Skip to main content

It’s likely you know an organization that’s struggling with its integrated risk management (IRM) platform. This case study reveals how a government agency in North America that was struggling with an overly complex IRM platform resolved its years-long issues and got users back on board. Read on to find out what Karta did to fix their platform.


Several years ago, this government agency hired a consulting firm to implement Archer IRM software. While the design met the stated functional requirements, the approach missed the mark when it came to end user engagement. Workflows and interfaces were unnecessarily complex, and the general process flow lacked empathy for the end user. Process participants had to navigate multiple pages to enter and review data. Simple tasks and finding information required many clicks or steps to complete. Pages failed to adhere to consistent layout styles and the implemented workflows and access controls were highly challenging to adjust and evolve. The original firm had also failed to guide the client with best practices and future use in mind. Despite investing thousands of dollars, our client still couldn’t get a handle on their open risk assessment activities, and data between departments was disconnected and inconsistently permissioned to the risk stakeholders. Originally, our client invested in Archer with a plan to expand the use of the IRM platform to multiple departments and use cases. Instead, their information security team was struggling with the initial use case, and many users had abandoned it completely. Despite attempts to fix it themselves and re-engage the original consulting firm to improve the implementation, the changes failed to address the root concerns.


As always, our first task in the engagement was to listen. The Karta team met directly with key process stakeholders and worked to understand the intent and goal of the process. Users provided input on current aspects of the process that were working well. Karta gathered a sense of the various user personas that were engaging in the process and which process aspects mattered the most to them. With this understanding of the end users, Karta conducted a full review of the existing platform design and identified disconnects between the current system implementation and the needs and goals of the client staff.

Knowing that Archer is a best-in-class platform for risk management activities, we were confident in the platform’s capability to work for this organization, and therefore cast a vision for how we would optimize the current solution. Our vision emphasized both end user and administrative experiences. Each application was reorganized and updated so that common elements, such as History Log fields and references to related applications, maintained a consistent look and feel across the platform. Workflows associated with information security and physical and cash handling risk projects were rebuilt to streamline the review and approval activities, adding greater focus to the key data points that were at the heart of the process. This enabled end users to complete assessments much faster.

Throughout the engagement, Karta met with the client weekly to present development progress, allowing them to evaluate the changes and keep the users actively engaged in the program.

Each modification was informed by our persona-based approach, a system of checks and balances that ensures the different types of users can easily complete their tasks. This helped us eliminate dead code and streamline workflows, processes, fields, and dashboards. To complete the project, we provided user training to regain user confidence. Even the best designed solution won’t work if the users reject it, so we worked with the organization to win the users back.


After the engagement, the organization could finally use Archer to review its risk landscape and make better data-driven decisions to manage and mitigate risks. By diagnosing and addressing the underlying issues with the IRM system, then fostering collaboration between different teams, Karta was able to rectify the challenges holding the organization back.

“Karta’s approach to engage, understand, and bring forward their wisdom and best practices realized from their work with other clients was critical in moving forward the adoption of the Archer platform,” says the project lead.

Finally, the government agency has full insight into its risk issues, and their information security and enterprise risk management teams are now collaborating on the platform. Users have adopted the new solution, and they’re finding new efficiencies through systems we setup, like sharing risk information on a scheduled basis. It’s a high-performance IRM platform that positions them well for the future.