ERM International

Services

  • At ERM International, we have turned our decades of in-house learning and experience into practical and proven risk solutions that work in diverse organisations.
  • Our approach covers the entire enterprise risk management cycle, from undertaking function reviews through to system and framework transformation, and ultimately, risk assessment and content when the process is complete.
  • Within this approach, we offer specialised services including risk appetite, controls assurance, strategic and tactical risk workshops, risk culture, emerging risk and horizon scanning, resilience and more.
  • Although many clients engage us to undertake the complete process, we also regularly deliver isolated components or services to complement the ongoing work of an enterprise risk management team. Talk to us today about your needs.

Services

  • At ERM International, we have turned our decades of in-house learning and experience into practical and proven risk solutions that work in diverse organisations.
  • Our approach covers the entire enterprise risk management cycle, from undertaking function reviews through to system and framework transformation, and ultimately, risk assessment and content when the process is complete.
  • Within this approach, we offer specialised services including risk appetite, controls assurance, strategic and tactical risk workshops, risk culture, emerging risk and horizon scanning, resilience and more.
  • Although many clients engage us to undertake the complete process, we also regularly deliver isolated components or services to complement the ongoing work of an enterprise risk management team. Talk to us today about your needs.

What we do

  • Independent risk reviews – what’s working and what isn’t
  • Understanding your risk exposure
  • Controls assurance and recommendations
  • Risk workshops – board, executive and business
  • Risk appetite
  • Risk culture
  • Emerging risk and horizon scanning
  • Resilience and business continuity management
  • Crisis management review and exercises
  • Identify, analyse and treat risks

Risk function review

Your business

Do you need a risk function review? Some of these may sound familiar:

  • You want to improve, but you are not sure where to start or what to prioritise.
  • Enterprise risk management is not functioning effectively in the business.
  • A major incident or risk event has exposed flaws or failings in internal risk management systems.
  • As a risk manager, you may be able to identify the issues, but you need to build an evidence base to help others see it too.
  • Your board is asking for a risk review.
  • You want to know how risk in your business compares to others and to leading practice ideas.
  • Your organisation is undergoing significant change – perhaps a merger, a newly acquired business, a new CEO or similar.

Our approach

In our risk function reviews, we cater to two main scenarios (and a range of businesses operating somewhere in between). 

In the first scenario, an organisation’s board and executive broadly know and accept that risk needs to improve, and they have a relatively good understanding of how. In these cases, a simple ‘light touch’ review may be appropriate, where the main objective is just to help prioritise and plan improvement works.

At the other end of the spectrum, ERM International will conduct a comprehensive review of risk across the business. This may incorporate multiple site visits, detailed documentation reviews, interviews of key personnel, and presentations to directors and management to detail findings and work towards achieving aligned priorities on where to go next.

Within these two main scenarios, we offer a number of different review frameworks, depending on the requests and circumstances of our clients.

Outcomes and outputs

Define and agree ‘what good looks like’

Current state assessment of risk management effectiveness

Prioritized recommendations and improvement roadmap (shifting from ‘current state’ to ‘desired state’)

Risk system transformation

Your business

Do you need to transform risk and risk systems within your business? Here are a few examples of where you might be at:

  • You want to improve, but you are not sure where to start or what to prioritise.
  • You may have good management of day-to-day risks in the register, but no way to aggregate the big picture for board and executive.
  • Risk appetite statements are just words on page. They’re looked at once a year and they don’t add value.
  • Emerging risk planning and horizon scanning are not undertaken systematically and there’s no integration with that output and the rest of the risk framework.
  • Risk is largely focused on health and safety and/or compliance. It is not connected to strategy and opportunities to take risk to grow are missed.

Our approach

We understand that real-world businesses are not a blank slate. Organisations typically have a range of existing systems and processes, some of which overlap and contradict each other, while others may have been in place for many years without being revisited.

We know transformation doesn’t happen overnight and we appreciate the need for a pragmatic, customised approach.

That’s why we offer practical support, not just theory and instructions. Our team of experienced, senior experts will design solutions that meet your requirements. We will get in and do the work, and we will upskill your team at the same time, so the knowledge doesn’t walk out the door when we leave.

We also understand that successful risk management ultimately relies on people. That’s why we also provide risk culture and change management expertise to help effect transformation.

