Our full external reviews are tailored to meet your goals. We’ll discuss with the audit (risk) committee and executives what they want to achieve from the review – and what they expect from risk governance and risk management. But typically the reviews involve…
Looking at the risk policies and other documentation that give us a view on how your risk governance, risk management or GRC processes are working.
Discussions with directors, management, others involved in implementing the risk management framework and the different “lines of defence”.
Possibly using our online tool Thinking Board as part of our assessment to give a scored baseline to assess how far effectiveness is improving or specific areas addressed.
Discussion and reporting
We’ll stay close to you during the review as issues arise so that we avoid surprises and can aim to try out ideas before we finalise our report and recommendations.
We’ll look at issues such as…
How far a clear and consistently understood risk strategy or “appetite” is set out.
The way the board is assessing risks and keeping an eye on developing risk exposures.
What the committee is actually looking at to assess risk management effectiveness.
How far risk management is meeting business needs and is seen as adding value.
Fit and accountabilities
The clarity of responsibilities and reporting, the fit across the “three lines of defence” and any gaps or overlaps.
What’s done to make sure a sound culture underpins risk taking and management.
If you’re not looking for a full external review at this point in time, take a look at how we can support you using our online tool Thinking Board…