Assurance Organisation

Assurance Organisation Case Study

A review by a leading assurance organisation on the adequacy of existing of risk management controls in a Insurance service organisation highlighted opportunity to improve the processes in place to manage risk across the organisation. Specifically there there was an opportunity to create an ERM framework to:
Increase risk visibility
Ensure consistent identification and assessment of risks
Demonstrate robust management activity to stakeholders
Incorporate IT Operations and Development risks.
On the back of this review, KRisk were commissioned to develop and embed an Enterprise Risk Management process which:
Is appropriate to the size and culture of the organisation
Ensures all categories of risk are considered
Brings together risk information from both the operational and strategic sides of the organisation in a consistent way
Add value to the organisation.


They needed to demonstrate and build confidence to their board and audit committees to show their RM process was robust, integrated, effective.

They didn’t have the impartial internal expertise to resolve this issue.

How did we do it?

Phase 1: Information Review
Time was assigned at the beginning of the project to complete a detailed review of ERM related documentation, as well as key documents that will inform this project e.g. structure charts, Audit output report, etc. ERM documentation will be compared against best practice and any gaps highlighted.

  • Alignment of expectations
  • Ensure resultant ERM framework is aligned to key business processes
  • Assurance that ERM documentation is in place and aligned to best practice
  • Effective risk register and risk assessment criteria that can be used consistently across the organisation
  • A concise document to effectively communicate its approach ERM to relevant

Phase 2 Workshops & Risk Registers

Workshops are an effective way to interact with people across the organisation to gather the operational risk information required. They allow people to share ideas and ask questions, inspiring them to actively engage with ERM.

The aim of the workshops is to encourage participants to consider the objectives of the business, key activities and future plans to identify risks across all categories. KRisk adopt a number of techniques to help participants consider risk, including bow tie analysis.

The workshop setting also gives us the opportunity to educate participants on the principles of risk management, how they add value to a business and how they can be used to better manage risk across the organisation.


  • Risk information collected in an engaging setting
  • Opportunity to educate participants on ERM
  • Completed risk registers on which appropriate control actions can be developed

Phase 3: Output Report

A final output report was developed outlining all the steps taken throughout the project and the results achieved.

Focus was given to an analysis of the consolidated risk information contained in the operational level risk registers when compared against the strategic risk register.

Furthermore, the actions required to ensure the proactive management of those risks identified will be considered alongside more general next steps to continuing the ERM journey.


  • Documented project results for clear communication to stakeholders