Case Studies

Below are the benefits we have delivered to our clients, most notably all the benefits mentioned have been realised and implemented. The status of each control is tracked through the various stages of testing, all deficiencies and remedial activities are discussed and agreed real time thus allowing timely resolution and reducing the overall cost of testing. 

BT Group Case Study

The Challenge: Development of a future state IT & Business Risk and control environment in conjunction with a global roll out of SAP4/Hana and BPC consolidation tool. Ensuring all controls are SOX/ICOFR compliant.

The Solutions: Established a clear set of objectives and deliverables and established robust Programme governance. Control’s professionals advised and guided on all control requirements and built this into all technical developments.

Technology Used: Implementation of SAP4/HANA, SAP GRC PC and SAP GRC AC, BPC Consolidation tool, Blackline, AIG, Project management tools

The Outcome/Investment/Savings: Two larger consulting firms had been responsible for delivery for the previous 12 months and made little progress. Within 3 months, ZR Consultants made leaps in delivery and significantly enhanced the quality of outputs winning the trust of BT Executives and KPMG, the external Auditors. This resulted in ZR Consultants taking over the entire Controls delivery and bringing in a further 8-10 highly experienced consultants, creating savings such as:
• Our delivery significantly reduced BT costs of resources across the programme
• We identified ways of reducing costs and embedding some activities into BAU, leading to significant short and long-term savings for BT
• The ZRC Team went above and beyond and delivered an excessive amount of work outside its SOW Case Study


The Challenge: To support the reduction of their Big 4, spend by providing a highly experienced team for the ongoing SOX programmes for, Booking Technology, Fareharbor, the Global Tax Projects & IT Fintech Projects. Design, remediate and implement first year SOX processes and controls for Fareharbor

The Solutions: Designed all ITGC controls for Fareharbor and remediated all control gaps ensuring process and controls owners were fully trained to operate their controls in BAU

Technology Used: Service Now, SAP

The Outcomes:

  • ZRC is a trusted support provider for the Booking risk management team
  • All new Controls embedded into BAU
  • All Significant deficiencies mitigated and remediated
  • BAU SOX processes and governance embedded into Fareharbor

ERPM & AMP Case Study

The Challenges: ERPM implementation with a clear objective of leveraging standard Oracle automation to embed effective and efficient controls and further strengthen the control environment. Implementing ORACLE Fusion in which SAP ERP and Oracle ERP will be merged.

Also undertaking an Access Management Programme alongside the ERPM Transformation Programme.

The Solutions:

  • Support the implementation of Oracle Fusion GRC/ERP/EPM and ORMC
  • Project Management & Programme Governance
  • Develop and design ITGC RACM’s for multiple applications and databases
  • Ensure all data transfers/interfaces have controls over completeness and accuracy
  • Supporting Financial Controls team by working with the AMP Programme team to ensure all Risk and Controls considerations are taken into account
  • Review of existing SAP ERP and Oracle ERP Segregation of duties.
  • Also supporting the assessment of any impact on BAU processes as a result of deliverables made via AMP

Technology Used : Oracle Fusion GRC/ERP/EPM & ORMC, SAP, ORACLE, Blackline, Sailpoint, Workday

The Outcomes:

  • Trusted partner with the client and now expanding our services into the cyber area of the business
  • Identified significant gaps and produced detailed remediation plans


The Challenges: Implement and manage the SOX framework across the PPI programme and Implement the IT and Business SOX process and framework for Barclaycard. The PPI Programme grew from 1 £1bn provision to over £8bn
with over 500 changes during that period.

The Solutions: Implemented a central PPI SOX function which designed all the key IT and Business controls as well as walkthroughs, testing, remediation and managing of External Auditors. Also, implemented the Operational Risk (RCSA)
framework and Risk Event Process, Successfully managed the FCA S166 review with E&Y and implementing remedial activities,

Technology Used: OpenPages, VISIO, SAP, CRM tool, PPI calculators

The Outcomes/Investment/Savings:

PPI Programme – Reduced level of independent review by PWC to under 10 controls as well as Rationalised the control environment from 300 control to 60 key SOX controls. Implemented the change board and assessed over 500 changes.

SOX Implementation (Barclaycard) – Implemented the IT and Business SOX process and framework, Reviewed business critical processes such as Impairment, Basel II, PPI model evaluation etc

• Identification of significant recoverable revenue mis-coded incorrectly
• Reduction in Key SOX controls resulted in £ millions of savings
• Investigated a fraud in PPI claims and evidenced to PWC that this was an isolated event

Global Foodservice Leader

European SOX Function Implementation

The Challenge: Implement a European SOX function covering the UK, France and Sweden following acquisition by US firm.

