ToolkitComplimentary Resource

Change Impact Assessment Toolkit

Systematically assess the impact of changes across people, process, technology, and data. Prevent unintended consequences.

Enterprise-Grade Resources

Battle-tested frameworks
Institutional best practices
Regulatory compliance standards
Adaptable to your context

Change Impact Assessment Toolkit

What is Change Impact Assessment?

Change Impact Assessment (CIA) is a structured process to identify, analyse, and plan for the effects of a proposed change on your organisation. It answers the question: "If we make this change, what else will be affected?"

Why Change Impact Assessment Matters

Without Impact Assessment: -Unintended consequences and hidden costs -Scope creep and budget overruns -Inadequate stakeholder engagement -Failed implementations and user resistance -Regulatory breaches due to overlooked impacts

With Impact Assessment:

Comprehensive understanding of change implications
Realistic budget and timeline estimates
Proactive stakeholder management
Smooth implementation with user buy-in
Reduced risk and increased success rate

Change Impact Assessment Framework

┌─────────────────────────────────────────────────────────────┐
│ CHANGE IMPACT ASSESSMENT FRAMEWORK                          │
└─────────────────────────────────────────────────────────────┘

STEP 1: DEFINE THE CHANGE
• What is changing? (scope)
• Why is it changing? (business case)
• When is it changing? (timeline)

STEP 2: IDENTIFY IMPACTED AREAS
• People (roles, skills, behaviours)
• Process (workflows, procedures)
• Technology (systems, data, interfaces)
• Organisation (structure, governance)
• Customers (experience, communications)

STEP 3: ASSESS IMPACT SEVERITY
• Rate each impact (High/Medium/Low)
• Quantify where possible (cost, effort, time)

STEP 4: ANALYSE DEPENDENCIES
• What must happen before this change?
• What is blocked by this change?
• What else changes as a result?

STEP 5: DEVELOP MITIGATION PLAN
• Actions to reduce negative impacts
• Contingency plans for risks
• Change management approach

STEP 6: STAKEHOLDER ENGAGEMENT
• Identify affected stakeholders
• Communication plan
• Training and support needs

STEP 7: APPROVAL AND SIGN-OFF
• Present impact assessment to governance
• Obtain approvals
• Document decisions

Impact Assessment Template

Section 1: Change Overview

CHANGE ID: CHG-2025-001
CHANGE TITLE: Implement Real-Time Trade Surveillance System
CHANGE TYPE: Technology Implementation
CHANGE SPONSOR: Chief Compliance Officer
REQUESTED BY: FCA Regulatory Review
DATE: 15 January 2025

CHANGE DESCRIPTION:
Replace batch-based trade surveillance system with real-time surveillance
platform to detect market abuse within 1 minute of execution (vs T+1 today).

BUSINESS JUSTIFICATION:
• FCA identified current system as inadequate (T+1 detection too slow)
• Reduce false positive rate from 85% to <20%
• Free up 30 hours/week of analyst time
• Demonstrate continuous improvement to regulator

SUCCESS CRITERIA:
• Real-time detection (<1 minute latency)
• False positive rate <20%
• Zero false negatives (100% detection of suspicious activity)
• Go-live by Q2 2025 (before FCA inspection)

BUDGET: £250k
TIMELINE: 20 weeks (Jan - May 2025)

Section 2: Impact Analysis by Dimension

2.1 People Impact

Stakeholder Group	Impact	Severity	Details	Mitigation
Surveillance Analysts (2 FTE)	New system, new workflows	HIGH	• Must learn new UI and workflows • Change from reviewing batch alerts to real-time triage • Skills gap: need training on risk scoring	• 3-day training programme • Parallel run for 4 weeks • Daily support during hypercare
Compliance Manager	New dashboards and reports	MEDIUM	• Must monitor different KPIs (response time, risk scores) • New escalation process	• Weekly review meetings • Custom dashboard design
IT Support Team	New system to support	MEDIUM	• 24/7 support required (vs batch job today) • New monitoring tools	• Runbook creation • On-call rota established
MLRO	Different alert format	LOW	• Alert escalations formatted differently	• Demo session • Updated escalation template

Summary:

Total FTE impacted: 8 people
Training required: 2 days per person (analyst), 1 day (others)
Change resistance risk: MEDIUM (analysts concerned about real-time pressure)
Mitigation: Early engagement, pilot with 1 analyst, emphasise efficiency gains

