Below are the benefits we have delivered to our clients, most notably all the benefits mentioned have been realised and implemented. The status of each control is tracked through the various stages of testing, all deficiencies and remedial activities are discussed and agreed real time thus allowing timely resolution and reducing the overall cost of testing.
BT Group Case Study
The Challenge: Development of a future state IT & Business Risk and control environment in conjunction with a global roll out of SAP4/Hana and BPC consolidation tool. Ensuring all controls are SOX/ICOFR compliant.
The Solutions: Established a clear set of objectives and deliverables and established robust Programme governance. Control’s professionals advised and guided on all control requirements and built this into all technical developments.
Technology Used: Implementation of SAP4/HANA, SAP GRC PC and SAP GRC AC, BPC Consolidation tool, Blackline, AIG, Project management tools
The Outcome/Investment/Savings: Two larger consulting firms had been responsible for delivery for the previous 12 months and made little progress. Within 3 months, ZR Consultants made leaps in delivery and significantly enhanced the quality of outputs winning the trust of BT Executives and KPMG, the external Auditors. This resulted in ZR Consultants taking over the entire Controls delivery and bringing in a further 8-10 highly experienced consultants, creating savings such as:
• Our delivery significantly reduced BT costs of resources across the programme
• We identified ways of reducing costs and embedding some activities into BAU, leading to significant short and long-term savings for BT
• The ZRC Team went above and beyond and delivered an excessive amount of work outside its SOW
Booking.com Case Study
SOX PROGRAMME SUPPORT
The Challenge: To support the reduction of their Big 4, spend by providing a highly experienced team for the ongoing SOX programmes for Booking.com, Booking Technology, Fareharbor, the Global Tax Projects & IT Fintech Projects. Design, remediate and implement first year SOX processes and controls for Fareharbor
The Solutions: Designed all ITGC controls for Fareharbor and remediated all control gaps ensuring process and controls owners were fully trained to operate their controls in BAU
Technology Used: Service Now, SAP
- ZRC is a trusted support provider for the Booking risk management team
- All new Controls embedded into BAU
- All Significant deficiencies mitigated and remediated
- BAU SOX processes and governance embedded into Fareharbor
ERPM & AMP Case Study
The Challenges: ERPM implementation with a clear objective of leveraging standard Oracle automation to embed effective and efficient controls and further strengthen the control environment. Implementing ORACLE Fusion in which SAP ERP and Oracle ERP will be merged.
Also undertaking an Access Management Programme alongside the ERPM Transformation Programme.
- Support the implementation of Oracle Fusion GRC/ERP/EPM and ORMC
- Project Management & Programme Governance
- Develop and design ITGC RACM’s for multiple applications and databases
- Ensure all data transfers/interfaces have controls over completeness and accuracy
- Supporting Financial Controls team by working with the AMP Programme team to ensure all Risk and Controls considerations are taken into account
- Review of existing SAP ERP and Oracle ERP Segregation of duties.
- Also supporting the assessment of any impact on BAU processes as a result of deliverables made via AMP
Technology Used : Oracle Fusion GRC/ERP/EPM & ORMC, SAP, ORACLE, Blackline, Sailpoint, Workday
- Trusted partner with the client and now expanding our services into the cyber area of the business
- Identified significant gaps and produced detailed remediation plans
BARCLAYS, BARCLAYCARD & UKSL Case Study
The Challenges: Implement and manage the SOX framework across the PPI programme and Implement the IT and Business SOX process and framework for Barclaycard. The PPI Programme grew from 1 £1bn provision to over £8bn
with over 500 changes during that period.
The Solutions: Implemented a central PPI SOX function which designed all the key IT and Business controls as well as walkthroughs, testing, remediation and managing of External Auditors. Also, implemented the Operational Risk (RCSA)
framework and Risk Event Process, Successfully managed the FCA S166 review with E&Y and implementing remedial activities,
Technology Used: OpenPages, VISIO, SAP, CRM tool, PPI calculators
PPI Programme – Reduced level of independent review by PWC to under 10 controls as well as Rationalised the control environment from 300 control to 60 key SOX controls. Implemented the change board and assessed over 500 changes.
