Creating a risk management framework

We developed a framework to assess the risk profile of a strategic change portfolio

The challenge

Our client, a leading UK building society, had a planned investment of c.£1bn across a range of strategic technology change initiatives. Driven by a regulatory imperative to report on changes to their risk profile as well as to understand and address any upcoming changes, our client wanted to show that their operational, conduct & compliance risk profile was positively impacted during this period. PEN were asked to support with:

  • Delivery of an initial high level assessment of the impact of the change portfolio on key operational risks, and;
  • Design an ongoing BAU portfolio risk assessment process which would enable the profile to be continually assessed

Our approach

We worked closely with our sponsors and each change delivery team to design and facilitate a series of workshops. These workshops allowed us to document and align the impact of all in-scope change delivery to the organisation’s top operational risks.

By understanding the impact of the change portfolio activity on the residual operational risk profile, PEN were then able to undertake an analysis of the associated implications for conduct. The outcome of this work enabled the team to design a repeatable process that our client could use going forward to understand these impacts on a transition-state/continuous basis.

The outcome

We provided the client with a clear view of the impact the delivery of the change portfolio will have on its Risk portfolio. This analysis benefitted our client beyond their initial objective to have transparency to the Regulators.

It has also enabled:

  • Improved decision making when projects are put forward for initiation and funding
  • Support risk based assessment for continued funding of projects
  • Enhance planning, dependency and transition management with appropriate risk information
  • Provide an understanding of how change initiatives impact the risk position individually and collectively
  • Support broader risk management across their organisation

Related case studies

Enhancing conduct risks and controls

We identified and assessed conduct risks and controls for an insurance business to enable consistent delivery of fair outcomes to customers

Driving regulatory transformation

We led the design and implementation of a project which co-ordinated multiple regulatory requirements

Delivering a process and controls framework

We enhanced the process and control environment whilst co-ordinating a number of process and control centred programmes with common dependencies