Whilst many of the vCOO engagements we’ve had have involved a very diverse and broad set of deliverables and objectives, they all have one common trait: they have been focussed, in some way or another, on improving operational governance and risk management.
This has taken many forms, but essentially the Clients have engaged Soitaire’s vCOO service to ensure that their Business-As-Usual (“BAU”) operational risks are being documented, mitigated and regularly tested.
BAU operational risk
Some examples of this in practice have included:
- Designing an operational risk register, to capture the key operational risks facing the Businesses
- A subsequent operational improvement action plan, to address concerns, issues or risks and positively influence the content of the risk register for smoother operational delivery
- Drafting Terms of Reference (“ToR”s) for Operational Committee (“OpCo”) meetings – and chairing such – whereby the operational performance of the business can be discussed, debated and documented
- Revitalising existing OpCos – to ensure they are being run properly and in accordance with the ToRs
- Reviewing operational control effectiveness
- Overseeing Internal Control Audit assessments, audits and accreditation (ISAE3402, etc.)
- Reviewing and testing Businesses Disaster Recovery and Business Continuity plans; to ensure they are workable, deliverable and adequate for the scenario
We’ve also done extensive work with clients on outsourcing – which not only is a critical regulatory requirement, but also key to managing operational risk; by ensuring that key 3rd party contractors (outsourcers) are doing what they are supposed to and that the support, service and delivery is being effectively overseen and managed.
Outsourcing and managing 3rd party risk
Outsourcing is an often overlooked aspect of managing operational risk.
We’ve worked with clients to document risk assessments of new or impending arrangements which may constitute outsourcing. We’ve helped conduct the necessary due diligence and to ensure the necessary oversight and controls are in place before the arrangement commences.
Delivering effective operational governance
Whilst working on the above aspects, we’ve also ensured that regular assessment papers, operational review documents and evaluation papers are presented to Boards and senior leaders – both to facilitate the necessary decision making, but also to demonstrate effective governance around the consideration and resolution of operational risk.
We’ve also chaired Clients’ OpCo, produced the minutes and Action Logs and followed up to progress the actions and deliverables.
This ensures our Clients can demonstrate – through comprehensive documentation and record keeping – that they have considered, discussed and taken action on the most pressing of operational risks within their Businesses.
If what you’ve read here sounds interesting – and/or if Solitaire can help bring a little rigour and record keeping to the management of your operational risks – please do get in touch and let us know.
Next week, we’ll be focussing on the next pillar of our vCOO service – Lowering Risk, where we’ll discuss the specific projects and initiatives we’ve implemented to help business leaders manage their operational and enterprise risks.