SOX Implementation (Barclaycard) – Implemented the IT and Business SOX process and framework, Reviewed business critical processes such as Impairment, Basel II, PPI model evaluation etc
• Identification of significant recoverable revenue mis-coded incorrectly
• Reduction in Key SOX controls resulted in £ millions of savings
• Investigated a fraud in PPI claims and evidenced to PWC that this was an isolated event
Global Foodservice Leader
European SOX Function Implementation
The Challenge: Implement a European SOX function covering the UK, France and Sweden following acquisition by US firm.
The Solutions: Delivered the end-to-end SOX programme with teams in UK, France, Sweden, Belgium, Bulgaria and the US. Training the Business and providing support via drop-in sessions. Regular reporting on milestones and progress at a control and process level.
Technology Used : Implemented Workiva and AuditBoard
The Outcomes: Responsible for remediation over 500 deficiencies. Rationalisation of control framework from over 600 key controls to just under 400. Managed relationship with External Auditor as well as established a Steerco to ensure governance was retained which resulted in a Reduced level of Independent testing required by External Auditor to 33% and the UK controls only.
TESCO Case Study
INTERNAL AUDIT TRANSFORMATION
- To review the existing Internal Audit Function and processes and identify areas of improvements.
- Project to address methodologies, tools and ways of working.
The Solutions: Identified and managed over 30 improvement projects including methodologies, Test papers, Report designs, Time Management software, Skills matrix, automations
Technology Used: Workiva
The Outcomes: Significantly improved the efficiencies of delivering an End-to-End Internal Audit. Improvements in quality of test papers and reports. More concise methodology reduced confusion and gave Auditors a quick guide which combined with the upskilling after the Skills matrix review ensured Auditors were better trained and focussed on areas that will give them greater development opportunities.
HSBC Case Study
Global Operational Risk Framework
The Challenge: Global roll out of a new operational risk framework, tools and 3 Lines of Defence
• Defined the Strategy and delivery plan for onboarding onto Helios system (Open Pages)
• Implementation and training of the new Open Pages system
• Implementation of a ELS model to ensure the business has the right level of support which included the deployment of a quality framework
• Additional support provided around cyber security and the risk of fraud
Technology Used: Implementation of Open Pages (Helios), Sharepoint and MI
• Successful implementation of the Open Pages System
• Implementation of new Risk and Controls framework
• ZR Consultants remains a PSL supplier to HSBC with new projects expected in 2024
Booking.com Case Study
EUROPEAN SOX PROGRAMME 2019-20
The Challenge: Responsible for supporting the SOX programme in Amsterdam and Manchester
The Solutions: Remediation and mitigation of 30+ significant deficiencies. Liaising with the external auditors, Deloitte and Internal Audit to ensure they are comfortable with all remediation efforts. Deficiencies included SOD violations, evaluation of billions of pounds of journals, IPE evidence on completeness and accuracy etc. Design and implementation of new key controls to compliment SAP.
Technology Used: ServiceNow, SAP
• Managed and delivered several complex remediation projects across the business and IT infrastructure.
• Managed the relationships with Internal and External Audit, ensuring all queries and findings were dealt with efficiently and effectively.
• Designed and implemented automated and manual controls as well as change governance.
RBS Case Study
Migration of NatWest / RBS Customer to 4 New Products
The Challenge: Rescue a 2-year failing project to significantly transform the services offered by RBS to their customers. Total budget £115 million.
• Implementing a collaborative and clear and concise approach to delivery
• Successfully managing over 200 stakeholders and taking them on the journey
• Responsible for implementing and agreeing all commercial and technical requirements for 3rd parties as well as ensuring data reconciliation
• Delivery across IT, Payments, Digital, Compliance, Products, Branch, Operations, Compliance, Retail & Legal and Marketing
Technology Used: All RBS in-house Banking platforms and databases
The Outcomes: Major turning point for RBS as offering of 4 accounts that generated revenue at a time when the group was struggling.
National Grid Case Study
SOX P2P Controls Automation Project
The Challenge: Deep dive into the P2P and S4/HANA functionalities to identify opportunities for automation.
Technology Used : SAP S/4HANA
- Identified around 10 potential opportunities for further automation
- Identified over 35 controls and process improvements
- Controls rationalisation identified a reduction of around 10 controls