Risk management and the transition of projects to business as usual



Similar documents
TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

Essential Elements for Any Successful Project

Assessing the Appropriate Level of Project, Program, and PMO Structure

Sound Transit Internal Audit Report - No

Release Management: Effective practices for IT delivery

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

White Paper. PPP Governance

Business Analyst Position Description

P3M3 Portfolio Management Self-Assessment

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

How To Manage Risk At Atb Financial

Project organisation and establishing a programme management office

Project Management Office (PMO) Charter

Setting up and operationalisation of Enterprise PMOs

How To Transform It Risk Management

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

ENTERPRISE RISK MANAGEMENT POLICY

Placing a Value on Enterprise Risk Management ADVISORY

PMP Examination Tasks Puzzle game

Risk and Contingency Planning. Today s Topics. Key Terms. A Vital Component of Your ICD-10 Program

IFAD Policy on Enterprise Risk Management

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

Monitoring capital projects and addressing signs of trouble

Project Risk Management

ERP Controls Integration

Development, Acquisition, Implementation, and Maintenance of Application Systems

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

ERP Implementation Risk: Identifying, Monitoring and Remediating Issues Throughout the Project to Ensure Success

Business Continuity Position Description

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Operational Risk Management Program Version 1.0 October 2013

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

OE PROJECT CHARTER TEMPLATE

ACMP Certification Committee. Methods for Demonstrating Competency

How to successfully manage your mega-project

Effective reporting for construction projects: increasing the likelihood of project success

Consulting. PMOver Transforming the Program Management Office into a Results Management Office

Developing a Free Credit Score Program. kpmg.com

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Project Management Office Charter

Crosswalk Between Current and New PMP Task Classifications

Change Management Trends in Governance Structures

RSA ARCHER AUDIT MANAGEMENT

Beyond risk identification Evolving provider ERM programs

ASAE s Job Task Analysis Strategic Level Competencies

Begin Your BI Journey

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week /21/2013. PwC

INTERAGENCY GUIDANCE ON THE ADVANCED MEASUREMENT APPROACHES FOR OPERATIONAL RISK. Date: June 3, 2011

PROJECT MANAGEMENT FRAMEWORK

Stakeholder management and. communication PROJECT ADVISORY. Leadership Series 3

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Project Management Office Best Practices

IT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Process-Based Business Transformation. Todd Lohr, Practice Director

The growing importance of EPMO (Enterprise Project Management Office) in today s organizations

Transforming risk management into a competitive advantage kpmg.com

KPMG s Financial Management Practice. kpmg.com

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Integrated Risk Management:

Keys to a Successful Outsourcing Transition

Program Management Professional (PgMP) Examination Content Outline

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

The 2015 Manufacturing ERP Report

Enterprise Risk Management

6/8/2016 OVERVIEW. Page 1 of 9

Project Management Professional (PMP) Examination Content Outline

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES

What you need to know about PMOs

Sustainability reporting What you should know kpmg.com

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Commonwealth of Puerto Rico Tax Reform Assessment Project

Organizational Change Management Methodology. Tools and Techniques to aid Project Implementation

Assuring success in large business programs Internal audit s role in strategic risk management

In control: how project portfolio management can improve strategy deployment. Case study

Data Governance Implementation

IT Governance Overview

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

Sound Practices for the Management of Operational Risk

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

IT Service Provider and Consumer Support Engineer Position Description

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

CISM ITEM DEVELOPMENT GUIDE

ESKITP Manage IT service delivery performance metrics

Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP

The Manager s Guide to Avoiding 7 Project Portfolio Pitfalls

Aligning Quality Management Processes to Compliance Goals

Understanding and articulating risk appetite

How to successfully manage your mega-project

OPERATIONAL RISK RISK ASSESSMENT

Data Governance Implementation

pm4dev, 2007 management for development series The Project Management Processes PROJECT MANAGEMENT FOR DEVELOPMENT ORGANIZATIONS

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Excerpt from the ACGR on Enterprise Risk Management

Transcription:

Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com

2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks, insurance companies, and other financial organizations must address a growing number of change management issues, including Basel III compliance and the adoption of new enterprise-level technology. Sound project management practices have been used by these organizations to mitigate change-driven operational risk. However, another area of risk one that is often overlooked or underestimated is the transition phase from project mode to the business as usual (BAU) state. This risk can lead to financial loss, service disruption, or reputational damage. To identify and help mitigate BAU transition risk, organizations can develop risk management frameworks that support the critical and complex transition to BAU. More often than not, introducing change to a financial organization leads to operational risk. This risk can manifest itself through the following categories: People, involving staffing levels, subject matter expertise, training, supervision, key-person dependencies, or overall control culture Process, including issues such as adherence to policies and procedures, integration of controls with daily processes, availability and quality of management information (MI), ongoing deal maintenance, new product documentation, and documentation for complex, customized, or long-dated transactions Organizational factors or external events, such as management structure, external threats/hazards, volume and market volatility, support for new clients, complexity of product line complexity, adverse changes in regulatory environment and vendor disruptions Technical infrastructure, including factors such as performance, stability, contingency, systems functionality, volume capacity, straight-through processing (STP) capability of complex transactions, dependency on end-user computing spreadsheets, manual intervention due to system constraints, single point of failure of hardware and software, or unauthorized access to systems. Risk and BAU transition Change-driven operational risk generally originates from five categories of projects: strategy and reengineering, Six Sigma/ efficiency, new business, department-specific, and regulatory compliance such as Basel III or Regulatory Reform. A critical dimension of operational risk is the institution s exposure to poor change management during the transition period from project mode to the BAU state. When closing out a project, the drive to the finish line can naturally lead to overlooking critical controls designed to ensure that end-user needs and business cases are met. BAU transition failure is frequently the result of poorly executed implementation plans rather than inadequate project management methodologies. Organizations need to ensure that when introducing a new process or product to their user community, they take the necessary steps to get it right the first time. For example, as banks progress through their parallel run for the Basel II Advanced Measurement Approach (AMA) and prepare for the forthcoming Basel III guidance, project performance may be measured with greater scrutiny, especially if it is tied to capital requirements. Execution of a robust change management plan can be a powerful component to ensure an efficient transition to BAU. This plan should include: Adequate risk identification and impact A strong relationship between project benefits and BAU transition planning

Risk Management and the Transition of Projects Section to Business or Brochure as Usual name 3 Adequate project staffing and management of project risk vs. process risk. We can gain a better understanding of these three elements by looking at each one in greater detail. Adequate risk identification and impact The effectiveness of a bank s risk and control self-assessment (RCSA) process is fundamental to the success of an AMAbased operational risk program. The RCSA process should be inclusive of all production, infrastructure, and governance divisions. It should also be focused on prioritizing outstanding issues pertinent to the entire organization. A substantive portion of the RCSA output will arise from key control deficiencies, some of which will be attributed to risks tied to projects aimed at organizational change. Stakeholders, including the board of directors and management committees, should understand the connection between their organization s risk profile and status indicators from critical projects. Project proposals and implementation planning should include measures to ensure adequate mitigation of operational risks during a project transition to BAU. These measures can be introduced through the following actions: Disaggregate and detail the risks inherent to the project. Establish specific categories of underlying risk that the business will undertake and outline a strategy for managing or mitigating the risk. This can include dynamically managing open risks while microhedging risks that are undesirable or not readily manageable. Establish relevant risk limits with respect to the proposed initiative. Include as appropriate credit limits, Value at Risk (VaR), and stop-loss. Describe any reputational risk factors requiring consideration when assessing the proposed initiative. Where specific reputational risks are present, describe how the risk will be mitigated to acceptable levels. Describe key operational risks associated with the proposed initiative. With tools such as key risk indicators (KRIs), define how these risks will be monitored and mitigated where appropriate. Account for regulatory considerations impacting the proposed initiative, including required licenses and/or new product approval. Define the project s value proposition. Detail opportunities to pursue and identify key drivers for success. Define potential pitfalls and a mitigation strategy to minimize their risk impact. Establish a desired end state, with an outline of recommended steps to attain it.

4 Risk Management and the Transition of Projects to Business as Usual A strong relationship between project benefits and BAU transition planning Project management is a continuous process for banks and financial organizations, with management often assessing value from the cost and benefit perspectives. However, formal plans for project transition into BAU are often absent from even the most mature project management methodologies. Adequate controls and levels of ownership designed to transition projects to BAU mode can increase business value and encourage management to invest in future processes with potential for positive impact on the organization. It is important to highlight that the stronger a project s business case is in terms of realizable benefits, the more effective a BAU transition plan becomes from the internal stakeholder perspective and in some cases from the perspective of regulators. More often than not, a strong business case is the result of a strong project management methodology that includes discipline in tracing requirements throughout the project s life cycle. Adequate project staffing and management of project risk vs. process risk Significant financial losses can result from a lack of clear understanding of project requirements by key stakeholders. Furthermore, projects inadequately staffed with poor subject matter expertise are likely to produce weak business cases, unrealized benefits, and a negative impact to existing day-today operations. Executive sponsorship is another aspect of project management that should not be overlooked. Strong executive sponsorship drives senior management support for the project and promotes a culture where project managers don t hesitate to raise critical issues in a timely fashion. Being a strong sponsor is not simply a matter of approving scope and signing the checks; it means developing awareness for issues and risks critical to reach project success. From the regulatory perspective, strong project sponsorship is a key driver in ensuring that changes or updates to regulations are adequately incorporated into a project s life cycle while maintaining acceptable spending levels. A successful transition from project mode to BAU requires sponsors and management teams to apply mitigation strategies aimed at process risk rather than project risk the latter being more in line with the responsibilities of the project manager. In exercising process risk management, sponsors and senior managers should ensure that: Key process risks are identified and documented. Risk controls meet strong standards and policies and adequately mitigate the risk in accordance with the organization s risk profile. Controls are adequately implemented and performed in the production environment. Internal Audit can also play a critical role in a project s BAU transition. Audit should strive to provide an assessment of level risk to the organization s project portfolio and determine

