The organization faced fragmented governance, repeated audit failures, and regulatory gaps. Threat visibility was limited, existing tools lacked integration, and no unified risk ownership existed, creating vulnerabilities in compliance assurance and operational integrity across departments.