Free Webinar: Four Pillars of an Effective Third Party Risk Management Program. Reserve Your Spot

Case Study

Powering the Success of Volcker Rule Implementation

Project title and high-level description

HR Operational Risk Management Second Line of Defense Oversight Issue Validation
Describe the situation the client was addressing and the client’s desired outcome
The project was to assist the client in validating the actions completed by Human Resources Operational Risk Management (ORM) team in their role as second line of defense to address the issues noted by internal audit specific to maturity of business management’s overall understanding of ORM requirements and the risk and control self-assessment (RCSA) process. To remediate the issue and address the root cause, HR ORM team implemented a training program on the requirements to develop an RCSA and on annual risk acceptance process, added change management approval process and additional escalation and documentation processes to their operational risk management oversight plan, and developed and implemented a process to monitor and coordinate annual risk acceptance renewals.
Describe your role/activities and responsibilities
  • Reviewed the training materials for adequacy and analyzed training delivery/execution to ensure training was deployed at a sufficient rate of coverage.
  • reviewed support provided to ensure HR ORM’s Oversight Plan change management process require approval and the escalation process is clearly defined with appropriate roles and responsibilities.
  • Assessed the design and operating effectiveness of the new/enhanced internal controls.
  • Determined, based on review and analysis, whether management had taken the necessary actions to address remediation, the root cause of the issue, and the mitigation of the identified risk to an acceptable level.
Identify what you delivered and the measurable results/impact of your work
Delivered the following artifacts to the clients:
  • 3 Control Design Evaluation Forms for the 3 new/enhanced controls implemented
  • 3 Control Operating Effectiveness Forms for the 3 new/enhanced controls implemented
The measurable result is that the client closed the audit issue based on the results of my review and analysis.
List other (intangible) results/impacts
Made additional observations/recommendations to help the business enhance their training process.
List the systems/technologies used
  • MericStream Issue Management module
  • Teammate
  • SmartRisk
List any methodologies/tools used
See list of systems/technologies
Describe the departments/groups you interacted with regularly
Interacted with Human Resources Second Line of Defense ORM team. 

How can Compliance Core help you?

Strengthen your organization’s compliance programs, reduce incidents of non-compliance, and build a framework to monitor risk.

What can you do with Compliance Core?

Let us show you how to gain the insight needed to assess and manage compliance risk and complexity at scale.

Elevate your risk management to a strategic level. Learn more about our Enterprise Risk Governance Framework.


Subscribe & download our free guide

You have Successfully Subscribed!