BT Group

BT Group

Case Study

BT Group plc, trading as BT, is a British multinational telecommunications services company with operations in around 170 countries. Through its BT Global Services division it is a supplier of telecoms services to corporate and government customers worldwide, while BT Consumer and BT Business are suppliers of telephony, broadband and subscription television services in GB.

Like all businesses BT is affected by risks and uncertainties, impacted by external and internal factors. The organization needs to manage risk to meet its objectives, build shareholder value and promote its stakeholders’ interests. The company has in place an Enterprise Risk Management (ERM) framework, underpinned by Active Risk Manager (ARM) from Sword Sword GRC.

All the lines of business within BT are required to manage risk within the framework, identifying and responding to the key risks to their business and recording them within the ARM application.

"We have worked with BT for many years, developing and supporting the company's risk management operations. The progress BT has made on its risk management journey has been impressive, and so too are its future ambitions, which will help BT to stand head and shoulders above the industry in the provision of services to its customers."
Mike Thirlaway
Global Account Director at Sword GRC

An early partnership approach

The partnership that exists today started as an early pilot project with Sword GRC (previously Strategic Thought Group) in 2003. At the time BT’s Global Services division deployed ARM for one of its major government contracts. Following the success of this early programe, ARM was soon rolled out more widely across the division for other key programes.

Stephen Tait, Compliance Manager BT Group explains; “When BT wins a new business contract, it is often the case that different parts of the business are required to play a part in its delivery. This includes our BT Technology, Service and Operations (TSO) division which in many cases delivers services for such contracts, drawing upon other departments within the business. Having a robust mechanism to allow us to manage risks across teams is very important.”

Implementing an Enterprise wide Risk management framework

At a more strategic level, BT’s focus has been on implementing an enterprise-wide risk management framework.

According to Stephen Tait; “We conducted a feasibility study of how risk was managed across the organization and found that there was an opportunity to move our lines of business onto a common risk management system. We worked with colleagues across BT to have ARM adopted and recognized as the standard approach for enterprise risk across the organization, working with Sword GRC to provide guidance and training as required. In doing so we are now able to aggregate risk across the whole organization and break down the risks from different viewpoints.”

Stephen Tait

Ease of use ensures widespread adoption

Introducing ARM has supported BT in its objective to roll out common templates across the business, ensuring consistency of data and methods.

“Due to its flexibility, ARM enables us to make changes ourselves in a structured way to meet our own requirements. Without too much effort we are able to create a format (record types) to suit different departmental work practices while keeping within our risk policies, getting more buy-in from the end users. This ensures that different parts of the business receive the templates and reports formatted in a way to suit their individual requirements. It means that the recording and reporting of risk is more thorough, but less people intensive,” said Stephen.

“Once people started to understand what ARM could do and the benefits it offered, we started to see an increase in interest and demand across the BT business units. In fact, we are now in a position where the users are driving our evolution of ARM as much as the central risk team.

“ARM Lite has provided an ease of access for line of business staff and non-risk specialists which is of great benefit. It means that risk management can be built into their daily work, even used in conjunction with such applications as Microsoft Outlook. The full ARM solution can be used by the true risk professionals, providing an aggregated view for highly complex reporting and analysis, while ARM Lite can also be used with less in depth knowledge – ARM can be adapted to the differing requirements of the end user,” said Stephen.

Helping to meet compliance and governance requirements

The flexibility of ARM is now delivering more benefits to BT, as it is adopted for more specialized functions including governance and compliance.

Mike Thirlaway commented; “BT’s aspiration to taking an integrated approach to the wider GRC functions is testament to its commitment to managing risk and compliance across the organization for the benefit of all stakeholders including customers, investors, partners and staff.”

“ARM is an integral part of how we manage risk in BT. The value of having a single repository of the organization’s risks is significant. Our focus now is on maximizing the benefits the tool provides to help us meet our customer and contract obligations and give us further assurance that financial and reputational risks are securely managed.

“As a supplier, working with Sword GRC is easy. We have a trusted account manager that we have worked with for several years which means they understand our business and are able to help us to meet our risk management goals,” concluded Stephen Tait.