Risk Management and the Transition of Projects to Business as Usual 5 whether a project s BAU transition process adequately manages operational and reputational risks. This involvement can enable Audit to target other auditable areas of coverage based on risks and/or deficiencies identified in this process. A transparent project management methodology coupled with strong controls to ensure an efficient transition to BAU facilitates mitigation and remediation of risks and deficiencies associated with people, process, and technology. Risk and issue tracking should utilize appropriate operational risk escalation channels to include steering, audit, and risk management committees as well as the board of directors. Managing risk in line with project governance Over the past decade, the financial industry has witnessed development of risk management frameworks closely tied to project management and governance. While differences exist, a common set of traits has transformed some of these frameworks into highly effective mechanisms to manage risk: Understanding of business processes closely tied to operational risk by project teams and sponsors. Understanding the organization s tolerance for change. Alignment of business cases to sponsor requirements. Early identification of potential risks, issues, or problem areas. Prioritization of risks using indicators for probability and impact. Transparency in risk reporting. Prioritization of risk mitigation after project close-out and transition into BAU. Tracking and monitoring of risk mitigation effectiveness by performing pre- and post-implementation quality assurance reviews. Documentation and cyclical incorporation of lessons learned as part of a project s life cycle. Continuous process improvement reflecting market trends and the organization s strategic goals. Conclusion Successful projects require organizational support, ranging from the board of directors and executive management to project teams. The biggest challenges faced by organizations in maximizing the value of their projects are often derived from poor execution of change management plans during transition to BAU state. To summarize, an effective project transition to BAU state can be supported by three drivers: Business value of projects tied to operational and reputational risks and managed in accordance with the organization s risk profile Adequate stakeholder involvement and subject matter expertise used to maximize project benefits and attain a positive business value Risks managed responsibly and aggressively between project close-out and transition into BAU

6 Risk Management and the Transition of Projects to Business as Usual Appendix: Risk and project management In many ways, risk management for BAU transition is supported by the effective management of the project life cycle. Project management offices (PMOs) and steering committees are responsible for ensuring that all critical risks are considered and mitigated as part of project delivery. As part of efforts to mitigate critical risks, management should target specific focus areas at the junction between deployment and project closeout. These focus areas include: Clarity of roles and responsibilities and transparency in project reporting Rigor of formal project governance processes Consideration for on-going BAU state during the project, including knowledge transfer processes and mechanisms Sustainability and operational readiness assessment and confirmation Development of a formal process to track issues, risks, deficiencies and, decision-making Clear definition of roles and responsibilities for closure, including a process for assumption and transfer of authority and accountability. In each of these areas, risks across the project life cycle need to be properly managed by project managers and stakeholders with a strong influence on funding and results.

Risk Management and the Transition of Projects to Business as Usual 7 Risk management for the project life cycle Category Success factor Impact of failure Measurement Strong project sponsorship Key project sponsors identified and buy-in secured Strong communication planning including levels of support and influence from sponsors and stakeholders Diminished priority of key deliverables due to conflicting sponsor or stakeholder needs Negative impact of project deliverables toward expected benefits The establishment of formal mechanisms for continued feedback from sponsors and stakeholders throughout a project Termination of project Management buy-in Management team agrees with project scope and anticipated benefits Reduced project support and low team morale resulting in negative impact against quality of deliverables Continuous communication with teams having an influence on project success and the user community Communication should provide opportunities for ongoing feedback and discussion of concerns. Project roles and responsibilities Agreement on cross-functional roles and responsibilities to manage overlap and reduce duplication of work PMO s role and project control mechanisms are undermined Budget overruns caused by work duplication A formal cross-functional project communication plan outlining roles and responsibilities and level of influence of stakeholders Since a stakeholder s level of influence is likely to change along a project s life cycle, this plan should be adjusted accordingly at each major phase or key decision. Project management Strong project management to ensure optimal project execution and communication based on stakeholder needs and level of influence Negative impact against scope, schedule, budget, and quality of project deliverables Increased potential for unrealized benefits Failure to meet regulatory standards and expectations Quantified metrics measuring project benefits and performance against scope, schedule, budget and quality standards.reports developed by project managers and Internal Audit to determine the level of compliance against regulatory requirements. Client buy-in Client understands objectives and works in partnership with project manager Lack of engagement at detailed levels, resulting in superficial review of deliverables and poor project quality Incorporation of client feedback at detailed levels to understand whether or not expectations are being met Differentiation between project risk management and process risk management Project managers understand the difference between processfocused and product-focused clients. This understanding is developed from both client and project execution perspectives. Negative client feedback and inefficient management of stakeholder needs Continuous client feedback and development of an adequate project management transition to the BAU state

Contact us For more information about KPMG Financial Risk Management services, contact your local KPMG representative or visit www.kpmg.com. Jitendra Sharma Partner Advisory and Global Leader, Financial Risk Management Services T: 212-872-7604 E: jitendrasharma@kpmg.com Josè A. Baraybar Director Advisory T: 617-834-2551 E: jbaraybar@kpmg.com Michael Dempsey Manager Advisory T: 919-664-7157 E: mtdempsey@kpmg.com kpmg.com independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in the U.S.A. The KPMG name, logo and cutting through complexity are

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information