2.2 Process Impact

Process	Current State	Future State	Impact	Changes Required
Alert Review	Batch: Analysts review 850 alerts per day in end-of-day queue	Real-time: Analysts triage alerts as they arrive, prioritised by risk score	HIGH	• New procedure: real-time triage • New SLA: High-risk alerts within 4 hours • New escalation: Auto-escalate if SLA breached
Alert Investigation	Manual review of trade data from multiple systems	Consolidated view in new UI with all context	MEDIUM	• Updated investigation checklist • New evidence capture process
Case Escalation	Email to MLRO with Excel attachment	Automated case creation in Actimize	MEDIUM	• Integration testing • Updated RACI (system creates case, not analyst)
Reporting	Weekly report to Board: Alert volumes, false positive rate	Daily report + Weekly Board report: Alert volumes, SLA compliance, risk scores	LOW	• New report template • Automated report generation

Process Maps:

As-Is BPMN created
To-Be BPMN created
Gap analysis in progress
New procedures to be drafted (due: Week 8)

2.3 Technology Impact

System	Impact	Details	Integration Required?	Owner
Fidessa OMS	SOURCE: Trade data feed	Must provide real-time trade data via Kafka (vs batch today)	YES: New Kafka producer	IT + OMS Vendor
ThetaRay (NEW)	NEW SYSTEM: Real-time surveillance	New platform to be implemented	N/A (new)	IT + ThetaRay
Actimize	TARGET: Case management	Receive escalated alerts via API	YES: New API integration	IT + Actimize Vendor
HR System	SOURCE: Trader reference data	Provide trader names, desk assignments	YES: Daily batch file	IT
Bloomberg	SOURCE: Market data	Provide reference prices for validation	YES: API integration	IT + Bloomberg

Infrastructure Requirements:

AWS cloud environment (2 EC2 instances, RDS database, S3 storage)
Kafka message queue (new)
Network firewall rules for vendor access

Data Migration:

Historical alerts (last 12 months) to be migrated for trend analysis
Estimated 500,000 records
Migration window: Week 12-13

2.4 Data Impact

Data Element	Impact	Current	Future	Data Quality Risk
Trade Data	Real-time ingestion	Batch file (end-of-day)	Kafka stream (real-time)	Potential latency or message loss if Kafka unavailable
Trader Reference Data	Enrichment required	Manual lookup	Auto-enrichment from HR system	Missing traders if HR system not updated
Alert Data	New structure	Simple alert log	Risk score + ML features	Must ensure risk score is explainable for regulators
Case Data	Integration with Actimize	Manual Excel export	Automated API	API failures could block escalations

Data Retention:

Alert data: 7 years (regulatory requirement)
Archived to S3 Glacier after 1 year

Data Privacy:

Trade data contains personal data (trader names)
GDPR compliance: Data processing agreement with ThetaRay

2.5 Organisation Impact

Dimension	Impact	Details
Roles & Responsibilities	RACI changes	• New role: Real-Time Surveillance Lead (1 FTE hire) • Existing analysts shift from batch review to real-time triage • IT team accountable for 24/7 system availability
Governance	New committee	• Surveillance Steering Committee (monthly) to review KPIs, tune rules • Members: CCO, Compliance Manager, MLRO, IT Lead
Policies	Updated policies	• Market Abuse Policy: Update to reflect real-time monitoring • Data Retention Policy: Update to include new alert data
Reporting Lines	No change	Compliance structure unchanged

2.6 Customer/External Impact

Stakeholder	Impact	Details	Communication Plan
FCA (Regulator)	Positive: Demonstrates improvement	Enhanced surveillance capability	Quarterly update to FCA supervisor
Clients	None	No client-facing changes	N/A
Third-Party Vendors	New contracts	ThetaRay (software), AWS (infrastructure)	Procurement process initiated

Section 3: Risk Assessment

Risk	Impact	Likelihood	Score	Mitigation
ML model produces unexpected results	HIGH	MEDIUM	HIGH	• Parallel run with old system for 12 weeks • Manual override capability • Weekly model performance review
Real-time feed from OMS unstable	HIGH	LOW	MEDIUM	• Retain batch fallback • Message queue buffering • SLA with OMS vendor
Analysts resist new system	MEDIUM	MEDIUM	MEDIUM	• Early user involvement in design • Pilot with 1 analyst first • Emphasise efficiency gains
Integration with Actimize fails	MEDIUM	LOW	LOW	• Manual case creation fallback • Retry mechanism with alerting
Budget overrun	MEDIUM	LOW	LOW	• Fixed-price contract with ThetaRay • 10% contingency budget
Timeline delay (miss FCA inspection)	CRITICAL	LOW	MEDIUM	• Weekly steering committee • Fast-track approval process • Vendor SLAs with penalties

Section 4: Dependencies

Pre-requisites (must complete before this change):

