SMO for the KSA Human Rights Commission
A national-strategy Strategy Management Office, engaging 30+ governmental entities, aligned to the UN Sustainable Development Goals.
KSA
Public sector
Multi-entity
The Challenge
The Commission needed a central operating spine to plan, monitor, and report a national strategy spanning more than thirty entities — without disrupting the entities' own remits.
How We Solved It
Designed and operationalised the SMO end-to-end — governance charter, planning cadence, KPI catalogue, and reporting cockpit — and ran the first execution cycle alongside the team.
What the Client Gained
A working SMO running quarterly cycles, a single source of truth for national-strategy progress, and visible alignment to UN SDG targets across all engaged entities.
Banking front-office automation
RPA and AI deployed across four front-office process areas at a global bank — CRM, marketing, credit management, and credit-card campaigns.
Global
Banking
RPA · AI
The Challenge
Manual handoffs across four front-office workstreams were eroding cycle time and customer experience, with no clear automation ROI thesis.
How We Solved It
Built an automation operating model, prioritised a use-case backlog by value, deployed RPA + AI across the four workstreams, and stood up a centre of operations.
What the Client Gained
Material reduction in cycle time across the four areas, a reusable automation playbook, and a steady-state delivery model the bank now runs itself.
SAP S/4HANA audit training
Three structured training sessions for a USA agricultural-chemical client — 100% of the internal audit team upskilled on S/4HANA controls.
USA
Chemicals
Training
The Challenge
The internal audit function lacked the technical depth to audit a freshly migrated S/4HANA environment with confidence.
How We Solved It
Designed and delivered three progressive training sessions — fundamentals, control points, and S/4-specific audit techniques — with hands-on labs.
What the Client Gained
A fully upskilled audit team capable of independent S/4HANA audits, and a written reference library for future hires.
Gender-equality education dashboard
A KSA HRC dashboard tracking 52 metrics across 45+ datasets — benchmarking 40+ countries and 13 KSA provinces.
KSA
Public sector
Analytics
The Challenge
The Commission needed defensible international benchmarks and a real-time view across provinces — neither existed in one place.
How We Solved It
Defined the 52-metric model, sourced and reconciled 45+ datasets, designed the dashboard, and delivered it with a documented refresh cadence.
What the Client Gained
A live benchmarking tool used in policy briefings, with multi-year trend visibility across 40+ comparator countries.
NIST CSF benchmark — global gaming
A NIST CSF maturity benchmark across five function areas, with a strategic cyber roadmap for the executive team.
Global
Technology
NIST CSF
The Challenge
The cyber function was scaling fast without a defensible maturity baseline or a board-ready forward plan.
How We Solved It
Ran a NIST CSF assessment across all five functions, scored maturity, identified the closing-the-gap initiatives, and sequenced them into a multi-year roadmap.
What the Client Gained
A defensible maturity baseline, a prioritised investment plan, and a roadmap the CISO uses to brief the board quarterly.
IPO SOX compliance — USA restaurant
A two-year programme readying a USA restaurant chain for IPO — 100+ IT general and application controls implemented and tested.
USA
Retail
SOX
The Challenge
The company was running on a control environment built for a private operator — well short of what IPO readiness demands.
How We Solved It
Designed the target control framework, implemented 100+ ITGCs and application controls, executed Year-1 and Year-2 testing, and remediated to clean-slate.
What the Client Gained
A SOX-ready control environment, a successful first-year audit, and a control catalogue maintained as a steady-state programme.
SAP GRC Access Control — global chemical
A SAP GRC AC programme for a global chemicals company — 100% of pain points mapped, with training delivered to internal teams.
Global
Chemicals
GRC AC
The Challenge
Access conflicts and emergency-access risks were accumulating in a complex S/4 estate with no clear single source of truth.
How We Solved It
Mapped every pain point, configured GRC AC rule-sets, integrated SoD analysis into the change process, and trained the security team to run it.
What the Client Gained
A clean SoD baseline, a documented mitigation library, and a security team that owns the AC programme end-to-end.
Executive Oversight Unit BOT — KSA holding
A six-month Build-Operate-Transfer of an Executive Oversight Unit for a KSA holding's CEO — unified KPI catalogue, Phase 1 live.
