Improving performance and profitability with effective compliance and risk management strategies

Governance, risk and compliance (GRC) are key concerns for your organisation. Successful management of compliance and operational risk across your networked IT infrastructure can significantly improve your performance and profitability. This in turn can contribute to an improvement in credit ratings, a reduction in the cost of capital, and increased stakeholder confidence in your business.

The BT Risk Cockpit™ – creating value for your business

The growing importance of GRC means that decision-makers need a coherent view of risk exposure and controls performance across their business, based on the collection and analysis of real operational data.   This enables continuous monitoring and efficient management and mitigation of risk, both vital to creating value from your GRC strategies.

The BT Risk Cockpit™ is an executive risk-management and reporting tool that can provide a single, consolidated view of risk and control across your enterprise. It is a key component of a risk architecture designed to connect you to your organisation’s operational data.

The BT Risk Cockpit™ gives you:

• Decision-ready, on-time information, direct to your desktop, to help manage and mitigate your networked IT and other business risks.
• A shared organisational awareness of acceptable risk to facilitate decision making.
• An integrated risk and control environment that will help assure compliance and drive down the overhead of audit assessment and attestation.
  

Innovation and thought leadership

The development of the BT Risk Cockpit™ and the associated risk and compliance management capabilities framework marks a pioneering step by BT in the field of GRC.

A study within our own corporate IT department has indicated that the proper implementation of this solution can save up to 30,000 man-hours of effort each year for an organisation the size of BT (100,000+ employees) – equivalent to £1.6 million per year.

Improving risk management means creating a more resilient business, with less volatility and more predictability in earnings and business performance – enhancing stakeholder confidence overall.

Supporting strong governance, risk and compliance

An understanding of operational risk – and how risk threatens corporate objectives and strategy – is a key concern for your business. Your board and individuals have an increasing legal responsibility for governance, risk and compliance (GRC).  Failure to manage this efficiently and cost-effectively can lead to business interruption and even costly litigation. You need a coherent and current view of risk exposure and controls performance, enabling continuous visualisation, monitoring and management of risk and control. Successful management of compliance and operational risk can significantly impact your performance and profitability.

You need to understand risk right across your operations from the acquiring of services from suppliers, provisioning of services for your enterprise and delivery of services to your customers – all aligned with the performance and strategic objectives of your organisation.

BT’s experience gets results:

• Our business operates across multiple compliance regimes and multiple geographies.
• Our own business involves operational risk management for a global networked IT infrastructure.
• We have extensive expertise providing risk assessments and risk treatments in the world of Information and Communications Technology (ICT).
• Our comprehensive risk and compliance management capabilities framework enables you to plan and implement an effective enterprise-wide solution.
• Our tailored consultation process and unique methodology enable you to get it right, and know that you’ve got it right.
• BT has won numerous industry awards, including twice being named as Best Compliance Company in the Telecoms Sector at the Compliance Register Awards (2005 and 2006).

Improving resilience and business performance

BT Operational Risk Management provides senior executives with the information you need to manage risks across the networked IT infrastructure.  Its benefits include:

Reduced risk of business interruption 

• Early detection of risk exposures or control failures.
• A culture of risk ownership, devolved to the most effective point of management.

Increased effectiveness and reduced cost of compliance 

• The burden of compliance is systematised, controls processes fully automated where possible and responsive to change.
• Single global control framework, able to absorb change and accommodate new compliance directives.

Better strategic decision-making 

• Detailed understanding of your organisation’s capacity for risk across all operations and contribution to achievement of objectives.
• Your organisation can use forward-looking techniques to improve, for instance, operational efficiency, service levels and security, and leverage these for competitive advantage.

Better allocation of economic capital 

• Accurate understanding of the trade-offs on costs of managing and treating risks enables informed decisions on the right levels of investment to yield the best possible returns.

Better performance management 

• Ability to target your organisation’s risks and controls towards a desired level of performance.

Let us help solve your governance, risk and compliance issues

Successful risk management depends on the availability and accessibility of on time quality information. BT’s vision is to enable our clients to create real value from their GRC strategies. Our approach is to transform risk management from a fragmented assortment of ad-hoc processes into an informed and considered business-wide view, forging real data and reliable trend forecasts together into realisable action planning.

