Conformance Manager - Risk

Description

About Risk Chief Controls Office

The Chief Controls Office has primary responsibility for the following:

Provide assurance that Risk is in compliance with the requirements of the ERMF, Barclays Guide and all other relevant frameworks, policies and standards.

• Ensure the internal control environment in Risk is subject to an appropriate level of review, reporting and where necessary, remediation or enhancement. As well as those controls operated by Risk, this will include a consideration of any shortcomings in the design and effectiveness of internal controls operated by Business Units and other Functions on which Risk is dependent.
• Support Risk management when interacting with Barclays Internal Audit (BIA), primary regulators and other parties responsible for independent review of the Risk internal control environment. This will include the provision of management information and other inputs required by BIA for the preparation of their internal audit plans for Risk; ensuring the consistency of management responses and completion dates for BIA and regulatory observations; and provision of management assurance results to BIA for their consideration when determining audit scopes.
• Design, execution and reporting of Group governance processes. This includes maintenance of the centralised Policy Framework, reporting progress of remediation of material control issues, conformance testing, review and maintenance of the Barclays Guide, 'Policy of Policies' and related standards; and work required to support attestations of compliance with the UK Corporate Governance Code.

About Risk
Barclays Risk provides strong risk management capabilities, strong challenge and strong support to help deliver the bank's risk appetite.

Overall purpose of role

The purpose of this role is to provide assurance that Risk is in compliance with the requirements of the ERMF, Barclays guide and all other relevant frameworks, policies and standards.

Key Accountabilities

Evaluate (80%)

• Undertake Controls Testing (or, where appropriate, Review) of the design and operating effectiveness of internal controls operated by the Risk function.
• Assist in the documentation of key processes and design of Risk RCSAs including undertaking controls testing and quality assurance reviews of Risk RCSAs as required. Also, undertake quality assurance checks of the RCSA Conformance activity undertaken by Operational Risk.
• Review of key ERMF requirements including executing quality assurance procedures to verify effectiveness eg GKRO forums, refresh of policies, conformance and assurance plans.
• Undertake Controls Testing of KRAs prepared by the Risk function. Confirm through observation and inquiry that similar KRA processes operate pan-Barclays.
• Execute quality assurance procedures for those forums operated by Risk GKROs. Confirm through observation and inquiry that quality assurance has been established for non-Risk GKRO forums.
• Undertake Controls Testing (and, where appropriate, Review) of key Barclays Guide components eg Committees, Lessons Learnt, 'Policy of Policy'.
• Controls Testing of all Risk owned committees.
• Conformance Review of Committee Testing undertaken by Business Units and Functions across Barclays
• Ensuring Lessons Learnt Policy implemented across the Risk function.
• Sample review of Lessons Learnt activity across Barclays to verify implementation of the Lessons Learnt policy, standards and related processes.
• Undertake quality assurance for control issues closed by Risk, with the focus on those issues which will not be subject to contemporaneous 'issues assurance' by BIA.
• Undertake work to ensure conformance with the "Issues Management" Standard across Risk and through observation and enquiry that similar processes are in place in other Business Units and Functions.
• Reconciliation of data sources to issues raised in ORAC
• Reconciliation of action plans in ORAC to underlying programme management in Navigator
• Monitoring of effectiveness of underlying programme teams for larger scale remediation activity
• Preparation of OR&CC/BAC reports as required
• Analysis of audit findings in support of issue identification and escalation via GKRO forums

Respond (15%)

• Detailed planning and execution of specific Group governance processes relating to the Barclays Guide and the UK Corporate Governance Code (Turnbull).
• Review the work completed by Business Units and Functions across Barclays to evidence compliance with the UK Corporate Governance Code
• Execution of work required in Risk to evidence compliance with the UK Corporate Governance Code.
• Perform annual COSO2 design effectiveness testing of Barclays Guide and monitor the effectiveness of implementation of the individual components of the Barclays Guide.
• Ensure accountabilities for governance and management of the internal control environment are consistent with the ERMF and regulatory requirements
• Undertake targeted reviews and periodic conformance testing of Risk Senior Manager's (SIF) "Statement of Responsibilities to ensure compliance with emerging regulatory requirements.
• Assist in the conduct of any investigations required in Risk with regard to 'Raising Concerns' or whistle-blowing events.
• Support the group-wide operation of the Enterprise Lessons Learnt Process
• Maintenance and system administration of the central SharePoint site
• Monitoring and quality assurance of activity on the Lessons Learnt SharePoint
• Group training, awareness and other communications as required
• Provision of data in support of Lessons Learnt reporting to Business and Functional GRC meetings
• Maintenance of the Lessons Learnt Standard and any associated dispensations, waivers and breaches
• Maintain the framework for country and legal entity governance:
• Oversee and monitor the effectiveness of the Country and Legal Entity Governance frameworks.
• Maintain country and legal entity governance frameworks as necessary.
• Support the rollout of new Policies and Standards and ensure compliance with the Policy of Policies:
• Maintain the Policy of Policies.
• Maintenance and review of central policy register of all Group policies. Including tracking annual refresh dates, and reporting overdues.
• Review, approval and monitoring of Dispensations, Waivers and Breaches against the Policy of Policies.
• Tracking Dispensations, Waivers and Breaches, and reporting expiries and overdues (across all Policies and Principal Risks).
• Co-ordination and logistical support for the Policy Implementation Forum
• Co-ordination of the allocation of 'landing slots' and the flow of Policies and Standards through the review and feedback process.
• Provide administrative support for the Policy management tool.

Monitor (5%)

• Undertake quality assurance of conformance review plans and reporting maintained by GKROs.
• Undertake reporting to Risk ExCo of control issues, including those raised by BIA and Regulators.
• Co-ordination of control issue reporting for Board and Group Management Committees.
• Oversight of significant control remediation programmes for which Risk is responsible.
• Maintenance of the Group Policy Register; Policy and Standards annual review tracking; and the central Waivers, Dispensation & Breach processes.
• Preparation of consolidated reporting of Lessons Learnt activities undertaken by the Risk function.
• Tracking and Reporting on the status of any control remediation identified by Lessons Learnt reviews.
• Track completion of mandatory training across the Risk function including following up of overdues and quarterly reporting to Risk ExCo.

Risk and Control Objective Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards

Person Specification

• Good understanding of modern governance and control risk assessment techniques.
• Networking & Senior Stakeholder Management
• Communication (including good presentational skills)
• Organisation & Planning
• Negotiation and Influencing
• The highest level of integrity, trust & confidentiality
• Commercial awareness and product knowledge
• Well developed critical/analytical faculties
• Thorough knowledge of relevant PC packages, eg Word, Powerpoint & Excel.
• Strong communicator with well developed people skills
• Strong data synthesizer
• Highly motivated/self starter
• Superior work ethic
• Drives their own performance
• Relevant experience in internal audit, operational risk management or related disciplines, preferably in the financial services industry