Our full external reviews are tailored to meet your goals.  We’ll discuss with the audit (risk) committee and executives what they want to achieve from the review – and what they expect from risk governance and risk management.  But typically the reviews involve…

  • Documentation review

    Looking at the risk policies and other documentation that give us a view on how your risk governance, risk management or GRC processes are working.

  • Interviews

    Discussions with directors, management, others involved in implementing the risk management framework and the different “lines of defence”.

  • Baseline monitoring

    Possibly using our online tool Thinking Board as part of our assessment to give a scored baseline to assess how far effectiveness is improving or specific areas addressed.

  • Discussion and reporting

    We’ll stay close to you during the review as issues arise so that we avoid surprises and can aim to try out ideas before we finalise our report and recommendations.

We’ll look at issues such as…

  • Risk profile

    How far a clear and consistently understood risk strategy or “appetite” is set out.

  • Exposure assessment

    The way the board is assessing risks and keeping an eye on developing risk exposures.

  • Oversight

    What the committee is actually looking at to assess risk management effectiveness.

  • Value

    How far risk management is meeting business needs and is seen as adding value.

  • Fit and accountabilities

    The clarity of responsibilities and reporting, the fit across the “three lines of defence” and any gaps or overlaps.

  • Risk culture

    What’s done to make sure a sound culture underpins risk taking and management.

If you’re not looking for a full external review at this point in time, take a look at how we can support you using our online tool Thinking Board…