By Duncan Edwards
Here at Idenfo, not only do we create and sell leading edge on-boarding and anti-money laundering systems, but we also provide process risk and assurance reviews. These are extremely important, after all, you don’t want the Regulator or Auditors to turn up to check your new system and also find that things that are not up to scratch. In this article, we share with you our real experiences of providing process risk and assurance services.
Top of the agenda
The demand for immediacy and near real time assurance is a trend that is set to continue, especially within this current crisis. As vaccinations lead to the green shoots of recovery, then governance of financial institutions should be demanding assurance that plays a key part in nurturing that recovery, advising where care and attention is needed and projecting their assurance towards the future, not the past.
Board Directors and senior management are looking for robust assurance over the adequacy and operating effectiveness of key processes and internal control systems, since ultimately this informs them for much of their major decision making. They will be looking to focus their time on the ‘things that really matter’ and informative, timely assurance, which helps address the root cause of problems, not just the symptoms. With increasing external oversight and interest, their heads are on the chopping board if things go wrong.
The message is clear, “Provide us with proactive, reliable assurance; compare us with other financial organisations; and, tell us what you really think and what we must do.”
What needs to be done?
Below are four key things that we often see and hear needing to be addressed.
First, focus assurance on the risks that really matter, including strategic risks. This means switching assurance away from typical low level, routine controls towards the matters that are central on the executive radar screen, towards the crisis that is approaching but is still unseen. Much harder to provide that assurance, but much more value adding.
Secondly, convey conclusions, trends and advice that fix the fundamental causes of problems, don’t report the symptoms. Being in a unique position, with access to senior executives and the ability to see across the whole business, combined with knowledge of other financial organisations’ ‘leading practices’, really helps to clearly demonstrate and communicate what needs to be done. You have to win them over with your incisive thoughts and action plans.
Thirdly, we are seeing a continued shift towards increased oral reporting, rather than the written word. Presenting assurance conclusions to management provides a much better opportunity to influence decisions and provide value adding insight and experiences. If an issue needs to be addressed, don’t wait for three months for the report to be agreed, present it orally. Prioritise on the most significant matters, trivial matters can be dealt with separately.
Fourthly, there is a demand for co-ordination of all risk related work. Convergence initiatives are required to eliminate the potential for inconsistency and differing assurance conclusions. Stakeholders often receive assurance from different risk and assurance-related functions, addressing similar issues but with different view points. So, what is the correct view? Is there a standard view, with metrics, of the organisation’s risk appetite?
Top assurance traits
- The most successful financial organisations have tackled these expectations as a major task, with a significant impact on the ways work is planned, executed and communicated. Top assurance traits include viewpoints on:-
How processes can be enhanced to improve the ‘customer experience’ and bring in new business e.g. seamless electronic customer on-boarding and maintenance;
- New and emerging ways of doing business, that address and help to ensure recovery e.g. seamless integration of new, leading edge systems with legacy systems and applications;
- Comparisons against other organisations, benchmarking, chances to take advantage of new trends. What are others doing? Are we ahead or behind?;
- The quality of risk management and internal control across each major business area, especially management’s understanding of risks and their capability to manage them;
- The most significant control exposures the organisation faces, including highlighting the impact and root cause of control weaknesses, the appropriateness of management’s remediation plans and views on management’s proposed approach and capability to fix, including their track record in fixing known issues;
- Prioritisation of the portfolio of improvement opportunities arising from reviews of the control environment. Explain what is the best ‘road map’ forward; and
- Opportunities to reduce the overall cost of control. Not just cutbacks, but effective cost reductions that actually improve business.
Is this the type of assurance you are currently getting?
How can we help?
If any of the above resonates with you, or you want to know more about e-on-boarding systems, vastly improved AML systems and enhanced customer experiences, then please feel free to contact us for a no obligation conversation. We are happy to share our wealth of knowledge and experience.
The writer, Duncan Edwards, for over 20 years was an Executive Director for Business Risk Services in one of the ‘Big 4’ professional services firms in London, Europe and Asia. Most recently, for a global bank, he was the Retail Bank, Managing Director, AML, CTF and Client Tax Process and Governance. He now brings that experience, as a Senior Advisor, to Idenfo.