KSA
Holding
BOT · 6 months
The Challenge
The holding's executive office had visibility into operating companies, but no consistent way to oversee performance against group strategy.
How We Solved It
Built the EOU operating model, designed the KPI catalogue across operating companies, ran the first cycle, and transferred to a permanent team.
What the Client Gained
A live oversight cadence, a single KPI catalogue across operating companies, and a permanent EOU running steady-state.
SAP Security deep dive — KSA financial services
A six-month SAP security advisory for a KSA government financial-services entity — 50 security findings reviewed and remediated.
KSA
Public · FS
6 months
The Challenge
A historic SAP environment had accumulated security debt and could not be assured against current threats.
How We Solved It
Conducted a structured security review, surfaced 50 findings, prioritised remediation, and supported the team across the six-month closure plan.
What the Client Gained
A measurably stronger SAP security posture, a documented remediation log, and a team capable of running the next cycle independently.
Business Analysis CoE BOT — KSA labour platform
A Business Analysis Centre of Excellence built and transferred for a national labour platform — governance, methods, and standardized tooling.
KSA
Public · Labour
BOT
The Challenge
A growing platform team was producing inconsistent requirements, blocking delivery velocity and quality.
How We Solved It
Built the CoE — operating model, methods, templates, training, and toolset — ran the first projects, and transferred ownership to internal leads.
What the Client Gained
A unified BA practice, standardised artefacts across projects, and a steady-state CoE running without external support.
Critical Data Elements catalogue — USA bank
A CDE catalogue and governance model for a USA bank — feeding the RoPA and supporting GDPR-equivalent compliance.
USA
Banking
Privacy360™
The Challenge
The bank lacked a single, defensible catalogue of its critical data elements — slowing every privacy and audit request.
How We Solved It
Defined the CDE taxonomy, identified and classified elements across systems, designed the governance model, and fed the live RoPA.
What the Client Gained
A working CDE catalogue, faster privacy and audit responses, and a governance model that scales as new systems come on.
Universal enterprise risk register — multinational QSR
A unified ERR for a multinational quick-service restaurant — USA, EMEA, Asia — plus a three-year integrated audit plan across brands.
Global · QSR
Multi-brand
3-year plan
The Challenge
Multiple regions and brands maintained their own risk lists with no consolidation — board reporting was a quarterly fire drill.
How We Solved It
Designed a universal risk taxonomy, consolidated regional lists, ran cross-brand workshops, and produced the three-year integrated audit plan.
What the Client Gained
A single enterprise risk view, an audit plan synchronised to risk, and a quarterly cadence that no longer requires reconciliation.
SAP control integration — global food company
End-to-end control flow integration across nine SAP and partner systems for a global food company.
Global
Food · Beverage
9 systems
The Challenge
Control evidence sat in nine systems with no end-to-end view — every audit cycle required manual reconciliation.
How We Solved It
Mapped the end-to-end control flow across all nine systems, defined integration touchpoints, and stood up the integrated evidence layer.
What the Client Gained
A coherent, audit-ready control flow across the SAP estate, dramatically reduced reconciliation effort, and a documented integration model.
FFIEC cybersecurity policy review
A USA financial entity reviewed against FFIEC — multi-domain maturity scoring and a sequenced remediation plan.
USA
Banking
FFIEC
The Challenge
The institution needed a defensible FFIEC posture across multiple domains and a credible plan to close the gap.
How We Solved It
Scored maturity across all FFIEC domains, surfaced the material gaps, and sequenced remediation into a phased plan aligned to examination cycles.
What the Client Gained
A defensible maturity score, examiner-ready evidence, and a remediation roadmap the team is now executing.
Big 4 finance automation marketplace
Finance workstream lead on a 50+ use-case automation marketplace — a multi-track programme with global reach.
Global
Finance · Automation
50+ use cases
The Challenge
A 50+ use-case automation marketplace needed a finance workstream that could prioritise, sequence, and deliver against a global delivery model.
How We Solved It
Led the finance workstream — prioritisation, sequencing, technical scoping, and delivery oversight — across the multi-track programme.
What the Client Gained
A finance-led delivery track running in step with the broader marketplace, with prioritised use-cases moving into steady-state.