Xcina Case Study

Financial Process Review for UK-based Financial Services Company

The client

UK Financial Services Company

The work

A client providing vital infrastructure to the UK’s banking payments industry, supporting many stakeholders including well-known major banks, asked us to review the effectiveness of its internal controls over committing and approving expenditure. This request followed concerns identified by the Client’s Board in a brief investigation by one of its independent non-executive directors. This task was complicated by the fact that for some of its core finance-related activities, the Client relies on outsourcing of tasks to an external specialist company using a defined services framework agreement. The Client’s senior management retains all responsibilities for approval and initial review of expenditure invoices.

How we helped

The first step was to hold planning discussions with client management; followed up by reviewing relevant policies, procedures and contractual records and performing a forensic analysis of payments over the preceding year. We engaged with key employees from the Client and the outsourced service company. Our work identified that many expenditure-related processes involved people or teams across the Client and the external service company and that unstructured exchanges of information meant that specialist tasks and responsibilities had become diluted for overall expenditure processing, review and approval. After further analysis, we identified other contributing factors including an excessive reliance on full-time contractors instead of full-time employees on a major internal project who were subject to less diligent policies and supervision. Analysis performed also identified that many expenditure processes were overly complex and that practices followed by employees and contractors were not always understood or effectively supervised by their managers.

Value added

We were able to demonstrate to management that the quality and sufficiency of independent review had been weakened. Plus, the many interlinked factors, as evidenced in the results shared with management, had also led to reduced awareness and diluted accountability for decisions. We recommended a detailed series of corrective actions that collectively addressed the weaknesses identified within the extended corporate structures for processing and approvals. Our recommendations were quickly adopted and this resulted in significant and immediate improvements in corporate governance and expenditure controls.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>