Business architecture project helps banking group manage risks
BOSTON and LONDON, December 12, 2011 – MEGA, an early leader in business architecture (BA) and noted industry expert in enterprise architecture (EA), is working on an extensive BA project with the leading UK banking institution, The Co-operative Banking Group. The project will help The Co-operative Banking Group better manage risks, making them less likely to materialize, and unite all risk information in a centralized repository for improved access.
The MEGA Suite is being used by The Co-operative Banking Group to map significant risks and key controls to comply with Financial Services Authority (FSA) requirements. It also supports the requirements of the UK Corporate Governance Code when used in conjunction with other processes. As part of the project, the MEGA Suite has been used as a tool to deliver a risk and control self-assessment (RCSA) process.
The Co-operative Banking Group is part of the Co-operative Group, the world’s largest consumer co-operative with over twenty million customers and business interests in banking, food, travel, pharmacy and funeral care. The Co-operative Banking Group provides financial products ranging from daily retail banking to corporate lending, insurance, investments, and pensions. The company continuously aims to improve its efficiency and reduce costs while providing the highest quality of customer service. The Group recently won the British Quality Foundation Award and North of England Excellence award for business and process improvement projects.
The trigger for the RCSA project arose from the growing need for The Co-operative Banking Group to better understand its internal controls, the risks they manage, and the design and performance of these controls. The Co-operative Banking Group strove to view the risk and control structure of the whole organization in one central location.
“MEGA’s solution was fitted to the requirements of our organization. It has been very agile and responsive to make the required changes in the organization and set the infrastructure in place,” underlined Mark Murphy, process architecture and approach manager at Co-operative connect.
MEGA consultants worked alongside colleagues from The Co-operative Banking Group and co-sourced arrangements to develop the RCSA program. During the first phase, the organization mapped out key controls within the MEGA Suite and assessed their design and performance. The second phase of the project delivered changes to the MEGA Suite to support a larger audience and a wider set of controls across the company. Phase three saw the alignment of operational risks and controls, including those of Britannia, newly merged into The Co-operative Banking Group, and moved from a Control Self-Assessment to a RCSA. The RCSA enables the company to demonstrate and manage risks in an on-going six-month assessment, and control them more effectively. The deployed solution allows a consolidated view of operational risks and controls across the whole organization. It facilitates the ownership of risk, the efficacy of controls, and management actions. The main system is divided into individual business areas and enables more detailed management of the risks and controls.
As part of the move towards combined assurance, inputs from Internal Audit and Compliance Monitoring have been incorporated into the MEGA solution.
“The RCSA project delivered great success to The Co-operative Banking Group.” explained Christine Spencer, function leader at Co-operative connect. “The solution provides a consistent toolset and process within which to manage our significant risks through our key controls across all of our business units and senior managers throughout the organization.”
“The solution also supports reporting to The Co-operative Banking Group Risk Committee on the design and performance of key controls,” added Paul Grey, function leader, Operational Risk, at The Co-operative Banking Group. “In terms of scale, RCSA spans all seven directorates, covering 35 business units with about 220 registered users covering first, second, and third lines of defense; mainly within Internal Audit and IT Operations. We currently have an operating population of about 650 significant risks with about 2800 controls and growing, of which about 1400 are classed as critical.”