Challenge 

The Enterprise Risk Office of a tier 1 global bank flagged a high-risk issue in Canada’s decentralized control testing—marked by testing sufficiency gaps, inconsistent processes, and weak separation of duties. The issue was appearing on the executive leadership scorecard and required immediate remediation. Unable to resolve it internally, the bank engaged CRG to design and implement a centralized testing operating model. Over nine months, CRG assessed the current state, designed the future model, and executed the transition—mitigating risk, standardizing processes, and strengthening governance. 

Approach

CRG delivered the engagement over a nine-month period through a structured three-phase process: 

Diagnose 

• Conducted 20+ interviews with testers and risk management leaders to pinpoint 49 validated operational issues 
• Benchmarked practices against global control testing CoEs to identify best practices and build global expertise 

Recommend

• Developed 19 targeted recommendations addressing root-cause issues. 
• Designed a detailed centralized operating model across six key components, with scoped implementation timelines and activities 
• Revamped the control governance model to ensure controls were designed to enterprise standards upstream, reducing reliance on downstream testing 

Implement

• Led a three-phase rollout while partnering with risk governance to embed the new control design model 
• Accelerated ramp-up by creating job descriptions, supporting hiring, developing playbooks, and managing onboarding 
• Managed change through executive communications, stakeholder alignment, and performance tracking against key success metrics 

Outcome

CRG’s engagement delivered a sustainable and scalable Control Testing CoE meeting all objectives: 

• Achieved key project objective by closing the high-risk issue giving executive leadership comfort with centralization success 
• Fully centralized all control testing activities, onboarded and trained testing team (1 manager, 5 testers) 
• Drove improvements of the key enterprise sufficiency metric from 40% to a projected 90% while maintaining 99% testing timeliness 
• Delivered a standardized, scalable, testing process and operating model to allow the team to deliver value to business partners and share best practices globally 
• Established a standardized operating model enabling consistent, high-quality testing, and the ability to share best practices globally