FCA approval for real-time surveillance approach
Budget approval (£250k)
Kafka infrastructure provisioning (due: Week 2)
ThetaRay contract signed (due: Week 1)
Real-Time Surveillance Lead hired (due: Week 4)

Dependent Changes (blocked by this change):

Expansion of surveillance to FX trading (deferred to Phase 2, Q3 2025)
Integration with trade reporting system (deferred to Q4 2025)

Concurrent Changes (happening in parallel):

T+1 settlement project (separate programme, some resource overlap)
OMS upgrade (potential conflict: need OMS stable during surveillance go-live)

Section 5: Stakeholder Analysis

Stakeholder	Interest	Influence	Attitude	Engagement Strategy
CCO (Sponsor)	HIGH	HIGH	CHAMPION	Weekly 1:1, steering committee chair
Compliance Manager	HIGH	HIGH	SUPPORTIVE	Daily stand-ups, UAT lead
Surveillance Analysts	HIGH	MEDIUM	NEUTRAL/RESISTANT	Early involvement, pilot participant, training
MLRO	MEDIUM	HIGH	SUPPORTIVE	Monthly reviews, escalation workflow design
CTO	MEDIUM	HIGH	NEUTRAL	Fortnightly tech reviews, architecture sign-off
FCA	HIGH	HIGH	SUPPORTIVE	Quarterly updates, demo at readiness assessment
IT Support Team	MEDIUM	LOW	NEUTRAL	Training on new system, runbook co-creation

Stakeholder Engagement Plan:

Pre-Launch: Town hall (all staff, Week 1), Q&A sessions (analysts, Week 2-4)
During Build: Weekly demos to analysts, fortnightly steering committee
Pre-Go-Live: UAT with analysts (Week 16-18), sign-off meetings
Post-Go-Live: Daily stand-ups (Week 20-22), hypercare support

Section 6: Change Management Plan

Communication Plan

Audience	Message	Channel	Frequency	Owner
All Compliance Staff	"New real-time surveillance system launching Q2 2025"	Email + Town Hall	Week 1, then monthly updates	CCO
Surveillance Analysts	"Detailed walkthroughs of new system and workflows"	Workshops	Weekly during Weeks 2-18	Compliance Manager
Exec Committee	"Progress updates on regulatory change programme"	Steering Committee	Monthly	CCO
FCA	"Enhanced surveillance capability demonstration"	Scheduled call	Quarterly	CCO

Training Plan

Audience	Training	Duration	Format	Schedule
Surveillance Analysts	New system UI, workflows, risk scoring	3 days	Classroom + hands-on	Week 16-17
Compliance Manager	Dashboards, reporting, rule tuning	2 days	Classroom + hands-on	Week 16
IT Support	System architecture, monitoring, troubleshooting	2 days	Technical deep-dive	Week 15
MLRO	Alert escalation process, new case format	1 hour	Demo session	Week 18

Resistance Management

Expected Sources of Resistance:

Analysts: Fear of real-time pressure, loss of control
IT: Concerned about 24/7 support burden
Some managers: Comfortable with current process

Mitigation Strategies:

Early Involvement: Include analysts in design workshops (co-create workflows)
Pilot Approach: Test with 1 analyst first, refine based on feedback
Emphasise Benefits: Highlight 75% reduction in false positives (less work)
Support: Provide 4 weeks of daily support during hypercare
Quick Wins: Demonstrate early efficiency gains (faster investigations)

Section 7: Implementation Approach

Phased Rollout

Phase 1: Pilot (Weeks 16-17)

Single analyst, single trading desk
Run in parallel with old system
Gather feedback, refine workflows

Phase 2: Expanded Pilot (Weeks 18-19)

All analysts, all desks
Continue parallel run
Final refinements

Phase 3: Go-Live (Week 20)

Switch to new system as primary
Old system retained as fallback for 4 weeks
Daily monitoring and support

Phase 4: Hypercare (Weeks 20-23)

Daily stand-ups with analysts
Rapid issue resolution
Performance monitoring

Phase 5: BAU Handover (Week 24)

System stable, users confident
Handover to BAU support team
Post-implementation review

Rollback Plan

Trigger for Rollback:

System unavailability >4 hours during trading day
False negative detected (missed genuine market abuse)
User rejection (majority of analysts cannot use system effectively)

Rollback Steps:

Decision to rollback made by CCO + CTO
Re-enable batch surveillance system (takes 1 hour)
Notify all users, FCA (if material)
Root cause analysis + remediation plan
Re-plan go-live

Section 8: Cost-Benefit Analysis

Costs

Cost Category	Amount	Notes
Software (ThetaRay)	£150k	3-year license
Implementation Services	£60k	Vendor professional services
AWS Infrastructure	£20k/year	Cloud hosting
Training	£10k	External trainer
Headcount (Surveillance Lead)	£70k/year	New hire
Contingency (10%)	£25k	Buffer for unforeseen costs
TOTAL	£335k (Year 1)	£160k/year ongoing

