Yorkshire Building Society - Yorkshire Building Society aim to improve their risk, compliance and governance management while reducing ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Yorkshire Building Society Yorkshire Building Society aim to improve their risk, compliance and governance management while reducing administrative burdens and system costs, with Sword GRC.
Background The Solution
Having defined the requirements for each business area, the Society evaluated
Founded in 1864, the Yorkshire Building
several solutions in the market place through demonstrations and by creating
Society is the third largest building
internal scoring matrices. Sword Operational Risk Manager (formerly known as
society in the UK, with its headquarters
Magique) and Sword Audit Manager (formerly known as Galileo) were selected
in Bradford, West Yorkshire, England.
after scoring highest in their supplier tender process.
The Society employs c.3,000 colleagues
throughout the UK.
The solution was able to deliver the functionality required by the Society to
meet its key principles of:
• Providing a central record of the internal control and assurance activity
undertaken by teams across the three lines of defence model.
• Enabling the Society to demonstrate adequate and effective risk
management to internal stakeholders and external regulators in line with
industry standards.
• Operating one integrated Governance, Risk and Compliance system to
The Challenge store, maintain and manage the Society’s risk assessment and assurance
data.
As a mutual organisation Yorkshire
Building Society are answerable to their 3 From initial engagement through to implementation, the Sword
million members rather than shareholders GRC team worked alongside us as an extension of our in-house
and maintaining high standards in team. Feedback from our colleagues in the business confirms
risk management, compliance and our original view that the solution is intuitive and simple to use, delivering a
governance is a high priority. great end user experience. Through the supplier tender process we found the
solution to be more cost effective for the Society than other solutions offering
Across the Society a number of disparate similar features. From the beginning we had a trusted relationship with the
software applications and systems were Sword team that continues today.”
in use for risk management, compliance,
legal, and internal audit activities. To assist Ben Johnston, Senior Manager - Risk Framework and Reporting, Enterprise Risk
in successfully executing the organisation’s Management, Yorkshire Building Society
strategic risk management priorities, YBS
wanted a solution that could be used as a
central repository for Society wide risk data, Greater visibility delivering
to enable disconnected data silos to be a single risk universe view
demised.
Sword Operational Risk Manager has made it much easier for the Society’s
The successful solution would have to risk profile to be understood by using it for their Risk Control Self-Assessment
meet the key component requirements of (RCSA) process. Previously, RSCA information was MS Excel based using
risk, compliance, legal, and internal audit. multiple spreadsheets completed by 30 business teams. The Enterprise
At a time of ever-increasing regulatory Risk Team would collate and manually aggregate this information into one
standards and expectations within the spreadsheet, attempting to provide management with an accurate and single
financial services sector, the Society view of risk across the organisation. The process was time consuming, As a
wanted a cloud-based solution that could mutual organisation Yorkshire Building Society are answerable to their 3 million
deliver automatic system updates, thereby members rather than shareholders and maintaining high standards in risk
easing the burden on the organisation’s IT management, compliance and governance is a high priority.
colleagues.
Across the Society a number of disparate software applications and systems
were in use for risk management, compliance, legal, and internal audit activities.
To assist in successfully executing the organisation’s strategic risk management
priorities, YBS wanted a solution that could be used as a central repository for
Society wide risk data, to enable disconnected data silos to be demised.
The successful solution would have to meet the key component requirements of
risk, compliance, legal, and internal audit. At a time of ever-increasing regulatory
standards and expectations within the financial services sector, the Society
wanted a cloud-based solution that could deliver automatic system updates,
thereby easing the burden on the organisation’s IT colleagues, due to manual
data collation and entry.
Sword Operational Risk Manager has streamlined processes, with colleagues
able to access the system via Single Sign-On functionality from the YBS intranet
site to attest to the performance of internal controls. All information is stored
within the cloud hosted solution, with dashboards and data reports providing
information at individual department level and a single view of risk across
the whole Society. Use of the system provides managers and the executives
with easier and timely access, greater insight, and a much higher degree of
confidence in the risk data and its accuracy. Automating the RCSA process is
helping to embed risk management practices into the organisation’s risk culture
and is enabling business teams to assess risk against business objectives.Greater profiling of risks through Functionality used by the Legal Team
risk event management functionality Yorkshire Building Society has identified how the solution can be
adapted to benefit their legal team. Matters can now be logged within
The Society has created risk event functionality accessible via their
the solution and a workflow process is in place to triage and assign new
intranet system. Any colleague can raise events for investigation
cases amongst the individual legal team colleagues. This will replace the
and reporting purposes without the need to have their own system
long standing use of spreadsheets and shared folders which did not
user license. The data is submitted directly to the Enterprise Risk
provide any form of automated Management Information. Service Level
Team, who triage and liaise with relevant departments as needed to
Agreements are tracked and the feature rich reporting functionality
ensure the event is managed effectively and captured for regulatory
ensures granular visibility on the status of each case. Reports can be
reporting purposes. This automated and streamlined process will be
produced showing the number of live cases and the current status.
