top of page
image 127 (3).png

IT GRC

Project Details

472

Client:

Dairyland Power Cooperative (DPC)

Download Case Study

Project Information

THE CHALLENGE

Dairyland Power Cooperative (DPC) was a business in motion, constantly evolving to suit an ever-changing business climate. Their IT organization responded in kind,  modifying procedures and adapting to dynamic user needs changes in management, and the technology requirements. Inevitably, DPC’s annual external audits returned significant findings.

Each year, the IT director drafted new policies and procedures to address the audit findings. Unfortunately, the policies often overlapped and quickly became outdated. The IT staff was forced to bypass obsolete policies in their rush to respond to other organizational demands. DPC’s IT Department needed to establish a solid framework to guide operations if they wanted to get a handle on the audit findings.

THE CLIENT

DPC is an electricity generation and transmission cooperative that provides power to 25 member systems, 255,745 member-consumer electric meters, 19 municipal customers, and approximately 575,000 consumers. DPC has 599 employees, 294 substations, and 3,111 miles of transmission line. The cooperative is committed to providing members with extraordinary value and service.

“…you guys [Securance] are the best group of consultants we have ever had in here. You’ve already had a significant impact to our organization.”

- Brian Boettcher,
IT Director, Dairyland Power Cooperative

THE SECURANCE SOLUTION

DPC’s IT director decided it was time to implement a formal IT governance, risk, and compliance (GRC) framework. After an exhaustive search, he selected Securance Consulting to partner with his organization. DPC decided to align their GRC framework with Control Objectives for Information Technology (COBIT), a control-based framework that suited their organizational structure and was used by their external auditors. Our team worked with DPC to conduct an IT risk assessment and to create IT policies and procedures to replace the patchwork of draft policies from years past.

ADDRESS THE CAUSE, ELIMINATE THE PROBLEMS

Establishing structured policies, procedures, and risk management practices takes less time and effort than having to figure everything out as you go along. It sets expectations for the business and the IT department, so both can focus energy on improving business conditions and productivity, rather than putting out fires. Like many of our clients, DCP found that a solid GRC framework was an investment that would pay dividends for years to come.

GRC IMPLEMENTATION OVERVIEW

  • Interview select executives and senior managers.

  • Review existing IT policies, procedures, and forms.

  • Interview key IT personnel.

  • Develop an IT skills matrix.

  • Produce an IT segregation of duties matrix.

  • Identify IT risks.

  • Prioritize IT risks by likelihood & impact.

  • Identify and define policies, methodologies, & procedures.

  • Develop IT forms that assist personnel with the changes.

  • Map IT risks to the chosen framework.

  • Train IT personnel in the use of new policies & procedures.


Securance consultants can help your organization achieve its GRC goals, on time and within budget. Contact us today to learn more.

bottom of page