Home About Contact LinkedIn
All work
SaaS Enterprise Experience Design

From bottleneck to self-service — the rules stayed, the friction didn't.

In a large enterprise, compliance isn't optional — but a process that takes days to complete is a process that gets worked around. This case study is about redesigning technology risk workflow so that rigour and speed stopped being opposites. The goal wasn't to simplify compliance. It was to make doing it correctly the path of least resistance — for thousands of users across all levels of risk, operations, and governance, operating under some of the most demanding regulatory standards in financial services.

Role Lead Product Designer
Platform Enterprise Web
Tools Figma, FigJam, Paper
Scope Global engineering & technology teams

From reactive to proactive risk management

Significantly faster

Operational remediation time, down from days

Increased efficiency

To identify urgency

Improved accuracy

In status interpretation

The App

Compliance without
the complexity.

Rigour stays intact — the workflow just gets out of the way.

1
Surface urgency
A calendar view makes deadlines the primary signal — not buried in a dense table.
2
Read status instantly
Clear semantic labels replace ambiguous colour coding the majority misread.
3
Act in context
Remediation guidance appears at the point of need — what to do next, not guesswork.
Resolved independently
Handled without roadblocks — multi-day cycles down to hours.

Where compliance meets engineering velocity

Compliance remediation is a critical phase in any large enterprise technology risk process — the stage where teams identify, assess, and remediate technology risks before they become release blockers or regulatory issues.

The challenge: make this process faster and clearer, without compromising the rigour that keeps the organisation's security posture strong.


Eight compounding challenges undermining risk management

Research synthesis — from symptoms to insight

Eight symptoms surfaced in research
Clarity
Ambiguous status labels — users couldn't tell what a state meant
Cognitive load
Dense tables forced mental parsing before any action could be taken
Workflow
Multi-screen navigation with no unified remediation view
Bottlenecks
Delayed average cycle blocking downstream release timelines
Predictability
No deadline visibility until risk became urgent
Security exposure
Slow cycles left known risks unaddressed for longer than necessary
Guidance
No contextual help — users asked multiple people for answers
Accessibility
Colour-only status coding — high misinterpretation rate
Underlying insight
"The system was designed to report risk — not resolve it."
Every symptom traced back to the same root cause: the interface surfaced compliance data as information to be read, not as actions to be taken. Users knew what the system said. They didn't know what to do next. Redesigning around resolution — not reporting — became the strategic direction for both design concepts.

How might we streamline remediation without compromising standards?

The design challenge was precise: "How might we create a seamless experience for all scorecard remediation stages by retrofitting current fix requirements, without compromising existing security or regulatory standards?"

Through user research and interviews, iterative ideation with cross-functional teams, and high-fidelity prototyping cycles, two major design opportunities emerged.


Six design objectives

01
Reduce confusion and cognitive load through clearer information hierarchy
02
Improve clarity and visual scanning so users can instantly identify what needs action
03
Convert risk data into actionable insights — not just information, but direction
04
Build a self-service remediation experience that reduces dependency on manual coordination
05
Provide consistent guidance and documentation at the point of action
06
Surface risk before it becomes a release blocker — proactive, not reactive

Status legibility as a compliance risk

The risk: In a regulated environment, a status that can be misread isn't a usability nuisance — it's a governance exposure. The legacy system encoded compliance state in colour alone — so colour-blind users had no reliable way to tell one status from another, and a meaningful share of all users misinterpreted where they actually stood. Misreading "non-compliant" as "Compliant" is exactly the kind of gap that surfaces in an audit — that ambiguity carried real regulatory risk.

The decision: I framed this as risk reduction, not restyling. Each status pairs colour with a distinct icon and an explicit label, so its exact meaning reads at a glance — with no legend to learn. Colour does the work for typical users; the icon and label make the same status unambiguous for colour-blind users and anyone relying on assistive technology. Colour + the right icon, together, serve everyone — and meet WCAG standards by default. The point wasn't prettier indicators; it was removing a whole category of misinterpretation from a compliance-critical workflow.

  • Status readable without relying on colour — including for colour-blind users
  • A distinct icon per status signals its exact meaning — nothing to learn
  • WCAG-aligned accessibility as a baseline, not an afterthought
  • Fewer misreads — lower compliance-reporting risk
  • Consistent terminology across the entire workflow

Time as the primary signal

The gap: High number of users couldn't identify their most urgent compliance items from the existing dense table layout. Scanning fatigue was real — users spent more time reading the table than actually remediating risks.

The solution: Introduced a multiple calendar view types (weekly, monthly, yearly) that makes time the primary organisational dimension. Risk urgency is immediately visible from the temporal layout. Action-focused detail views and integrated guidance contextualise each item at the moment of remediation.

  • Calendar view surfaces deadline urgency at a glance
  • Information segmentation reduces visual noise
  • Action-focused details panel reduces context-switching
  • Integrated guidance reduces "five people" problem
  • Stand-up meetings become more efficient
Before
1
Scan a dense table
Every row looks alike — urgency is invisible, and scanning fatigue sets in fast.
2
Decode colour status
Only a minority of users interpreted the colour coding correctly.
3
No next step
The screen showed data to read, not actions to take — so people stalled.
Scanning fatigueAmbiguous statusNo guidance
After
1
Calendar surfaces urgency
Deadlines become the primary signal — the most pressing items read first.
2
Clear semantic status
Unambiguous labels and icons, aligned to WCAG accessibility standards.
3
Act at the point of remediation
Integrated guidance in context — what to do, right where the item lives.
Urgency at a glanceClear statusGuided action

Users reported that the redesigned workflow reduced the need for cross-team coordination — what previously required multiple people to resolve could now be handled independently.


From reactive to proactive risk management

Significantly faster

operational remediation time, down from days

Increased efficiency

to identify urgency

Improved accuracy

in status interpretation

  • Reduced cognitive load for new joiners — intuitive from day one
  • More efficient remediation workflow with less context-switching
  • Improved predictability — risks surface before they become blockers
  • Decreased user frustration across engineering and risk teams
  • Improved team stand-up efficiency with at-a-glance weekly view

Let's build great things together