Case studies
Our close working relationships are at the heart of our service
Operational resilience – delivery and support
The client’s Board, Managing Director and senior management team valued the 'kick-start' Crowe provided to accelerate their work, and the added assurance provided.
The client’s operational teams valued our input and practical insights and experience around leveraging existing business information, workshop processes and discussions on areas such as intolerable harm, realistic scenarios, and service vulnerabilities. Because of the work, the project team were more confident that their approach was as advanced as their peers.
We were further engaged to lead the Board-approved self-assessment and carry out a ‘health check’ of their draft outputs, prior to Board review.
Outcome
Crowe proposed a range of options and developed a roadmap, to help them to accelerate their progress in the short-term. We provided our perspectives on the essential activities, consolidating the client’s understanding and providing training to the Board.
Crowe developed a methodology toolkit tailored to the client, covering all the foundational required elements – including Important Business Service (IBS) identification, end-to-end business service mapping, setting impact tolerances, and scenario analysis and testing. We then led their IBS identification, initially delivering an end-to-end pilot for a single IBS. We worked with a range of stakeholders to map their services, discuss, and agree appropriate impact tolerances, and undertake initial scenario analysis and testing.
Drawing on the lessons learned from the pilot exercise, the methodology documentation and delivery roadmap were updated. We ensured an effective transfer of knowledge, before handing over delivery of further work to the client’s teams on analysing and documenting the other IBS in line with the agreed roadmap.
Solution
A Lloyd’s Managing Agent required support in mobilising, scoping, and framing its operational resilience activity. While they understood the broad principles and the need for work to meet the new operational resilience regulations, they had struggled to mobilise the work or develop their approach.
Issue
The client was able to produce a robust initial IAE baseline calculation and had the confidence to establish some initial emission reduction targets for its underwriting portfolio.
Crowe’s limited assurance report formed part of the formal disclosures and provided confidence to the organisation’s board and management that the report could be disclosed.
Outcome
We reviewed the internal calculations completed following the Partnership for Carbon Accounting Financials (PCAF) methodology. We worked with the client to complete a risk assessment of the potential calculation misstatement and thereby prioritised areas for Crowe’s independent review. We deployed data analytics to review several thousand lines of policyholder information and identified potential outliers, for peer review efficiently and effectively. Key activities included:
Solution
Issue
Insurance associated emissions limited assurance review
A reinsurance group required help to review its Insurance Associated Emissions (IAE) disclosures. This was the organisation’s first formal disclosure and management wanted reassurance that the methodology had been appropriately implemented.
First, we reviewed documents and approaches against the risk mandate, interviewed senior key stakeholders (including Non-Executive Directors) and identified practical recommendations for enhancing risk function effectiveness.
We then turned to the efficiency of the risk and compliance operating model and sought to optimise risk interactions between business and oversight functions. We worked with the CRO to identify the most material sources of value, and agreed on key areas of focus, including senior management responsibilities, capabilities, and ways of working.
Through consultation with key business stakeholders, we developed recommendations, considering the best tactical solutions that could be applied to optimise benefits to achieve a given strategy. We also developed a multi-dimensional transition map to illustrate potential journeys and stages to improve efficiency while safeguarding effectiveness.
Crowe presented the consolidated discussion document to the CEO, who agreed that Crowe had both identified the most significant challenges to risk efficiency and had set out a logical, well-structured roadmap - providing an ambitious but practical approach to enhance risk and compliance.
Solution
Crowe was asked to undertake a review of the effectiveness of a risk function alongside a broader review of the efficiency of the risk and compliance operating model. The CEO wanted to focus on cost-efficiency across the business, optimising risk, and compliance to support strategic growth while ensuring regulatory requirements were met.
Issue
Risk efficiency and effectiveness
The client is now using our recommendations and transition map as the basis for a programme to deliver enhancements to the efficiency of the risk and compliance operating model. They are confident that this work will provide significant value to the business through a lower cost, and a more efficient operating model combined with a more effective approach to risk and compliance.
Outcome
Detailed review of calculation methodology steps, including implementation of formulae
Analysis to confirm that the boundaries of the calculations had been correctly applied
Review of additional manually applied policyholder exclusions based on sector or line of business
Analysis of how insured client names had been matched to a proprietary ESG analytical database to identify valid matches
Peer review of how insured client names had been matched to industry codes, and in turn linked to PCAF sector emission intensity factors
Review of procedural documentation and controls used in the production of the calculations
Recommendations of potential process enhancements for subsequent years
Evaluation of the narrative text within the IAE report to confirm consistency with the calculations reviewed by Crowe
Our formal report to the client’s BRC made several prioritised recommendations, across a range of areas, to enhance risk management effectiveness. These findings were discussed with regulators, while management remained ‘in control’ of the direction of developments. The client then made significant changes to implement the recommendations. 18 months later, the client requested a follow-up review and report from Crowe covering how the recommendations had been addressed and implemented.
The conclusion of the follow-up review was that significant progress has been made through addressing our recommendations, the effectiveness of risk management was significantly enhanced, and regulatory concerns mitigated.
Outcome
We developed a plan to review and report on the design and operating effectiveness, across all aspects of the client’s risk management framework, assessed against regulatory requirements and current best practice.
The delivery approach involved:
Solution
Following a reorganisation of their business, and to help them to proactively respond to regulatory scrutiny, this client asked Crowe to carry out an external effectiveness review of its risk function. The review focused on how the function was fulfilling its responsibilities, the effectiveness of its support and challenge to the business, decision making, and interactions through wider Board and executive governance.
