Creating a risk management framework

We developed a framework to assess the risk profile of a strategic change portfolio

The challenge

Our client, a leading UK building society, had a planned investment of c.£1bn across a range of strategic technology change initiatives. Driven by a regulatory imperative to report on changes to their risk profile as well as to understand and address any upcoming changes, our client wanted to show that their operational, conduct & compliance risk profile was positively impacted during this period. PEN were asked to support with:

  • Delivery of an initial high level assessment of the impact of the change portfolio on key operational risks, and;
  • Design an ongoing BAU portfolio risk assessment process which would enable the profile to be continually assessed

Our approach

We worked closely with our sponsors and each change delivery team to design and facilitate a series of workshops. These workshops allowed us to document and align the impact of all in-scope change delivery to the organisation’s top operational risks.

By understanding the impact of the change portfolio activity on the residual operational risk profile, PEN were then able to undertake an analysis of the associated implications for conduct. The outcome of this work enabled the team to design a repeatable process that our client could use going forward to understand these impacts on a transition-state/continuous basis.

The outcome

We provided the client with a clear view of the impact the delivery of the change portfolio will have on its Risk portfolio. This analysis benefitted our client beyond their initial objective to have transparency to the Regulators.

It has also enabled:

  • Improved decision making when projects are put forward for initiation and funding
  • Support risk based assessment for continued funding of projects
  • Enhance planning, dependency and transition management with appropriate risk information
  • Provide an understanding of how change initiatives impact the risk position individually and collectively
  • Support broader risk management across their organisation