<

Practical, independent risk management advice. Develop a sustainable advantage!

Group Risk Consulting Ltd (GRC) is a niche, independent consulting AND resourcing firm that understands and is passionate about risk management.

Who we are

Group Risk Consulting Ltd (GRC) is a niche, independent consulting AND resourcing firm that understands and is passionate about risk management. We aim to provide simple, uncomplicated risk management advice in all areas of Governance, Risk and Compliance to small, medium and large organisations to optimise their risk management capabilities to achieve corporate objectives.

That means helping organisations to:

  •   Gain a more thorough understanding of risk – through all levels of your organisation.
  •    Optimise core business processes, thereby reducing: complexity, cost, probability of failure, and inefficiency.
  •    Increase and protect shareholder wealth / value.
  •    Enable organisations to be able to report confidently to regulators and shareholders.
  •    Develop sustainable operating models that are flexible and can absorb impact and change.
  •    Create a more confident workforce and senior management.
  •    Develop an effective risk management culture that supports your corporate objectives.
  •    Create a sustainable competitive advantage through managing risk well.

Read further to understand how we can assist you improve your organisational performance and profitability, through effective risk management – for the long term.

Why Us

We believe can make difference due to the fact that:

  •   We are passionate about business and using risk to help deliver tangible benefits.
  •    All of our key people have domestic and international ‘Big 4’ or Big Bank management experience.
  •    Our experience allows us to know what works and what doesn’t.
  •    We use our skill and knowledge to be innovative and deliver practical and rewarding solutions that are backed by tried and tested methodologies that we know work.
  •    Being independent and offering niche solutions allows us to provide true value for money with a highly flexible approach.
  •    We can be used as a 'one stop shop' for all your risk management requirements.

 

The breadth and depth of our consultants’ risk management knowledge allows you to:

  •    Have confidence in outsourcing your risk management requirements – allowing you to focus on what you do best.
  •    Have single point of contact for all your risk management resourcing and delivery requirements.
  •    Increase your bandwidth to do other critical tasks.

 

Our Services

GRC can help you develop capability in, or optimise any of the following areas of risk management. Our services can be tailored to meet your requirements – timeframes, resources and budgets.

 

Key Market Sectors

Financial Services

  • Investment Banking
  • Retail Banking
  • Fund Management
  • Funds of Funds
  • Hedge Funds
  • Private Banking

Industry

  • Manufacturing
  • Professional Services
  • Pharmaceuticals
  • Oil & Gas
  • Fashion & Luxury Goods
  • Shipping
  • Insurance
  • Health & Fitness
  • Entertainment

Public Sector

  • Government Departments
  • Quangos / Semi Privatised
  • Universities

 

 

 

 

 

GRC Team

GRC’s Management team has over 100+ years of experience assisting organisations internationally. All have deep SME risk area and industry knowledge, and extensive client / customer management experience. GRC can also call on a network of affiliated associates in a variety of locations around the world to help meet your project delivery requirements.

Michael Porteous

Managing Director

Michael has 20 years’ experience managing a variety of risk types for a number of organisations internationally. He has an excellent and reliable understanding of the business, economic and cultural drivers for managing risk well (profitably and sustainably). He has the unique ability to be able to think strategically (horizontally) whilst ensuring that the detail at the lower levels (vertical) has been accurately considered and implemented. He believes that risk management needs to be simple, accurate and effective in order to be well understood, embraced and embedded into the fabric of an organisation.

Michael has developed and successfully implemented some of the first IT and Enterprise Risk Management Frameworks for large global corporates as early as 2004. He has built enterprise and operational risk management frameworks for a range of large global corporates including banks (retail and investment), insurance companies, professional service companies, IT service providers, shipping companies and manufacturing companies. He has held senior roles such as ‘Head of’, ‘Global Head of’, ‘Executive Director’ and ‘Practice Lead’ in the areas of Enterprise, Operational and IT Risk Management for some of the world’s largest and most prestigious firms.


Michael has been a pioneer in risk management for many years. Having developed and implemented one of the first internet based, real-time share-trading systems in 1997, and with an educational background in economics, business and risk, he began designing, developing and promoting the requirements for, and benefits of, effective risk management well before risk management became a key regulatory requirement. In essence, he understands that without risk, there cannot be business opportunity. And, without managing risk well, these opportunities cannot be exploited.

