proposing.
In phase 1 of the architecture, we adopted the FARMER (Framework, Authority & Responsibility, Management,
Education and Revise) approach. This provided a common vision to over 40 Risk Managers globally and while people had
to freedom to think tailored to their situations, they were very clear about the overall framework, constraints and rules.
Another major finding from our study regarding how risk was viewed and managed. The (unstated) principle seemed to
be that risk has to be accepted and then you do your best to manage. This was certainly very counter-productive and we
introduced the ATMA (Avoid, Transfer, Mitigate, Accept) and coached risk managers to filter every risk thru this model.
With this, we triggered many new ideas and initiatives in vendor management, outsourcing, transformation, re-
engineering, insurance coverage, tools and techniques and were able to build a much more cohesive risk management in
a complex, global setting over a period of 14 months.
4. GOVERNANCE, RISK AND COMPLIANCE TRAINING
POLICY, PROCEDURES AND PROOF LIFECYCLE
BUSINESS AND TECHNOLOGY COMPLIANCE
Developed an integrated program that meets the business compliance needs (NACHA, AML/KYC, Credit and Credentials
verification) and technology compliance (PCI DSS, SOC, HIPAA/HiTech) from a common governance platform that provides
consistent assurance with significant reduction in cost, time and resource expenditure on achieving the same.
Internal (C level, Audit, Legal, Compliance) and external (Auditors, clients, partners) edstakeholders need to see that every
incident is known and recorded, a formal process is followed to track each incident to closure and Root-cause Analyses are
performed to ensure learning from each event and completion of appropriate remedial actions. Used Atlassian and
ServiceNow tools to automate the function globally.
Developed and conducted training programs to ensure all employees and contractors get appropriate (generic and role-
based) training, are tested for assimilation via written examinations and provide evidence of the same to auditors, clients
and partners. With automation and self-service training programs, allowed the client to achieve significant efficiency, time-
saving and reusability as well as get exceptions from many modules of client-provided training.
Financial Services, Government & Retail prospects perform increasingly stringent assessments as part of selection process
and the client needed to prepare for 50 to 60 assessments by prospects and undergo granular audits by over 20 clients
annually. This was sucking key technical and operations resources away from their main functions. Developed a
framework-based, automated system to manage these assessments and audits with minimal demand on SME time.
CLIENT AUDITS AND DUE DILIGENE
5. Financial Systems Consolidation & Outsourcing
EXECUTIVE COACHING AND PARTNERSHIP
GRC FUNCTION & TEAM BUILDING
A large client had acquired disparate tools over time and assigned people as needed and the GRC function was a source of
frustration for the team members as well as the organization. Created a strategic vision for the GRC function, won C level
approval, built a strong team and morale and started a program to ‘accept or reject’ tools program. Created an A-team of
GRC professionals, helped them achieve relevant certifications and delivered a quantum leap in results to the organization.
Worked closely with the C suite and demonstrated the business value of GRC in terms of new client acquisition, renewals
and client satisfaction. As the C suite saw the benefits coming in, won their support to expand and institutionalize GRC as an
integral part of doing business. GRC is not seen as a legal requirement or ‘burn’ but as a competitive advantage by the C
suite, leading to continuous improvement in the company.
This client is a $20 billion + organization with a global footprint of nearly 200,000 employees. With over a dozen major
(more than 10 countries) financial systems (SAP, Oracle, JD Edwards, Dynamics and Maconomy), the outsourcing of the
same to an external vendor involved transition and transformation on a large scale. Supported the architecture and
creation of the FinTech CoE (Center of Excellence), involving re-badging and training of over 200 business and technical
staff, developed support workflows and executive presentations to present the scenarios to CFOs of major corporate units
and win their approval to the transformation and hand-off program. Developed the categorization for application
complexity, risk, support expectations of over 400 applications to build a prioritized roadmap of transition and
transformation to the vendor.
6. With the transition of all major financial applications to a new vendor-owned process, the infrastructure, network
architecture and devices, segregation of duties matrix, support mix and accountability patterns changed significantly and
the established SOX compliance measures were rendered obsolete. Both the internal and external auditors had reported
major findings to group CFO. I helped identify the SOX control points in the Target Operating Model (TOM), define the SOP
for new environment with distribution of accountability between vendor and the organization. Identified legacy systems to
be sunset to trim the portfolio from 400+ to less than 40. Invited the internal audit team within six months for a mock audit
to reduce open items by over 65%.
TRANSFORMATION MODEL DEVELOPMENT
TRANSITION MANAGEMENT
SOX COMPLIANCE IN AN OUTSOURCED ENVIRONMENT
The company followed a non-organic growth model with 400+ subsidiaries in 100 countries with little operational
integration. This led to hundreds of different applications, hosting environments and transitioning the current model to
target model needed both strategic planning and operational guidance to help the outsourcing vendor as well as thousands
of employees. We identified and prioritized the key processes and developed workflows to harmonize key processes to
align to the Target Operating Model
The transition enabled the vendor to take over the operations in an ‘as-is’ manner but the business changed significantly (due
to inorganic expansion) and the transitioned state was seen as incompatible with the new reality. I worked with the C suite to
capture the vision and developed a desired end-state and the transformation roadmap to reach the same. Developed the
complete suite of workflows to help the C level executives visually see the roadmap and commit to it.
