Reserve Bank of Malawi utilises Optial’s GRC platform to drive strategy, connect departments and achieve accountability
Overview
The Reserve Bank of Malawi is responsible for managing the monetary, financial and payment systems in Malawi. Its focus is to mitigate systemic risk through implementation of sound monetary policies in Malawi.
The Bank required a flexible and scalable GRC solution given its size and complexity. Like many large organisations, each department was working towards its own departmental objectives that sometimes drifted from the overarching Bank’s strategy. A solution was required to facilitate a bridge from the various departments to the Bank’s strategic plans, provide accountability and drive deliverables.
Optial’s enterprise solution met the Bank’s requirement of having checks and balances implemented for every workflow process in the system. The flexible enterprise technology permeates throughout the Bank’s organisation to unify department plans, objectives, and to provide transparency, and mitigate risk. Click here to download a pdf of this case study.
Approach
The key to RBM’s governance risk and compliance solution was to build a system that replicated the Bank’s organisational structure, line of authority and organisational processes. The system was implemented in two phases over fifteen months. Phase 1 focused on delivery of the key modules followed by phase 2 covering ancillary modules and reporting.
To meet the Bank’s requirements seven modules were designed and configured. All modules are interlinked and cross-referenceable throughout the system for data-analysis and management reporting purposes.
Understanding and identifying which processes the Bank wanted to prioritise and the key roles and responsibilities involved were integral to tackling a project of this size. The organisational role that each person plays in each process and the output reporting that is required is essential to building a system that drives accountability and mitigates risk.
Optial designed and implemented the system remotely from their offices in London, UK. The project kicked-off with a series of workshops. To accommodate everyone’s schedules and ongoing responsibilities, each session was no longer than an hour. Succinct sessions allowed focus on the project’s agenda without infringing on daily responsibilities. It also allowed the project team in London time to reflect on requirements and to test the design approach with the client the next day.
Once RBM agreed the approach, Optial built the system to their specifications, touching base with RBM where required. After a successful UAT, two weeks of intensive onsite training was delivered to the Bank’s key users, about 40 users per day, to ensure that they understood how to use the system to support the Bank’s processes.
Seven Modules were designed for the Reserve Bank of Malawi. Below is list of modules with some of the key features built:
Risk Management
Bank risk appetite statements
Risk registers
Standard and Non-Standard Risk Assessments (Voting based Risk Assessments and Risk Ownership)
Key Risk Indicators and Key Performance Indicators.
Lessons Learned
Management reporting
Business Continuity
Strategic Impact Analysis, strategies, and key products & services
Bank wide assessments, links, and dependencies- including systems, resources and processes
Ability to attach the business continuity plans and disaster recovery plans
Exercise Training Tests and Plans (ETTP) - Checklists of activities to carry out an ETTP and measurement tools to check performance of the ETTP against defined business continuity and disaster recovery plans.
Department level process based Business Impact Analysis assessments. An example of this would be a BIA on payroll which include Impact Timeframes and how long the service will be impacted from shocks to the business and industries.
Third party suppliers and vendors
Key systems and services
Management reporting
Incident Management
Tracking operational management incidents and lessons learned
Root Cause analysis
Investigations (either external or internal led investigations)Management reporting
Compliance
Internal Controls
Policy Management
Procedure Management
Regulatory Management
Adherence to contract
Key Control Indicators and Key Performance Indicators
Management reporting
Planning/Governance
Bank Strategic Plans and Department level Business Plans- allows RBM to track their goals and objectives through the use of indicators and managing the budgeted costs and resources.
SWOT and PESTLE Analysis
Management reporting
Project Management
Project approval process
Tracks project progress and related project issues
Project Initiation Documentation (PID)
Manages Project Stages and Boundaries
Project Budgets and Expenditure- the system allows them to report across the budget.
Project Risk Register and Treatment Plans
Lessons learned either on a project or project phase basis
Management reporting
Resource Management
Allow creation of resources and resource groups
Ability to utilise resources within projects
Outcome
At the end of phase 2, the system was deployed. The platform is central to aligning individual departmental strategies to the Bank’s overarching objectives and is an example of a system that facilitates operational resilience. The system provides a top-down approach, where the Bank’s objectives are central to driving the strategy and objectives at the departmental level. As the system becomes embedded within the culture and processes of the organisation, reporting upwards and transparency at all levels will be key, and will be supported by the system. As departments align their objectives to the central strategy the risks of meeting these objectives are highlighted and mapped as potential threats, other departments can also report on these very same risks and assess the impact on their own operations and governance.
About the Reserve Bank of Malawi
The Reserve Bank of Malawi is responsible for the monetary policy, bank regulation, financial services and economic research for Malawi.