Skip to content

How NZAA took ownership of risk and compliance management.

An incorporated society, the New Zealand Automobile Association – colloquially known as the AA – offer a vast range of products, including everything from financial and insurance services to driver training and maps. The AA encompass numerous different departments – each with their own needs and responsibilities. It’s a highly complex business.

However, when it came to selecting an ERM, the AA had a big advantage.

Download case study

Watch the video

"The visuals in terms of the insights and graphs that Protecht can provide are really out of this world. It’s literally been life-changing for the organisation."

Rishad Paul Smartt, Senior Risk and Compliance Manager, NZAA

The challenge

The many individual business units within the AA were using disparate systems to manage their risk and compliance requirements, predominantly relying on spreadsheets and email communications. Central management had no real-time transparency on incidents, issues and findings – staff had to email requests for updates or wait for the monthly reports to be published. It was a manual and time-intensive process that could really only be owned by the central risk teams. And the NZ regulator, the Financial Markets Authority, had recently introduced new guidelines with yet higher expectations on robust risk management.

The AA were in need of a comprehensive ERM that could shift ownership and accountability to the first line, providing real-time transparency and achieve best-practice management of operational risk and compliance across all business units.

Says Rishad Paul Smartt, Senior Risk and Compliance Manager, “we wanted a system that was customisable to meet the criteria and terminology within our operational risk management framework, together with a system that allowed for controls testing, incident and issue management and an audit-finding register. In addition, it was important for us to be able to link each key regulatory requirement to the controls in place to mitigate risk of noncompliance.”

It was also important that the system could be aligned with ERM systems the risk teams were used to using at the NZ banks and that it would be easy to navigate, with excellent customer support by experts in the field. So, there were many boxes to tick. But the AA had a big advantage: all the members of their central risk and compliance team are themselves experienced risk management professionals from the banking sector.

When the AA set out to find the ultimate ERM, they knew exactly what to look for.

How Protecht helped

Having analysed other GRC tech vendors and considered the breadth of functionality, depth of expertise and value for money, the AA implemented Protecht ERM. And the transformation was swift. Protecht coordinated seamless customisation of the system with training of the AA’s staff, ensuring quick adoption.

“Our team of superusers were absolutely astounded by the level of support we received – the hours Protecht dedicated to help us learn more about the system and how to develop customised reporting.

We thoroughly enjoyed dealing with all members of Protecht. They are positive, experts and they definitely have solved all questions we had, whether it be in regards to a particular feature or learning about how to best make use of its existing features.”

Deepa Ng, Senior Risk Manager, NZAA


Through Protecht ERM, the AA have automated all manual tasks, creating a transparent real-time feed of data on our key risk indicators. With intuitive dashboards showing live data, compliance obligations are clearly linked to controls, making it easy for managers to take ownership of incidents and risks. Reports can also be generated in a few clicks, without anyone having to wait on review cycles or attestations from other managers.

“The data and analytics within the system look really nice. We’re able to provide our committees with up-to-date information, and all of the visuals in terms of the insights and graphs that Protecht can provide are really out of this world. It’s literally been life-changing for the organisation”, adds Rishad Paul Smartt.

The AA have a implemented a wide range of risk insight registers, including:


A module for controls-testing, ensuring that all targets of the Compliance Assurance Programme are met.


This register maps all incidents and records all actions to address them.

Issues management

The Issues management register highlights outstanding issues and records historical issues as well as all actions taken.


Intuitive and customisable user interfaces that enable instant analyses of a huge range of data and effortless, real-time reporting.


The Obligations module links compliance obligations to controls, ensuring that all regulations are met as well as providing manages with invaluable holistic risk insights.

Says Katrina Marmita, Risk and Compliance Manager, “my favourite feature has got to be the dashboards available in the system. We can see in real time how many incidents and issues are current and those that are closed. All users can now see this information through customisable reporting, including bar, line, and pie graphs. This makes it much easier for us to report key management information up to our key risk committees.”

About the AA


The New Zealand Australian Association is an automobile club founded in 1903. NZAA is a trusted brand with 18 regional clubs and a membership base of more than 1.8 million. The organisation provides services around roadside breakdown assistance, exclusive AA Smartfuel offers, insurance, finance, travel, a range of motoring services and advice.