Customer :
A Small finance bank with a distribution network of over 270 banking outlets.
Business Requirement :
The key objectives of this engagement would be to build an entity level Risk and Control Matrix (RACM) for the organization and testing of the Internal Control Framework for the financial year.
Develop Risk and Control Matrix across business operations and processes.
‘As Is’ Business Process Documentation.
Identify Risks and Map Risks to Business Processes.
Develop Control Design Documentation and Evaluation.
Identify Operating effectiveness evaluation.
Reporting of deficiencies and recommend ‘Should be’ Business Processes.
Identified Process Challenges :
Roles and responsibilities not clearly defined, Excessive SPOC dependency, Frequent revision in process & No documented process notes.
Approach and Solution Design :
The Engagement team had identified the solutions for each of the challenges presented by performing the following:
Study the process and develop comprehensive risk register defining the roles and responsibilities, Testing the controls for comprehensiveness and operating effectiveness and defining segregation of duty controls, Documentation of the procedures / policies in standard formats pre agreed with the entity & creation of a repository of documents function wise.
Business Benefit and Result :
Detailed risk registers for each process area was developed basis process walkthroughs with the client encompassing the potential risks in each process, capturing the existing controls, highlighting the gaps in the existing control, recommendations for plugging the gaps, and designing detailed control and transaction testing procedures, Carried out exhaustive control and transaction testing and published results to the management.
