Risk Management

Strengthening forward-looking decisions, resilience and preparedness through practical risk management

What We Help You Achieve

We support Boards, executives and business owners to strengthen risk management capability through practical frameworks, clear risk appetite, meaningful reporting and structured oversight – helping identify the events that could impact success and enabling confident, forward-looking and well-governed decisions.

The Challenge

In a world of constant change, organisations are operating in increasingly complex environments shaped by:

Cyber threats and digital disruption;
Economic and geopolitical uncertainty;
Increasing regulatory expectations;
Stakeholder demands for stronger governance and accountability;
Workforce and capability challenges;
workforce and capability challenges;
Operational resilience pressures; and
Increasing personal liability for Boards and executives

Our Risk Management Philosophy

At JNW, our experience has shown that effective risk management should be both strategic and simple. It should:

Support strategy and decision-making;
Improve organisational preparedness;
Strengthen governance and accountability;
Provide visibility over emerging threats and opportunities;
Embed stronger controls and operational discipline; and
Help organisations respond confidently to uncertainty.

Importantly, our frameworks are designed to simplify and operationalise risk management – creating fit-for-purpose processes that Management and Boards can realistically apply and sustain.
Our proprietary Six-Step Better Practice Risk Process leverages leading methodologies and aligns to recognised standards and governance expectations, including ISO 31000, ASX Corporate Governance Principle 7, APRA CPS 220, ASIC Regulatory Guide 259 and the Three Lines Model governance principles.

Our Risk Management Solutions

Enterprise Risk Governance Frameworks

We design fit-for-purpose enterprise risk management frameworks tailored to your organization’s size and complexity. 

Our comprehensive frameworks cover:

Governance & Oversight: Policies, procedures, Three Lines models, and Board committee structures.
Strategy & Operations: Risk assessment methodologies, reporting protocols, and culture programs.
Future Readiness: Emerging risk scanning and attestation processes.

Our Key Differentiator: We embed controls effectiveness directly into the risk process. This moves you beyond theoretical discussions to give you practical, real-time insight into whether your controls are actually working.

Risk Appetite Statement

We facilitate the development of Board-level Risk Appetite Statements that clearly define acceptable risk, governance expectations, tolerances, and escalation requirements.

Our collaborative methodology includes:

Alignment & Calibration: Director surveys, facilitated workshops, and risk domain development.
Practical Tools: KRI development, appetite summaries, and governance escalation frameworks.

The Outcome: We ensure your risk appetite becomes a practical decision-making tool, rather than just a compliance document.

Strategic and Operational Risk Assessment

We facilitate strategic and operational risk identification workshops to identify those events that could impact the achievement of organisational objectives. 
Our assessments include:

Strategic risk identification;
Operational and business unit risk assessments;
Emerging risk identification;
Controls evaluation;
Residual risk assessment;
consequence and
Likelihood analysis;
Treatment plan development; and
Operational and strategic risk register design.

Our workshops are engaging and education-focused – helping organisations strengthen internal risk capability and risk culture.

Risk Reporting & Governance Oversight

We develop tailored reporting and governance frameworks that focus on material risks, emerging threats, and trend analysis to improve visibility, accountability, and oversight.

Our frameworks deliver:

Reporting & Governance: Board and Committee packs, risk dashboards, KRI reporting, and escalation protocols.
Enhanced Visibility: Real-time insights into control effectiveness, operational resilience, and movement against risk appetite.

The Outcome: We move your reporting beyond compliance to provide actionable data for stronger governance decision-making.

Emerging Risk and Horizon Scanning

We help organisations strengthen forward-looking risk capability by identifying emerging threats, trends and external disruptions that may impact strategic objectives.

This includes:

Horizon scanning;
Emerging risk workshops;
Geopolitical disruption analysis;
Technology, cyber and AI disruption assessments;
Cyber and operational resilience reviews;
Scenario planning; and
Preparedness and response assessments.

Our focus is helping organisations anticipate disruption before risks materialise.

