Our client is a City financial firm regulated by the Prudential Regulation Authority (PRA) and is required to undertake the Individual Capital Adequacy Assessment Process (ICAAP) in accordance with the requirements set out in the PRA Rulebook.
The firm needed to centrally manage and report on operational risks from multiple departments and allow any individual within the firm to log a perceived risk. A risk manager would authorise and quantify all risks in order to calculate an appropriate balance sheet provision for their board and ICAAP reporting.
Business objectives for the Risk Register project were:
- Enable staff to securely log business risks within their own area through an online portal
- Enable risk managers to review and approve (or decline) any risk
- Allow management to quantify and measure risk in a number of different ways
- Track the full history of a risk as it changes over time
- Analyse and report on risks that were affecting the business at any point in time
Working with our client we developed the Risk Register system with the following capabilities:
- Stores risk data within an online portal that all interested parties can review
- Tracks detailed information about risk status, severity, and mitigating strategies
- Quantifies risks financially based on various factors
- Provides full audit and change logs of all changes to risks
- Allows retrieval of historical data for analysis of risk at any point in time
- Emails users when risks are due for review
All of our client’s business users can log in to a central web portal to record any perceived risks to the business. The system guides users through entering required information and allows risk managers to easily assess each risk. Weekly review of outstanding risk is simplified without any need for manual reminders or emails between users. Managers can report on risk quickly and accurately and demonstrate full compliance to industry requirements, even if required to quantify risk retroactively for an historical period of time.