Deciding what to do

Ned and Jake now realize that the spike in delinquencies is due to operational risk, not credit quality issues. The change in terms disclosure evidentially went unnoticed by most consumers, since there were no incremental complaints the month after they were mailed. However, when customers all of a sudden had checks bounce, and were assessed a $50 fee per check, that definitely caught their attention! The remaining challenge is to determine the full extent of the problem and then decide what to do about it.

Ned leverages the incident management capabilities of the solution

For that, Ned turns to his GRC system (SAS Enterprise GRC), which tracks all policy changes, operational incidents or process failures, and shows status on issues and their associated action plans.  By virtue of the number of customers affected and the estimated cost per account, Ned can get estimates of the loss per incident.  Clearly there are controls that failed and some new ones that need to be added.  When it comes time to fix the process, Ned will review risk and control assessments and decide what to do.  But for now, he needs to make sure he has everything covered.  

Helicopter view with a single button click!

For that exercise, Ned is in luck because he can use the 360 degree viewer with a single button click to find instantly all linkages to relevant risks, controls, objectives, incidents, policies, insurance policies, service level agreements, vendor contracts, assessments, and so on.  From that screen, Ned clicks over to the issues and actions tab to survey the issues in question.

Ned surveys issues that combine to a new "perfect storm" issue he will create

Ned will not only use the system to figure out the extent of the problem and root causes -- he will actually define a new issue that is the combined effect of known issues and he will put in place an action plan and monitoring to ensure it is handled in and effective and timely manner. The pressure is on, and minutes can make the difference between minimal damage and poster-child meltdown!

Ned creates the perfect storm issue for which he and Jake will develop an action plan

Ned decides to huddle again with Jake, so he scurries down the hallway and appears unannounced.   Jake looks up and sees Ned in the doorway and invites him to take a seat.  

Jake and Ned huddle and strategize on what to do!

Ned advises, "Jake, we need to formulate a good response and get the ball rolling quickly.  By next week’s Board Meeting, we’d better have this buttoned down completely, including making the customer’s “whole,” and putting together a solid communication around what transpired." 

Jake nods in agreement with a concurrent blank stare out the window.

The operational failure by the third party has potentially thrown the change in overdraft pricing into the public spotlight, and it is likely that Ned and Jake will see something soon on the popular Channel 5 Evening News Action Hotline featuring a one or more of SteadyBank’s unhappy customers with some complaints.  It sure would have played in SteadyBank’s favor to get the word out early to customers and in advance of any negative publicity.  

Ned suggests, "We need to get with Corporate PR right away to decide on an appropriate message." 

"Ok Ned, but do we have our arms around all of the issues yet?" Jake inquires.

"Yeah, let me show you what I have pulled and analyze from our GRC system," Ned replies and he shares an export of the 360 degree view that he has annotated.

Sorting it all out with the help of SAS Enterprise GRC!

"This is really great Ned," is Jake's response, continuing, "The pieces are all beginning to fall into place now."  Jake further examines the 360 degree view, and notes,  “We also need to make the third party reimburse us for the damage done, even though we have financial/professional insurance coverage.” 

 “Good catch Jake!  Quantifying that, however, is going to be a difficult exercise,” replied Ned, “and to your point, we will need to give a heads-up to our insurance carrier, per corporate policy BOP-LGL-100.1.” 

"You leave the insurance notification to me," Jake replies, "And as for the quantification of the damages, I am putting that squarely on Paul's shoulders!" 

Jake recalls the earlier phone call, and tells Ned, "Paul threw Andrew under the bus on the checkless payment problem to take heat off of himself, and I think he needs something more to do this weekend than his usual routine!"   

Jake wraps up the meeting, telling Ned, “We need to check with Legal to see what would be reasonable damages to include, such as value of the customer relationship over expected account lifetime.  With several hundred customers impacted, the word of mouth effect could snowball to thousands of customers, and the financial impact could be in the millions for us on an annual basis.  In addition, the impact on our share price and reputation could prove to be our biggest headache.” 

[At this point, Ned and Jake have a plan and have decided what needs to be addressed.  In next Thursday's post, they will take appropriate actions to deal with the looming crisis.]

Note: If you are interested in this series, you will also find value in another GRC tale that illustrates the value of a GRC solution relative to preventing and dealing with a breech in security leading to the theft of customer information. (To access it, simply click on the embedded link in the previous sentence!) For an introduction to SteadyBank and the main characters in this blog series please click on the following title: Understand GRC through SteadyBank .  Be sure you read the whole Steadybank saga, so you can learn the GRC lessons of SteadyBank.

Drawings © 2012 Brad Abrahams

tags: steadybankgrc

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">