Risk Management

Our risk management solutions are aligned to your strategic business plan to support the achievement of your corporate objectives.  A the same time, we tailor our solutions proportionate to the size and complexity of your business and its related risks.  Our solutions include:

Risk Management Documentation

  • Risk management framework
  • Annual risk management plan
  • Risk management strategy and policy
  • Risk appetite and tolerance limits
  • Risk universe and material risks applicable to your business
  • Audit, Risk and Compliance Committee Charters

Risk Identification, Assessment & Prioritisation

  • Annual risk assessment
  • Enterprise risk register covering all material risks
  • Risk rating criteria
  • Risk improvement plans
  • Business unit and company risk profiles
  • Quarterly risk register update

Risk Assessment Methodology

Our risk assessment methodology models the International Risk Management Standard (AS/NZS ISO 31000) to provide leading practices to:

  • „Identify and assess material risks
  • Measure and evaluate risks
  • „Design and implement controls to mitigate the key risks identified
  • „Periodically test the effectiveness of controls to mitigate risk.
  • Review risk treatment plans to monitor implementation and achieve continuous improvement

Testing and Monitoring

Our testing and monitoring program is deployed utilising the 3-Lines of Defence Model, representing leading practice.

  • A risk based monitoring, which tests key controls that mitigate significant risks, preventing severe consequences.
  • Independent monitoring to confirm business unit testing results and conclusions.

Communication and Reporting

Reporting that evidences your  governance arrangements:

  • A status report monitoring progress against your annual risk management plan and key initiatives.
  • Results of the testing and monitoring, with analysis, trends, exceptions and breaches.
  • New or emerging risks.
  • Continuous improvement through implementing risk treatment plans.
  • „A quarterly newsletter to communicate risk management developments to staff.
  • „Training to improve awareness and build an end-to-end capability.
  • „Executive certification supporting the annual board risk management declaration.
  • Automated reporting of risk appetite measures and exceptions.