This article was co-authored by Markus Kehm.
Why is it necessary to understand your risk position?
Are your operations robust and running smoothly? Are all processes working properly? Are all systems producing valid outputs, and is the behavior of people reliable and trustworthy? In the real world, the answer is seldom a clear yes or no. Mitigation of risk requires constant improvement of controls. A careful assessment of your operational risks builds the foundation for any improvement.
During times of external shocks that test the limits of an organization, like the current pandemic, mastering operational excellence can make a significant difference in economic resilience.
Infosys Consulting’s financial services practice has developed a dedicated service to assess operational risks. It is an “out of the box” approach, adapted to your current pain points and requirements and structured to deliver the expected output, supported by Infosys’ best-practice experts.
Situations in which the assessment is recommended
Monitoring and controlling risk is an ongoing task. To establish an improved risk monitoring system, or if you have new targets in your business journey, a careful review of your current capabilities is necessary:
- To improve control over new or re-designed workflows (e.g. After the merger of two operational entities)
- To increase the chances of success of a new IT system
- To foster business continuity management
- To prepare an audit
- To support business growth that requires operational excellence
Our Risk Assessment Model
Infosys consulting runs the operational risk assessment in 5 steps. Each step begins with preparing input parameters in advance through workshops that produce the expected output in the form of relevant deliverables. The approach is designed to deliver a complete mitigation plan at the end, with improved processes to reduce a company’s risk exposure. The approach answers crucial questions at each step and uses the results as an input for the next step.
Step one: Serves to specify the field of action: what is the target area, the purpose, and the general subject of the assessment?
Step two: Refines the results of step one: what are the crucial documents? Which processes are specific? Which SME has special knowledge?
Step three: The objects from this analysis will then be analyzed in detail with regards to the risk contribution. This analysis is collaborative, with the collective expertise of our in-house-professionals, third party specialists, and subject matter experts.
Step four: These risks or gaps are assessed using criteria and the collective expertise used in the steps before. This step answers the following questions: What is the probability and impact of the risk identified? What are the regulatory and reputational consequences to a failure?
Step five: In the last step, the risks are structured and documented to answer the question: what are the potential measures to reduce the risks? The who, what, and when of the most efficient measures is determined.
Results and benefits of the model
The outcome of this assessment is a full and transparent view on the risk exposure of the business area in focus. It also helps to arrive at an action plan that describes the specific changes required to reduce operational risks. The benefits of our model are:
- Identify best practices to understand your risk position
- Quick, efficient and cost-effective assessment with our support
- An actionable plan that allows rapid and substantial improvement with less preparation time and ramp-up effort
- A collaborative work environment that brings together your company’s expertise with the know-how of our experts
- Laying the foundation for further optimization of operational performance, moving it into a proactive state beyond fails management
Start your journey to operational excellence today by contacting our risk expert.

Martin Arnold
Associate Partner, Infosys Consulting
He has managed transformation for divers and multi-country outsourcing contracts. has strong project management skills with a focus on complex regulatory and compliance implementations on an enterprise-level. He is also skilled at overseeing business process implementation and IT-system build. He has implemented sufficient compliance processes in various business areas, such as investment banking, private clients, regulatory reporting, and for different functional needs, e.g. KYC/AML and sanctions. His specialties include set up of SLAs for sourcing business processes to vendors or IT-suppliers, modeling of business processes, self- evaluation in risk mitigation programs, and in regulatory assessments by internal audit and authorities. Martin believes in method-based agile solutions to complex management problems with multiple stakeholders. He is based out of our Frankfurt office.

Markus Kehm
Principal, Infosys Consulting
Markus has extensive experience in completing large-scale transformation projects with major international clients. He is especially skilled at designing and executing business process reengineering projects for global banking operators and financial service providers. His specialties include IT migration projects for banking front-end and back-end systems; and complex software development in a dynamic project environment. Markus is multi-lingual and speaks German, French, and English. He holds a diploma in political science from Goethe University in Frankfurt. He is based out of our Frankfurt office.