We offer a full range of services in enterprise risk and operational risk management, including:

  • Risk and Control Self-Assessments (RCSA)
  • Risk Appetite and Key Risks Indicators (KRI)
  • Framework design, review and benchmarking
  • Risk Taxonomy and Internal Control Framework
  • Risk Culture 
  • Scenario Analysis and ICAAP
  • Regulatory Requirements and Visits/Audit Preparation

Click on the sections of the framework diagram to see our services and read our case studies. 


Risk Identification Risk Appetite Risk Assessment Risk Mitigation Risk Monitoring Risk Management Framework

Conduct and Culture

Risk Identification

Our services include:

  • Risk taxonomy definition or review
  • Workshop sessions with top management to identify and reflect on their top risks and scenarios identification  Speciality
  • Methods for horizon screening and addressing emerging risks
Speak to an expert

Risk Appetite

Our services include:

  • Structure of actionable risk appetite
  • Governance requirements around risk appetite
  • Risk appetite definition workshops
  • Statements for risk appetite and tolerance limits
  • Appetite KRI definition and control requirements
  • Monitoring of risk appetite tolerance and limits 
Speak to an expert

Risk Assessment

Our services include:

  • Deployment and support of RCSA programmes, management and reporting  Speciality
  • Full service in Scenario analysis: identification, selection, quantification, validation and reporting 
  • ICAAP reports: full end-to-end service for asset management firms and ICAAP for operational risk for banks and insurance companies


  • Read an RSCA case study HERE
  • Read an ICAAP case study HERE
Speak to an expert

Risk Mitigation

Our services include:

  • Control taxonomy
  • Register of key controls
  • Control testing framework
  • Root cause analysis of events 
  • Design of action plans 
  • Resilience and recovery plans
  • Alignment of insurance coverage with risk appetite
Speak to an expert

Risk Monitoring

Our services include:
  • Selection and design of preventive KRIs and reporting  Speciality
  • Risk Reporting redesign and risk profile aggregation  Speciality
  • Incident reporting and risk data collection
Speak to an expert

Risk Management Framework

We regularly conduct framework reviews of Operational Risk Management and Enterprise Risk Management in various types of organisations internationally. These include public organisations, banks and insurance companies, financial institutions and corporates in North America, the United Kingdom and Europe.

In all of these reviews, we were asked to be a sounding board for the changes planned.

Missions range from a high-level benchmarking of the practice of the organisations with regards to peers, up to a detailed analysis of all the elements of the framework, leading to a thorough roadmap of recommended next steps. 

Recommendations or deliverables can include a refreshed risk taxonomy, a structure for actionable risk appetite, the redaction of the ERM or ORM framework policy and other specific policies, rules for the incident data collection process, structure and content of risk reporting and KRI selection and design. 

Speak to an expert


  • Three lines of defence operating model definition
  • Preparation of regulatory visits
Speak to an expert

Conduct and Culture

  • Culture and awareness training programme
  • Conduct dashboard
  • Risk Culture change management programme
  • Read a case study HERE


Speak to an expert