From bottleneck to self-service — the rules stayed, the friction didn't.
In a large enterprise, compliance isn't optional — but a process that takes days to complete is a process that gets worked around. This case study is about redesigning technology risk workflow so that rigour and speed stopped being opposites. The goal wasn't to simplify compliance. It was to make doing it correctly the path of least resistance — for thousands of users across all levels of risk, operations, and governance, operating under some of the most demanding regulatory standards in financial services.
Impact
From reactive to proactive risk management
Significantly faster
Operational remediation time, down from days
Increased efficiency
To identify urgency
Improved accuracy
In status interpretation
The App
Compliance without
the complexity.
Rigour stays intact — the workflow just gets out of the way.
Background
Where compliance meets engineering velocity
Compliance remediation is a critical phase in any large enterprise technology risk process — the stage where teams identify, assess, and remediate technology risks before they become release blockers or regulatory issues.
The challenge: make this process faster and clearer, without compromising the rigour that keeps the organisation's security posture strong.
The Problem
Eight compounding challenges undermining risk management
Research synthesis — from symptoms to insight
Discovery
How might we streamline remediation without compromising standards?
The design challenge was precise: "How might we create a seamless experience for all scorecard remediation stages by retrofitting current fix requirements, without compromising existing security or regulatory standards?"
Through user research and interviews, iterative ideation with cross-functional teams, and high-fidelity prototyping cycles, two major design opportunities emerged.
Strategy
Six design objectives
Design Concept 01
Status legibility as a compliance risk
The risk: In a regulated environment, a status that can be misread isn't a usability nuisance — it's a governance exposure. The legacy system encoded compliance state in colour alone — so colour-blind users had no reliable way to tell one status from another, and a meaningful share of all users misinterpreted where they actually stood. Misreading "non-compliant" as "Compliant" is exactly the kind of gap that surfaces in an audit — that ambiguity carried real regulatory risk.
The decision: I framed this as risk reduction, not restyling. Each status pairs colour with a distinct icon and an explicit label, so its exact meaning reads at a glance — with no legend to learn. Colour does the work for typical users; the icon and label make the same status unambiguous for colour-blind users and anyone relying on assistive technology. Colour + the right icon, together, serve everyone — and meet WCAG standards by default. The point wasn't prettier indicators; it was removing a whole category of misinterpretation from a compliance-critical workflow.
- Status readable without relying on colour — including for colour-blind users
- A distinct icon per status signals its exact meaning — nothing to learn
- WCAG-aligned accessibility as a baseline, not an afterthought
- Fewer misreads — lower compliance-reporting risk
- Consistent terminology across the entire workflow
Design Concept 02
Time as the primary signal
The gap: High number of users couldn't identify their most urgent compliance items from the existing dense table layout. Scanning fatigue was real — users spent more time reading the table than actually remediating risks.
The solution: Introduced a multiple calendar view types (weekly, monthly, yearly) that makes time the primary organisational dimension. Risk urgency is immediately visible from the temporal layout. Action-focused detail views and integrated guidance contextualise each item at the moment of remediation.
- Calendar view surfaces deadline urgency at a glance
- Information segmentation reduces visual noise
- Action-focused details panel reduces context-switching
- Integrated guidance reduces "five people" problem
- Stand-up meetings become more efficient
Users reported that the redesigned workflow reduced the need for cross-team coordination — what previously required multiple people to resolve could now be handled independently.
Improvements
From reactive to proactive risk management
Significantly faster
operational remediation time, down from days
Increased efficiency
to identify urgency
Improved accuracy
in status interpretation
- Reduced cognitive load for new joiners — intuitive from day one
- More efficient remediation workflow with less context-switching
- Improved predictability — risks surface before they become blockers
- Decreased user frustration across engineering and risk teams
- Improved team stand-up efficiency with at-a-glance weekly view