Case Studies

Port Authority

Following government-driven amalgamation, we worked with a Port Authority Executive Leadership Team to develop and roll out enterprise-wide risk management across three busy Ports and a Head Office site.  This encapsulated all corporate services, commercial, landside and marine operations and led to greater transparency, controls assurance, better investment priorities and more informed decision making.


Following a change in disability sector funding through the ‘National Disability Insurance Scheme’ (NDIS), we worked through the sector landscape with government agencies and multiple not-for-profits/community service organisations to ensure their strategic and business plans provided adequate ‘early warning systems’ for their significant risks in the form of Key Risk Indicators (KRI’s).

Multi-sited Strategic Asset Management

With a contract coming to an end, one large organisation was keen to improve outcomes related to the outsourcing of its multi-year, multi-sited strategic and operational asset maintenance and replacement programme.  We worked with the organisation to determine the lessons learned from the previous contract, the mandatory requirements for the new contract, appropriate performance monitoring and risk allocation.

Medical Trust

Working with a Medical Trust, we were able to map and quantify their key insurable risk profiles. The client was then able to provide this to inform their Insurance Brokers submission, identifying missing and suboptimal insurance covers, and informing their future strategies for risk transfer.

Peripatetic workers

Working with a large organisation, with a significant cohort of lone and peripatetic workers, we were able to identify, map and quantify their vulnerability and exposure to violence and aggression.  Subsequently, we worked with the client to implement strategies based on rigorous risk assessment and evidence-based, cost-benefit analysis.

Audit Preparation

We worked with an organisation to verify their preparation for an audit against ‘ISO 22301, “Societal security – Business continuity management systems – Requirements’, the global international standard for Business Continuity Management Systems (BCMS).  In doing so, we were able to efficiently evidence that the organisation had met the requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise.  This allowed the client to provide evidence to their auditors, and other interested parties, that they conformed to international best practice.

Community Service

We were engaged by a Community Service Organisation to review and amend their approach to dealing with ‘lessons learnt’.  Having conducted an assessment of their current approach, we jointly identified what needed to improve and implemented a lessons capture systems for them to use on a systemic and systematic level.  This led to increased corporate knowledge and knowledge retention.


We allocated Partners to specific individuals with organisationally-identified professional development needs at our healthcare client.  Through structured mentoring and coaching, the risk and business continuity competency, confidence and capabilities of those individuals measurably increased.

Resilient and reliable supply chain

We worked with one organisation to ensure a more resilient and reliable supply chain could be established through their ‘Risk & Business Continuity Framework’.  This provided a uniform benchmark for good practice that satisfied the needs of the organisations customers and regulators – and provided greater assurance to clients that they were capable of maintaining continuity of operations.

Risk and audit committees

We were appointed to an organisation as their Risk Manager on a part time, permanent basis.  This involved maintaining the risk management framework, facilitating risk assessments and attendance/presenting to the risk and audit committee.

Lost tender submissions

We worked with one organisation to revisit a lost tender submission.  Working through a root cause analysis process, Riskwest were able to establish the reasons for that failure and implement a simple checklist to be used across all future tenders regardless of complexity or quantum.

NFP Organisations

The Board and the CEO of a NFP organisation needed assistance to develop and implement a risk management framework in line with contemporary practice. This included establishing strong risk governance practices.  Riskwest addressed the Board and management on the process required to develop and implement a risk governance framework. A Governance and Risk Committee (GRC) was established and given the responsibility by the Board to assists the board in carrying out its duties by providing independent and objective review, advice and assistance in the direction and oversight of activities relating to the identification, assessment and management of risk. A workshop session was held with this Committee to identify the risks associated with the governance function of the Board and develop appropriate monitoring, reporting and risk decision-making mechanisms.  The organisation is now implementing the agreed mechanisms and the Board is in a stronger position to discharge its oversight and decision-making role in relation to opportunities and risk.

