Xcina Case Study

Risk Reporting Framework for Global Insurance Organisation

The client

Global Insurance Organisation

The work

Our client had established a Group Oversight Risk Committee (GORC) with a mixed membership of Executive and non-Executive Directors to provide an oversight over the Group’s risks. They engaged us to assist with defining and implementing the risk reporting and escalation process at Group level.

How we helped

We conducted a risk workshop with the Group Directors which aided in the design of a reporting framework suitable for the GORC. We then undertook reviews of the existing risk management and reporting frameworks in each Business Unit (BU) to ensure that management information from the BUs could be analysed and aggregated into the key risk information presented to the GORC. We prepared and implemented a revised Escalation Policy and Process which described, in detail, various scenarios that could give rise to a notifiable risk events, and the procedures to be followed when escalating the event. With the reporting policies, procedures and tools defined, we worked with the Group Risk Function to implement these in the business. The first risk report was completed based on the new methodology in time for the first GORC meeting. We were also available to assist in the first risk escalation and action plan following a notifiable risk event.

Value added

By making sure we engaged at both Group and BU levels, we helped increase the transparency between the Group and BUs. This also assisted in ensuring the relevant and useful information was being captured and reported. The BUs also directly benefited by engaging with each other and aligning their risk processes to provide a more consistent and collaborative approach to management and reporting of risks across the Group.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>