Enterprise risk

Develop risk governance and organizational design

Design appropriate risk governance that assigns ownership of risk to all three lines of defense through identification, oversight and independence, and clearly defined roles and responsibilities.

Create risk reporting suites

Develop an effective risk reporting suite across the enterprise risk categories to identify the most impactful risks to the firm inclusive of a robust data governance program which includes the identification of critical data elements, data lineage and effective controls.

Implement risk control self-assessments (RCSA)

Enhance your RCSA framework through the creation of a risk library, identification of a control taxonomy, appropriate testing practices, and risk rating methodologies for inherent risk, controls, and residual risk with tactical outputs that can be leveraged enterprise wide.

Create governance and target operating models (TOMs)

Execute gap assessments, design target operating models with roadmaps, and drive initiative plans and implementation.

Develop risk policy and standards

An effective risk management program requires proper implementation of a policy-based infrastructure including the key tenants of policy, standards, and procedures.