How to Effectively Manage Change Risk

In today’s world change is pervasive in everything we do (technology, transformations, organizational changes, regulations, and new products). If not managed properly, change can be one of the biggest sources of risk for your institution. During RMA’s latest installment of the Governance, Risk, and Compliance Audio Conference Series, Bill Popp, CEO, POPP Risk Group, discussed how to measure and report these risks and identified industry effective practices.

Popp shared findings from the POPP Risk Group’s CRO Risk Council 2018 study on change management risk. The Council conducted 72 interviews, representing 30 banks. Established in 2013, the Council identifies industry challenges and an industry range of practices.

The study found that in most institutions today, there are five separate challenges:

  1. There are no overarching change risk programs (as differentiated from change management programs).
  2. The default focus is on project risk (e.g., delivery date, budget, and scope). Other risks remain undifferentiated and are largely ignored.
  3. Second line risk often lacks sufficient knowledge of the business.
  4. The business usually lacks a formal knowledge of change risk.
  5. There is not enough focus on the people required to make it work.

Change for institutions is not going away; it’s a prominent focus of most regulators. Only banks who effectively manage change will survive.

Popp explained the importance of incorporating change risk into change management programs. He outlined seven dimensions to a change management program:

  1. New initiatives (new, modified, or expanded product or service approval).
  2. Technology change.
  3. Regulatory change.
  4. Third party change.
  5. Operations (execution risk) change.
  6. Transformational change (including corporate/group, mergers and acquisitions, business, and functional transformations).
  7. Organizational change.

The three most in-depth change management processes today include new initiatives, technology change, and transformational change. To effectively manage change risk, Popp recommended the following:

  • Elevate change risk and make it on par with your bank’s top risk appetite categories.
  • Establish a change risk appetite using discrete risks throughout the cycle.
  • Integrate change risk into existing processes and existing risk committees.
  • Practice “conclusion-first” reporting.
  • Evaluate and train existing resources.

Join us for the next installment of the Governance, Risk, and Compliance Audio Conference Series on June 18, Operational Risk and Cyber Risk Working in Conjunction.


RMA Wisconsin Chapter Supports College Students with 1st Annual Commercial Lending Case Competition

Read More

Washington, The Week Ahead - June 24-28, 2019

Read More

How to Manage the Governance, Operational, and Other Implications of CECL

Read More

comments powered by Disqus