 

Steve Miller

Head of Risk Management

Steve is a technically accomplished risk professional with wide experience of designing and implementing risk frameworks. This has been in a wide variety of business environments and geographies.

He is an energetic and motivating team leader with proven ability at influencing executive management and stakeholders. Leadership and technical ability has given Steve experience in delivering risk frameworks that focus on strategic objectives, including delivering transformation in businesses facing unique challenges.

Steve is an open and transparent communicator experienced at translating complex risk theory into useable and pragmatic business solutions. The majority of his career has been spent in financial services which has included investment banks, corporate banks, wealth and asset managers and more recently two government owned institutions.

Steve’s last two roles were as Head of Risk at The Bank of England and then Post Office Limited. These roles included assisting the institutions manage significant organisational change and strategic challenges. He restructured the approach to risk in these institutions through a combination of changing the skill sets of the teams of risk practitioners, and through redesigning and implementing new approaches to risk best suited to the unique operating challenges of the respective institutions.

Focussing on effective transformations in response to new regulation and developments in risk practice has been a continual theme. This has been achieved through creating and embedding the risk frameworks and also through building positive risk culture within each environment. Managing through mentoring and development has been a significant part of his career and Steve has left a legacy of high performance risk teams.

 

Dean Hill

Director, Risk Management

Dean is a senior risk management professional with over 33 years’ experience of delivering quality risk solutions to large organisations. His main SME lies within the areas of, frameworks and control structures. He is expert in all aspects of operational risk management, risk mitigation, control implementation, risk policy development and assurance, oversight and internal audit. He is a proven senior manager, with the ability to deliver to demanding standards and deadlines.

At RBS, Dean produced a comprehensive Operational Risk policy framework as part of the “stand up for business” process, across whole Williams & Glyn ‘challenger’ bank. This included the delivery of a Risk & Control Self-Assessment portfolio ahead of target, to inform firm-wide Risk Profile. He also led and delivered a “Material Issues” project into Williams & Glyn, together with reporting and escalation mechanism, to enable accurate risk and issue management. As Head of Operational Risk Partnering Team, he built a permanent team and delivered a revised framework and methodology/system training across bank.

Dean has also held senior positions within Barclay’s Operational & Group Risk functions over 32 years.

 

Rakesh Tripathi

Head of IT Security and Risk

Rakesh is a seasoned senior Cyber security and Risk consultant having accrued 14 years of experience within industry. He has significant and wide-ranging experience deploying enterprise / IT risk frameworks, security architectures and solutions for major banking and financial services organisations and has delivered risk assessments, project management, security audits and 3rd party assessments. His major hands-on technical experience includes a focus on DLP, SIEM, vulnerability management, IDS/IPS and eGRC technologies. He complements his strong technical skills with an excellent working knowledge with a variety of compliance regimes including ISO 27000 series, PCI-DSS, ISF, SOX, CoBIT, COSO and ITIL.

Rakesh is a passionate risk practitioner and a well-rounded professional who has worked with many complex global organisations / clientele across multiple industries (financial and non-financial). He possesses unique blend of technical as well as business skills to understand / define strategic objectives and to deliver tailored risk solutions/consultancies to promote right risk culture.

 

Our Clients

Williams & Glyn

RBS

Deutsche Bank

Zurich

The Deputy Prime Minister Office

HM Passport Office

House of Commons

Post Office

Case Studies

Client Requirement:

Review the banks Operational Risk Management Framework and improve where required in line with best practice in preparation for change in ownership.

GRC Approach:

  • Information Gathering: Interviews with key stakeholders
  • Data Consolidation and Problem Identification: Review and consolidate data to identify key areas of concern / problems.
  • Gap Analysis: Carry out detailed gap analysis of existing framework (structure, processes and procedures) against best practice (COSO2, Basel 2/3, ISO31000).
  • Findings Validation: Validate findings with key Stakeholders.
  • Delivery Plan Development: Develop project plans to remediate and improve problem areas identified.
  • Progress Reporting: Report on progress, problems and successes. Delivery managed within a formal project risk management approach.