Benefits (3-Year)

Benefit	Value	Notes
Analyst Time Savings	£180k/year	30 hours/week × £60/hour × 50 weeks
Regulatory Risk Reduction	£500k (one-time)	Avoid potential FCA fine
Reduced False Positives	£120k/year	70% reduction in wasted effort
TOTAL 3-YEAR	£1.4M	NPV (10% discount): £920k

ROI: 174% (3-year) Payback: 18 months

Section 9: Success Metrics

Metric	Baseline	Target	Measurement
Detection Latency	T+1 (24 hours)	<1 minute	System monitoring
False Positive Rate	85%	<20%	Monthly reporting
SLA Compliance	N/A (no SLA today)	>95% (High-risk <4 hours)	Dashboard tracking
System Availability	95% (batch)	99.5% (real-time)	AWS CloudWatch
User Satisfaction	N/A	>4.0/5.0	Post-implementation survey
Analyst Efficiency	45 min/alert	<15 min/alert	Time tracking

Section 10: Approval and Sign-Off

Approver	Role	Approval Criterion	Status	Date
CCO	Sponsor	Business case approved	APPROVED	15 Jan 2025
CTO	Technical Authority	Architecture approved	APPROVED	18 Jan 2025
CFO	Budget	Budget approved	APPROVED	20 Jan 2025
CRO	Risk	Risk assessment approved	APPROVED	22 Jan 2025
Exec Committee	Final Approval	Programme approved	PENDING	30 Jan 2025

Impact Assessment Checklist

Discovery Phase

Change clearly defined (scope, timeline, budget)
Business justification documented
Stakeholders identified
Current state documented (process maps, system diagrams)

Impact Analysis Phase

People impact assessed (roles, skills, training)
Process impact assessed (workflows, procedures)
Technology impact assessed (systems, data, integrations)
Organisation impact assessed (structure, governance)
Customer/external impact assessed
Dependencies identified (pre-requisites, dependent changes)
Risks identified and mitigation plans created

Planning Phase

Change management plan created
Communication plan created
Training plan created
Implementation approach defined (phased, big-bang, pilot)
Rollback plan created
Success metrics defined

Approval Phase

Impact assessment reviewed with stakeholders
Approvals obtained (sponsor, technical, budget, risk)
Governance approval (exec committee, board)

Implementation Phase

Impact assessment kept up-to-date as changes occur
Stakeholder engagement ongoing
Issues logged and tracked
Success metrics monitored

Post-Implementation Phase

Benefits realisation review
Lessons learned captured
Impact assessment archived for future reference

Impact Assessment Best Practices

Start Early: Conduct impact assessment during requirements phase (not after design) Involve Stakeholders: Don't assess in isolation; interview affected parties Be Realistic: Don't underestimate effort, cost, or resistance Quantify: Use numbers where possible (time, cost, FTE) Think End-to-End: Consider upstream and downstream impacts Document Assumptions: Make constraints and dependencies explicit Update Regularly: Impact assessment is living document, not one-time exercise Use for Governance: Present to approval bodies (exec committee, board)

Change Impact Rating Matrix

                  ORGANISATIONAL IMPACT

    HIGH    │  MAJOR CHANGE        │  TRANSFORMATIONAL
            │  (6-12 months)       │  (12-24 months)
            │                      │
COMPLEXITY │──────────────────────│─────────────────────
            │                      │
    LOW     │  MINOR CHANGE        │  MODERATE CHANGE
            │  (1-3 months)        │  (3-6 months)

                  LOW ─────────────► HIGH
                     TECHNICAL COMPLEXITY

Minor Change: Single system, limited users, low risk Moderate Change: Multiple systems, significant user impact Major Change: Cross-functional, org structure change, regulatory Transformational: Enterprise-wide, strategic, cultural shift

Next Steps

Download this template
Select a change to assess (system upgrade, process change, org restructure)
Complete the impact assessment template
Review with stakeholders
Present to governance for approval
Use assessment to inform implementation plan

Need Expert Support?

Managing complex change requires expertise in impact analysis, stakeholder engagement, and programme management. If you're facing a major transformation or regulatory change, contact our team for a consultation.

Template Version: 1.0 Last Updated: January 2025 Compatible With: ADKAR, Kotter, Prosci change management frameworks License: Free for commercial use with attribution

Strategic Advisory Services

Transform operational complexity into strategic advantage. Partner with experienced advisors who deliver enterprise-grade transformation.

Request Advisory