Issue
Reviewing risk management effectiveness
A risk-based documentation review observing a sample of risk-related, executive and Board Risk Committee (BRC) meetings
Interviewing executive and non-executive directors, and senior managers
Designing and reviewing bespoke case studies focused on: the extent of risk consideration; the risk function’s role in the strategy and business planning processes; the identification, mitigation, and management of tolerance; and the effectiveness of interactions between risk and first line functions
Considering the current resourcing and capabilities of the risk function.
We were able to support management in establishing responsible procurement operating procedures to adapt existing processes. This ensured ESG factors were seamlessly integrated into their due diligence and ongoing monitoring of third-party relationships.
We helped develop and test risk-based question sets that addressed key sustainability risks, and the need to gather information on carbon reduction plans from material partners. Ensuring a light touch process for lower-risk suppliers was also considered in the process.
Outcome
Mapping the end-to-end procurement process to identify key sustainability touchpoints
Updating existing procurement and third-party risk management policies to define ESG-related minimum expectations of third parties
In collaboration with the client, we developed risk-based approaches whereby due diligence questions were tailored to their needs and were more consistently and robustly implemented. We tested the implications of the risk-based solutions by evaluating their impact on the vendor portfolio, adapting our solutions to the organisation’s risk appetite, and developing operating procedures to support adoption.
Crowe worked with the client’s Head of Procurement and Head of Sustainability to understand the current processes and develop practical solutions to embed sustainability considerations into the evaluation of counterparties. This involved:
Solution
The client, a specialty re/insurance group with UK and Bermudian operations, was seeking to embed sustainability throughout its operations, including its procurement processes.
The existing third-party risk management processes adequately addressed regulatory requirements over key outsourcing and vendor dependencies. However, it required tailoring to address ESG factors in a proportionate manner.
Issue
Responsible procurement implementation
The client was delighted with the rapid acceleration and high-quality redesign of the ERMF and its components. The CRO was pleased with the assurance provided to the Board Risk Committee Chairs about the speed of progress.
As the design outputs were developed incrementally and with their trust in the design outcomes having been gained, the client moved quickly into implementation with confidence that they were well-prepared to meet the challenges that lay ahead.
Outcome
The baseline assessment and project outputs were anchored by a review conducted by a third-party firm prior to our work. Following a validation of the baseline, we worked closely with the client on the redesign and development of a tailored ERMF for the Insurance business, which met the minimum regulatory requirements applicable. Each design component was discussed and iterated with the CRO and his team to validate the design and priorities; clarify important design elements; and assist with future embedding.
Our role then shifted to leading the initial redesign and coaching the client’s team in the enhancement and embedding, of selected high-priority components of the ERMF, including the risk mandate; risk universe; risk strategy and policy; risk appetite framework; and risk preferences.
The delivery approach was designed to have the Crowe team working alongside the client as ‘one team’, wherever possible, consistent with planned handover of the Crowe team’s agreed design outputs. Several team workshops were held to support embedding, over and above ongoing engagement with the CRO, Programme Director and Programme Manager.
Solution
Our client, an insurance business part of a wider, quoted non-financial services group, engaged us to review and develop its Enterprise Risk Management Framework (ERMF) and undertake an initial redesign phase for several of its high-priority components. There had been ongoing substantial change in the business and some significant turnover and consolidation in resources.
Issue
Risk management framework - design and development
The client appreciated Crowe’s help in refining their operating model and embedding a more streamlined approach that could be better embedded, and strengthened their resilience to operational disruption, with clearly defined and understood processes and actions for further improvement.
Outcome
Review of key elements of their operational resilience framework, including review of important business services, mapping, and impact tolerances, and leading their annual self-assessment process
Planning and facilitating a scenario testing exercise to assess their ability to remain within impact tolerances and develop an action plan to remediate vulnerabilities identified
Defining an efficient and effective operating model across operational resilience, BCM and outsourcing, including key activities, ownership, and processes
Development of their BCM framework and associated processes, including Risk Assessments, Business Impact Analyses, Recovery Strategies, Business Continuity Planning and Testing programmes
Solution
Crowe was asked by a Lloyd’s Managing Agent to lead the development and implementation of a revised operating model for operational resilience - including business continuity management (BCM), outsourcing frameworks and associated processes, as well as provide support across associated BAU Operations activity.
Issue
Embedding operational resilience
Our work included:
A proportionate approach was taken to ensure the most strategically important services (and vulnerabilities) were assessed first. Crowe identified key vulnerabilities within the client’s IBS’s, capturing and tracking remediation activity and ultimately the enhancement of resilience.
The self-assessment and insights were well received and valued by the Boards. The client’s internal audit function’s subsequent review confirmed that requirements and expectations had been fully met.
Outcome
After understanding the client’s unique structure, processes and culture, a project scope was established, spanning several entities and boards, all of which needed ‘taking on the journey’ of operational resilience to ensure buy-in and clear ownership. Consistent communication was essential to ensure transfer of knowledge into business-as-usual.
Using various materiality scales provided by the firm, service assessment criteria were created and approved, to support the curation of the IBS list for each of the four entities.
A methodology for conducting IBS assessments was created, including: mapping the chain of resources; setting an impact tolerance; conducting scenario testing; and establishing lessons learned activities. The agreed methodology was implemented across each of the IBS’s identified, whilst carefully adapting it to suit the needs and product offerings of each entity.
Finally, a self-assessment document was developed, capturing the operational resilience journey to date. This was approved by all the entities’ Boards and was made available to the regulator.
Crowe's team also led the collation of the communications updates and responses to the PRA throughout the project period.
Solution
The client – a significant insurance, wealth, and asset management firm – required support in scoping and initiating a project to enhance the resilience of its Important Business Services (IBS’s) and to meet regulatory requirements in respect of operational resilience.
Issue
Operational resilience - implementation