Case Studies

Investigation of Application Controls for a Global Financial Institution


The client had experienced a massive financial loss due to a controls/compliance failure in one of their applications, although the root cause of the failure was not initially known. The client’s application ecosystem included several other internally-developed and third-party applications that performed similar functions, but their risk of exposure to another event was unknown.


Our team reviewed the source code for the client’s application in order to identify the specific factors that led to the failure. We demonstrated that the deficiencies still existed even after the client believed they had properly patched the application. We also performed a global review of internally-developed and third-party applications in order to assess whether the available controls were adequate to control risk.


Our experts identified the programmatic and operational deficiencies that led to the controls failure. We presented the findings to the client’s board of directors, U.S. regulatory agencies, and credit rating agencies and provided prioritized recommendations in order to mitigate the risk of future failures.