Facilitating GRC Best Practice
Supported Standards:
ISO 31000
BS 10500
ISO 19600
ISO/IEC 38500
ISO/IEC 27001
ISO/IEC 22301
ISO/IEC 20000
Balanced Scorecard
Consultancy Topics:
IT Governance
IT Risk
IT Compliance
Information Security
Business Continuity

Risk Management Consulting

Risk Management

Analytix Risk Management consulting services will assist you to leverage Risk Management best practices to expedite the establishment or enhancement of your your Risk Management programme with experienced consultants.

We assist organisations to adopt and implement a Risk Management Framework, as part of it’s requirements to comply with its Corporate Governance obligations. This requires a Risk Management Framework and Policy to be developed and adopted by management, as part of Risk Management programme.

Our Risk Management consulting services provide a structured, practical, results-oriented approach that assists management to design and implement an appropriate Risk Management System, incorporating the principles, policies, frameworks, process, procedures, practices, and accountability required to establish the right levels of Risk Management in compliance with the Risk Management requirements for their organisations.

It provides an end-to-end, comprehensive view of all risks and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable organisations to understand and manage risk types beyond those related solely to security, and to consider all aspects of managing risk.

The Risk Management framework provides:

  • A set of risk governance practices 
  • An end-to-end process framework for successful risk management
  • A generic list of common potentially adverse events that could impact the realisation of business objectives
  • Tools and techniques to understand real risks to real operations, as opposed to generic checklists of controls or compliance requirement

ISO 31000:2009 - Principles and Guidelines on Implementation

ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardisation. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.

Currently, the ISO 31000 family includes:

  • ISO 31000:2009 - Principles and Guidelines on Implementation
  • ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
  • ISO Guide 73:2009 - Risk Management - Vocabulary

Our consultants will your IT management to adopt, agree and formalise the following outputs: 

  • Risk management principles
  • An risk management policy that defines when and how to conduct risk assessments
  • Risk management framework
  • Risk management process that is documented. 
  • A risk methodology for the:
  • Assessment of risks that will ensure that key risks to the business are identified
  • Mitigation of key risks, including risk categories is usually instituted once the risks are identified
  • Job descriptions that consider risk management responsibilities.
  • Risk structures, i.e. advise related to the risk organisation, risk committees in order for management to discharge the risk management responsibility. 
  • Risk reporting and risk register formats
  • Key Risk Indicators

The consulting services would assist your management to establish a risk programme that will cover the following activities:

  • Determine risk management alignment (e.g., assess risk).   
  • Understand relevant strategic business objectives
  • Understand relevant business process objectives
  • Identify internal objectives and establish risk context 
  • Identify risk events associated with objectives
  • Assess risk associated with events
  • Evaluate risk responses
  • Prioritise and plan control activities to mitigate risk
  • Approve and ensure funding for risk action plans
  • Maintain and monitor a risk action plan