QRMC is a very experienced Risk Management Consultant, having delivered a wide range of Risk Management projects since our inception in 1998.

QRMC works in compliance with the international standard ISO 31000 Risk Management to deliver Risk Management services. We develop and deliver services tailored specifically to your organisation’s needs, not “off the shelf” products, so that you can be confident that the objectives of your Risk Management project will be achieved.

Our services include:

  • Enterprise Risk Management
  • Development of Risk Management Programs
  • Review of Risk Management Programs
  • Development of monitoring and reporting protocols to embed risk management into the organisation
  • Risk Assessments, strategic or operational
    • Organisation-wide risk assessment
    • Department or functional area risk assessment
    • Project risk assessment
    • Safety risk assessment
  • Facilitation of Risk Identification Processes
  • Development or Review of Risk Registers
  • Safety Risk Management
  • Project Risk Management
  • Provision of risk management training to all levels within an organisation

Risk Management Program options delivered by QRMC

QRMC has developed enterprise risk management programs for large and small organisations. When developing risk management programs, we also design monitoring and reporting protocols which, when implemented, will assist to embed risk management into the organisation. These protocols are based around the organisation’s existing processes so that Risk Management becomes part of the normal way of “doing business”

QRMC also frequently assists organisations to review and update their existing risk management programs. This is often triggered by mergers or amalgamations (e.g. in local government) and provides an opportunity to upgrade programs to contemporary best practice Enterprise Risk Management.

As part of program reviews, QRMC undertakes formal gap analyses of risk management programs and processes against ISO 31000:2009 Risk Management and industry best practice, and provides clear recommendations/action plans for the rectification of any identified deficiencies. We can then assist with the redevelopment of the program if required.

Risk Assessment options delivered by QRMC

QRMC facilitates strategic and operational risk assessments on entire organisations, or any specified part or activity therein. We also conduct project risk assessments at any stage of the life of the project.

QRMC’s consultants are experienced facilitators, and will adopt a consultative, non-confrontational style when conducting risk assessments with your staff, resulting in more open communication and goodwill during the risk assessment process, and thus gathering more reliable information upon which the organisation can act to manage the identified risks. Our approach to risk assessment will provide confidence that no important risks have been overlooked, and that the true status of the risk (in terms of its consequence, likelihood and existing controls) has been identified.

QRMC has developed a suite of risk assessment tools and forms which are compliant with the international standard ISO 31000 Risk Management and which we have refined over time to meet the needs of most organisations. These can be tailored to the specific requirements and risk acceptance appetite of your organisation before deployment as part of your risk assessment process. Alternatively, if your organisation has already developed its own risk assessment methodology, QRMC’s consultants will apply that to the risk assessment process.

Training to Embed Risk Management

QRMC also provides training in risk management to all levels within an organisation, to guide personnel through the risk management process and instil in all staff the need for, and benefits of, a sound risk management approach.

What is Risk Management versus Risk Assessment?

Risk Management is, in summary, the process of: identifying potential events that might impact on an entity’s business objectives; quantifying the consequences and likelihood of the occurrence of these events; and then managing the risk of the event occurring in accordance with the entity’s appetite for risk, by planning and implementing controls and treatments. The process should also allow for the recognition and management of opportunities; the identification of impacts and results, and the actions required to maximise benefit.

Risk Assessment is a critical part of the Risk Management process. It involves systematically identifying the risks pertinent to the context of the activity or organisation being assessed, then analysing and evaluating the risks to reach a point of decision regarding how important each risk is and how it should be managed. Risk analysis is the process of determining the causes of the identified risks, the consequences should the risk occur, and the likelihood that those consequences will be experienced. The level of consequence is determined in the context of any existing treatments for the risk, specifically how effective those treatments are. Risk evaluation is the process of applying an agreed matrix to the consequence and likelihood levels to determine a rating for each risk, which is used to prioritise risks for consideration of treatment options and urgency. The risk assessment process is usually recorded in a Risk Register.