Assurance & Compliance

Assurance & Compliance Services

Riskwest works with organisations to improve clarity and confidence in the application of business information, and those preparing or intending to become formally certified by an accredited third-party certification body.  As such, it is possible to demonstrate to customers, partners, and other stakeholders why your practices can be trusted.

Improving confidence in data and information so that decision makers can make more informed and better decisions is critical.  We recognise the extent to which the requirements of various standards need to be applied depends on an organisation’s operating environment and complexity, but for most organisations their application is key.

Risk-based Assurance and Regulation

Risk-based regulation has shown to offer significant benefits over prescriptive rules-based regulation as it allows limited resources to be better targeted to achieve desired regulatory outcomes and at the same time reduces the administrative burden imposed on regulated organisations.

We assist clients to develop and implement methodologies to prioritise regulatory activities based on an assessment of risk.  Risk -based regulation is complex and needs to be specifically tailored for the particular regulatory regime to ensure that any approach is systematic and repeatable, whilst remaining sufficiently flexible to respond to changing in environments. Successful implementation is dependent on the quality of methodology, the availability of quality data to input into the model and the capability of the regulatory organisation to implement such an approach.

Risk Profiling

Risk profiling is concerned with the inherent risk associated with a particular organisation, relationship, contract or project.  The profile highlights potential areas of risk or concern and can be used to prioritise management effort across those areas.

We have developed risk profiling methodologies which are based on a traditional risk assessment methodology supported by analysis of context-specific risk indicators. This methodology is used as a basis for developing customised risk profiling tools for our clients. A key part of the process is the identification of relevant leading and lagging indicators and developing an understanding of how those indicators relate to the overall risk profile.

Lessons Learnt

Organisations can learn lessons in a spectrum of ways, including from audits, inquiries, reviews, and client feedback.  Without a systematic approach to capturing and acting on those lessons, organisations seldom improve in anything other than a short term and ad-hoc way.

We work with clients to improve organisational performance by ensuring systematic application of better practice and knowledge to prevent the recurrence of problems and issues.

Root Cause Analysis

Root Cause Analysis (RCA) is a popular technique that attempts to identify the causes and contributing factors associated with a particular event or problem. A factor is considered a root cause if removal of that factor from the sequence of events prevents the final undesirable event from recurring; whereas a contributing factor is one that affects an event’s outcome, but is not a root cause. Though removing a contributing factor can benefit an outcome, it does not prevent its recurrence within certainty.

We have developed methodologies which combine many of the recognised RCA tools and processes into a simple but effective systematic approach which can be applied to any situation, problem, event or ‘near-miss’. The methodology focusses on establishing the root causes and contributing factors associated with a particular sequence of events. The output from the analysis is used to drive improvement in organisational processes and controls in order to reduce the risk of a similar incident re-occurring. The analysis is based on a structured Root Cause Analysis (RCA) methodology which asks the questions:

  • What happened?
  • What happened that should not have happened?
  • What didn’t happen that should have happened?
  • Why?
Compliance Reviews

The area of ‘Compliance’ recognises the extent to which the requirements of various standards need to be applied depends on an organisation’s operating environment and complexity, but for most organisations their application is critical.

Riskwest works with organisations who are preparing or intend to become formally certified by an accredited third-party certification body, and therefore demonstrate to customers, partners, and other stakeholders their compliance to standards.