We have a three step methodology that helps us decide the most suitable approach:
Step 1: Review all relevant governance factors:
Internal context
- Strategic goals and objectives
- Organization structure
- Roles and responsibilities of key risk management stakeholders
- Existing risk management processes and procedures
- Risk management policies and procedures
External context
- Legal, regulatory and contractual compliance requirements
- Competitive environment
Step 2: Using the identified internal and external governance details, we help you define and deliver a structure for information risk governance, including:
- Defined criteria for risk analysis and escalation
- Defined reporting lines and structures
- Formal allocation of roles and responsibilities
- Development of meaningful KPIs
- Risk management policies and procedures
- Risk assessment templates
- Risk register
- Advice on best in class GRC tools
Step 3: Our consultants provide ongoing support throughout the governance process, including creating, reviewing or improving the risk mandate committee and structures, reporting lines and communications required for effective information risk governance and ensuring that risk is being managed in line with the agreed criteria.