Results:

  • Identified a number of areas for improvement, particularly in relation to risk and issues data quality – non compliance with current and future regulations (Basel 2/3, ICAAP, IT Risk Management process, BSCB239).
  • Gaps in formal process for risk data aggregation and Issue management.
  • Lack of integration of IT risk assessment results into Group Operational Risk register.
  • Development of consistent risk evaluation and reporting data set (Key Data Elements – KDEs).
  • Structuring of risk reporting formats for internal Committees (Op Risk, Board Risk, Exco) and external stakeholders (RBS, regulators).
  • Risk identification and awareness workshops.
  • Improvement of the risk data capture process.
  • Improvement of the RCSA process.
  • Enhancement of the GRC data capture tool – to better capture, consolidate and report risk data.
  • Development of a formal architecture to meet BCSB239 requirement.

Client Requirement:

  • Undertake an assessment of Internal Capital Adequacy, write and submit to the regulator an annual ICAAP submission.
  • Develop a process that could be replicated across the Group to complete ICAAP submissions in a consistent way annually.

GRC Approach:

  • Background / information gathering: Interviews with key stakeholders, across domestic and international entities.
  • Gap analysis: Carry out detailed gap analysis of Dutch and UK regulatory requirements and existing internal processes.
  • Process development: Develop ICAAP and adapt to the organisation’s structure.
  • Stakeholder analysis: Determine who the key stakeholders were in order to conduct the risk evaluation workshops, and approval of collected data.
  • Risk assessments: Conduct detailed risk assessment across all key business units and critical processes (structured interviews).
  • Develop Risk Scenarios: Develop a series of risk impact scenarios to help define the potential risk impact probability and cost.
  • Data consolidation and exposure calculation: Consolidate the obtained data and model the potential frequency and cost of potential scenarios.
  • Organise and run scenario validation workshops: Plan and run a series of scenario validation workshops with identified key stakeholders.
  • Findings validation: Validate findings (risk, gaps & improvement actions) with key Stakeholders.
  • Regulator discussions and approval: Frequent discussions with local regulator in relation to ICAAP results.
  • ICAAP submission drafting: Write formal ICAAP submission using validated workshop findings.
  • Formal ICAAP Submission Approval: Seek formal approval of ICCAP data and draft submission document.

Results:

  • Compliance with regulatory requirements.
  • Improved understanding of the need for risk management across the group.
  • Improved, repeatable ICAAP development process.
  • Developed ICAAP data library and use process.
  • More confident management.
  • More confident regulator as to the robustness and sustainability of the company.

Client Requirement:

Assess and improve the IT Risk Management process to meet best practice and help improve risk management effectiveness within a multi-billion euro change program of work (Run the Bank / Change the Bank).

GRC Approach:

  • Background / Information Gathering: Discussions with key stakeholders to identify, what works, what doesn’t, and required improvements.
  • Gap Analysis: Conducted formal gap analysis (against regulatory requirements (Basel2/3, COSO2, ITIL, COBIT5).
  • Risk Assessments: Conducted a number of risk assessment workshops to understand process and gaps on key projects, locally and internationally.
  • Results Consolidation: Consolidated / aggregated results.
  • Findings Presentation: Presented findings to key stakeholders and made recommendations for improvements.
  • Project Planning: Developed program plan to implement improvement actions.
  • Policy Review: Reviewed and gap assessed a number of key policies.

Results:

  • Reengineered the IT / Operational risk management processes and risk register data capture investigative question sets. Resulting in more efficient framework processes. More accurate & meaningful data. More effective management reporting.
  • Aligned and integrated the IT risk taxonomy with Basel 2 risk types for operational risk classification.
  • Improved understanding of risk management use and process.
  • Identification of the fact that there were too many similar processes operating at different levels within the Bank and that there was significant data duplication that contributed to the operational risk – poor management, duplicated effort, confusion, inaccurate reporting.
  • Delayered & consolidated a number of redundant / duplicated risk management processes.
  • More accurately defined IT risks, that clearly articulated the inherent exposure and its impact on the banks operational processes.
  • More efficient and effective mitigation actions – to reduce the identified risk exposures.
  • Better informed stakeholders and management.

Client Requirement:

Review current operational risk management framework, gap identification, make recommendations for improvement. Key considerations: ensure risk management practices are embedded within the business and management are conforming to risk management practices / culture. Be able to:
  • Provide the Board and senior management with an accurate risk profile of the business.
  • Provide the Board with assurance that effective risk controls where operating.