External and internal operating environments

We were engaged to assist a client to articulate their risk appetite in the context of their current external and internal operating environment. A session was held with the Executive and members of the Board Audit and Risk Committee to consider the concept of risk appetite in relation to the types of risks facing the organisation. Qualitative and quantitative statements of risk appetite for each area of risk were developed. The discussion was framed within the context of the organisations current risks, strategic objectives, and specifically the measures currently used to assess risks. The discussion also considered the capacity and capability of the organisation to manage the risks in accordance with the defined appetite.  The results of the analysis were a set of documented Risk Appetite Statements (RAS) covering each risk category and functional area.  The statements were approved by the Board, incorporated into the Risk Management Policy and subsequently implemented as part of a revised risk management framework.

State Government infrastructure

One of our clients is involved in the delivery of major infrastructure projects for the State Government.  Large infrastructure projects are complex to manage, both at the strategic level and also the day to day project activities. We were engaged to assist with the development of the project risk management plan and facilitate the development of the initial and subsequent risk registers. Risk context was clearly defined, enabling quality data to be captured and reported to the appropriate governance committee.

Tender process evaluation

We were engaged to facilitate an analysis of the recent tender process for a major services contract. This involved the systematic evaluation of the events which occurred to identify the causes and contributing factors which led to the present situation. The outcomes of the analysis informed the development of a Tender Response Risk Evaluation Tool which the client now uses to evaluate all tender responses to identity the inherent risks associated with a particular opportunity and reduce the potential for future significant adverse events or outcomes.

Inform decision making

One of our clients wanted to better understand the big ticket items which they may confront in striving to achieve their strategic objectives.  We worked with the Board and executive to integrate the risk process into the organisations strategic planning model. We unpacked the model into 4 components, ‘Preparing to Plan’ (including environmental scans and stakeholder analysis), ‘Developing the Plan’, ‘Implementing the Plan’ and ‘Monitoring & Reviewing the progress to Plan’. We then worked with the organisation to consider the risks relevant to each component as part of doing that specific component of the planning model. The key to success was to then use the risk information gathered to inform the next component of the planning process.  The outcome was that the organisation had a true strategic risk profile and the risk information was then used to inform decision making.

Developing greater levels of confidence

A client needed to obtain a high level of confidence that they were aware of and managing the key risks to the successful delivery of their services. They had a risk register, however, the structure did not provide a sufficient level of confidence that they were across the key risks. They were lacking a sufficient level of detail in the context area to demonstrate that they have thought about all of the areas at risk.  The solution was to work with the client to compile a full list of business activities by division and identify the critical success factors for each of the activities. Once armed with this information we could map risks to the critical success factors and identify where there were any gaps. Establishing a clear context was essential to help the client to develop a greater level of confidence that they had thought about the risks in all areas of the businesses operations. The context provides the road map to risks and the clear understanding of the context provides the assurance that all risks are being identified.

Event sponsorship achievements

A client had an annual program of event sponsorship and they require assurance from the event holders that they are managing the risks associated with their event and able to evidence their risk management process.  Working with the sponsoring organisation we established a process to ensure a consistent approach to event risk management, provide training to event holders in the organisations sponsorship program in preparing Risk Management Plan’s and provide a Risk Management Plan review process for the event holders and the sponsoring organisation.  The outcome of this process is that the event holders have a useful risk management plan and the sponsoring organisation has a higher degree of confidence in the successful delivery of the event receiving sponsorship.

Establishing business relevant risk management

A client sought advice on how to establish business relevant risk management, which will be used by the people in the business and be more than a compliance exercise. The organisation has had several attempts to embrace risk management but each time it has been short lived and then parked.  Our advice to the client was to make certain that the approach to risk is directly integrated into how the organisation goes about planning and delivering its business. Based upon our past experience with similar type businesses we could illustrate how important it is to start your organisations risk thinking within the organisations planning processes. The risk thinking cannot be done in its own bubble separate to everything else you are doing to make the organisation a success. With this organisation we started by unpacking the strategic and operational planning processes and identifying where the risk thinking can be integrated into these processes. This organisation is currently in the process of commencing their strategic plan review and they are preparing to conduct a strategic risk review as a part of the broader plan review. Then armed with the strategic risk information they will ensure that the strategies going forward reflect the position they want to achieve in respect to the level of risk they are prepared to take.

Learning from others experiences

A client providing risk related services to a large number of their clients were looking to learn from others experiences in the delivery of risk services to consider the pros and cons of the different deliver models available. Riskwest was able to provide a briefing to the clients Board based on our extensive experience on the issues associated with the delivery options available.