Consulting case studies

Taking compliance remediation to the bank

A bank holding company needed to resolve audit deficiencies in user access and SOD – quickly.

Client challenge

A US bank holding company was under urgent pressure to resolve significant deficiencies in its user-access management. A federal audit had found inadequate access control to 48 high-risk Sarbanes-Oxley (SOX) applications, as well as deficiencies in de-provisioning of critical accounts. The audit stipulated that the bank resolve deficiencies within an 18-week period—a daunting timeframe given the complexity of identity access across its ecosystem. The bank, like most businesses, simply did not have the resources or expertise to carry out an initiative of this magnitude.

View more

PwC's solution

Our team of identity management specialists interviewed business and IT leaders across the enterprise, drawing upon our existing knowledge of the bank’s operations and regulatory requirements to perform a gap analysis, define a common approach, develop a baseline set of risks and controls, and create remediation processes for the high-risk applications. We also introduced an enhanced role-based access-control model to govern assignment of appropriate access across all business lines and helped the bank create and launch an IAM Center of Excellence to ensure that the new access and SOD governance policies are embedded into the fabric of organizational culture.

View more

Impact on client's business

We helped the bank holding company satisfy the audit demands on schedule. The bank also has a work plan in place that will enable it to remediate user-access deficiencies for a remaining 27 SOX applications. Improvements in user-access controls and SOD processes have strengthened the bank’s compliance and enabled faster, more accurate provisioning and de-provisioning. The bank now has adequate visibility into user-access entitlements and SOD controls across applications and business divisions, as well as full clarification and documentation of critical processes. It is positioned to fully automate these procedures in the future.

View more


Related business issues

Navigate risk and regulatory complexity

Contact us

Dietmar Serbee
Principal, Financial Services
Tel: +1 (646) 471 7270

Follow us