GRC Approach:

  • Risk Maturity Assessment: Reviewed the maturity of the current risk management framework and process – via stakeholder interviews.
  • Gap Analysis (against best practice): Benchmarked the current risk management framework structure and processes against industry best. practice and identified areas for improvement.
  • Detailed Risk Assessment: Detailed risk assessment undertaken across entire business with key stakeholders. Data consolidation undertaken, and key risks and controls presented to the board and management.
  • Risk Culture Assessment: Carried out assessment of risk culture to determine stakeholder knowledge levels and attitudes to risk ownership’ Recommendations for improvement and delivery plan developed.
  • Framework Development: Development of all framework components (processes, procedures & policies), where gaps and improvement actions identified. Including risk appetite and tolerance statements and metrics.
  • Framework Documentation: Development / enhancement of all framework documentation (processes, policies & training material).
  • Training and Awareness: Developed and delivered formal risk management training for a range of stakeholders (Board members, senior managers, & suppliers).
  • Stakeholder Communication: Developed consistent stakeholder communication in relation to the to the rolling out of the framework and ensuring that key partners and stakeholders, understood need to use and complied.
  • Risk Profile: Company’s risk profile developed, refined and keys risks communicated to risk owners and management.
  • Risk Appetite / Tolerance: Risk Appetite and Tolerance parameters and statements developed and agreed by the Board.

Results:

  • Greatly improved risk management processes. Increased understanding of importance of risk management.
  • More confident and engaged workforce.

Client Requirement:

Design, develop and implement a best practice and globally compliant IT risk management framework.

GRC Approach:

  • Background / information gathering: Gather information via investigative questionnaires re key process, products, people, ways of working.
  • Best practice gap analysis: Assessed the current international best practices for IT risk management including COBIT, ITIL, ISO270001.
  • Detailed risk assessment: Carried out program of detailed risk assessments (interviews and workshops) across key business units / functions.
  • Risk culture assessment: Carried out assessment of risk culture to determine stakeholder knowledge levels and attitudes to risk ownership.
  • Framework development: Development of all framework components (processes, procedures & policies) .
  • Framework testing: Full testing of all framework components and processes within Insurer locally and with key 3rd party suppliers.
  • Framework documentation: Development of documentation relating to all components of the framework (policies, processes & procedures).
  • Rollout planning & delivery: Developed rollout plan for Europe and US businesses. Fully approved by Exco. Fully delivered.
  • Training and awareness: Developed and delivered formal risk management training for a range of stakeholders (CISOs, Account Managers, senior managers, board level executives & suppliers), in a number of countries.
  • Stakeholder communication: Developed consistent stakeholder communication in relation the to the rolling out of the framework.

Results:

  • Successfully, developed and implemented an innovative and regulatory compliant IT Risk management framework that was classed as ‘Best of Breed’ by PWC’s external auditors.
  • Rolled out framework and training internationally to all of Insurer’s main offices in each country (US, Switzerland, EU and UK).
  • Established and trained a team of 8 internal staff internationally to be competent IT / Operational risk managers.
  • Successfully training all key stakeholders (internally and externally, domestically and internationally).
  • Identified numerous key risks, resulting in re-engineered business processes, replaced a number of suppliers, created new projects.
  • Improved senior management reporting and board level communication in relation to risk.
  • Implemented formal risk culture monitoring and measurement approach.
  • Enhanced business / IT resilience capability.
  • Significant cost savings.

Client Requirement:

  • Design, develop and implement an Enterprise Risk Management (ERM) framework that is IT centric to help reduce the potential for failure of this flagship multi billion £ project.
  • Develop a risk management culture that embraces risk management ‘ways of working’ in everything that is done.
  • Establish effective risk management reporting to enable senior management to report effectively to government sponsors and key stakeholders.

GRC Approach:

  • Background / information gathering: Gather information via investigative questionnaires re key process, products, people, ways of working.
  • Risk maturity assessment: Reviewed current risk management framework and process, via stakeholder interviews.
  • Gap analysis (against best practice): Benchmarked the current risk management framework structure and processes against industry best practice and identified areas for improvement.
  • Detailed risk assessment: Detailed risk assessment undertaken across entire business with key stakeholders. Data consolidated, and key risks and controls presented to the board and management.
  • Risk culture assessment: Carried out assessment of risk culture to determine stakeholder knowledge levels and attitudes to risk ownership. Recommendations for improvement and delivery plan for execution developed.

