Today at the European Banking Forum (http://www.europeanbankingforum.com/), Nimbus Partners revealed the results of its FSA ARROW Audit survey – “Benchmark your Controls Effectiveness”. The research conducted in February 2010 amongst heads of risk, operations and compliance at UK based financial services organizations, asked participants how they document, control, measure and audit complex operational processes, particularly with respect to regulatory requirements such as an FSA ARROW audit.
When asked about preparation for an FSA ARROW audit, 50 per cent of respondents said it would take their organization 30 to 50+ man days to get ready, a high proportion of that time attributable to ‘getting their house in order’ with respect to process documentation, business controls audit and record keeping. This despite increasing regulatory rigor, threat of higher fines and the corresponding raised importance of the compliance function.
“In addition to maintaining regulatory compliance, a business that has clear, well managed controls against its operating processes benefits from being a more efficient, high performing organization,” said Antony Bream, Global Financial Services Sector Manager, Nimbus. “Our survey showed that, over a third of respondents lacked confidence in the effectiveness of their controls and there was evidence amongst these firms of a lack of maturity in terms of the tools and methods used for governing processes, controls and corresponding performance metrics.”
Among the institutions surveyed, investment banks had the highest number of operational processes in place with some respondents quoting over 500 processes at their organizations. These complex institutions tended to have Business Process Management and Analysis tools in place with the objective of improving business process clarity and governance. In contrast, the Asset Management firms surveyed claimed to have significantly fewer processes and said they relied entirely on Microsoft Word to document processes. The responses suggest a correlation between the use of BPM and BPA tools and a higher degree of confidence in the effectiveness of a company’s controls and its ability to demonstrate them.
Compared to the other groups surveyed, Custodians appeared to be lacking confidence in the documentation of processes and whether they were up to date. “This may be due to a culture of greater caution by these firms in handling operational processes,” said Bream. “However, we are already working with several custodians to address such issues.”
The survey also looked at whether respondents had established metrics such as Key Performance Indicators (KPIs) or Key Risk Indicators (KRIs) against their processes. A third said that less than 45 per cent of their processes had key metrics defined against them; suggesting an area for improvement.
To download a free copy of the report, please click here