Position purpose
The Operational Permanent Control (OPC) team provides specialised services and expertise on technical areas such as Operational Risk Management, Operational Change Management and Permanent/Operational Control. The Senior OPC Managers purpose is to ensure the application and adaption of the operational risk management framework by the business has been communicated and implemented successfully by the OPC Team.
The Senior Manager OPC ensures the OPC team's in both NZ and AU work closely together to provide a consistent approach in the support of the business for the following:-
Identification and assessment of all operational risks in line with the Risk & Control Self-Assessment (RCSA) group approach;
Collection and analysis of Historical incidents;
Definition of a risk appetite and application of the corresponding risk monitoring and mitigation framework (including segregation of duties, controls and incidents management);
Ensuring the continuous implementation and adaption of this framework and improvement actions (identified by internal or external audit recommendations, supervisors (if applicable), second line of defense, first-line operational management, controls ……) as required;
Ensuring and fostering awareness of risks and providing training on the risk framework;
Assessment of the quality and execution of the Permanent Control Framework
Ensuring regulatory requirements are adhered to via control plans where applicable
Application of the proper risk monitoring tools; and,
Ensuring transparent monitoring information to their reporting lines, hierarchical or functional, internal or external, the independent control functions, the governing bodies and the supervisors.
Other key mandates for the OPC team are contribution to/consultation for the Exception Transaction and New Product (TAC/NAC) process, participation in the governance of projects (where Operational Risk and the Permanent Control framework are impacted and advisory on specific topics when required.
The Senior Manager OPC is required to communicate regularly with and build good relationships with a wide range of people/positions including operational teams, Relationship Managers and hub locations to assist with the resolution of any problems/errors as and when they are identified.
The Senior Manager OPC is a member of the NZ Management team and is responsible for chairing the monthly local OPC meeting in NZ, contribution and attendance to the NZ Business Committee and attendance at the monthly ExCo Australasian meeting when required. Participation in all management meetings, directives and initiatives is also required, eg. Lead GPS Focus Group, Calibration reviews, Key person risk discussions, success planning sessions, budget process, contribute to business strategy objective review sessions and 2up staff responsibilities.
Key responsibilities
Management Responsibilities:-
The Senior Manager OPC is responsible for the team leadership which includes:
Building a vision and promoting the role of the team to the business;
Acting as an escalation point for issues within the business or within the team;
Analysing, developing and implementing process improvement for the team;
Providing guidance, instruction and direction to the team;
Implementing a culture of service, flexibility and accountability;
Coordinating the team workflows;
Reporting main actions and escalating issues to his/her own manager.
Completion of regular 1-on-1's with all team members
The Senior Manager OPC is responsible for staff management which includes:
Recognition of team members strengths, weaknesses and motivations;
Developing the technical expertise and capabilities of the team;
Documenting performance objectives and developing a training plan each year, providing regular feedback and formally documenting and presenting performance appraisals once a year.
The Senior Manager OPC is responsible for the day-to-day management of the OPC team to ensure support of the business for the following:
Identification and assessment of risks and controls
Support the business in:
Completing the Risk Control Self-Assessment (RCSA) -specifically, in the performance of risk identification, evaluation and validation of the Risk profile assessment and in defining action plans for extreme and serious risks.
The identification and assessment of 3 rd party risk and in defining and operating a risk mitigation and monitoring framework based on Group guidelines.
The operational risk assessment of new activities (TAC/NAC), products or large projects.
Ensure the RCSA is validated locally and is consistent with the risk appetite.
Follow up on remediation plans and conditions when necessary.
Support operating entities in the application and adaption of the operational risk management framework, and ensure its compliance with Group and BP2S guidelines
Verification and controls assurance
Support the business in:
Defining and deploying the generic control plan where necessary and implementing controls consistently with the local risk assessment.
Challenge first level controls.
Perform risk based Business Controls Assurance (BCA) including regular review and follow-up of previous exceptions remedial actions
Follow up unsatisfactory and marginally satisfactory results.
Oversight of the Permanent Control framework to ensure all components are implemented and effective
Significant incidents (Historical Incidents HIs))
Ensure significant incidents are identified, alerted to management, analysed and entered to RISK 360.
Perform first level controls on the collection of HI's such as reconciliations between incidents management and accounting tools.
Assist in providing management reporting on key incidents.
Ensure a log of open actions generated by preventative measures detailed in RISK 360 is maintained by OPC
Incident Management
Support the business in:
Analysis of new incidents for validation of materiality level
Following the relevant escalation guidelines/policy and use of the correct templates for material incidents when required
Perform a quality review of all incidents raised in the incident management system (BIRDIE)
Provide administration and training to the business when required
Contribute to weekly regulatory breach meetings
Produce adhoc reports for team or the business to analysis incident trends when required
Audit (Internal/External)
Support the business in:
Liaising with auditors where required
Arranging the ISAE 34012 audit on the NZ operations
Assisting auditees throughout the assignment phase
Challenging the main features of the recommendations when applicable
Implementing audit recommendations and permanent control actions.
Follow up with those responsible for implementing recommendations.
Produce reports and escalate upcoming and overdue recommendations.
Governance and reporting
Support the business in:
Ensuring the Group and relevant governance and reporting framework is implemented.
Contribute actively to local committees.
Contribute to the Internal Control Committee (ICC) and Territory Internal Control Committee (TICC) reporting managed by RISK ORC.
Contribute to the Permanent Control Report (PCR) managed by RISK ORC.
Awareness and training
Continually promote an appropriate culture of risk awareness across the business.
Provide training to both new and existing staff on the operational risk and permanent control framework.
Anti-Fraud
Support the business in:
The identification and assessment of internal and external fraud risks, and in the definition and performance of an anti-fraud control framework in compliance with Group guidelines, regulations and the risk environment.
Ensure the existence of a fraud prevention and protection correspondent tasked with the implementation and adaption of the framework.
Assurance Reporting (ISAE3402)
Support the business in:
The preparation of the ISAE3402 assurance report.
Follow-up and escalation of any exceptions raised and any recommendations issued by external auditors.
Collation and distribution of management comments for any exceptions raised.
Follow up on the relevancy of controls included in the assurance reports.
Support the implementation and follow-up of remedial action plans in the business.
Ensure all regulatory requirements are included in the relevant assurance reports where applicable.
Archive and centralise the final report in a dedicated directory.
Manage invoicing issues/requests raised by external auditors.
Procedures
Support the business in:
The timely operational implementation of procedures & policies
Monitoring the timely review of all existing procedures as per the required frequency
Produce management reporting for completion rates (KRI's) when required
Clients RFP's and Audits
Contribute to RFP's and due diligence presentations as required
Contribute to clients audits as applicable