Results:

    Developed and implemented all framework components (processes, procedures & policies), where gaps and improvement actions identified.
  • Developed all framework documentation (processes, policies & training material).
  • Developed and delivered formal risk management training for a range of stakeholders (Board members, senior managers, & suppliers). This included 36 senior project managers.
  • Developed consistent stakeholder communication process in relation to the rolling out of the framework and ensuring that key partners and stakeholders.
  • Department’s risk profile developed, refined and keys risks communicated to risk owners and management.
  • As a result of identifying, evaluating and pricing risk exposures and required mitigation action actions and correct risk ownership of these with key stakeholders, a total of £85 Million of project costs were removed from the various project contracts with key suppliers.
  • More confident senior management and workforce.
  • More efficiently delivered projects, reduced operational costs.

Client Requirement:

Design, develop and implement a best practice enterprise Risk Management (ERM) Framework that can be sustained over the long term to protect and enhance the businesses profitability.

GRC Approach:

  • Background / information gathering: Gather information via investigative questionnaires re key process, products, people, ways of working.
  • Risk maturity assessment: Reviewed current risk management framework and process, via stakeholder interviews.
  • Gap Analysis (against best practice): Benchmarked the current risk management framework structure and processes against industry best practice and identified areas for improvement.
  • Risk assessments: Detailed risk assessment undertaken across entire business with key stakeholders. Data consolidated, and key risks and controls presented to the board and management.
  • Risk culture assessment: Carried out assessment of risk culture to determine stakeholder knowledge levels and attitudes to risk ownership. Recommendations for improvement and delivery plan developed.

Results:

  • Developed all framework components (processes, procedures & policies), where gaps and improvement actions identified.
  • Developed all framework documentation (processes, policies & training material).
  • Developed and delivered formal risk management training for a range of stakeholders (board members, senior managers, & suppliers). Developed consistent stakeholder communication in relation to the to the rolling out of the framework and ensuring that key partners and stakeholders, understood the need to use and complied.
  • Department’s risk profile developed, refined and keys risks communicated to risk owners and management.
  • Developed comprehensive stakeholder management map / engagement plan to ensue that all stakeholders understood the benefits of risk management and risks of not doing risk management well. This extended to Trade Unions, government departments, operational partners, shipping companies, rail companies, transport companies, oil companies, and military.
  • Optimised business continuity plan.
  • Improved operational processes.
  • Optimised Insurance program.
  • More confident board and stakeholders (decision making).

Client Requirement:

  • Develop, design and implement an Enterprise Risk Management (ERM) framework to assist with the successful management of the UK government’s Public Sector Agreement targets (PSAs).
  • Develop risk management culture: enhance awareness of risk management requirements across the department. Encourage proactive risk ownership throughout senior management and wider organisation.

GRC Approach:

  • Background / information gathering: Gather information via investigative questionnaires re key process, products, people, ways of working.
  • Gap analysis & maturity review: Carried out detailed benchmark of department’s current risk management practices against recommended best practices (COSO, ISO31000, ISO27001).
  • Risk assessments: Conducted detailed risk assessment across the core business units and functions.
  • Findings consolidation: Review findings and consolidated to produce a consistent / common set of agreed risks across the business.
  • Results communication: Communication of key risks, risk ownership and mitigation processes to key stakeholders within government.

Results:

  • Designed, developed and implemented all framework components, process, policies and procedures.
  • Identified and agreed appropriate mitigation actions with all risk owners.
  • Defined key government and European regulatory requirements and processes to ensure compliance.
  • Developed and implemented a formal risk committee with Terms of Reference to agree major risks and mitigation actions.
  • Ensured that the National Audit Office (NAO) played a key role in reviewing (auditing) and approving the proposed risk management and governance processes and infrastructure.
  • Ensured that risk management and governance processes were incorporated into the formal project management process.
  • Developed key metrics for benefits realisation measurement – of key initiatives, major projects and high value spends.
  • Development and implementation of a formal risk reporting framework and process, for Risk Management Committee.
  • Department’s business objectives were more clearly defined, allowing resources and commitment required to achieve these to better understood.
  • Improved understanding of the need to use risk management to drive performance and deliver results.
  • More confident & engaged workforce.

Client Requirement:

Design, develop and implement a best practice enterprise Risk Management Framework (ERM) that can be sustained over the long term to protect and enhance the businesses profitability.

