Introducing our risk management team: Aiden Kavanagh
In the latest in our series introducing members of A&O Consulting's Risk team, we meet Aiden Kavanagh, a consultant specialising in information systems and governance, risk and control frameworks.
Aiden Kavanagh focuses on information security risk and the associated risk frameworks and best practices for financial institutions.
"I am helping to develop A&O Consulting's cyber risk offering and using my past experience to help financial institutions facing information security challenges."
For his first project at A&O Consulting Aiden worked with a large professional services firm on a confidentiality risk review, helping to review the effectiveness of the client's existing framework, catalogue and assess its confidentiality risk and control environment, and design a target operating model to support the client’s goal to embed confidentiality considerations into every day decisions.
“This was a really interesting project from my perspective. It really allowed me to understand the client’s business at close quarters. We conducted a front-to-back review of the client's key policies, processes, and procedures, alongside stakeholder engagement and interviews, to help establish their approach to risk and control, and identify the areas of greatest concern,” says Aiden.
A risk taxonomy was then developed to classify and prioritise those identified risks, map existing controls, and help conduct a risk and control self-assessment. “This taxonomy provided the foundations to evaluate the client's position, at that point in time, and determine the fundamental steps and actions required to help them reach the agreed target state for their confidentiality risk framework,” he adds.
Aiden is now on a one-year secondment, taking responsibility for the oversight and reporting of LIBOR transition activities, in the markets' risk and control function at a global financial institution. That project is part of A&O's support to the bank on conduct risk management in relation to LIBOR transition, identifying and defining specific risks associated with the transition to new benchmarks and helping the client create the mitigating controls relevant to those risks.
Beyond his secondment Aiden says he is excited at the prospect of working with A&O lawyers on information security and data privacy related projects. “Data privacy laws and regulations naturally gravitate to lawyers, but when it comes to the practical implementation of those rules, that gravitates very well to A&O Consulting. It creates a seamless process,” he says.