The Solutions: Delivered the end-to-end SOX programme with teams in UK, France, Sweden, Belgium, Bulgaria and the US. Training the Business and providing support via drop-in sessions. Regular reporting on milestones and progress at a control and process level.

Technology Used : Implemented Workiva and AuditBoard

The Outcomes: Responsible for remediation over 500 deficiencies. Rationalisation of control framework from over 600 key controls to just under 400. Managed relationship with External Auditor as well as established a Steerco to ensure governance was retained which resulted in a Reduced level of Independent testing required by External Auditor to 33% and the UK controls only.

TESCO Case Study


The Challenges:

  • To review the existing Internal Audit Function and processes and identify areas of improvements.
  • Project to address methodologies, tools and ways of working.

The Solutions: Identified and managed over 30 improvement projects including methodologies, Test papers, Report designs, Time Management software, Skills matrix, automations

Technology Used: Workiva

The Outcomes: Significantly improved the efficiencies of delivering an End-to-End Internal Audit. Improvements in quality of test papers and reports. More concise methodology reduced confusion and gave Auditors a quick guide which combined with the upskilling after the Skills matrix review ensured Auditors were better trained and focussed on areas that will give them greater development opportunities.

HSBC Case Study

Global Operational Risk Framework

The Challenge: Global roll out of a new operational risk framework, tools and 3 Lines of Defence

The Solutions:
• Defined the Strategy and delivery plan for onboarding onto Helios system (Open Pages)
• Implementation and training of the new Open Pages system
• Implementation of a ELS model to ensure the business has the right level of support which included the deployment of a quality framework
• Additional support provided around cyber security and the risk of fraud

Technology Used: Implementation of Open Pages (Helios), Sharepoint and MI

The Outcomes:
• Successful implementation of the Open Pages System
• Implementation of new Risk and Controls framework
• ZR Consultants remains a PSL supplier to HSBC with new projects expected in 2024 Case Study


The Challenge: Responsible for supporting the SOX programme in Amsterdam and Manchester

The Solutions: Remediation and mitigation of 30+ significant deficiencies. Liaising with the external auditors, Deloitte and Internal Audit to ensure they are comfortable with all remediation efforts. Deficiencies included SOD violations, evaluation of billions of pounds of journals, IPE evidence on completeness and accuracy etc. Design and implementation of new key controls to compliment SAP.

Technology Used: ServiceNow, SAP

The Outcomes:
• Managed and delivered several complex remediation projects across the business and IT infrastructure.
• Managed the relationships with Internal and External Audit, ensuring all queries and findings were dealt with efficiently and effectively.
• Designed and implemented automated and manual controls as well as change governance.

RBS Case Study

Migration of NatWest / RBS Customer to 4 New Products

The Challenge: Rescue a 2-year failing project to significantly transform the services offered by RBS to their customers. Total budget £115 million.

The Solutions:
• Implementing a collaborative and clear and concise approach to delivery
• Successfully managing over 200 stakeholders and taking them on the journey
• Responsible for implementing and agreeing all commercial and technical requirements for 3rd parties as well as ensuring data reconciliation
• Delivery across IT, Payments, Digital, Compliance, Products, Branch, Operations, Compliance, Retail & Legal and Marketing

Technology Used: All RBS in-house Banking platforms and databases

The Outcomes: Major turning point for RBS as offering of 4 accounts that generated revenue at a time when the group was struggling.

National Grid Case Study

SOX P2P Controls Automation Project

The Challenge: Deep dive into the P2P and S4/HANA functionalities to identify opportunities for automation.

Technology Used : SAP S/4HANA

The Outcomes:

  • Identified around 10 potential opportunities for further automation
  • Identified over 35 controls and process improvements
  • Controls rationalisation identified a reduction of around 10 controls

Diligent Case Study

UK Corporate Governance Reform Readiness

The Challenge: The client were seeking to enhance their internal controls, used primarily for US SOX purposes, to align to the broader requirements of the UK Corporate Governance Reform and the needs of potential customers in the UK.

The Solutions:  Using a combination of our expertise in the current and proposed UK Corporate Governance Framework, deep working knowledge of responding to the framework requirements, and system expertise, ZRC collaborated with Diligent to enhance their Diligent One platform to align with UK Corporate Governance Reform requirements.

Technology Used : Diligent One Platform – SOX Compliance Solution

The Outcomes:

  • Detailed recommendations for enhancements existing functionalities.
  • Advice on strategic developments to cater to user (market) needs.
  • High-level recommendations for ‘go-to-market’ strategies.

We're Proud To Have Worked With...