7. WORKFLOW AUTOMATION
METRICS & MEASUREMENT FOR VENDOR GOVERNANCE
RE-ALIGNMENT OF OUTSOURCING TO AGILE PROCESS
Developed the strawmen to present possible scenarios for handling key operational and support processes, presented a wide
swath of stakeholders globally with pros and cons, helped decision-makers arrive at a consensus operating model. Using the
approved models, developed tools and flows in SharePoint (Operations) and ServiceNow (Support) to document the granular
stakeholder matrices and action sequences. These were used by vendor to develop the actual implementation steps
With over 300,000 employees in 100 countries and 400 subsidiaries, both the vendor and the company faced a challenge on
measuring and tracking progress across such a complex canvas. I led a small team to identify key metrics across each of the
major transition and transformation areas (called Towers), conducted intense negotiations with vendor and client leadership
to help arrive at a consensus set of metrics. Worked with Business Owners, Architects, Engineering and Support teams to
identify the sources of raw performance data to derive the measurements from. Built a SharePoint dashboard to continually
demonstrate the current state across all towers and tracked against governance plan objectives to help both vendor and
company executives track and monitor progress
The contracts were drawn up when company (mostly) used waterfall process but many groups rapidly adopted agile
process and were not ready to go back to waterfall to fit into the contract structure. The business need for agile was very
strong & the COO wanted the contract re-drawn to use agile as the SOP. I focused on identifying key contract clauses in
SDLC, Release, Change and Support areas and introduced agile processes of product roadmaps, stand-ups, change in
documentation patterns, DevOps and continuous integration into the contract. The same were presented to the CIO,
Commercial, Legal and CFO teams as well as the vendor for approval and were incorporated into the contract.
8. AGILE ADOPTION IN A GLOBAL ORGANIZATION
METRICS-DRIVEN COMMERCIAL PROCESS
OUTSOURCING CONTRACT RE-NEGOTIATION
The contract between the vendor and the company was signed over an extended period that witnessed significant changes to
both the CIO and CFO/COO teams. Thus, the contract had become too large, with gaps and duplications and the execution
had become a major challenge for both parties. Worked closely with executives from vendor and company sides to identify
key pain-points and helped resolve many conflicts. Introduced key concepts of harmonization, documentation down-sizing,
SOX compliance driven adoption and agile process to bring into focus key goals that transcended the contract fine-print.
About a year into the outsourcing contract, not a single invoice of the vendor was paid by the company and the situation was
getting harder by the day for both sides. SDLC, Application Operations, Service Introduction, Gating, Quality Certification,
system failures were the key pillars of invoicing and there were no metrics to objectively assess the performance in real terms.
Developed a set of metrics to cover these areas and presented the same to both parties for discussion and helped arrive at a
consensus. With a large team working on generating & agreeing on the metrics, helped the CFO office pay six invoices in a
space of 45 days and helped stabilize the relationship.
As the outsourcing plan was unrolling, the company was undergoing major strategic changes – acquiring companies as well as
being acquired – that changed the strategic goals on a monthly basis. The waterfall-based contract was simply incapable of
changing direction and the SDLC as well as Release process was bottle-necked. I recommended and kicked-off a major agile
adoption drive to design a custom agile process that met the company needs, that the vendor could integrate into its delivery
processes and both sides could track in terms of concrete measures and metrics. I personally trained over 400 key managers
in global company locations in agile adoption.
9. PCI DSS COMPLIANCE OF 1,100 GLOBAL LOCATIONS
There were multiple systems involved in the card processing chain. New acquisitions presented a different state of PCI
compliance on one side and the vendor processes that captured and stored the card data on the other. This complicated the
card security chain and the company suffered a major card security breach at a major location. I worked with the front-end
applications groups (over 400 people globally) and created a consolidated PCI Status Sheet to help identify risk, assign priority
and resources to remediation. Led a major remediation design effort to address top risks against each of the twelve PCI
requirements and set up the process for harmonizing card processing and storage systems to bring better compliance in
future years.
The company was growing rapidly and the sales team was getting bogged down with implementation, operations,
compliance, billing and support tasks to manage client satisfaction rather than prospecting and sales pipeline building. This
was creating a serious disruption as the company was in preparing to sell itself to a group of investors. I started an enterprise-
wide effort to build the total picture, segregate sales and account management activities and presented the scenarios to the
CEO and the COO. After review and approval, developed detailed workflows for each work-stream and conducted training
programs for Directors and Operational Managers. During this period, I realized that issue tracking was the biggest gap across
the organization and developed an issue-tracking system using Atlassian Confluence and JIRA platform. Within six months,
the average sales person reported spending 70% of time on prospecting and sales pipeline, up from less than 30%.
ENTERPRISE WORKFLOW INTEGRATION
10. The company was built using an acquisition model, consisted of about 12 major application platforms acquired from as
many acquisitions. The IT group had worked in a reactive manner and they were functioning as twelve different systems in
the company, leading to huge duplication, gaps and client dissatisfaction. Developed an architectural approach to
consolidate all systems into two categories – Microsoft-based for internal operations and Salesforce-based for prospecting
and selling cycle management. I adopted a loosely-coupled approach for the medium-term as the technology maturity did
not permit a tight integration and would have led to a collapse. Re-structured the IT team along the two technology tracks,
sponsored many mid-level employees for skill-building training and mentored the IT team to align with business and
become more client-focused.
TECHNOLOGY STRATEGY & INTEGRATION
Some clients need to develop & manage software products where they have significant Intellectual Property (IP) protection
requirements as well as the ability to change directions quickly as they test the client reaction to features and performance.
NDAs and agreements can do only so much when it comes to protecting IP. We developed and managed the product
roadmap, user stories and the agile process and distributed the development over 2 or 3 different vendors. We managed
the entire lifecycle in such a way that no one but the client saw the full product. We saw all the road-map but did not see
any code, client was responsible for integration, acceptance and release, and individual development vendors saw only the
code they wrote. This was a complex process but ensured that client’s IP was fully protected.
SOFTWARE PRODUCT & IP MANAGEMENT