Services/Risk Advisory & Governance
Practice 03

Risk Advisory & Governance

The controls, registers and reviews that boards and donors expect to see.

Governance and control frameworks that hold up to donor scrutiny and board oversight — designed for real operations, not compliance theatre.

What this is

An engagement built for the reader of the report.

Weak controls surface as audit findings, donor suspensions and, eventually, fraud losses. Our risk practice designs the frameworks that stop that chain — and tests them so you know they work.

We work with boards, audit committees and executive teams to embed practical governance: written policies people actually follow, risk registers reviewed quarterly, and controls documented in a way an external reviewer can retest.

What's included

The full scope of risk advisory & governance.

01

Corporate governance reviews

Board effectiveness, committee mandates, delegation of authority and policy suite assessments.

02

Enterprise risk management

Risk taxonomy, register, heat map and quarterly review cadence — built with the executive team.

03

Internal controls design & testing

Process walkthroughs, control-gap remediation and independent testing to give management assurance.

04

IT & information-systems risk

Access controls, change management, backup and cyber-posture reviews for finance and operational systems.

05

Fraud risk & whistleblowing

Fraud risk assessments, whistleblowing policy design and independent handling of tips.

You receive

Deliverables

  • Board-ready governance review report
  • Risk register, heat map and appetite statement
  • Internal controls testing memorandum
  • IT and cyber posture assessment
  • Board and audit committee training pack
Engage us if

This service fits you

  • Boards preparing for a governance review or donor assessment
  • Growing companies formalising their control environment
  • NGOs strengthening controls after an audit finding
  • Public entities implementing PFM reforms
How we work

From first call to signed file.

  1. Step 01

    Diagnostic

    Interviews with board, executive and process owners to surface current state and gaps.

  2. Step 02

    Framework design

    Policies, registers and control matrices tailored to your operating model — not shelf templates.

  3. Step 03

    Testing & remediation

    Independent testing of key controls, remediation plan with owners and deadlines.

  4. Step 04

    Embed & review

    Quarterly reviews, board reporting cadence and refresher training to keep the framework alive.

Standards applied
Documented, defensible, current
COSO ERMCOSO Internal ControlISO 31000IIA StandardsKing IV
Common questions

Before you ask.

Can you also do the internal audit?
Yes — we run co-sourced and outsourced internal audit functions, with an annual plan approved by the audit committee.
How long does a governance review take?
Typically six to eight weeks for a mid-sized entity, from kick-off to board presentation.
Do you train boards?
We deliver targeted sessions for boards and audit committees — governance duties, risk oversight and financial statement literacy.
Next up

Continue to Financial Advisory & Accounting