Case Study: Governance, Risk & Compliance

Operational risks mitigation by implementing ERMF


Operational errors, IT incidents, a need to strengthen cybersecurity, and GDPR compliance

The Challenge

A company, following several errors and incidents, asked us to provide guidance on the management of risk in their operating environment in order to achieve better outcomes for their customers.

We agreed with them on the need for a holistic approach in managing risks and continuous improvement.

There was no Enterprise Risk Management (ERM) structure in place to manage all relevant risks. We described for them the benefits of implementing an ERM framework (ERMF):

  • To support management understanding of risk.
  • To Mitigate human errors, system issues, and vendor disruptions
  • To help Identify cybersecurity and GDPR as areas of attention from a strategic and operational point of view.
  • The need to look in detail at outsourcing as this was an important area in the context of Brexit and the current environment.

The Solution

We helped to set up an operational risk management framework (ORM) as an integral component of the overall Risk Management Framework, which in turn formed part of the new enterprise-wide risk management framework (ERMF) which included:


PESTEL and SWOT analysis of the organisation’s long-term strategy.

  • Operations: The risk incurred by the organization’s internal activities.
  • Finance: Finances of the organization and the effects of external factors.
  • Compliance: We looked at H & S, data protection, HR practices and regulatory issues.


In light of the findings, a robust risk framework was implemented to enable the organization to effectively manage and mitigate risks. We documented the Enterprise Risk Appetite with a holistic view of all organizational risks. We worked with senior management to develop and communicate an ERM Reference Guide to improve the risk culture. As part of this, we identified key elements for effective Operational Risk management within the new ERM Framework. An operational risk management framework (ORM) governance structure was developed using best practices and quality standards. This included…
  • Operational risk identification and assessment methodology, process and techniques
  • Effective operational risk measurement methodology (qualitative & quantitative)
  • Unification of policies, procedures and processes for mitigating and controlling Op Risks
  • Monitoring and reporting of operational risks to the management and stakeholders
  • Implementation of risk assessment techniques that fitted the organization’s needs
  • We linked the strategic objectives with risks to continue focusing on critical activities
Subscribe to our newsletter