Operational risk-based process maturity improvement and process screening

Operational risk-based process maturity development and process screening for an international financial services provider

Industry: Financial sector

Organisational size
80 people
Lead time
4 months
Number of people affected
80 people

Objectives, executive summary

The aim of the project was to increase the risk management capabilities and process maturity of the organisation by introducing risk assessment and process screening methodologies into the daily operations of the client. A detailed review of eight priority processes resulted in a list of more than 100 improvement recommendations, a significant part of which was aimed at modernising the IT infrastructure and increasing process transparency. Thanks to the improvements implemented with the support of experts, the organisation was able, by the end of the project, to carry out future process audits and reviews efficiently and effectively using its own resources, without external assistance.

Client background and environment

The client is a specialised operations department of a large financial organisation, with around 80+ staff. The area manages complex processes that require a high level of human expertise and cannot be automated. In recent years, the scope and number of processes in the area has increased, requiring the development of a comprehensive process transparency and risk management system to manage the growing operational complexity.

Objectives, tasks

  • Developing the organisation's risk management capabilities, including the development of a risk mindset.
  • Identify and integrate risk management core values and practices into daily operations.
  • Compiling a running inventory and setting review intervals.
  • Establish risk review practices and rules.
  • Full due diligence of a total of 8 priority processes, with a focus on operational risks.
  • Develop a development list and plan for the 8 priority processes, focusing on increasing efficiency and reducing risks.
  • Providing expert and project management support for the development tasks and projects of the 8 priority processes until their completion.

Challenges, difficulties

  • There was no embedded practice of conscious risk management in the organisation; it relied on individual expert knowledge and experience, which did not result in systemic solutions.
  • The processes handled in the department require a high degree of specialisation and expertise, with few standard and algorithmic runs. Consequently, there is a sub-process or process scenario for these, which has made detailed process modelling and risk identification difficult.
  • The IT infrastructure was a mixed picture, with modern solutions being used alongside old, outdated systems, resulting in a fragmented environment from an IT perspective, with architecture and inefficient processes tailored to environmental weaknesses.
  • The fragmentation of the IT infrastructure and the incompatibility of the different systems posed significant risks to the smooth functioning of the processes.
  • The availability of experts involved in critical processes was limited, slowing down project progress and decision-making processes.
  • The implementation of the development list was difficult due to IT capacity constraints, as most of the proposed improvements required IT development.

Implementation of the task

In the first phase of the project, the participants' knowledge of risk management was developed. This included an introduction to risk management principles, practices and tools, as well as the practical testing of methodologies and tools tailored to the needs of the organisation, and participants learned how to identify, assess and manage risks in their own work areas. During the training phase, it was important to clarify the roles and responsibilities of stakeholders. The direct involvement of those working at operational level provided an opportunity to discuss together existing good practices and ideas and to define responsibilities. To this end, the training identified in detail who plays what role in identifying, assessing and managing risks and created responsibility matrices that helped to establish a clear division of responsibilities.

In the second phase of the project, the processes of the department were identified, evaluated and categorised. During the process inventory, all relevant operational processes of the organisation were identified and assigned separate review intervals. This allowed the organisation to regularly monitor and improve its processes in the future, thus preventing risks. In addition, we developed the principles, tools and responsibilities for process audits, which included how processes would be monitored and the review criteria.

In the third phase, eight processes identified as critical were screened in detail, with a particular focus on operational risk factors. A workshop-based due diligence process, involving internal experts, mapped the processes in their current form, steps and generally identified known and potential risks, including human error, technical weaknesses, IT infrastructure and regulatory compliance risks. The reviews not only uncovered current risks, but also identified improvement directions and opportunities to improve process efficiency and reduce risks.

In the fourth and final phase, the reviews resulted in a development list of more than 100 specific proposals to improve the eight priority processes and manage risks. The list focused mainly on improving IT infrastructure, increasing process transparency and introducing risk management at system level. Following the approval of the improvement plan, the implementation of the improvement plans, including process optimisation and necessary technological improvements, started. The final results of the process improvements were reported in a sponsor report, which detailed the steps taken and the results achieved during the project.

Results

Following the successful completion of the project, the organisation's risk management practices have improved significantly and operational processes have become more transparent. A comprehensive review of the eight priority processes enabled the identification of key improvement directions and, based on the improvement checklist established, the organisation initiated and successfully completed process optimisation. Within the operational risks, IT infrastructure risks were identified as a priority and an IT infrastructure and architecture modernisation plan was initiated following the closure of the project.

Organisational process improvement
services