Risk Advisory

Nonsuch Assurance is committed to delivering ‘Tier 1’ quality advisory services related to Risk and Assurance at ‘Tier 2’ (or even ‘Tier 3’ 😊) rates. This will ensure that you get the best outcomes for your hard earned dollars. This is no empty rhetoric. All of our Principal Consultants have outstanding track records working for the ‘Tier 1’ consulting firms and have proved their calibre repeatedly on high pressured assignments.

Most importantly, our Principal Consultants have built strong networks based on close working relationships, outstanding results and original thinking. At Nonsuch Assurance, we are free to think and act independently and ensure the advice and assistance you are given is fair and free of any potential conflicts of interest.

This approach will ensure that you experience peace of mind for all – you and your organisation and its stakeholders.

Risk Assurance Advisory

Our Risk Assurance advisory services are designed to be clear and direct in terms of what you get, how it’s delivered and the value it will bring to you and your organisation. Of course, not all requirements can be covered off in the table below, so please contact us to discuss any specific or bespoke requirements you may have.

What you need...
What you get...
The Details

Assurance Effectiveness Review
– Feedback on how an assurance function is performing when compared to international professional practice standards

A report that outlines the assessment score against international standards and provides an action plan outlining the urgency and importance of remedial actions

Objective assessment of how an in-house assurance function is operating compared to international best practice. Core competencies will be reviewed such as position, practice, people, and purpose.

Control Health Check
– Rapid assessment of the adequacy and effectiveness of a key control

A Short Form Report providing a snapshot of the status of the control (or controls) under review to quickly identify any opportunities for improvement

A high level and rapid assessment to provide an initial view on the adequacy of design and operational effectiveness of a process area or key control. Often used to determine if a more detailed and expansive assessment is needed.

Controls Assurance
– End to end detailed assessment of business process

A comprehensive assurance report providing an overall control effective ness assessment for the business process under review, including detailed recommendations where appropriate to mitigate any systemic process weaknesses

Detailed process assessment to provide assurance over the successful design of processes and controls and satisfactory operation over a period of time to demonstrate effective risk mitigation.

Third Party Assurance
– Do third party partners have adequate processes and controls to meet our requirements (contractual or other).

A detailed report providing an overall assessment of the performance of the third party against contractual obligations as well as expected good practice.

An independent compliance assessment to provide assurance that external partners are meeting contractual obligations and are operating in line with value and delivery requirements.

What you need...
What you get...
The Details

Assurance Start Up
– How to set up and run an assurance function or enhance components of one.

Blueprint on how to establish an assurance function including approaches, reporting frequencies, resourcing considerations and recommended timeframes.

Strategic direction regarding the establishment of an assurance function – how to align to business needs, assurance approaches, resourcing and development of organisational capability. Included in this can be how innovative approaches such as robotics / use of technology can provide a step change in performance.

Controls Transformation
– A need to right size processes and controls to an organisation

A roadmap of how to transform the control environment to suit the expectations of the organisation

An assessment of the appropriateness and volume of controls present within a particular business process or wider organisation. The outcome will be recommendations on the correct number of controls, aligned to organisational capability, risk appetite and operating environment.

Control Risk Self-Assessment
– Rolling assessment by management on the performance of key risk controls

A tailored control risk self assessment framework (relevant to the organisation or process under review) together with recommendations on how to roll out the framework and sensible reporting frequencies

Development of a self-assessment framework for management to attest the successful operation of key controls across a business process or operating unit. An independent verification programme supporting the CRSA, completed on a random rolling sample of management responses, will provide a valuable and efficient sense check on the accuracy of responses.

What you need...
What you get...
The Details

Assurance toolkit aligned to international standards and business needs

Assurance operations manual, policies and procedures to deliver assurance mandate

Development of assurance toolkit to deliver assessments from initial scoping of individual projects through to fieldwork delivery, reporting and corrective action monitoring

What you need...
What you get...
The Details

Assurance Training, Coaching and Mentoring

A transfer of knowledge, supported by actual case studies to enhance the overall effectiveness and capability of assurance professionals

Focused sessions to assess the needs of the organisation and then matched to tailored sessions to build assurance understanding, skillsets and capability.

What you need...
What you get...
The Details

An outsourced internal audit function

Delivery of a risk based assurance programme tailored to strategic business needs and stakeholder requirements

Development and implementation of a risk-based assurance programme, aligned to the key risks of the business and requirements of all stakeholders including the liaison with any external audit service providers where required.

