Information risk governance

Information risk governance gives you the assurance that risk based decisions are systematic and defensible and made in a timely manner. 

Information risk management enables organizations to  balance unacceptable business exposure to risk with the implementation of  restrictive controls which may inhibit the business.

Our consultants provide practical information risk management and governance experience. They consider a range of risk and governance options to ensure the most suitable approach is provided to suit your organization’s needs.

Information risk governance methodology

We have a three step methodology that helps us decide the most suitable approach:

Step 1 - review all relevant governance factors:

Internal context

  • Strategic goals and objectives
  • Organization structure
  • Roles and responsibilities of key risk management stakeholders
  • Existing risk management processes and procedures
  • Risk management policies and procedures

External context

  • Legal, regulatory and contractual compliance requirements
  • Competitive environment


Step 2 –  Using the identified internal and external governance details, we help you define and deliver a structure for information risk governance, including:

  • Defined criteria for risk analysis and escalation
  • Defined reporting lines and structures
  • Formal allocation of roles and responsibilities
  • Development of meaningful KPIs
  • Risk management policies and procedures
  • Risk assessment templates
  • Risk register
  • Advice on best in class GRC tools


Step 3 - Our consultants provide ongoing support throughout the governance process, including creating, reviewing or improving the risk mandate committee and structures, reporting lines and communications required for effective information risk governance and ensuring that risk is being managed in line with the agreed criteria.