Case Study: Governance, Risk & Compliance

Implementing Governance and a Risk Management Framework

Intro

The Challenge

We worked with a company where risk management was receiving increased attention, but they have no risk management framework or a strong governance structure.

Risk Assessment: We performed a risk assessment to identify gaps using a practical, sustainable, and easy to understand process. We focused on measuring and prioritizing risks as follows:

Identify: We determined and distinguished applicable risks.

Assess: We reviewed the risk exposure and confirmed their risk appetite.

Controls / RCSA: We reviewed regular monitoring and testing of controls.

Respond to risks: We looked at risk responses and examine options for risk mitigation.

Monitor and report: We analysed reporting and escalation to the board of directors and relevant stakeholders.

The Solution

Risk Management Framework (RMF)

Following the risk assessment, we agreed with senior management that it was critical to have a strong risk management framework in place within a governance structure that included conduct risk and culture. To accomplish this, we also needed to ensure that the risk management framework complemented their strategy.

The risk assessment was key to identify the applicable risks, confirm the risk appetite, and identify appropriate risk mitigation. Then, we agreed on the risk management framework (RMF) and the actions to enable the organisation to effectively manage and mitigate risk:

The governance structure needed to be documented. This included policies and procedures, controls, risks associated, systems, continuous improvement, etc.

It was essential to provide all the staff with adequate resources and training in-order to completely comprehend the risk associated and the mitigating controls.

Results/Stats/Outcomes/Service

We implemented a Risk and control self-assessment (RCSA) for testing, reviews, process monitoring. Event error tracking and documentation requirements were put in place. Technology and third-party risk and outsourcing external vendors went through meticulous testing. Communication and reporting were discussed with the stakeholders including the Risk Management Life Cycle (RMLC): Identity, assess, make risk decisions, implement controls and supervise.

Cookie	Duration	Description
et-editor-available-post-*		This cookie is set by the Elegant Themes WordPress theme used on this website. It is used to allow the website owners to edit the pages of the website.
VISITOR_INFO1_LIVE	6 months	This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites. It can also determine whether the website visitor is using the new or old version of the Youtube interface, and helps YouTube estimate bandwidth
wordpress_logged_in_*	persistent	This cookie is set by WordPress and is used to keep users logged in.
wordpress_sec_*	15 days	This cookie is set by WordPress and is used to provide protection against hackers, store account details.
wordpress_test_cookie	0 minutes	This cookie is set by WordPress to check if cookies can be placed.
wp-settings-*	persistent	This cookie is set by WordPress, and is used to store user preferences.
wp-settings-time-*	1 year	This cookie is set by WordPress, and is used to store user preferences.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_YW84YNX2G5	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_130476842_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
IDE	1 year	Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads, with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites. It can also determine whether the website visitor is using the new or old version of the Youtube interface, and helps YouTube estimate bandwidth
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.