top of page
the why

Decisions made without context cause harm.

We believe in surfacing the relevant context at the point the decision is made. That is the work. CoVi is the operating layer where it happens, starting in the place that needs it most.

Why we start with the work, not the register

To customers, to employees, to firms, and to the systems that depend on them.

Built by an operator who has seen these challenges from the auditor's and the regulator's perspective. In production at a UK principal firm running 54 Appointed Representatives. 

the vision

Every consequential decision, made with the context behind it.

That is the picture of the world we are building toward. The work that gets us there is concrete: build the decision center where operational reality, governance, and external signal meet. Operational reality and governance today. External signal next.

We are starting with regulated firms because that is where the cost of context-poor decisions is highest.

the structural inversion

GRC documents the work. RiskOps is the work.

Most regulated firms run two systems. Operations does the work. Governance documents it. The first line feeds the second line, and the second line attests to commitments their operational reality cannot evidence. We are building a different operating model.

the operating model

RiskOps

  • Built for the first line, the people doing the work

  • Operational reality is the source of truth, not the input

  • Controls, processes, policies, indicators sit on one operating layer

  • Evidence is what the work produces, not what gets reconstructed

  • External signal lands on the same layer as internal context

A different operating model
the reporting model

Traditional GRC

  • Built for the people reporting on the work

  • The first line is asked to feed a system they did not choose

  • Each module owns its own register and reconciles after the fact

  • Evidence is what gets reconstructed before reporting and audits

  • External data sits in disconnected feeds nobody pulls together

A tool on top of the broken model
what we hold ourselves to

Four values. Tested every time.

VALUE 02

The work is real. So are the people doing it.

Build for the operators.

Operators, underwriters, and claims handlers are not inputs to someone else’s process. They are the source of operational truth. We resist any design that turns them into data feeders.

VALUE 01

First principles,
every time.

Rebuild rather than patch.

When something does not make sense, we go back to why it exists. Most of what we have built came from refusing to accept “that is how it has always been done.”

Most platforms sit beside the work. These four layers sit inside it. Define the work, organise it, learn from what fails, keep the conduct commitments oraganised. One foundation underneath all four.

VALUE 04

Build the operating layer, not the band-aid.

Refuse the shortcut.

Quick fixes compound into the mess we are trying to undo. We say no to features, deals, and shortcuts that would compromise the operating layer. 

VALUE 03

Evidence over
assertion.

If we say it, we show it.

We are sceptical of anything that cannot be shown. If we say a control surfaces against the right owner, we demo it. We hold ourselves to the standard we hold the industry to.

THE FOUNDER

Built by an operator who has seen the gaps from every side.

CoVi exists because the same gap keeps showing up, in different forms, in every regulated firm.

At Ernst & Young, Waleed audited Lloyd's of London, Aviva, Brit, and UNUM. Every audit asked one question. Can you show me the control? The answer came as a binder, reconstructed before fieldwork. The control existed. The evidence had to be assembled.

At the Bank of England, the same gap was visible at scale. Firms attested to commitments their teams could not evidence. The policy said the right thing. The work did not produce the proof.

Then, Head of Risk at Markel, Liberty Mutual Europe, Bupa, and Tindall Riley. The same chase, every cycle. The second line asking the first line for inputs that should have been a byproduct of the work. The model was the problem.

Context Visualised is the operating model he wished he had. The work and the evidence are the same thing, and the board report traces back to operational reality in real time.

At EY, every audit of Lloyd's, Aviva, Brit, and UNUM asked the same question: show me the control. The answer came as a binder, reconstructed before fieldwork.

At the Bank of England, and later as Head of Risk at Markel, Liberty Mutual Europe, Bupa, and Tindall Riley, the same chase repeated every cycle. Policy said the right thing. The work did not produce the proof. The model was the problem.

Context Visualised is the operating model he wished he had. The work and the evidence are the same thing. The board report traces back to operational reality in real time.

founder.jpg

Waleed SARWAR

Founder · Context Visualised

EY · Insurance audit (Lloyd's, Aviva, Brit, UNUM)

Bank of England · drafted UK Solvency II group rules (CP16/14)

Head of Risk · Markel, Liberty Mutual, Bupa, Tindall Riley

Twenty years. Operator, auditor, regulator. Three sides of one dysfunction. The frame itself is the problem.

Want to see what RiskOps looks like inside your firm?

Bring us a problem from your last attestation, audit, or board paper. We will walk it through with you and show you how it lands in the operating layer.

The decision center for regulated firms.

bottom of page