search CONTACT US
Case Study Case Study
Perspectives

Case Studies

Explore expert perspectives on industry transformation, emerging technologies, and business innovation. Stay ahead with insights from WNS thought leaders.

Customer Stories

Testimonials

ALM Media, LLC

Josh Gazes, Senior Vice President – Operations

British Gas

Jess Johnson, Head of Operational Excellence

Mosaic Insurance

Mitch Blaser, Co-CEO

Mosaic Insurance

Krishnan Ethirajan, COO

Oxford Nanopore Technologies

Jason Hendrey, Senior Director, Global Customer Services

WS Audiology (WSA)

Christof Steube, Director of Finance Excellence

Kiwi.com

Leonard McCullie, Director, Vendor Management

Kiwi.com

Petra Reiter, Vice President, Customer Services

Flight Centre

Aaron Fadelli, Business Leader

Healius Pathology

Alex Cook, Head of Finance Operations

Varo Bank

Breanna Rivers, Partner Performance Manager

Yorkshire Building Society Group (YBS)

Jessica Lockwood, Process Automation Manager

WS Audiology (WSA)

Sharang Patil, Director of Group Finance Excellence

Priya Madan Mohan, VP for Group Accounting & Controlling

United Airlines

Chris Kenny, VP and Controller

GFG Alliance

Phillip Irish, General Manager, Shared Services Delivery, Quality & Governance

Energy Australia

Steve Corden, Outsource Operations Leader

Delaware North

Christopher Lozipone, Senior Vice President and Global Business Services Head

Moneycorp

Nick Haslehurst, Chief Financial & Operating Officer

Prodigy Finance

Nico Barnard, Head of Operations

M&T Bank

Chris Tolomeo, Senior VP & Head of Banking Services

Minerals Technologies Inc. (MTI)

Khem Balkaran, CIO

Church's Chicken

Louis J. Profumo, CFO & EVP
Perspectives | Case Study

Transforming Internal Controls Management for a Global Insurer through Specialist-led, AI-enabled GRC

Read | May 06, 2026

AUTHOR(s)

A WNS Perspective

Key Points

  • A leading global insurer faced rising audit demands and expanding control complexity, but fragmented Governance, Risk and Compliance (GRC) systems and skill gaps limited its ability to deliver consistent, enterprise-wide assurance at scale.
  • WNS re-architected the GRC operating model with a specialist-led approach, a unified controls framework and AI-enabled standardization, creating a single source of truth and an integrated, end-to-end audit lifecycle.
  • The transformation scaled assurance coverage, accelerated control testing and documentation, and significantly reduced audit friction – positioning GRC as a continuous, insight-driven capability rather than a periodic compliance exercise.

The Industry Landscape
Navigating Scale and Complexity in Modern GRC

As insurance firms scale, their control environments expand across processes, systems and reporting layers, demanding consistent coverage and assurance without a proportional increase in cost or complexity.

To meet this requirement, enterprises are shifting from periodic compliance exercises to scalable, always-on GRC operating models that embed standardization and domain-relevant automation. This enables continuous, insight-driven control monitoring, improving transparency, strengthening audit readiness and sustaining effective governance at scale.

The Client Challenge
Bridging Capability Gaps in a High-Demand GRC Environment

A leading global insurer operated in a complex, evolving GRC environment where alignment with financial and non-financial risk and control frameworks required specialized expertise across control design, testing and documentation. However, capacity constraints and skill gaps limited its ability to execute control reviews at scale.

This gap between rising audit demands and execution capability impacted overall GRC effectiveness, resulting in:

Gaps in process review coverage, reducing assurance levels

Increased reliance on prolonged auditor interactions

Higher compliance costs due to re-work and inefficiencies

Strain on business stakeholders and control owners managing fragmented processes

Lack of a single source of truth due to fragmented control documentation spread across multiple GRC tools

The Solution
A Scalable, AI-powered GRC Operating Model

As a strategic partner to First Line of Defense, WNS collaborated with the insurer to unify and streamline internal controls management with enhanced coverage for consistent high-quality audit outcomes across a complex, multi-entity environment.

Moving beyond fragmented audit support, our team conducted in-depth process risk assessments, with end-to-end reviews of 410 + controls across 125+ processes and 50+ systems while mapping manual and IT controls, key system applications, End-User Computing (EUC), model controls, and ESG and Information Produced by the Entity (IPE) controls.

This led to a GRC transformation solution that rested on five key pillars.

Infographic
← Swipe →

1. Specialist-led Operating Model

At the core of the solution was a curated team of GRC specialists with deep expertise across business and technology controls. This replaced the client’s reliance on traditional pyramid-based staffing models, delivering sharper insights, stronger control perspectives and significant cost efficiencies, without compromising on rigor or timelines.

2. Standardized GRC Tool as Single Source of Truth

A standardized, unified GRC environment was implemented by streamlining process and control taxonomies, harmonizing data structures and reducing redundancies across entities and domains. The GRC tool’s usability and effectiveness was improved through refined workflows and enhanced control mapping, creating a reliable single source of truth for controls, processes and audit evidence.

3. Unified Controls Review

A single, coordinated execution model brought together the First Line of Defense and external auditors into a tightly aligned workflow. By managing the full audit lifecycle – from planning through testing and validation – this model eliminated silos, reduced duplication and ensured consistent interpretation of control requirements across teams.

4. AI-led Standardization and Productivity Enhancement

WNS embedded AI-enabled capabilities, including OpenAI-powered Copilot and client-led tools, into key stages of the GRC lifecycle. This layer standardized documentation, streamlined audit workflows and improved the speed and consistency of outputs, reducing manual effort while enhancing overall audit quality.

5. Framework-driven Governance and Consistency

The entire model was anchored to the client’s financial risk and control framework, aligned with the Internal Control Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This ensured all activities were executed within a consistent governance structure, supporting audit readiness and regulatory alignment across the enterprise.

The Outcome
Stronger Control Assurance with Scalable, Future-Ready GRC

The engagement delivered a step change in the client’s control environment by combining deep process visibility with structured remediation and governance improvements. It delivered:

  • Enterprise-wide process risk assessment aligned with external audit expectations

  • Comprehensive review of processes with detailed walkthroughs, control identification and enhancement recommendations

  • End-to-end documentation of process flows, narratives and control mapping across business and IT environments

  • Coordinated remediation with cross-functional stakeholders, enabling timely closure of control gaps and improved control maturity

Tangible outcomes included:

0+

high-impact process improvement opportunities uncovered across key functions

0+

critical control deficiencies surfaced, reducing operational and compliance risk exposure

0

expansion in internal assurance capability

0

scaled coverage across business units

0

external auditor reliance achieved, reducing audit friction

0

acceleration in process documentation and IT control testing through intelligent automation

Download Case Study

Join the conversation
Related To: Governance Risk and Compliance Insurance