Operational Resilience

Client Challenge

A regulatory agency informed a global banking institution that it must reform its second line of defense and embed operational resilience across the organization. The immediate need was to challenge, improve and document the second-line target operating model for the newly created resilience risk function.

The bank also required support and new insights to manage the target operating model rollout and deliver a communications strategy and internal and external engagement model.

Approach

Protiviti undertook the challenge by developing a project plan with workstreams and sub-workstreams, providing and experienced project management office (PMO) consultant to lead the team, recruiting its Operational Resilience Global Command Centre to provide regular briefings on regulatory expectations and peer insights to build into project strategy, and providing a clear handover highlighting potential roadblocks for future milestones and making remediation strategy.

Value Delivered

Protiviti developed a robust target operating model for the newly formed resilience risk function. The project team improved PMO and outputs meeting global transformation standards and methodology. Protiviti crafted a communications strategy and actively led outreach activities to maintain employee engagement and group buy-in. An engagement model was delivered for internal and external stakeholders in line with organizational redesign principles and an understanding of gaps and areas for improvement was collected in a risk and control library to manage resilience risk.

Client Challenge

The EU arm of a large global asset management firm was struggling to meet the needs of a rapidly evolving business landscape with maintaining the grasp of key technology risks.

The firm recognized that the evolving technology landscape and emerging threats required a reevaluation of strategy and approach within the second line technology risk function. Management sought a capable partner to review and enhance their technology risk framework and operating model.

Approach

The firm asked Protiviti to review and design a new strategy to support future needs. Actions include working with the client’s first, second and third lines of defense to understand their business and how technology risk needed to respond, defining a strategic model and outlining a new risk operating model, and boosting the performance and design of technology risk governance, risk analysis, stakeholder engagement, control compliance, cybersecurity, risk tooling and other relevant areas of involvement.

Value

Protiviti helped the client design a future target operating for technology risk and articulated its vision across the organization. Efforts resulted in a clearly defined operating model with clear responsibilities for risk and control management. Production of a central suite of reports gave all stakeholders timely risk and control information and reduced the risk of duplicated efforts. Full integration of IT risk management and operational risk management enabled the business to effectively evaluate all technology risks impacting functions and business processes.

Challenge

A global financial institution was given a regulatory mandate to address operational resilience. Driven by the first line, it would assess planned initiatives against leading practices and enhance plans where necessary.

It would help draft regulatory responses, develop a go-forward strategy for the first line, including criticality framework, resilience operating model and testing approach, and work with the second line to develop metrics to monitor resilience and challenge first-line efforts.

Approach

A Protiviti team embedded across the delivery workstreams, partnered with the client to align combined efforts with leading practices and expectations from a global set of regulators and to conduct the following operations – perform a current state assessment of operational resilience efforts, benchmarking against regulatory expectations and leading practices and create a go-forward plan that accounted for work efforts to date and organizational/system limitations to address resilience concern.

Value Delivered

Protiviti helped create a global resilience strategy and operating model to align the client organization with the pending demands of regulators. Guiding principles, frameworks and industry and regulatory insights were provided, allowing for the advancement of resilience efforts and enhanced board and management reporting. A framework was created to address and validated the organization’s critical business services, and a customized strategy and approach were developed for resilience capability testing.