Risk Assessment Framework Implementation

Case: Implementation of Risk Assessment Framework

0 M

Duration

0 FTE

Consultants

Table of Contents

BACKGROUND

A global energy and utilities firm wanted improvement in the risk assessment framework. Many attempts were made to get a regular setup, but it had only moderate success

CHALLENGE

It was needed to understand why previous attempts were not so successful. Secondly, the management requested an action based (not too methodological) approach on risk assessments. Furthermore, Group governance existed and further alignments were required. Lastly, the company is not regulated and hence there is not stringent for to perform assessments.

ASSIGNMENT

 Deliver a tailor-made risk assessment framework and pilot the framework ensuring sponsorship.

APPROACH

The project was split in 3 distinct phases:

  1. Review current state (as-is analysis), Requirement gathering and Methodology proposal
  2. Building basic framework (Governance, Taxonomy, Methodology details etc) including initial assessments
  3. Detailed assessment and improvement Path Including lessons learned)

RESULT

The first phase concluded that many different assessment types existed in many different formats. A proposal was made to streamline this. Furthermore there was no clear indication of a process or tool to be used to help with performing the assessment. Porteg build some base framework components to align the different assessment and proposed a new methodology to run. An extremely important focus was the management buy-in. Next to assigning management sponsors, we engaged regularly with the management team to stress the importance of risk assessment.

After this effort, we selected a set of 10 risks together with the management to perform initial analysis on and to test the framework. Porteg also coached the existing risk team to ensure the framework could be caried forward.
Improvement actions for specific risks were rolled out as well as continuous assessment could take place on those risks. The technology to support the process was build (including reporting) and the company is ready to perform risk assessments.