Build an enterprise risk management operating model that integrates climate risk, nature and biodiversity risk, human rights due diligence, data and AI governance, third-party risk, and geopolitical risk into one defensible control system.

The problem

Most programs fail at the same point: policies exist, reporting exists, but control ownership, testing, and evidence do not. That creates audit friction and enforcement exposure.

What you get

• Risk taxonomy and material risk map for climate, nature, human rights, data, geopolitics

• Risk appetite statements and decision triggers

• Control framework, owners, escalation, and remediation workflow

• KRI library with definitions, data sources, thresholds, and governance

• Evidence index and control narratives that support assurance readiness

How we deliver

1. Diagnostic: map obligations and expectations to controls and evidence

2. Design: risk spine including KRIs, testing routines, issue management

3. Embed: training, playbooks, cadence, reporting, handover

Typical deliverables

• Risk operating model blueprint and RACI

• Control catalogue and testing plan

• Evidence pack template set

• Board-ready risk dashboard and KRI reporting cadence

• Remediation tracking workflow

Move beyond climate heatmaps. Translate physical climate risk and transition risk into operational disruption, financial impacts, and decision triggers for credit, underwriting, capex, procurement, and continuity planning.

The problem

Climate analysis often stops at scenario charts. Decision-makers need quantified business impacts, uncertainty ranges, and clear actions.

What you get

• Translation chain: hazard to damage to operations to financial statements to risk metrics to decisions

• Decision triggers for pricing, limits, capex gating, and resilience investment

• Model governance documentation for internal challenge and assurance

How we deliver

1. Scope decisions and proof standards

2. Build climate risk translation model and assumptions

3. Validate with operations and finance

4. Embed into governance, reporting, and decision forums

Typical deliverables

• Asset and portfolio risk assessment summary

• Financial impact translation and sensitivity analysis

• Decision trigger matrix for policy changes

• Control and evidence pack for climate analytics governance

• Optional: tabletop exercise for a severe climate disruption scenario

Identify, prioritise, and manage nature-related risks and opportunities. Embed biodiversity risk controls into procurement, project development, and investment governance using location-based screening and defensible metrics.

The problem

Nature risk is often treated as narrative. The operational question is: where are the priority impacts and dependencies, and what controls reduce them?

What you get

• Priority footprint map of nature dependencies and impacts

• Location-based risk screening for assets and suppliers

• Control design for deforestation risk, water stress, habitat sensitivity

• Monitoring and governance approach that is practical and scalable

How we deliver

1. Identify priority value chain nodes and geographies

2. Screen, classify, and select control levers

3. Embed into procurement gates and investment approvals

4. Define monitoring, evidence, and escalation routines

Typical deliverables

• Nature risk assessment and priority list

• Procurement control enhancements and evidence requirements

• Monitoring plan with metrics and data governance

• Executive briefing pack and implementation roadmap

Build defensible human rights due diligence and supply chain risk controls that stand up to enforcement, litigation, and stakeholder scrutiny. Move from supplier codes to proof of prevention, detection, and remediation.

The problem

The biggest exposure is not having a policy. It is failing to prove effective prevention, worker protection, and remediation closure across tiers.

What you get

• Tier mapping and onboarding gates with change control

• Worker voice and grievance mechanism design that works in practice

• Field verification approach that ties to remediation and closure evidence

• Evidence pack for “site truth”, not paperwork theatre

How we deliver

1. Map tier chain and the highest liability vectors

2. Define gating controls and minimum evidence requirements

3. Implement worker voice and remediation workflows

4. Test and improve via targeted reviews and exercises

Typical deliverables

• HRDD operating model and tier control design

• Supplier onboarding gates and contract flow-down requirements

• Grievance and remediation playbook

• Evidence index, testing plan, and audit-ready narratives

Make sustainability data and analytics defensible. Build data governance, lineage, audit trail, model risk management, and third-party controls for ESG reporting, climate models, and nature measurement tools.

The problem

Data quality issues, unclear methodologies, weak lineage, and unmanaged vendors create audit failures and reputational risk.

What you get

• Data lineage and evidence trail for sustainability reporting

• Model governance for climate and nature analytics, including validation approach

• Vendor and third-party risk controls for data and AI tools

• Clear accountability model across functions

How we deliver

1. Map data flows, owners, and evidence expectations

2. Define controls for lineage, change management, access, retention

3. Implement model governance and vendor controls

4. Test and document for audit and assurance readiness

Typical deliverables

• Data governance and control framework

• Evidence pack for sustainability data

• Model risk management documentation pack

• Third-party risk requirements for data and analytics vendors

Translate geopolitical risk, sanctions exposure, tariff risk, and critical minerals dependency into real supply chain decisions. Build scenario playbooks with triggers, options, and contract protections.

The problem

Geopolitics is too often a slide deck. The risk is operational: disruption, compliance constraints, market access, and cost shocks.

What you get

• Exposure map by country, supplier node, logistics route, and critical inputs

• Scenarios with decision triggers and playbooks

• Contract and sourcing recommendations to reduce fragility

• Board-ready options analysis with trade-offs

How we deliver

1. Map exposures and single points of failure

2. Build scenarios and decision triggers

3. Define operational levers and contracting protections

4. Stress test through exercises, update quarterly

Typical deliverables

• Geopolitical exposure map

• Scenario playbooks and trigger library

• Sourcing and contracting recommendations

• Executive briefing pack

Build a reporting control system that stands up to assurance. We design sustainability reporting controls, evidence requirements, and end-to-end workflows so CSRD-style reporting becomes repeatable, auditable, and far less painful at year-end.

The problem

Many organisations can assemble a sustainability report. Fewer can prove how numbers were produced, who approved what, and whether controls worked.

What you get

• Control narratives for key sustainability metrics and disclosures (who, what, when, how, evidence)

• Evidence requirements and retention rules for audit-ready documentation

• Reporting workflow design with clear roles, approvals, and change control

• Materiality and data control checkpoints to prevent late rework and assurance issues

• A practical minimum viable evidence pack that teams can execute immediately

How we deliver

1. Scope and proof standard
   Confirm reporting perimeter, assurance expectations, critical disclosures, and the “evidence bar”.

2. Process and control mapping
   Map the reporting workflow from source systems to consolidation, including manual steps, spreadsheets, and third parties.

3. Control design and documentation
   Define control points, owners, approval gates, and testing routines. Draft control narratives and evidence templates.

4. Embed and de-risk year-end
   Implement a reporting calendar, issue log, remediation workflow, and a lightweight testing plan. Train owners and run a dry-run if needed.

Typical deliverables

• Reporting workflow blueprint and RACI (entity, group, vendors)

• Control catalogue for sustainability reporting and ESG data

• Control narratives pack (metric-level)

• Evidence index with templates (source evidence, calculations, reviews, sign-offs)

• Materiality and data checkpoints integrated into your reporting calendar

• Assurance readiness plan (what to fix now vs later)