Outcomes and outputs

Risk policy, manual and templates created / updated

Methodical emerging risk planning and horizon scanning established

Risk taxonomy defined and risks categorised for your business, values and value chain

Risk appetite defined, quantified, aligned to strategy and embedded in the business

Sensible and proportionate risk governance model implemented, including three lines of defence as appropriate

Risk evaluation criteria developed

Risk assessment

Your business

Do you need assistance with risk assessments? Here are a few considerations:

  • The organisation does not have a clear picture of its risk profile or exposure.
  • There are gaps or inconsistencies in risk information across your business.
  • The risk information you do have is insufficiently detailed or not evidence-based – especially across your top risks.
  • Business impact analyses need to be updated.
  • A new material risk – or area of risk – emerges, which requires detailed analysis and insight.
  • Your board has requested a deep dive on a particular risk.
  • You are embarking on a comprehensive project to build out or refresh your risk register.

Our approach

Our expertise in risk assessment has been
honed over decades of experience as practising risk professionals in a range of different industries.

Exceptional to ERM International is the variety of different assessment methodologies we offer. Our wide-ranging approach will help you to gain a deeper and wider understanding of risk across your organisation.

For example, in our strategic operational risk assessments, we focus on identifying and analysing key risks against your strategy to ensure we discover and prioritise the risks that could most materially impact delivery of your objectives. In our external and emerging risk assessments, we conduct detailed research and analysis of threats and opportunities, looking at external factors (geopolitical, economic), industry megatrends and relevant strategic risks.

In our country risk and supply chain risk assessments, we apply different lenses again, looking at political situations, security environments, relevant incidents and key vulnerabilities.

And we don’t just leave it there. Risk assessments are no use in isolation, they need to connect back into the rest of the business. That’s why our risk transformation work focuses on integrating risk ratings, controls and assessment content with appetite, escalation and assurance processes.

Outcomes and outputs

Completed, refreshed or extended risk registers

Risk workshops with directors, managers and the rest of the business

Strategic operational risk assessments – key causes, controls and consequences. Inherent and residual risk ratings

Country risk assessments – threats, political situation, security environment, relevant incidents, alert level and significant dates

Integrate assessment results and risk information into risk framework and broader business systems

External and emerging risk assessments – external factors, industry megatrends and relevant strategic risks.

Supply chain risk assessments – key vulnerabilities from a disruption perspective, as well as key integrity risks (e.g. modern slavery)

Organisational resilience

Your business

Do you need help integrating risk and resilience? Some common scenarios include:

  • Risk, business continuity and crisis management are not working together in your business.
  • There are gaps in your planning and preparedness, which ultimately undermine your resilience.
  • Your board is newly focused on resilience following the global Covid-19 pandemic.
  • A major incident or risk event has exposed flaws or failings in internal risk management systems.
  • Your organisation is undergoing significant change – perhaps a merger, a newly acquired business, a new CEO or similar.

Our approach

Many organisations struggle to connect risk and resilience effectively and systematically. So ERM International has developed a unique risk and resilience review methodology.

We provide a detailed framework to properly integrate the two functions, and we have a clear understanding of how they should fit together. We have also developed our own maturity review tool to help organisations gauge where they are at and what they need to prioritise.

We have developed numerous improvement strategies and roadmaps, and delivered improvement projects across diverse industries. We have run many business impact analyses and worked with the domain experts to establish business continuity plans (BCPs) for their critical activities.

Focusing on how to deal with unplanned disruptions, our BCPs are simple and practical. They have been used in the heat of battle and we know they work. We align our BCPs with a straightforward crisis management approach that integrates corporate crisis and in-field emergency responses, all underpinned by and aligned to the organisation’s enterprise risk management approach.

We then run scenario exercises and training to uplift organisational capability and improve overall resilience, enabling your teams to ‘respond appropriately in the moment’, no matter what arises.

Outcomes and outputs

Business impact analyses – workshops and updating / creating documentation

Simple and practical business continuity plans (BCPs) to respond to unplanned disruptions

A documented crisis management approach, integrating corporate crisis response with in-field emergency response and BCPs

Scenario exercises and training to bring it all to life

Culture, capability and change

Your business

Do you need to build organisational capability and embed a strong risk culture? Some of these things might be on your mind:

  • You’re not sure where to start with defining and measuring risk behaviours that are important to your organisation.
  • You recognise that risk-informed decision-making and great risk outcomes must go beyond good processes and systems.
  • You need to build first-, second- or third-line capability through practical and efficient learning and training resources.
  • You want to enable risk-informed assurance and behavioural auditing.
  • You want to revisit your risk operating model, re-align your three lines model or refresh your accountability frameworks.
  • Your organisation is uncertain how to address regulatory or external stakeholder obligations.
  • The board or executive are asking for insights on risk effectiveness or the impact of culture and behaviour on risk outcomes.

