JUST DO IT
As the founder of Guardian Technology Group and with over 20 years of experience in banking cybersecurity, I’ve seen firsthand the critical importance of robust processes in ensuring operational efficiency, regulatory compliance, risk management and customer satisfaction.
Want to be the Hero? Want to market the value of your IT team and the impact they make on the company as a whole? Realize your full potential in business? Find that missing piece to "But why do we do it that way?"
Here it is:
Build an annual business process improvement program for your bank or credit union and show everyone how awesome IT is! Everyone knows there are processes in the company that just STINK! No one wants to take it on because it's just too big of an animal to tame. I'm going to lay out the blueprint for you to use, tackle this monster and build trust within the company for your IT department. It's worth it I promise!
Start with asking each banking department to come up with 3 processes that are the worst. Which ones drive that department crazy. Look for the ones that everyone says "Why do we do it like this? Followed by "I don't know, that's the way we've always done it." Don't act like you don't know what I'm talking about. :)
Or you may hear, "It may not be the right way, but it's the First National Bank of Pepperidge Farms way!" (Insert your Bank or Credit Union Name here)
Get everyone involved, sell the idea and achieve buy-in.
Once you've got all the processes from each department there are some steps you want to take next:
- Get a commitment from each department to initiate and CHAMPION change.
- Make sure that everyone understands that old inefficient way, will not be an option in the future. Getting people to change may be the toughest part, or not allowing the old process to continue to linger or be taught to new hires.
- Assign ownership for the process and the sub-processes if needed. If you've never used a Responsibility Assignment Matrix (sometimes called a RACI Chart), it really helps with communication and accountability.
- bring them to IT Steering or IT Committee and have them vote on which 3 the company (this is a group effort) is going to take on this year.
- Have the owners of each process present the old and new process to increase buy in and change.
I've got all this documented for handing out to the other departments so if you actually try it (and you should) shoot me a message and I'll dig it up.
Leveraging frameworks like COBIT 2019 and CMMI(Capability Maturity Model Integration), we can systematically improve processes across various aspects of financial services.
Not familiar with COBIT 2019 and CMMI?
Read our previous article
"Creating Mature Policies and Processes with COBIT 2019 and the CMMI Framework"
Here’s how we can do it, along with how to gauge process maturity and integrate these insights into our strategic planning.
Your 4 Examples: These are just examples; everyone is going to be different and remember you don't have to do everything at once. Make it simple if it's only IT working on it or complex if you can sell it as a Company Wide Initiative. Remember to always be teaching and training the other department heads while you go through so it will continue to pick up steam. If you are the knowledge stop gap they will get disinterested. Let them RUN with it.
Streamlining Loan Approval Processes
Objective: Reduce the time taken to approve loans and improve customer satisfaction.
Steps:
- Map Current Process: Document the existing loan approval process, identifying each step from application to approval.
- Identify Bottlenecks: Analyze the process to identify bottlenecks and delays. Common issues might include manual data entry, multiple approval layers, and lack of communication.
- Implement Automation: Introduce automation tools to handle repetitive tasks such as data entry and document verification. This can significantly reduce processing time.
- Standardize Procedures: Develop standardized procedures and checklists to ensure consistency and reduce errors.
- Train Staff: Provide training to staff on the new processes and tools to ensure smooth implementation.
- Monitor and Adjust: Continuously monitor the process and gather feedback to make necessary adjustments.
Grading with CMMI:
- Initial (Level 1): Processes are ad-hoc and chaotic.
- Managed (Level 2): Processes are planned and executed in accordance with policy.
- Defined (Level 3): Processes are well-documented and standardized.
- Quantitatively Managed (Level 4): Processes are measured and controlled.
- Optimizing (Level 5): Focus is on continuous improvement.
Current Maturity Level: Managed (Level 2) - Processes are planned but not yet standardized or measured.
Improvement Plan:
- Short-Term Goal: Move to Defined (Level 3) by documenting and standardizing procedures.
- Long-Term Goal: Achieve Quantitatively Managed (Level 4) by implementing metrics to measure process performance.
Strategic Plan Impact:
- Q1: Document and standardize loan approval procedures.
- Q2: Implement automation tools and train staff.
- Q3: Introduce metrics to measure process performance.
- Q4: Review and adjust based on performance data.
Enhancing Customer Onboarding
Objective: Improve the customer onboarding experience to increase retention and satisfaction.
Steps:
- Analyze Current Onboarding Process: Review the current onboarding process to identify pain points and areas for improvement.
- Simplify Documentation: Simplify the documentation required for onboarding, making it easier for customers to provide necessary information.
- Digital Onboarding: Implement digital onboarding solutions that allow customers to complete the process online, reducing the need for in-person visits.
- Personalized Communication: Use CRM tools to send personalized welcome messages and follow-up communications to new customers.
- Feedback Mechanism: Introduce a feedback mechanism to gather insights from new customers about their onboarding experience.
- Continuous Improvement: Use the feedback to continuously improve the onboarding process.
Grading with CMMI:
- Initial (Level 1): Processes are unpredictable and reactive.
- Managed (Level 2): Processes are planned and executed.
- Defined (Level 3): Processes are standardized and documented.
- Quantitatively Managed (Level 4): Processes are measured and controlled.
- Optimizing (Level 5): Focus is on continuous improvement.
Current Maturity Level: Managed (Level 2) - Processes are planned but not yet standardized or measured.
Improvement Plan:
- Short-Term Goal: Move to Defined (Level 3) by simplifying and documenting the onboarding process.
- Long-Term Goal: Achieve Quantitatively Managed (Level 4) by implementing feedback mechanisms and metrics.
