Risk and Audit System Replacement Project
This is a contract result notice, not an open opportunity. Details from the official award data.
This is a large award for Software & IT Systems — above three-quarters of comparable contracts. Based on 30,286 valued Software & IT Systems tenders in our corpus.
The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).
As a fully independent subsidiary of the FCA, the PSR operates to a shared service agreement, but each retains full data segregation.
Any proposed solution will be required to maintain this segregation.
The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation.
Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives.
It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm.
The current risk system is a commercial off the shelf (COTS), software as a service (SaaS) platform.
This has been configured to support, as examples, the FCA's risk of harm and own risk taxonomies and scoring methodologies, to automate aspects of the FCA's Risk and Control Self-Assessment (RCSA) process; Risk Event Management process; risk acceptance and various risk and assurance reviews that are conducted by 2LOD.
Additionally, it includes a small number of cross-cutting Risks of Harm.
The current Internal Audit (IA) system is used as a workflow tool to manage the activities associated with internal audits, including findings and actions.
This is also a COTS SaaS, with a component hosted on desktop.
Both systems are functionally similar platforms and classified as 'Governance, Risk and Compliance' software tools.
Moving to a single platform for all risk and audit information will support the consolidation of our IT estate.
A unified platform is envisaged to benefit day to day users, providing a clear view of the risks and controls they manage, linking the outcomes of IA reviews to wider risk management activities.
In addition, this would provide stakeholders with an improved view of risk exposures and resultant mitigations by connecting the data to enable more effective and efficient decision making.
The system will be required to support the FCA's roadmap for critical risk management tools and processes and must therefore be able to support existing (and new) capabilities that have not previously been automated, such as Compliance (i.e., policy management and the implementation of a standardised control library) and Key Risk Indicator management.
What the supplier must deliver
The FCA is establishing a contractual mechanism
The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).
Any proposed solution will be required
Any proposed solution will be required to maintain this segregation.
The system will support the further embedding
The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation.
Risk Management plays an essential role in
Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives.
It does this by helping to ensure
It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm.
Derived from the notice text — always confirm against the original documents.
Make the case to bid
Reveal who to approach at Financial Conduct Authority, and generate a go-to-market strategy from their news, accounts and people.
- OCID
- 38692586-3291-4f8c-9374-495a020c71d0
- Stage
- contract · Contract
- Source
- Contracts Finder
- Buyer ref
- CF-0007700D8d000009sg5IEAQ
Contains public sector information licensed under the Open Government Licence v3.0. Source data © Crown copyright.
Who wins this kind of work
The suppliers and buyers around this opportunity — drawn from official award data. Drag to orbit; click a node to explore.
Top suppliers & buyers in Software & IT Systems
Financial Conduct Authority’s tender network
Assembling the network…