Challenge.
Following an organizational restructure, the client — the London-based subsidiary of an international insurance group —faced a dual challenge in its enterprise risk management (ERM) function. The existing risk register required a comprehensive review to ensure alignment with the evolving risk profile of its international entities, while simultaneously, the company was implementing a new governance, risk and compliance (GRC) tool, which necessitated integration of the updated risk register and operational risk processes.
The client sought external expertise to support this transformation, with a particular focus on operational risk parameterization and redevelopment of its own risk and solvency assessment (ORSA) templates and processes.
Solution.
We deployed a senior risk analyst, supported by our risk director, to provide targeted, temporary risk support over a three-month period. The engagement focused on:
- Reviewing and updating the risk register to reflect the post-restructure risk landscape.
- Parameterizing operational risk processes, including risk and control self-assessments (RCSAs), emerging risk identification and impact analysis.
- Redeveloping ORSA templates and reporting frameworks, ensuring alignment with Solvency II standards and PRA expectations.
- Integrating the updated risk data into the new GRC tool, enabling streamlined governance and reporting.
- Providing oversight and strategic input.
Execution.
We worked closely with the client's enterprise risk team, applying our deep expertise in risk, operational resilience and GRC tool implementation. This included:
- Conducting gap analysis on existing risk documentation.
- Collaborating with stakeholders to refine risk appetite statements.
- Designing and testing new ORSA templates.
- Supporting the configuration and rollout of the new GRC tool.
We also provided strategic oversight, ensuring the work met regulatory standards and internal governance expectations, utilizing our experience with Solvency II, internal model validation and multi-entity ORSA reporting, which was instrumental in shaping the project's direction.
Outcome.
The engagement delivered measurable improvements in the client's risk management capabilities that included:
- A refreshed and robust risk register aligned with the company's current structure and strategic objectives.
- Streamlined ORSA processes and templates, enhancing clarity, consistency and regulatory compliance.
- Successful integration of risk data into other reporting tools, improving transparency and operational efficiency.
- Enhanced stakeholder confidence in the ERM function, with improved reporting to boards and committees.
The project was delivered on time and within budget, with our flexible and pragmatic approach earning positive feedback from the client's leadership.
Key Takeaways.
- Temporary specialist support can accelerate transformation in risk and compliance functions.
- Operational risk parameterization is critical for effective ORSA reporting and regulatory alignment.
- Strategic oversight ensures technical work translates into meaningful governance improvements.