Strategic Plan Impact:
- Q1: Simplify and document the onboarding process.
- Q2: Implement digital onboarding solutions.
- Q3: Introduce personalized communication and feedback mechanisms.
- Q4: Measure and analyze feedback to make improvements.
Improving Compliance Reporting
Objective: Enhance the efficiency and accuracy of compliance reporting to meet regulatory requirements.
Steps:
- Assess Current Reporting Process: Evaluate the current compliance reporting process to identify inefficiencies and areas prone to errors.
- Centralize Data Collection: Implement a centralized system for collecting and storing compliance-related data, ensuring easy access and consistency.
- Automate Reporting: Use compliance management tools to automate the generation of reports, reducing manual effort and the risk of errors.
- Standardize Report Formats: Develop standardized report formats to ensure consistency and ease of review.
- Regular Training: Provide regular training to staff on compliance requirements and the use of reporting tools.
- Audit and Review: Conduct regular audits and reviews of the reporting process to ensure accuracy and compliance with regulations.
Grading with CMMI:
- Initial (Level 1): Processes are unpredictable and reactive.
- Managed (Level 2): Processes are planned and executed.
- Defined (Level 3): Processes are standardized and documented.
- Quantitatively Managed (Level 4): Processes are measured and controlled.
- Optimizing (Level 5): Focus is on continuous improvement.
Current Maturity Level: Managed (Level 2) - Processes are planned but not yet standardized or measured.
Improvement Plan:
- Short-Term Goal: Move to Defined (Level 3) by centralizing data collection and standardizing report formats.
- Long-Term Goal: Achieve Quantitatively Managed (Level 4) by automating reporting and implementing regular audits.
Strategic Plan Impact:
- Q1: Centralize data collection and standardize report formats.
- Q2: Implement compliance management tools and train staff.
- Q3: Automate reporting processes.
- Q4: Conduct regular audits and reviews.
"It could happen...you don't know. Let a boy have a dream. One UFO right to the datacenter.
Optimizing IT Incident Management
Objective: Reduce the time to resolve IT incidents and minimize their impact on operations.
Steps:
- Document Current Process: Map out the current IT incident management process, identifying each step from incident detection to resolution.
- Identify Weaknesses: Analyze the process to identify weaknesses such as slow response times, lack of communication, and inadequate documentation.
- Implement ITSM Tools: Use IT Service Management (ITSM) tools to automate incident tracking, prioritization, and resolution workflows.
- Define SLAs: Establish clear Service Level Agreements (SLAs) to set expectations for response and resolution times.
- Train IT Staff: Provide training to IT staff on the new tools and processes to ensure effective implementation.
- Continuous Monitoring: Monitor incident management metrics and gather feedback to continuously improve the process.
Grading with CMMI:
- Initial (Level 1): Processes are unpredictable and reactive.
- Managed (Level 2): Processes are planned and executed.
- Defined (Level 3): Processes are standardized and documented.
- Quantitatively Managed (Level 4): Processes are measured and controlled.
- Optimizing (Level 5): Focus is on continuous improvement.
Current Maturity Level: Managed (Level 2) - Processes are planned but not yet standardized or measured.
Improvement Plan:
- Short-Term Goal: Move to Defined (Level 3) by documenting and standardizing the incident management process.
- Long-Term Goal: Achieve Quantitatively Managed (Level 4) by implementing ITSM tools and defining SLAs.
Strategic Plan Impact:
- Q1: Document and standardize the incident management process.
- Q2: Implement ITSM tools and train IT staff.
- Q3: Define SLAs and monitor incident management metrics.
- Q4: Review and adjust based on performance data.
Objective: Improve the identification, assessment, and mitigation of risks to protect the organization.
Steps:
- Risk Assessment: Conduct a comprehensive risk assessment to identify potential risks across the organization.
- Risk Register: Develop a risk register to document identified risks, their potential impact, and mitigation strategies.
- Automate Risk Monitoring: Implement risk management tools to automate the monitoring and reporting of risks.
- Regular Reviews: Schedule regular risk review meetings to assess the effectiveness of mitigation strategies and update the risk register. Use this time to develop risk appetite statements and gain approval.
- Employee Training: Provide training to employees on risk management practices and their role in identifying and mitigating risks.
- Continuous Improvement: Use insights from risk reviews to continuously improve risk management processes.
Grading with CMMI:
- Initial (Level 1): Processes are unpredictable and reactive.
- Managed (Level 2): Processes are planned and executed.
- Defined (Level 3): Processes are standardized and documented.
- Quantitatively Managed (Level 4): Processes are measured and controlled.
- Optimizing (Level 5): Focus is on continuous improvement.
Current Maturity Level: Managed (Level 2) - Processes are planned but not yet standardized or measured.
Improvement Plan:
- Short-Term Goal: Move to Defined (Level 3) by developing a risk register and standardizing risk management processes.
- Long-Term Goal: Achieve Quantitatively Managed (Level 4) by automating risk monitoring and conducting regular reviews.
Strategic Plan Impact:
- Q1: Conduct risk assessment and develop a risk register.
- Q2: Automate Risk monitoring or create a manual scoring system based off of assessments.
- Q3: Schedule quarterly or bi-annual reviews and update the risk register. Work on Risk Appetite Statements for each department in Banking. Teach departments and let them run their show while your team advises
- Q4: Employee Training on risk management practices. Begin with Management level teach the teacher courses. Develop SOP's on continuous improvement tasks to maintain.
If you made it this far, give yourself a pat on the back and a "Attaboy/girl" from me. Great job! Call me and let's talk about how you're going to implement this and put a plan together. Dan believes in you. YOU CAN DO THIS!