GRC Transformation - Turnaround and A Way Forward

The Situation and Challenges

An international financial services group were undertaking a GRC Transformation that encompassed 1^st, 2^nd and 3^rd line teams. The Transformation was very much delayed and there were growing concerns about the appropriateness of the chosen GRC technology product. The Chief Audit Officer (CAO)  and the Chief Risk and Compliance Officer (CRCO) were concerned that the Transformation would not deliver the desired business benefits, indeed they were concerned they would not deliver anything.

The CAO and CRCO engaged XCF Consulting (XCF) to turnaround and establish  a way forward that would deliver benefits in a timely manner. Additionally, XCF were engaged and requested to be sensitive to the existing transformation team at the client, as the  organisation was amidst significant change.

What XCF Consulting Did

In the kick-off discussions with the CAO, CRCO and senior transformation team members and stakeholders, it was agreed that XCF would undertake their engagement  by way of  three key areas of focus these were:-

1. Knowledge and Understanding - providing education and experience to the current transformation team;  this focus was to provide knowledge and experience to the team to ensure there was the appropriate understanding and knowledge within the team on transformation, technology and GRC to help them be successful.

   
   

2. Accelerate Progress - participating in the current transformation to accelerate progress; this focus was to help resolve immediate issues and put XCF in the position to provide the way forward review from the most informed of positions having actively participated.

   
   

3. Establish the Way-forward - providing a review of the current transformation to identify the way forward; this focus was to provide a written report of areas that needed to be addressed by the current team to ensure their future success. This report was to provide the existing team with clear guidance and direction on how to proceed going forward. 

To illustrate what XCF delivered to meet the clients’ needs consider the below :-

1. Knowledge and Understanding  -  XCF provided various papers and workshop sessions. By way of examples papers were written on (i) the benefits of GRC technology enabled transformation (ii) the pitfalls and best practise XCF have observed with the delivery of GRC transformations; each of these papers was supplemented with a series of workshops. Other areas covered was up-to-date practitioner information on risk, compliance and audit practises seen in other clients. 

   
   

2. Accelerate Progress – XCF contributed to agreed transformation activity but focused on working on urgent issues with the client and the vendor. This entailed:

   
   

   1. establishing the correct understanding and a common language on challenges -  for example requests that “we need a screen to” became “we need a report to”. For several issues, the vendor was under the impression that new GRC application screens were needed. However, the client had  not understood they could resolve the challenge through a self-service report they could create themselves. 

      
      

   2. resolving fundamental and urgent issues in the GRC technology product environment set-up -  this required level setting between client and vendor to create collective understanding on the system infrastructure  approach and the associated delivery of functionality.

      
      

   3. filling gaps in standards and framework elements – the gaps meant there was a lack of minimum standards, guidance and structure. The gaps created ongoing debates between various 2^nd and 3^rd line participants on the transformation so it was a challenge gaining agreement on how the system should be used. The 2^nd and 3^rd line had struggled to establish coherent  legacy risk management practises  as the gaps meant that the 2^nd and 3^rd line could not gain 1^st line support, nor hold the 1^st line to account as the  expectations for the legacy practises were not clearly defined. This historic lack of clarity meant the 2^nd and 3^rd line were failing to gain support and establish any confidence in the transformation from the 1^st line. XCF drafted and finalised a framework, policy, several standards and handbooks; these artefacts worked in tandem with system usage. This material established clarity and alignment for the 2^nd and 3^rd line and started to establish credibility and buy-in within the 1^st line. 

   
   

3. Establish the Way-forward – this area focused on providing a comprehensive report giving guidance on areas that needed remediation, examples included:

   
   

   1. ensuring the transformation team understood and brought into the strategy.

      
      

   2. establishing formality in the transformation planning, governance and reporting.

      
      

   3. clarifying roles and responsibilities  - ensuring (i) ongoing ownership, refinement and management of the framework, policy, standards and handbook (ii) ensuring appropriately skilled people were in the right transformation roles. 

      
      

   Additionally, a proposed roadmap plan was provided that highlighted areas that required more detailed thought and consideration.

Value Delivered

XCF worked with the firm over a period of three months during the third quarter of the year to deliver the  above. When the engagement completed the CAO and CRCO still had a sense of nervousness and agreed to check in with XCF on a periodic basis to monitor progress. From a check-in at the end of the year Audit elements, and the initial  Risk Management elements had been delivered; plans were in place to complete Risk Management and deliver  the Compliance elements in the following quarter. The success has led the CAO and CRCO to look to engage XCF on appropriate transformations across the group.

The value delivered by XCF was :-

• the turnaround and acceleration of the transformation -  the strategy and associated business benefits started to be realised in a timely manner alleviating the nervousness of  the CAO and CRCO. 

  
  

• an upskilled transformation team and sponsors; with the clarity and direction to underpin the delivery of the firms strategic GRC transformation and associated business benefits. 

  
  

• buy-in from the 1^st line for the transformation; the drafting of the framework, policy, standards and handbook established initial credibility and buy-in that the transformation built on to successfully make subsequent deliveries.