Transform legacy risk management approaches. Transition to Agile Risk Management. We tailor risk engagements based on risk posture, risk appetite, audit regime, regulatory obligations, or business unit needs.
1-6 weeks
We start with collaborative workshops and process walk-throughs with your subject matter experts and business stakeholders. We use these sessions to learn about your organization, culture, and business drivers, as well as to discover and validate your existing risk processes, tools, and communications.
2-4 weeks
We gather observations and document your current state environment. We typically document governance practices, operational practices, tools used to support the risk management program, and the technology landscape. We compare your environment to common criteria and recognized good practice derived from relevant standards and frameworks (e.g., NIST, COBIT, FAIR, ISO, etc.).
2-4 weeks
We articulate hypotheses for risk posture and risk appetite. We postulate a peer group for a basis of comparison, drawn from hundreds of previous engagements. We then identify gaps and risk indicators relative to industry good practice using our assessment method and tools. We document strengths and opportunities for improvement.
2-4 weeks
We develop risk-informed recommendations to address every identified gap. Recommendations are influenced by your business drivers, culture, talent, risk posture, risk appetite, risk exposure, current technology investments, current projects, and planned budget.
2-6 weeks
We tailor our collection of risk tools to your unique risk posture and appetite. Typical deliverables include:
• risk taxonomy & risk register
• risk assessment method and tools
• risk adjudication processes
• communication templates
Governance, Oversight, & Communication
Policies, Guidelines, Standards, & Procedures
Risk Adjudication Process
Risk Assessment Methods
• Triage
• Lightweight
• Focused
Risk Disciplines
• Cybersecurity Risk
• Enterprise Risk
• Information Risk
• Technology Risk
• Third-Party Risk
Risk Statements
Communication Templates
Control Library
Metrics & Reporting
• Key Risk Indicators
• Key Performance Indicators
Operational Risk Repositories
Risk Assessment Tool
• Risk Profiling
• Risk Identification
• Threat Assessment
• Risk Assessment
• Control Assessment
• Business Impact Assessment
Strategic Risk Register
Taxonomy
Threat Library