Case Study

An Enterprise Risk Management maturity assessment for a large retail and asset management client

When:
2023
Where:
UK
Services involved:
Security Strategy Development

The AnotherDay team ran an Enterprise Risk Management maturity assessment for a large retail and asset management client. We spoke to key stakeholders across multiple business areas and of differing seniority to gain an understanding of how those across the business embedded risk management in their day-to-day activities.

The objective was to assess the current state of ERM practices within the organisation and identify areas for improvement. The findings highlighted several key areas for improvement, including the defining risk tolerance, consistent use of risk management tools, setting key metrics, ensuring oversight, and the alignment of strategic goals with risk-based approaches.

The client faced challenges in understanding and making decisions around risk-reward trade-offs due to the absence of formally defined risk tolerance for each business area and category of risk. Although some business areas had defined risk tolerance based on standards, regulations, or the nature of the threat, this baseline was not consistently applied across all business units or areas of risk.

Furthermore, while strategic goals were somewhat linked to key risks at the client, they were viewed as separate entities and sometimes conflicted with risk-based approaches, leading to high-risk decisions or projects being pursued without proper consideration of the associated risks.

The report also highlighted the lengthy journey they had come on to get to the maturity they were at and showcased their dedication to further improving risk management. Many individuals were extremely complimentary of the team involved in driving risk management and spoke of the supportive and communicative nature of that team.

The assessment of the client's ERM maturity revealed several areas for improvement, and we scored them based on this to help illustrate where they could benefit from making changes.

Project leads
Sneha Nichols‑Dawda
Consultant, Crisis & Security Strategy
View profile
Adam Carrier
Head of Consulting
View profile

Outcomes

The client was able to:

  • Use this report to leverage more resources and highlight the profile of risk management as a business function internally.
  • Use the recommendations to change structures or processes for the betterment of the business and ensure that risk management was viewed as a business enabler.
  • Gain an understanding of how people across the business view risk management and see it as part of their daily jobs.
  • Highlight some of the many successes in risk management and the overall journey thus far.
  • Plan future timescales of how they want to improve their risk management outlook.
  • Our findings also helped them to meet the requirements for important accreditations, in support of future investment.

Relevant case studies

View more projects we have completed for clients.

Crisis Planning and Continuity
Security Strategy Development
Crime Response
Security Strategy Development

Contact us

We’re always keen to talk through problems – even if you don’t end up working with us.

Let us know your problem or situation and one of our consultants will get back to you and arrange a call.

Step one
You let us know what you or your team requires help with.
Step two
One of our consultants will arrange a meeting to find out more.
Step three
We outline how we can help you in a proposal.
Step four
If accepted, we begin providing you or your team with our solution.