comratio – Consulting & Technology

Risk Management

Be ahead of your risks...!

flight check

Strategic and operative risk management has become essential and indispensable to today’s businesses. This is also strongly suggested by the legal conditions: From KonTraG (D), Sarbanes-Oxley Act (SOX – USA), Revisionsaufsichtsgesetz (RAG – CH), JSOX (J), MaRisk (D) to Basel II / Basel III and COSO as well as other Risk Management Standards (e.g. ONR 49000 or ISO 31000 and most recently also ISO 31010).

Strategic Risk Management

is neither trivial nor too complex. The pivotal elements are, among other things, to have a consciousness of the risk and the appropriate know-how. Risk management cannot be an isolated process; it needs to be embedded into the overall processes. The goal is, to find a risk-return balance.

Risk Governance

Active risk governance does not have to be a far vision on the horizon. Have you ever asked yourself:

  • Which are the suitable methods of a risk analysis? (see also ISO 31010)
  • What does an ideal risk management process for me look like?
  • What do I need to pay attention to in the risk assessment?
  • What does my risk map look like?
  • How do I evaluate risks properly? What does belong to the risk inventory, what does not?
  • Which risks are relevant to my business?
  • How do I best govern my risks? Which key figures should I use?
  • Who reports to whom? And what do we do when…?
  • What does an efficient solution for a small business look like?

This is precisely where we, with our knowledge and our experience from several projects, provide the help that contributes to your success. We counsel you extensively and competently on risk management: risk analysis, risk assessment, policy, guidelines, check lists, risk governance, risk map, risk aggregation, risk-return, manuals, risk management processes etc… all custom-built.


Key questions

1. How often do you control your performance?

2. How well are you monitoring your strategic and operative risks?

3. Which is more expensive: a risk, which you have identified too late, or a weak performance?

Want to know more?

Risk Assessment

The key element of risk management is a solid risk analysis, sometimes also referred to as risk assessment. The result of such a risk assessment is called a risk map; however, the risk maps’ validity strongly depends on the methods used and the quality of the risk assessment. A good source of reference here is ISO 31010.

  • Who analyzed and evaluated the risks?
  • Are there cross-impact scenarios that have been included in the risk map?
  • Has a risk aggregation been done?
  • Have the risk correlations been correctly analyzed?
  • Have the risk drivers been appropriately examined?
  • Are the risks connected to profit and loss?
Ask an ISO expert