Ensuring cyber readiness in the face of annual review
Snapshot
Kalles Group improves a client’s cyber readiness, leading a large credit union through its annual federal financial examination.
Challenge
Amidst an organization-wide restructuring and modernization effort, a credit union engaged Kalles Group to provide NCUA/DFI 2022 Cyber Readiness Support. Project goals involved successfully preparing the organization for their annual NCUA/DFI Financial Examination while maintaining or improving the prior year’s outcome.Â
These annual audits allow the Federal Government and Financial Industry to reauthorize financial institutions for U.S. operation, and the client knew they needed help to address this obligation. Their reorganization caused massive technology transformation and significant staff turnover, increasing the project’s complexity.Â
Kalles Group quickly established trust by presenting a highly detailed task plan.Â
Approach
The Kalles Group team designed and executed the project plan, delivering weekly metric status to goal, assuring standardization and delivery of ~150 high quality pieces of evidence, and driving resolution of 75% of 2021 findings.
The project scope included three efforts:
- Gap Analysis: Resulting in articulation of the organization’s overall cyber-risk posture.
- Planning & Execution: Creating and implementing a plan to prepare the organization for both Spring 2022 and future 2023 audits.
- Capability Development: Introducing a life cycle “engine” that ensured a role-integrated, cross-team yearly audit.
Delivery of a client Inherent Risk Profile exposed gaps against the Financial Industry standards, and Kalles Group mentored multiple teams in the creation and walkthroughs of ten finding or function overview presentations.
The team also delivered a 2023 Project Plan including specific role tasks and estimated delivery times, to avoid future work disruptions on an annual basis. Additionally, they created the infrastructure for controlled deposit, review, approval, and delivery of evidence.
Kalles Group recommended maintenance of the Inherent Risk Profile and annual refresh to keep focus and attention on the riskiest Cyber related areas.
Results
Outcomes of partnering with the client’s team to prepare for the audit include:
- Decreased findings from the previous year.
- Resolved most previous year findings, with half of new findings also resolved and closed before examination end.
- Delivered ~150 pieces of standardized, high-quality evidence.
- Formalized the organization’s overall security posture, providing insights into key risk areas.
- Pre-Planned next year’s examination.
Kalles Group’s continued work with the organization minimizes annual findings and ensures the credit union’s federal financial compliance.