21:25:23 - 18.01.2019

Download Brochure


Training Partners


Security Partners


Forensics Partners


ISO 27001 Certified


ISO 9001 Certified


Risk & Compliance Advisory PDF Print E-mail

The scope of the risk management process needs to be defined to ensure that all relevant processes are taken into account in the risk assessment. In addition, the boundaries need to be identified. Information about the organization should be collected to determine the environment it operates in and its relevance to the risk management process.
In this process, the following area need to be addressed:

  • The organization's strategic business objectives, strategies and policies;
  • Business processes;
  • The organization's functions and structure (including IT);
  • Legal, regulatory and contractual requirements applicable to the organization;
  • The organization's policies;
  • The organization's overall approach to risk management;
  • Physical and information assets;
  • Locations of the organization and their geographical characteristics;
  • Constraints affecting the organization;
  • Expectation of stakeholders;
  • Socio-cultural environment;
  • Interfaces (i.e. information exchange with the environment and B2B partners);
  • GRC - Governance, Risk and Compliance optimized function;
  • Data privacy and protection risks;
  • General / Industriy compliance regulations - PCI DSS, SOX, Basel II, GDPR - EU General Data Protection Regulation, ASF Norm 6, NBR/Transfond, MCSI, ISO 37001:2016 - Anti-bribery management systems, Pharma regulations,  ...

Governance and Responsibilities

  • Which functions are responsible for assessing and responding to risks in the organisation?
  • What are their reporting lines?
  • What are their relative responsibilities?
  • To what extent do the different functions involved in risk identification/management work to a common agenda?
  • To what extent do the different functions connect their risk related activities?

Our Approach To Risk



Risk Advisory best practices

The six main best practices for risk management should be followed: 

  1. Clear ownership of risk within the company;
  2. Appropriate internal mechanisms to discuss/communicate risk;
  3. Formal process to identify risks specifically relating to corporate objectives;
  4. Active board-level involvement in managing risk;
  5. Specific policy governing communications on risk with major investors and other external stakeholders;
  6. Effective GRC - Governance, Risk and Compliance function.