top of page
Picking Car Lock

Australian Banking - Custom Assurance Framework

The Problem

  • A Chief Risk Officer at an Australian financial organisation noted inconsistencies between the risks being reported and the information available to them for validation.

 

  • As CRO, they were responsible for managing the risks, but were not confident that the risks were being managed appropriately.

 

  • The CRO was looking for a way to be assured that the risks associated with Cyber Security were being managed and reported. They requested a holistic framework of what Cyber Security aspects should be reviewed for assurance with an impartial view

The Outcomes

  • CRG defined a framework for Cyber Risk Assurance across the financial organisation, covering 25 areas to ensure comprehensive cyber security risk management.

  • Each framework item was aligned with all relevant frameworks and legislation for the organisation, including NIST CSF, APRA, and PCI-DSS requirements.

  • Advice regarding cadence for all assurance activities was recommended, with the framework built for repeatability.

Benefits

The Chief Risk Office now has visibility into what items they need assurance in and what a complete cyber security risk assurance entails. Capability has been defined to allow ongoing cyber risk assurance impartially to enable stronger trust in their cyber security.

bottom of page