Problem
Our client is a London based asset management firm, authorised and regulated by the Financial Conduct Authority (“FCA”). They were concerned with ensuring that they were adequately addressing key areas of operational risk both internally and externally with their key third party service providers. Their key areas of concern included, Cyber Security, Data Protection and Business Disruption risks.
When they first engaged with CalQRisk they were relying on representations and industry standard due diligence questionnaires but were not satisfied that they were addressing these risk areas in sufficient detail and nor did they know all the questions they should be asking of themselves and their service providers to provide them with adequate assurance.
Solution
Our client wanted to source a cost effective solution that would provide them with a tool to automate their risk assessment process and, importantly, provide them with a knowledgebase of relevant risks and controls around Cyber Security, Data Protection and Business Disruption as well as related People risks.
Following market analysis, they made the decision to licence CalQRisk and to conduct their internal and service provider risk assessments. We worked with the client to develop a risk framework and a detailed set of risks and control assessments leveraging the extensive repository of relevant risks and controls that resides in CalQRisk.
The client was impressed with the comprehensive universe of risks and controls available in CalQRisk in relation to these risk areas and took comfort that this content is informed by regulation, industry standards and best practices.
This provided the client with the knowledge they required to develop a robust and consistent assessment of their business critical service providers.
CalQRisk also enabled a systematic approach and an intuitive (easy to use) solution with all the features required to assess and manage these risks in a single repository.
A key feature for the client was the ability to have their service providers complete the risk assessments online and thereby moving away from paper-based data collection.
CalQRisk enabled real-time reporting and the generation of up-to-date risk registers at the touch of a button.
Outcome
Our client now has a cost effective and easily operated risk assessment process and has conducted detailed online assessments of multiple third party service providers. Our solution enables our client to benchmark their key service providers against industry best practice within key areas of operational risk and to seek changes where improvement is needed. They are also able to satisfy themselves and key stakeholders, including investors and regulators, that they are operationally resilient, particularly in the areas of data security and outsourcing.