Objective

A global financial service organization was found to have serious deficiencies in its risk and compliance function:

• Duplicate/redundant processes, risks and controls aligned with control owners of different compliance plans;
  
• Weak linkages of processes, risks and obligations with its existing suite of controls, leading to inefficient assurance practices;
  
• Lack of standardisation in control articulation across business areas;
  
• High cost/resources deployed to manage, assess and report the existing suite of controls;
  
• Significant time and efforts required to handle decentralised data. 
  

The objective of the engagement was to map end-to-end processes, identify duplications and eliminate redundencies, and otherwise rationalise the framework to enhance efficiency and performance.

CRISIL's Solution

• Performed rationalisation by identifying duplicate and redundant processes, risks and controls;
  
• Assessed whether control satisfies linked obligations/risks/processes, highlighting any control gaps for master controls;
  
• Identified and updated control and obligation/risk/issue linkages;
  
• Standardised the control articulation in line with the policy, enterprise risk management framework and industry best practices;
  
• Updated the GRC system using rationalised data.

Client Impact

• Achieved 52% risk and control rationalisation
• End-to-end process mapping - risks, obligations and controls (baselining to 30 key processes)
• Created an end-to-end rationalisation methodology document for internal training purposes
  

Questions

Looking for high-end research and risk services? Reach out to us at: