Red Strokes Consulting

Business done differently

Risk Based Assurance

Introducing Risk based Assurance

Mature organisations stop focussing on managing risk and ask their people to start managing the control framework.

Organisational leadership needs assurance that the management and operational control systems designed to deliver organisational outcomes are doing so effectively. When these control systems are well modelled, supported and operating to design, organisations are able to supress the potential for negative outcomes to impact its goals and objectives, just by operating to the design specifications.

When organisations start focussing on managing the controls that keep our systems operating efficiently and effectively, not only will they ensure business success through the assurance function, they will also limit the potential for unwanted outcomes (formerly known as ‘risk’) to impact outcomes.

How is our model different?

We focus on helping organisations manage risk in complexity. Our approach will ask you to push aside Risk Matrix (likelihood and consequence) model used extensively across commercial and Government sectors and adopt a new way. The Risk Based Assurance model is significantly more effective in:

  • providing performance insights,
  • identifying weaknesses in the control system,
  • identifying lead indicators of failure, and
  • supporting effective decision making.

The solutions we deliver will provide real time control insights such as whether they exist, the appropriateness of what exists and their performance in providing system control. We will highlight gaps in your management control framework and identify controls that are weak, underperforming or at risk of failure. Associated with this work, we will improve your governance framework, relying on scalable and repeatable control performance metrics as well as incident response planning to recognise if the control framework is failing.

The approach has many parts. These parts are outlines below.

Management System

Any risk to achieving an organisational mission will come from, or be a result of, a failure in the management system control framework. Our approach seeks to understand, measure and optimise the performance of the management system controls before we seek to add more steps for busy people to manage.

What’s a Management System Control Framework?

Risk Event

Risk is everywhere and risk does not go away. To manage risk strategically the appropriate level requires an organisational preparedness perspective. We work with clients to identify the most compelling negative events that organisations wish to avoid, and help to understand how the management system can be optimised to assure the negative event can be avoided.

What is Organisational Preparedness?

Metrics that Matter

Likelihood and consequence are not metrics. In fact, they are guesses. Risk ratings offer nothing more than a way to colour code the outcome of those guesses. We implement ways to assess, measure and report on the existence, health and performance of the existing management system controls to provide defensible metrics that enable confidence and decision making.

How do you measure control performance?

Download the Red Strokes Consulting Risk Based Assurance Whitepaper here

Download Now (Coming Soon)

Our approach is built on the foundations of a range of known concepts to create a management framework that is effective, insightful and supports more effective governance and improved decision making.

Control Frameworks

Using knowledge of system engineering, we rely on the management control system as the basis for risk suppression, measurement and transparency. Where the control system fails, we look to identify and fix the failure, not add controls to the system.

Theory of Constraints

To manage a system, we only need to identify and focus on the control (or control environment) whose ineffectiveness may increase the chance of a risk event happening, either because the control doesn’t exist, is not effective or is not being used.

Bow Tie

A basic visualisation of the relationship between risk sources, risk events, consequences and controls enables simplified oversight of the whole system, rather than a myopic view of individual risk line items.

Complex System Management

Understanding that complex systems cannot be defined by known cause and effect relationships means we can categorise and apply better techniques to manage risk in a complex contemporary business environment. Applying the lessons from the Cynefin Framework (Snowden), we can start to manage the things that can impact our mission beyond simple cause and effect relationships.

Services

Advisory Service

Red Strokes Consulting is positioned to provide advisory services to the executive leadership team or Board of Directors to improve the performance of your control systems. Undertaking our maturity assessment, we can provide insights into any strengths and weaknesses of the current framework and make recommendations to improve. If appropriate, we can provide an action plan to drive transformation across the organisation to improve control performance, reporting and early detection of potential negative outcomes.

Training and Speaking

Risk based Assurance is best positioned to support strategic, enterprise or organisational level intention. The approach has been successfully implemented at a Program Management level as well. Red Strokes Consulting is able to provide skilled workforce augmentation on a contract basis to implement the Risk based Assurance approach.

Contracting Service

Prefer to keep your management control in house? Perfectly understandable. Red Strokes Consulting can provide training or speaking engagements to introduce news ways of thinking about managing assurance and how our control frameworks are already in place and doing the heavy lifting for us.

Download our
Risk based Assurance Whitepaper

We know organisations can be somewhat wedded to the old ways of risk management. We know moving away from the norm is scary and you probably need more information. So we developed this whitepaper to walk you through a little more detail on the theories, methodology and application.

Reach out if you want to shift to manage your system to suppress risk impact, rather than simply admire the myriad of things that could go wrong.

Download Now (Coming Soon)

Sign up for my weekly thoughts on Personal Development

We know that life's challenges are unique and complex for everyone. Coaching is here to help you find yourself and realize your full potential.

Subscribe