implemented during 2020, with the goal of increasing the timeliness
This will result in a greater level of visibility on active cases and allow for
of events being reported, and in turn further improving the efficient
proactive management of time and resources within the department.
management of risk events.
Seamless integration delivering
excellent user experience
Sword Operational Risk Manager fully integrates with Sword Audit
Manager, providing a risk-based internal audit and compliance
solution that enables data from the Society’s risk register to be used in
planning activity.
YBS view the solution as being intuitive and easy to use, delivering an
excellent user experience whilst minimising the time spent on training
colleagues. The Society has enabled fast and secure access to the Business Benefits
solution application through the Single Sign On functionality.
Sword Operational Risk Manager and Sword Audit Manager
are enabling Yorkshire Building Society to increase its operating
Consistent processes across efficiencies by automating processes, maximising resources and
risk management and compliance eliminating data silos. The business benefits being seen include:
The Compliance team have adopted the risk event reporting • A reduction in the time spent on risk management
functionality to enable any colleague to submit regulatory breach administration activities through the automation of data
incidents via the intranet. Similar to the risk events process, regulatory sourcing, aggregation and reporting.
breaches are sent directly to the Compliance team for triage. When • Reduced direct and indirect system costs by leveraging
this is implemented during 2020 YBS anticipate this automation will common architecture.
reduce the administrative burden associated with this activity, and • Improved decision making through access to richer and more
ensure any regulatory breaches are be dealt with efficiently, enabling consistent risk data that is easily accessible for reporting and
timely internal and external reporting. analysis.
• Embedding risk awareness and management practices into
the culture through increased visibility of accountability and
Second Line of Defence Monitoring and responsibility.
Assurance Reviews • Providing risk management information visibility and clarity
that enables the Society to review and improve processes,
The Compliance, Prudential Risk and Enterprise Risk Teams use the controls and resource management.
solution to conduct Monitoring and Assurance Reviews in line with • The cloud-based solution is easing the burden on the IT
their Board approved annual review plans. All key information relating department as agreed system updates are applied directly
to the review such as Terms of Reference, Working Papers, Draft and by Sword with no operational disruption. A small number of
Final Reports, Management Actions will be stored within the solution. system administrators manage local configuration changes.
When an action associated to a review is assigned to a manager in In just the first 12 months of using Sword Operational
the business, an e-mail can be generated by the system. The e-mail Risk Manager we have increased the visibility of the
includes a url link which takes the business colleague directly to benefits of the RCSA and risk management activities
the action within the system. The manager can review, update and across the Society. We are confident of our data integrity due to
complete the action themselves. This functionality will help to ensure our new automated and streamlined processes. We have reduced
there is full management over sight of actions at all times. labour intensive risk data collation, analysis and reporting activities
through using the software, freeing up resources for additional
value-adding activities which overall helps to reduce our operating
Strategic planning costs.
The Society regularly undertakes ‘Regulatory Horizon Scanning’, We now have Internal Audit reviews being completed on the
looking at the future regulatory developments that will require action system and with the Compliance, Prudential Risk and Enterprise
or implementation. The Compliance team will record this within Risk teams gearing up to complete their Monitoring and Assurance
the system and share with management, enabling the Society to reviews on it, by the end of 2020 we will be seeing and feeling
strategically plan with regulatory changes in mind, create business the broader range of benefits we set out to achieve. The Sword
awareness and launch new internal initiatives as applicable. team has been a true partner throughout this project and we
are genuinely excited to see what more can be achieved going
forward.”
Ben Johnston, Senior Manager – Risk Framework and Reporting
Manager, Enterprise Risk Management, Yorkshire Building SocietyAustralia
Sword GRC Ltd Sword GRC Inc Sword GRC Pty Sword GRC Pty
Level 14 333 Collins Street
Melbourne
VIC 3000
AUSTRALIA
Tel: +61 3 9071 1866
info@sword-grc.com
V1. September2020You can also read
