Risk management

Effective risk management – managed risk taking and protection against adverse events

A risk management process is one that systematically applies management policies, procedures, and practices to a set of activities intended to establish the context, communicate and consult with stakeholders, and identify, analyse, evaluate, treat, monitor, and review risk.

ISO 31000

Good risk management provides a disciplined and structured way of describing what you want to achieve, working out what might affect that, how likely it is, deciding what systems and protocols to put in place to address those situations, and putting them in place. Good risk management also means two way communication with those affected, and continually monitoring what is going on.

The most common misconception about risk management is that its purpose is to avoid risk. In fact, its purpose is to make success more likely. An effective risk management system should support change, innovation and enterprise as much as it reduces or avoids undesirable risks. As one commentator put it, effective risk management doesn’t slow an organisation down – it allows you to run faster.

We recognise that institutions vary significantly in their approach to risk management and the level of investment they are prepared to make to implement a risk management system that is appropriate for the institution. Some risk management systems can fail to deliver the necessary level of assurance because risk processes are disconnected or because key information is not adequately shared within the business. Or simply, that there is not an adequate commitment from the top of the institution to ensure risk management arrangements are embedded at all levels.

What we do

KCG has extensive experience of working with institutions to implement and improve their risk management processes. We assist management with designing risk management frameworks and establishing robust risk management processes and procedures, facilitating risk workshops at all levels of the institution, and assisting with the development of processes for monitoring, control, and reporting.

Key areas where we can help your institution are as follows:

Design of the risk management system – working in partnership with you we can help you design a system that is tailored specifically for you, in that it recognises your unique characteristics and is proportionate, and provides pragmatic working practices that fit your needs

Risk identification and assessment – typically we adopt a workshop approach to identifying risk and then assessing likely impacts on the success of the business. This ensures there is a shared, cross-business view of risks and their significance and potential impact

Risk maturity assessment – this helps to identify the extent to which risk management has been embedded in your institution and therefore whether remedial steps are required to improve risk activities. There are five levels of risk maturity that we consider:

  • Risk naive – No formal approach developed for risk management
  • Risk aware – Scattered silo based approach to risk management
  • Risk defined – Strategy and policies in place and communicated
  • Risk managed – Enterprise-wide approach to risk management developed and communicated
  • Risk enabled – Risk management and internal control fully embedded in the operations

Risk management improvement plan – working with you to assess your existing risk management arrangements and support implementation of improvements to make them fit for purpose. Areas we typically cover are:


  • Has the tone at the top been established and is the board actively and visibly involved in risk management?
  • Are risk management practices aligned to your strategic and operational drivers?
  • Has the board established the institution’s risk appetite to drive the risk management response?


  • Is there a common awareness of risk throughout the business?
  • Have the right people been made risk owners?


  • Are risk assessments robustly and consistently applied?
  • Is there regular re-appraisal of the risk profile to ensure it remains current and emerging risks are identified and managed?
  • Are reporting processes appropriate for the board and responsible managers?
  • Do senior management and the board understand the sources of assurance to oversee risk management effectively?

The key features of our risk management advisory services are

  • We work collaboratively with our members to help them develop their risk management arrangements
  • Our team has extensive experience of working with a variety of institutions and can therefore help you develop best practice arrangements
  • We adopt a pragmatic approach to our work, recognising that one size does not fit all; we tailor our work to fit your needs


Risk management diagram


Risk Management Services