Risk Management

Define what levels of risk the organisation will accept by category (financial, operational, conduct, cyber, third-party), set quantitative/qualitative thresholds, and align them to decision rights.

Specify indicators, thresholds, and triggers that surface emerging issues early; connect them to management actions and board escalation paths

Model plausible severe events (e.g., payment outages, data breaches, liquidity squeezes) and document playbooks, roles, and decision checkpoints.

Identify important business services, set impact tolerances, map dependencies, and maintain continuity runbooks with periodic exercises.

Build and maintain a single, owned register with risks, causes, controls, residual ratings, action owners, and due dates; kept live through a disciplined update cadence.

Run a closed-loop remediation cycle with root-cause analysis, action plans, evidence of completion, and verification testing

Assess vendors and delegated service providers with tiering, due diligence, contractual controls, ongoing monitoring, and exit/contingency plans

Produce heatmaps, trend dashboards, and forward-looking papers that tie risk signals to performance, strategy, and capital/resource decisions.