Case Study 1:

Risk Assessment to implement/change a company’s risk culture

Challenge:  Implementing an effective risk culture due to regulatory scrutiny.

We worked with a company facing challenges to improve the effectiveness of its risk culture. Prior to our overall assessment, there was little evidence of a risk culture and there was insufficient awareness of risk across all levels.      This required a risk assessment to identify solutions and a strategy to change behaviours across the organisation with a focus on training and awareness.

  • Risk culture responsibility starts at the top management/board level as they need to clearly understand what risks should be accepted and what risks should be minimised or avoided. They should support both culture and conduct risk through robust governance and training programs.
  • We focused on a top-down approach for risk/culture management and strategy formulation to establish a Risk Appetite Framework (RAF) based on a clear Risk Appetite Statement. One of the key considerations was to improve culture, governance, and accountability.
  • We advised how a strong risk culture does not necessarily imply taking as little risk as possible, but instead the company should take appropriate risks to fit their risk appetite, vision, and strategy.

The Solution:

We provided thought leadership and risk assessment approaches and techniques as part of wide enterprise-risk management (ERM) assessment. We helped the organization move up the maturity curve in their ongoing development of a robust risk and controls structure to transform their risk management culture.  We followed the COSO ERM framework: event identification, risk assessment and followed by risk response.

  • The risk management frameworks/tools and procedures can only be effective when they are used in the right way and at the right time. To increase the impact on the culture we focused on training, risk planning involvement, status meetings, and risk identification sessions.
  • Revision of procedures, policies, rules, and regulations leads to increase clarity and employee accountability. The involvement of management and subject matter experts helped to increase the standards and quality commitment of staff.
  • We focused on understanding the day-to-day behaviours across the company. This was important to drive the right changes to meet regulatory requirements and successfully manage the risk.
  • The risk assessment gave us an opportunity to improve the risk conduct and culture of the company.

Contact us Today




Implementing Governance and a Risk Management Framework

Challenge: We worked with a company where risk management was receiving increased attention, but they have no risk management framework or a strong governance structure.

Risk Assessment: We performed a risk assessment to identify gaps using a practical, sustainable, and easy to understand process. We focused on measuring and prioritizing risks as follows:

  1. Identify: We determined and distinguished applicable risks.
  2.  Assess: We reviewed the risk exposure and confirmed their risk appetite.
  3. Controls / RCSA: We reviewed regular monitoring and testing of controls.
  4. Respond to risks: We looked at risk responses and examine options for risk mitigation.
  5. Monitor and report. We analysed reporting and escalation to the board of directors and relevant stakeholders.


The Solution: Risk Management Framework (RMF)

Following the risk assessment, we agreed with senior management that it was critical to have a strong risk management framework in place within a governance structure that included conduct risk and culture. To accomplish this, we also needed to ensure that the risk management framework complemented their strategy.

The risk assessment was key to identify the applicable risks, confirm the risk appetite, and identify appropriate risk mitigation. Then, we agreed on the risk management framework (RMF) and the actions to enable the organisation to effectively manage and mitigate risk:

  • The governance structure needed to be documented. This included policies and procedures, controls, risks associated, systems, continuous improvement, etc.
  • It was essential to provide all the staff with adequate resources and training in-order to completely comprehend the risk associated and the mitigating controls.
  • We implemented a Risk and control self-assessment (RCSA) for testing, reviews, process monitoring. Event error tracking and documentation requirements were put in place.
  • Technology and third-party risk and outsourcing external vendors went through meticulous testing.
  • Communication and reporting were discussed with the stakeholders including the Risk Management Life Cycle (RMLC): Identity, assess, make risk decisions, implement controls and supervise.

Contact us Today

Case Study 3:

Operational risks mitigation by implementing Enterprise Risk Management Framework (ERMF)

Challenge: Company experiencing operational errors, IT incidents, and a need to strengthen cybersecurity, and GDPR compliance

A company, following several errors and incidents, asked us to provide guidance on the management of risk in their operating environment in order to achieve better outcomes for their customers.

We agreed with them on the need for a holistic approach in managing risks and continuous improvement.

There was no Enterprise Risk Management (ERM) structure in place to manage all relevant risks. We described for them the benefits of implementing an ERM framework (ERMF):

  • To support management understanding of risk.
  • To Mitigate human errors, system issues, and vendor disruptions
  • To help Identify cybersecurity and GDPR as areas of attention from a strategic and operational point of view.
  • The need to look in detail at outsourcing as this was an important area in the context of Brexit and the current environment.

The Solution: We helped to set up an operational risk management framework (ORM) as an integral component of the overall Risk Management Framework, which in turn formed part of the new enterprise-wide risk management framework (ERMF) which inc luded:

Strategic objectives: PESTEL and SWOT analysis of the organisation’s long-term strategy.

  • Operations: The risk incurred by the organization’s internal activities.
  • Finance: finances of the organization and the effects of external factors.
  • Compliance: we looked at H & S, data protection, HR practices and regulatory issues.


In light of the findings, a robust risk framework was implemented to enable the organization to effectively manage and mitigate risks. We documented the Enterprise Risk Appetite with a holistic view of all organizational risks.

We worked with senior management to develop and communicate an ERM Reference Guide to improve the risk culture. As part of this, we identified key elements for effective Operational Risk management within the new ERM Framework.

An operational risk management framework (ORM) governance structure was developed using best practices and quality standards. This included…

  • Operational risk identification and assessment methodology, process and techniques
  • Effective operational risk measurement methodology (qualitative & quantitative)
  • Unification of policies, procedures and processes for mitigating and controlling Op Risks
  • Monitoring and reporting of operational risks to the management and stakeholders
  • Implementation of risk assessment techniques that fitted the organization’s needs
  • We linked the strategic objectives with risks to continue focusing on critical activities

Contact us Today