RSM firm: Ireland
RSM contact: Terry McAdam
Bringing RSM’s ideas and insight – the work we carried out
We were retained by a high profile internal NGO to support the Board in considering their risk appetite with respect to the governance and management of data-related risks within the organisation.
The entity is involved in the provision of services to individuals across the globe and is frequently delivering its interventions in very challenging environments.
The Board subsequently agreed a relevant policy and we proceeded to undertake a review of current data management practices in light of the policy and using the EU Directive as a proxy for national data protection legislation which frequently was not enacted in the jurisdictions concerned.
We prepared a detailed report regarding the weaknesses and risks uncovered during our review which we shared with the Board. Our final report featured a multi-year budgeted roadmap detailing our recommendations for improvement across the integrated domains of governance, policy, process, technology and employee awareness/training.
Understanding our client – the benefits
The client received the consulting support required to develop an appropriate risk appetite statement and a related policy regarding data-centred risk.
The Board and Executive both gained an enhanced understanding of their data protection obligations (current and future) and their respective roles in ensuring compliance is achieved and maintained.
Thereafter, our final report detailed a very clear implementation plan to create a robust data governance and management environment within the entity at both field and headquarter level. This plan subsequently underpinned a successful project undertaken by the internal ICT function.