Quick Glance Case Study: Audit & Risk

“To significantly improve risk scores and provide our regulators with confidence, it was clear that we needed a streamlined, common approach”

After completing a ChangeWise Lean Practitioner training course, one candidate submitted the following work-place project to gain their qualification to LCS Level 1c.

The Business Challenge

Our organisation is required to complete Risk Assessments on all data submitted to an official external governing body to ensure we are carrying out the correct assurance and governance against our data.

All data was signed-off by a Director and assured by an external body, as well as an internal assurance team. This process was repetitive and time consuming.

The data was held over a minimum of four spreadsheets, which were all updated separately. The majority of these spreadsheets were also saved in a private folder only accessible by the central team. Compiling the data required a great deal of manual effort and presented opportunities for error.

A Lean review was required to simplify the process, re-evaluate the governance and legal requirements, along with eliminating repetition and non-value-add time.

Photo by Lukas Blazek on Unsplash

Key people involved from client site

Specialists including the Economic Regulations Team, Line Approvers/Providers, Regulatory Strategy Group, Senior Leadership Team and Customers were involved in the Lean review.

Lean Methodology Employed

DMAIC (Define, Measure, Analise, Improve, Control)

Various Lean methodologies were used including, SIPOC, Current State Mapping, Waste Analysis, Value Analysis, Root Cause Analysis, FMEA, Value and Non-Value Add Analysis

Lean Activities

A SIPOC and Current State Map of the process were created to better understand the presence of non-value add activity:

• Exhaustive documents containing step by step notes for extracting data
• Repetition due to the same activity performed multiple times across different submissions at different times
• Extensive controls in place to mitigate the risk of errors at each stage of submission
• Inconsistencies in approval/controls process
• In-lead process times of more than 6 months
• Multiple meetings due to various risk assessments, resulting in some line approvers/providers attending multiple meetings.
• Inconsistency of process due to no defined risk assessment process
• Difficulty identifying how/where issues/errors arise during input.

It was clear that a streamlined approach was needed to ensure accurate, complete data and to provide our regulators with confidence.

Benefits & Outcomes

A Fish bone diagram was used to help identify root causes and potential solutions, followed by a SIPOC showing the desired future state process. The following improvements were identified:

• Combined, streamlined processes that complied with legal requirements and feedback from the regulatory body.
• Reduction in the number of conflicting processes to create a consistent approach for all submissions.
• Reduced volume of spreadsheets and therefore the admin time involved to compile reports
• Remove duplication of risk assessments and assurance activities, which in turn will reduce errors, time and cost
• Ensure desired ratings from external auditing body are achieved
• Activities processed in parallel with each other; for example, risk assessments will be carried out across all data lines for all submissions at the same time each year for a consistent approach and to reduce confusion
• Correct level of management sign-off agreed to remove over-processing
• Creation of a new impact vs likelihood matrix to be completed for each line of data to give an overall risk score. This will provide approvers with greater clarity for their decision-making regarding approvals
• Simple spreadsheet containing only relevant information required for approval; line approver and provider details, risk assessment details, audit details, governance process, as well as columns to mark progress.
• Guidance for audit requirements and governance requirements for each of the levels of risk. This will result in less time being spent in internal and external audit and the correct management level signing off data (reducing the need for director sign-off of all documents). This ensures improved accuracy of data and significantly reduces lead time and resource effort.
• The introduction of risk assessment meetings and internal and external audits as a way of tracking errors and understanding how they occur.
• Regular contact with line approvers and providers, along with a central place for queries.
• Audit plans created in advance; this ensures auditees are aware of when they are getting audited, this will reduce last minute rush, the opportunity for errors, and allow for resource planning.

Photo by Micheile Henderson on Unsplash

In Summary

The new streamlined process has made way for agreed communication plans which will reduce processing time for both back-office and senior leadership teams. Duplication, confusion and the likelihood of errors has been dramatically reduced, enabling savings in excess of £87,000 and 234 working hours over a three-year period. Minor concerns have also been significantly reduced and risk scores improved.

Interested in looking at how Lean could be applied to your regulatory processes? Contact us at info@changewise.co.uk and let’s talk about how we can help.

ChangeWise believes employee engagement is the foundation for successful Change. Training and coaching your people to use simple continuous improvement techniques will enable your organisation to continuously adapt and stay ahead in a constantly changing and challenging environment. 

For updates and interesting Lean Change insights, connect with us on LinkedIn.