Deliver Risk and Control Matrices for "To be" Processes

Background:

A large-scale transformation project was underway within a UK based asset management company, aiming to enhance operational efficiency and mitigate risks across its business processes. As part of this initiative, the Risk Sensing team was tasked with delivering approximately 17 Risk and Control matrices (RACMs) covering 40 high-risk Level 2 (L2) processes. The objective was to identify and mitigate potential risks by reviewing Level 2 and Level 3 Process Design Documents (PDDs) and ensuring alignment with the Enterprise Risk Management Framework and the Internal Control over Financial Reporting (ICOFR)/Financial Risk Management Framework.

Engagement Objectives:

RACM Creation: Develop 17 Risk and Control matrices covering 40 high-risk L2 processes, based on the review of L2 and L3 PDDs.

Design Gap Identification: Identify and raise design gaps observed during the review process to the project team for immediate resolution with vendors or internal stakeholders.

Alignment with Risk Frameworks: Ensure that the controls documented in the RACMs are aligned with the Enterprise Risk Management Framework, strategic objectives, operational requirements, regulatory standards, and internal risk profile and rating.

Avoid Redundancy: Concurrently compare the RACMs with the ICOFR/Financial Risk Management Framework to prevent redundancy or duplication of controls.

Our Approach:

Review and Analysis:

Conducted a thorough review of Level 2 and Level 3 Process Design Documents (PDDs) to understand the intricacies of the processes and associated risks.

Identified high-risk processes based on predefined criteria and prioritized them for inclusion in the Risk and Control matrices.

Gap Identification and Resolution:

Proactively identified design gaps during the review process and promptly communicated them to the project team for resolution with vendors or internal stakeholders.

Collaborated closely with relevant stakeholders to ensure timely resolution of identified gaps to minimize project delays and mitigate potential risks.

Alignment with Risk Frameworks:

Referenced the Enterprise Risk Management Framework to ensure that the controls documented in the RACMs were aligned with strategic objectives, operational requirements, regulatory standards, and internal risk profile and rating.

Ensured that the controls were designed to address specific risks identified within each process while considering the broader risk landscape of the organization.

Comparison with Financial Risk Management Framework:

Concurrently compared the controls documented in the RACMs with the ICOFR/Financial Risk Management Framework to avoid redundancy or duplication of controls.

Ensured that controls related to financial risk management were appropriately integrated into the RACMs to maintain consistency and effectiveness in risk mitigation efforts.

Value Delivered:

Enhanced Risk Mitigation: By developing Risk and Control matrices covering high-risk processes, the initiative contributed to enhanced risk mitigation efforts, enabling the organization to proactively address potential threats to its operations.

Improved Compliance: Ensuring alignment with the Enterprise Risk Management Framework and ICOFR/Financial Risk Management Framework helped enhance compliance with regulatory standards and internal control requirements.

Efficient Project Management: Proactive identification and resolution of design gaps minimized project delays and disruptions, contributing to efficient project management and timely delivery of transformation objectives.

Streamlined Risk Governance: The comprehensive approach to risk assessment and control documentation facilitated streamlined risk governance processes, enabling better decision-making and resource allocation.

Optimized Resource Utilization: By avoiding redundancy and duplication of controls, the initiative optimized resource utilization and minimized unnecessary overhead costs associated with managing overlapping controls.

In conclusion, the Risk Sensing team's contribution to the transformation project through the development of Risk and Control matrices and alignment with risk frameworks played a crucial role in enhancing risk mitigation efforts, ensuring compliance, and facilitating efficient project management.