Our approach

World-class risk frameworks and systems will only ever be as good as the underlying organisational capability and culture. Getting these right is key to effective enterprise risk management. 

Robust capability and strong culture can unlock broader assurance opportunities, including behavioural auditing (third line), and ultimately enable (first line) ownership and the prioritisation of practical action.

Our approach to capability development will match your specific requirements, considering your organisation’s unique approach to risk. From off-the-shelf training to custom-built modules designed for niche or mass audiences, our team have the first-hand experience to rapidly deploy programs that build the risk capability at your organisation.

Our risk culture methodology involves quantitative surveying and qualitative interviews, as well as other listening and analytics techniques. We also help you to identify relevant data (proxy metrics) that can mature your monitoring capability through a risk culture dashboard and/or integrating reporting. 

Outcomes and outputs

Review or validation of your risk operating model, considering accountabilities, reporting lines and capability opportunities.

Capability assessment and learning needs analysis. Off-the-shelf and custom-built learning content and pathways.

Clearly articulated risk culture behavioural dimensions, aligned and integrated with your broader organisational culture and values.

Standardised, benchmarked or customised surveying (delivered as a service, or on your own platforms).

Comprehensive leadership report highlighting thematic trends around how your organisation manages risk and ‘hotpots’ that require attention.

‘Always on’ risk culture monitoring, ad-hoc or programmatic capability development. Metrics, dashboards, and integrated report.

Investment and project risk

Your business

Are you managing or tendering for major construction or infrastructure projects? Or involved in major investment decisions? These are common challenges:

  • You need to determine confidence levels of multiple investment options.
  • You're preparing to bid for a major contract with specific risk governance requirements and a multifaceted risk profile.
  • You need M&A assistance with due diligence to evaluate the risk profile of your target organisation.
  • You require insights and strategies to better manage a growing portfolio of projects, ensuring effective oversight and control.
  • The project governance body does not have a clear picture of all risks across the project including environmental, sustainability, safety and community risks.
  • You need thorough analysis and guidance to allow financial and contingency decisions based on the project risk profile.

Our approach

We have successfully supported companies throughout Australia, the Middle East and Asia with personalised assistance for intricate and pivotal investments and/or projects. 

We offer in-depth insights into managing the risk profile of complex portfolios for holding company/private equity firms, or companies with various complex projects. These insights incorporate the targeting of new assets, divesting of assets, evaluating new projects, shelving existing projects, or changing strategy or delivery approach to generate required value.  

We provide a thorough commercial risk assessment, integrated into your risk profile development. This ensures a comprehensive understanding of how contractual arrangements align with critical decisions and project management, minimising potential challenges for smoother execution.

Our experienced project risk team conduct detailed time and cost probabilistic risk modelling. This aids in crucial decision-making regarding risk allocations and the establishment of effective risk contingencies.

And we develop robust reporting protocols for individual investments/projects or overall portfolios. These protocols facilitate the timely communication of early warning indicators to the appropriate governance levels. 

We provide specialised support during the bid/tender phase, assisting clients in effectively communicating the added benefits of their chosen investment/project risk management approach to key stakeholders.

Outcomes and outputs

Robust investment/project risk management frameworks, tailored to the intricate nature of each investment/project and its governance requirements.

In-depth portfolio insights, evaluation and mitigation strategies that incorporate sector analysis, emerging risk trending and scenario analysis on base, pessimistic and optimistic case.

Meticulous development, review, and ongoing management of comprehensive risk registers encompassing all facets of your investment/project.

Multi-stakeholder workshops aimed at identifying pivotal opportunities to enhance outcomes while capturing key threats and mitigations.

Comprehensive time and cost probabilistic modelling that incorporates inherent and discrete threats and opportunities.

Alignment of commercial solutions to the key risk mitigation approaches to confirm the appropriate risk allocation across all parties.

Support communicating the selected risk management approach and results to the client or governance committees.

Scroll to Top