GRC Approach:

  • Background / information gathering: Gather information via investigative questionnaires re key process, products, people, ways of working.
  • Risk maturity assessment: Reviewed current risk management framework and process, via stakeholder interviews.
  • Gap analysis (against best practice): Benchmarked the current risk management framework structure and processes against industry best practice and identified areas for improvement.
  • Risk assessment: Detailed risk assessment undertaken across entire business with key stakeholders. Data consolidation undertaken, and key risks and controls presented to the board and management.
  • Risk culture assessment: Carried out assessment of risk culture to determine stakeholder knowledge levels and attitudes to risk ownership. Recommendations for improvement and delivery plan developed.
  • Findings consolidation: Findings consolidated to produce a consistent / common set of agreed and prioritised risks across the business.

Results:

  • Developed all framework components (processes, procedures & policies), where gaps and improvement actions identified.
  • Developed and delivered formal risk management training for a range of stakeholders (board members, senior managers, & suppliers). Developed consistent stakeholder communication in relation to the to the rolling out of the framework and ensuring that key partners and stakeholders, understood the need to use and complied.
  • Developed company’s risk profile, refined and key risks communicated to risk owners (management, partners, suppliers).
  • Developed comprehensive stakeholder management map / engagement plan to ensue that all stakeholders understood the benefits of risk management and risks of not doing risk management well. This extended to Trade Unions, government departments, operational partners, shipping companies, rail companies, transport companies, oil companies, and military.
  • Optimised business continuity plan.
  • Improved operational processes.
  • Optimised insurance program.
  • More confident board and stakeholders (decision making).

Client Requirement:

Design, develop, implement and embed, a comprehensive Enterprise Risk Management (ERM) Framework.

GRC Approach:

  • Information gathering: Undertook series of investigative / consultative discussions (interviews) across the business with a range of different stakeholders– business units and functions.
  • Stakeholder analysis: To determine who most the most important stakeholders were and why (internal & external).
  • Gap analysis & maturity review: Carried out detailed benchmark of department’s current risk management practices against recommended best practices (COSO, ISO31000, ISO27001).
  • Risk assessment: Undertook detailed risk review across all group’s operations, business units and functions.
  • Governance & reporting requirements: Establish a formal risk committee with Terms of Reference (ToRs) to agree major risks and mitigation actions. Ensured that risk management and governance processes were incorporated into the formal project management process.
  • Risk culture review: Undertook risk culture review across key stakeholders, to determine level of risk understanding and attitude toward risk management.
  • Findings consolidation: Findings consolidated to produce a consistent / common set of agreed and prioritised risks across the business.

Results:

  • Identified and agreed appropriate mitigation actions with all risk owners.
  • Developed corporate risk profile and communicated to key stakeholders.
  • Developed company’s risk profile, refined and key risks communicated to risk owners (management, partners, suppliers).
  • Design, development and implemented all risk management and BCP framework components (process, policies and procedures).
  • Designed risk culture enhancement / management framework and achieved management buy-in.
  • Reviewed corporate strategy and linked to key risks and business objectives.
  • Reviewed the company’s physical security plan, identified gaps and outlined areas for improvement.
  • More cost effective insurance program, clearly linked to key risk exposures.
  • Improved understanding of the need to use risk management to drive performance and deliver results.
  • More confident & engaged workforce.
  • Developed and implemented a formal risk reporting framework and process, for Risk Management Committee.
  • Enhanced confidence of key suppliers of company’s performance, sustainability and robustness.

Client Requirement:

Design, develop and implement / embed, a comprehensive Enterprise Risk Management (ERM), Framework.

GRC Approach:

  • Background / information gathering: Undertook a series of investigative / consultative discussions with a range of different stakeholders across the department – business units / functions.
  • Stakeholder analysis: Carried out detailed stakeholder analysis to determine who the key stakeholders were (internally & externally).
  • Gap analysis & maturity review: Carried out detailed benchmark of department’s current risk management practices against recommended best practices (COSO, ISO31000, ISO27001), and local regulatory requirements Improvement actions defined.
  • Regulatory requirement assessment: Defined key local and regional government and regulatory requirements (MAS, SFC). Recommended improvement actions to close gaps to compliance.
  • Risk assessments: Undertook detailed risk assessments (structured interviews), with all key stakeholders, key departments and functions.
  • Critical process definition: Defined (mapped and prioritised), the businesses critical business processes.
  • Findings consolidation: Findings consolidated to produce a consistent / common set of agreed risks across the business.

