No two organisations are the same, therefore no two approaches to risk and resilience management will be the same. International standards provide guidance for organisations, but exactly how risk and resilience management evolves across an organisation is unique and influenced by many factors including experience, resources and strategy.
At KRisk we approach all consultancy projects the same way:
The resulting action plan is designed based on KRisk’s vast experience of helping clients of all sizes across many industries, successfully and efficiently achieve their risk and resilience management goals and objectives.
It is hard to capture our consulting products and solutions as they evolve with every client project. Each solution is also highly adaptable based on individual clients needs. To discuss your specific needs, objectives or concern please CONTACT us.
Workshops are an effective way to interact with people across an organisation to gather risk information. They allow people to share ideas and ask questions, inspiring them to actively engage with the risk and resilience strategy and processes.
The aim of a risk workshop is to encourage participants to consider the objectives of the business, key activities, as well as future plans to identify risks across all categories. The natural tendency of participants will be to focus on threats; the negative side of risk. To overcome this, KRisk always introduce the concept of risk as uncertainty, both positive and negative, encouraging participants to consider both threats and opportunities to the organisation.
A number of techniques to help participants consider risk are adopted throughout any workshop. These depend on the objectives for the workshop but often involves bow-tie analysis.
A risk register is often the main reporting tool for risk across an organisation. KRisk facilitates the development of this, ensuring minimal disruption to normal operations, quality content and alignment to best practice. When an excel risk register is not appropriate for our client, KRisk can host the risk register in a Risk Management Information System.
It may be that a risk register exists in your organisation but it is not achieving its goal of getting the right information, to the right people at the right time. When this is the case, we work with our clients to review the current risk register across a number of areas (including format, content, communication style, accessibility, etc) to identify opportunities for improvement.
A number of our clients have achieved great results by hiring one of the KRisk team as an interim Risk Manager. A number of reasons have driven their decision:
• A risk manager is urgently required but there is a delay in hiring
• There is a desire to get risk and resilience management (or an element of it) established quickly and the resource and/or
experience doesn’t exist internally
• They would like to up-skill their in-house team
• A risk manager is required but only on a part time basis.
To get to where it wants to in terms of risk and resilience management, an organisation needs to understand where they are now and exactly what is required to move forward to the desired state. An enterprise risk and resilience maturity analysis does exactly this.
The output is a clearly defined action plan showing the steps that need to be taken to achieve desired state. This is a great basis for objective setting, resource planning, getting buy-in, etc. The maturity criteria also provide a base against which to report progress to stakeholders as well as to audit against.
An organisation achieves its purpose by delivering its products and services to its customers. It is therefore essential to create an understanding of:
• The adverse impact over time that disruption of these products and services (and the associated activities) would have on the objectives and operation of the organisation.
• The inter-relationships and resource requirements of the activities that support products and services and the threats to them.
KRisk adopts business impact analysis methodology to understand our clients critical processes and develop resilience plans, so they can withstand the worst.
Risk is the thread that runs through all management system standards to ensure they are consistent and flexible. A integrated risk and resilience framework is a set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk and resilience management throughout an organisation.
A fully considered, defined enterprise risk and resilience strategy will drive results and ensure resources are effectively deployed. KRisk supports clients in all elements of strategy development, framework creation and implementation, ensuring alignment to best practice but most importantly, alignment to your organisation; its strategy, objectives and culture.
Many organisations are moving away from excel based risk reporting and implementing software solutions, achieving great results for risk and resilience management from the process. Software solutions used to be expensive and difficult to implement, but the market is changing. Software can be agile, scalable in a way it never was before with a focus on user experience.
Software selection and implementing can be a time consuming process, distracting from day-to-day operations. Clients bring KRisk in to act as intermediary between client and software provider, ensuring costs stay to budget, timelines are adhered to and the resultant system meets the needs of the organisation.
KRisk also has access to software solutions through our partners. These companies use the latest technologies, are competitive on price and continually receive great feedback from clients.
Risk surveys are a fundamental tool in an organisation’s operational risk management. Assessing situations and increasing understanding, risk surveys drive change.
KRisk works with our clients to design the surveys, implement them (in a variety of mediums), analyse the results and ultimately develop an action plan. KRisk always ensures engagement is inclusive and positive, recognising its people are any organisation’s biggest asset.
Has your organisation asked its self: What if the electricity supply failed? What if your IT networks went down? What if your staff could not gain access to a building for days, weeks or months? What if we had casualties?
These scenarios happen but planning and exercising key controls will help your organisation ensure it is prepared for the worst.
KRisk works with organisations of all sizes on scenario planning and exercising. The size and scale of these can vary greatly depending on client objectives, experience and culture. From table top exercises to full simulations, we ensure interactions are interesting and engaging. KRisk has a bank of scenarios we can use or we can develop new ones which are specific to your organisation.