Strategy

* Overall responsible for the preparation, communication, implementation, delivery and expansion of T&O OR plan, working in close coordination with country, Regional and Global stakeholders.
* Support ITO units in understanding and implementing Regulatory requirements.
* Represent Group R&C ITO at the country level for implementation of standards, continuous improvement programs and strategic transformations.

Pro-active Risk Management

* Peer Reviews/Risk Assurance - schedule periodic peer reviews with a view to be 'ever audit ready'. Leverage Group Subject Matter Experts where necessary.
* Validate 'Process Risk Analysis' conducted by ITO units.
* Review of BOLD matrix and feedback "where applicable"

iGear (where introduced)

* Identify key hotspot processes for workflow automation through iGEAR.
* Review defined workflows and ensure required controls are embedded.

Risk Control

* Risk Identification, Assessments, Measurements, Acceptance and Monitoring
* Control Testing/Risk Identification - determine effectiveness/ineffectiveness of defined controls and arrive at control strength matrix and on the ground residual risk.
* Risk Acceptance/Treatment Plan/Escalation - for all cases where residual risk is medium, high or very high, prepare a RAR along with treatment plan. Update risk in Group OR systems i.e. Optial/ Phoenix etc. Monitor progress towards target residual risk.
* Regular review of controls to improve design towards automation and preventive management.

Risk Management through Standardised MI

* KRI Review, Analysis & Action Plans - highlighting key trends of concern.
* Phoenix/Optial Maintenance/Review/Cleanup - ensure information on Phoenix and Optial is kept up-to-date.
* Review weekly reports circulated by central team in Chennai and take appropriate action.
* Risk Register/Heatmap Review - review heatmap and risk registers and arrive at action plans for reducing residual risk.
* Review of Audit failure/issues/action plans - identify cross border issues, track and resolve.

Risk Validation

* Conduct a threat/stress & scenario based assessment and update risk register.
* Review open regulatory risks and assess/agree treatment plans.

Day to Day Operating Controls

* Review/define COPMAN Controls - checklist of day to day summary controls performed by unit heads and their staff - embedded these within the processes.
* Monitor/review COPMAN Controls through spot checks - management of exceptions and feedback to line managers.

Incident Management

Root Cause Analysis

* Identify and define the problem (operational loss, audit failure, near miss, significant event, high severity incidents)
* Drive root cause analysis
* Update Risk Register/Agree Treatment Plan and follow-up for closure.

Operational Loss Management/Near Miss

* Operational Loss Approval & Booking - ensure losses are approved in line with delegated authorities granted.
* Ensure the accounting is correctly done to register the loss.
* Reconciliation of Ops loss to GL - reconcile the GL account against Phoenix records.

Risk Governance

Audits

* Audit Coordination (Group + Regulatory) - whilst the primary responsibility for every audit will still remain with the Unit Head, R&C will be expected to play a critical role going forward.
* Every ROF and quality of its management response will have to be vetted by R&C to ensure that the findings are factually correct and the agreed action plans, along with target dates, are reasonable and achievable. R&C will take joint responsibility for audit outcomes.
* Audit Issue Tracking & Closure - track aging of findings and ensure periodic follow-up.
* Keep audit informed of progress and ensure any delays in resolution are appropriately approved before due date.

Risk Governance Representation and Preparation of Risk Packs

* Local Interface to Country OR Head - be the main ITO liaison point to the Country OR Head.
* Represent ITO in country FORC, BORGs, CORC - where necessary.
* Support/lead as applicable - key thematic risk reviews/mitigation projects i.e. data quality/confidentiality, outsourcing, EUC, user access, MAR, reconciliations, Stability, Change Quality, Frauds, FCR, Regulatory ect. within applicable units.