Results:

  • Designed, developed and implemented comprehensive risk management framework (components, process, policies and procedures).
  • Developed company’s risk profile, agreed all risks with defined risk owners (internally and externally).
  • Identified and agreed appropriate mitigation actions with all risk and identified mitigation owners (if different).
  • Key operational processes definition and optimisation (process mapping, streamlining and prioritisation).
  • Identified and agreed individual process owners.
  • Established a formal risk committee with Terms of Reference (ToR) to agree major risks and mitigation actions for reporting to the board.
  • Ensured that risk management and governance processes were incorporated into the formal project management process.
  • Development and implementation of a formal risk reporting framework and process, for Risk Management Committee (RMC).
  • Improved understanding of the need to use risk management to drive performance and deliver results.
  • More confident partners and suppliers.
  • More confident & engaged workforce.

 

 

 

 

 

 

Submit RFP

Thank you for contacting GRC in relation to potentially providing risk management services to assist your business. We would be grateful if you could complete the following form to allow us to be a little more familiar with your requirements.

Please feel free to attach any documents that you feel will assist in explaining your requirement in more detail.

Your Details

 
 

Company / Organisation Details

 

Additional Information


Please upload any documents

Please note that the total size of your attachment(s) must not exceed 25Mb. Appropriate attachment types are ".doc", ".pdf", ".ppt", ".txt", ".xlsx", and ".zip".

 

Contact Us

 

Group Risk Consulting Ltd
37 Williams Road
Long Ditton
Surbiton
KT6 5RW

T: +44 (0) 7710194472
E: info@groupriskconsulting.com

 

Company No: 08508970

 

 

 

 

 

 

Terms

Privacy Statement

Last revised: 05 January 2017

This privacy statement only applies to the website with the URL ‘groupriskconsulting.com.’ and specifically this form, that we use to collect some basic information about you as a potential client. We do this so that we can better service your needs. By completing this form, you are implicitly agreeing to terms and conditions as stated within this ‘Privacy Statement’.

Information Collection

As a general visitor to our website you do not have to submit any personal information in order to use the website. Our website will only collect and use information that voluntarily provided by visitors to this site. Such information will primarily include (but may not be limited to), that which is requested in the ‘Request for Proposal (RFP)’ form, such as; ‘your name, current job title, company address, email address and telephone number.

The RFP form, can be accessed via the ‘Submit RFP’ link on the navigation bar at the top of our website or by scrolling down to the relevant part of the site.

We may also store and maintain any content that you provide, including but not limited to postings on any blogs, forums, wikis and other social media applications and services that we may provide.

We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from visitors. We will, where necessary, obtain your explicit consent to collect and use such information.

Log information, cookies, and web beacons

This site collects standard internet log information including your IP address, browser type and language, access times and referring website addresses. To ensure that this website is well managed and to facilitate improved navigation, we or our service providers may also use cookies (small text files stored in a user’s browser) or web beacons (electronic images that allow this website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our cookie notice.

Information use

At times, you may provide personal information via this site, for example, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest. In such cases, the information you submit will be used to manage your request and to customise and improve this website and related services offered to you. We may also use your personal information for marketing purposes, or to send you promotional materials or communications regarding services, (that we feel may be of interest to you) provided by Group Risk Consulting Ltd or one of our partners or subsidiaries, namely GRC Resourcing. We may also contact you to seek feedback on services provided by Group Risk Consulting Ltd or GRC Resourcing.

Your personal information may also be used to protect our rights or property and that of our users and, where appropriate, to comply with relevant legal processes.

You may at any time request that we discontinue sending you emails or other communications generated in response to your provision of personal information via this website.

Disclosure of information to third parties

We may provide your personal information to some of our partners / 3rd Parties in order to provide you with information and services that could be of interest to you and we may use it to conduct market or other research.

Personal information may also be disclosed to other entities within our network (partners / 3rd parties), in order to respond to your requests or inquiries, and as necessary to be able to better, evaluate and or manage your risk.

All of these disclosures may involve the transfer of personal information to countries or regions without data protection rules similar to those in effect in your area of residence.

Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests.

By providing information through this website, you are consenting to the disclosures described above.

Blogs, forums, wikis, and other social media

This website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal information or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any personal information or other information that you contribute to any Social Media Application.

Access to information

Visitors who would like to request access to their information, to update their details, or unsubscribe from communications should contact us directly. In all cases we will treat requests to access information or change information in accordance with applicable legal requirements.

Information security

We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this website from unauthorised access, disclosure, alteration, or destruction.

Changes to our Privacy Statement

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information.