BT Operational Risk Management capabilities framework, with the BT Risk Cockpit™ at its hub, enables you to assimilate relevant operational data from across your business and present it to key business executives and stakeholders in an arresting and compelling format that enables them to take informed decisions as needed.

Improving business performance and predictability with our end-to-end services

BT Operational Risk Management can bring your organisation operational and financial benefits.  Significant returns on investment are likely through:

• Improved credit ratings as ratings agencies see the reduction in volatility brought about by your improved risk management strategies.
• Reduction in cost of capital from improved credit ratings.
• Reduction in regulatory capital from improved risk management processes.
• Reduction in compliance costs across the board, with automated as opposed to manual solutions.

Looking at compliance costs, it has been identified that, on average, manual processes are “…more than nine times the cost of automated processes; multiply that by 2,100 manual processes that a typical corporate runs…” (Source: PWC) and you can see significant impact on the cost base of your compliance programmes.

Building a sustainable technical architecture

Compliance, accountability and contingency planning are key concerns of the IT environment. Legislators, executives and auditors all demand that organisations implement practical and robust risk management processes.

'Business complexity, along with increased regulatory and market scrutiny, is driving organizations to adopt a structured approach to governance, risk and compliance (GRC) ... Technology is assuming a key and enabling role in delivering sustainability, consistency, efficiency and transparency across this federated GRC process and organization.'
- Trends 2007: Governance, Risk, And Compliance, Forrester, April 2007

Delivering the experience you want

BT will provide solutions tailored to your unique operational needs.

• Our own business requires operational risk management for a global networked IT infrastructure.
• BT is a highly-regulated business, operating across multiple compliance regimes and multiple geographies.  We can use this experience to help you.
• Our risk and compliance management capabilities framework is comprehensive – supplying both effective risk assessments and risk treatments.  We enable you to plan and implement effective enterprise-wide solutions.
• Our tailored consultation process and unique methodology enables you to get it right, and know that you have got it right.

An integrated risk architecture from BT

BT has devised a set of consultancy services that can help your organisation optimise your investment in risk and compliance management. We can map out your risks, controls and associated priorities, building a business case and benefits model to illustrate where investment will yield both maximum success and return on investment.

BT Operational Risk Management capabilities framework provides an integrated approach to the management of networked IT infrastructure risks. At its core is a powerful risk management and reporting tool called the BT Risk Cockpit™, which delivers all the information needed to properly maintain the assessment, monitoring and management of risk.

This is complemented by RiskPAL (Process and Activity Lifecycle), which lays out the key elements of a continuous improvement programme. RiskPAL is based on an extended version of the familiar Deming Cycle (Plan-Do-Check-Act), specifically adapted to the task of managing and controlling risk.

Our integrated architecture brings you:

• Decision-ready information, delivered directly to your management tiers.
• Shared understanding of acceptable risk, across your entire organisation.
• A single compliance and control environment, ensuring compliance and driving down the overhead of audit assessment and attestation.

Agile implementation options

The customer engagement model of BT Operational Risk Management is based around a “1-10-90” approach, involving an initial one-day introductory workshop, followed up by a 10-day “Landscape Survey,” and ending in a series of 90-day implementations of the BT Risk Cockpit™, or the BT risk treatments. This agile approach ensures that the project does not get bogged down in time and cost overruns, and you have a predictable roadmap sales journey with BT from day one:

• One-day Risk Management Planning Workshop
• 10-day Landscape Survey
• BT Landscape Survey Report
• BT Risk Cockpit™ Prototype demo
• Risk Treatment and BT Risk Cockpit™ opportunity session
• 90-day BT Risk Cockpit™ Implementation

A cost-effective solution

BT Operational Risk Management offers your organisation:

Reduced risk of business interruption:

• Ability to detect risk exposures or control failures early, enabling your organisation to take measures to avoid failure and minimise loss.
• A culture of risk ownership, devolved to the most effective point of management.

Increased effectiveness and reduced cost of compliance:

• The burden of compliance is reduced and automated, releasing internal audit to add greater value.
• A single global framework, able to absorb change and accommodate new compliance directives.

Better performance management:

• Ability to target both the organisation’s risks and controls towards a desired level of performance.
• Clear articulation to suppliers of what your organisation requires to manage risks effectively in terms of supply chain and managed or outsourced services.