Xcina Case Study

Operational Process Review for Financial Services Company

The client

UK Financial Services Company

The work

We were engaged by our Client to review their enterprise risk profile and assess whether their underlying framework of operational processes and procedures was robust. A related concern raised by our Client’s Board was whether any potential control weaknesses existed due to loss of key employees and associated corporate knowledge.

How we helped

Our first task was to meet with the Client’s executive management and examine, in detail, the organisation’s risk profile and obtain an understanding of the specific concerns raised by the Board. We reviewed all relevant documentation across the Client’s business processes including policies, standards, process maps, procedures, work instructions and guidance notes. In total, we reviewed 382 documents and used this knowledge as a basis for the senior management and employee interviews. Our review confirmed that the Client’s underlying framework of operational processes and procedures was robust – it was relevant, appropriate, accurate and complete.

Value added

By applying a systematic and focused approach we were able to present detailed findings to executive management and to a key Board committee, providing the validated reassurance that the client had been seeking. Additionally, we also provided comments and suggestions for enhancing the presentation of internal controls within the documentation; the documentation had inevitably evolved over many years and so some aspects had become inconsistent. Acting on our recommendations, the Client’s executive management has implemented an integrated document management framework consistent with industry-recognised best practice.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>