Risk Management Advisory

Our Risk Management advisory services are designed to be clear and direct in terms of what you get, how it’s delivered and the value it will bring to you and your organisation. Of course, not all requirements can be covered off in the table below, so please contact us to discuss any specific or bespoke requirements you may have.

What you need...
What you get...
The Details

Risk Management Maturity
– an objective assessment of assets and performance compared to recognised good practice in other organisations.


A comparison of the state of each asset and every aspect of performance against a maturity model drawn from models of good practice around the world.

BCP performance re Covid-19
– an understanding of the response to Covid-19, to enhance future performance when business may be unexpectedly interrupted.


Identification of desirable and undesirable behaviours in responding to the pandemic, what shaped those, and what needs to be done to better position your organisation to cope with the unexpected in future.

Effectiveness and efficiency of risk treatments
– an independent check on both the efficiency and effectiveness with which high priority risks are being managed.


Detailed testing of the treatments used to manage key risks particularly the relevance to objectives, their costs, and benefits. Comparison with options that may be more suited to current and future circumstances.

Review of Statement of Intent or Strategy or Business plans
-stress testing of plans for robust management of risk; or where required, development of the risk management component of a plan.


Challenging the identification, prioritisation, and proposed management of key risks. May extend to the design and writing of the whole risk management aspect of the planning process.

Portfolio Risk Management Assessment and Guidance


Portfolio Risk Management is a discipline still in its infancy as a discrete management capability. This report would outline the gaps between current practice (or ‘nil’ practice) and good practice. The report will outline a plan to ensure that the leadership team and those with oversight across the portfolio of change projects are operating risk management across the entire portfolio.

Project/Programme Risk Management


This report would provide an objective assessment on how well risk management and risk controls have been embedded into an organisation’s project and programme management culture and maturity.

What you need...
What you get...
The Details

Risk management programme
– a roadmap to set up a risk management function.

End-to-end blueprint

A programme of work tailored to the needs of your organisation that will set up a risk management function from conception to delivery.

Control risk self-assessment
-effective management of risk owned by line managers

Risk component

Training for line managers to develop self-assessment controls that will modify the key risks to achieving their business objectives, designed to be convenient to use and quickly verified by independent auditors.

Risk Strategy
– a strategy to anticipate and shape the future.

Risk component

Designing how your organisation can establish risk management as an integral capability to validate and inform the strategic management of your organisation.

What you need...
What you get...
The Details

Change to risk-aware culture
-moving beyond risk aversion and mechanical ‘tick and flick’ compliance

Process and templates

Understanding and accommodating organisational behaviours to develop a culture that is aware of, and willing to actively manage, risk.

Risk assessment
-prioritising your top risks

Process and templates

Systematic identification, assessment and prioritisation of the key uncertainties affecting the achievement of your objectives.

Reporting risks
– insightful and useful distillation of risk information to take better informed decisions.

Process and templates

Design and development of a report dashboard using existing data sources as much as possible, providing useful information in interesting and accessible formats.

Communicating risks
-keeping key stakeholders onside during times of significant uncertainty.

Process, templates, and communication plan

Understanding stakeholder needs and drivers to give and receive information so that risks can be managed more effectively.

Scenario planning
-stress testing capacity and capability to deal with a variety of feasible but unexpectedly demanding situations.

Process, templates, and scenario map

Development of a series of scenarios relevant to your organisation along critical performance measures, to test organisational capacity to take advantage of opportunities and reduce exposure in the face of significant change in operating circumstance.

-objective assessment of risk management systems and performance considering past or current issues.

Process and templates

Auditing past and current performance of risk management systems against good practice and organisational expectations with a view to enhancing capability to manage risks in future.

What you need...
What you get...
The Details

Risk Management Training, Coaching & Mentoring
-transfer of knowledge and techniques to understand and manage risk systems.

Capability transferred

Focused sessions to assess the needs of your organisation matched to needs of individuals to develop better risk management understanding, skillsets, and capability.

What you need...
What you get...
The Details

Runaway risk management
-cauterise a haemorrhaging function or programme and bring it back on track.

Rescue a programme for handover

Rapid assessment and swift action to identify and overcome obstacles to good performance.

Install risk management
-design and develop the components necessary for a risk management function to be established on a sound foundation.

Set up a programme for handover

Careful consideration of the needs of your organisation, options to meet those needs, design, and development of the components necessary to achieve the chosen outcome.