Risk Governance Health Checks

We assess the maturity and effectiveness of existing risk management frameworks and governance arrangements.

Reviews may consider:

Board and Committee oversight;
Risk governance structures;
Policy and framework maturity;
Alignment to ISO 31000 and better practice;
Risk reporting effectiveness;
Controls effectiveness;
Risk culture maturity;
Operational embedding; and
Integration with strategic planning and decision-making.

We then develop practical improvement roadmaps to strengthen capability over time.

How We Deliver:

Our engagements are personally delivered by experienced senior practitioners with deep experience across governance, internal audit, strategy, operational risk and controls assurance.

We combine:

Strategic insight;
Governance expertise;
Practical operational experience; and
Commercial judgement

To design tailored, fit-for-purpose frameworks that are:

Practical;
Scalable;
Sustainable;
Easy to understand; and
Aligned to organisational strategy and governance expectations.

Our methodology is collaborative and education-focused, helping organisations strengthen long-term internal capability and build a stronger risk culture.

Outcome:

Clients benefit from:

Stronger governance and oversight;
Improved strategic decision-making;
Increased organisational agility and preparedness;
Better preparedness to respond to disruption;
Clearer accountability and ownership;
Stronger risk visibility and reporting;
Improved operational discipline;
Enhanced controls effectiveness;
Improved Board confidence;
Stronger alignment between strategy and risk; and
Better management of emerging risks.

Our Risk Solutions are strategy focused and designed to:

Specific Risk services include:

Risk Management Framework HealthChecks/Maturity Benchmarking - A benchmarking against better practice, peers and regulatory standards
Board Risk Appetite Statement Development - Simple, proven process for Boards to determine their risk tolerances across the key areas of their business
Risk Assessment Workshop Facilitation - Formal workshop facilitation – risk identification, controls effectiveness assessment, risk rating (Likelihood & Consequence) and risk mitigation strategies
Risk Management Framework Policy and Procedures - Development of risk policy/procedures, risk systems and risk reporting

Selected Experience

We have supported ASX-listed entities, government, financial services, sporting organisations and not-for-profit organisations to strengthen governance, operationalise risk management and improve preparedness, oversight and decision-making. Engagements have included:

ASX Listed & Commercial Organisations

Ridley Corporation Ltd (ASX Listed agricultural company)

Developed a Risk Improvement Roadmap aligned to strategic objectives and governance expectations
Designed the Risk Oversight and Management Policy and Procedure to strengthen clarity regarding roles, responsibilities, methodology and alignment to ASX Principle 7
Facilitated business unit risk workshops and operational risk assessments
Provided ongoing strategic risk and internal audit advisory support to the Executive and Audit & Risk Committee
Continue to provide strategic risk advice and internal audit support to the Executive and Audit & Risk Committee

Bega Cheese Ltd (ASX listed food manufacturer)

Following the acquisition of the Lion Drinks business, facilitated strategic risk workshops with Executives and developed operational and strategic risk registers
Facilitated Board Risk Appetite workshops and refreshed the organisation’s Risk & Resilience Policy and Procedure
Presented outcomes and improvement recommendations to the Audit & Risk Committee

Paragon Care Ltd (previously CH2

Refreshed the Risk Management Policy to align with the organisation’s growth and evolving operational environment
Facilitated operational risk assessment workshops covering warehousing, hospital logistics, data management, regulatory compliance, procurement, sales, finance, IT, quality assurance, OH&S, HR, marketing and product recall

Alfabs Ltd (ASX listed mining engineering company)

Developed a Board Risk Appetite Assessment Survey aligned to the organisation’s strategic pillars to articulate Board risk tolerances
Developed the Risk Management Framework Policy and Procedure, strengthening clarity regarding roles, responsibilities, methodology and alignment to ASX Principle 7
Facilitated business unit operational risk workshops and risk assessments

Government & Regulators

City of Melbourne (CoM)

JNW is a member of CoM’s Governance and Legal Services Panel
Conducted HealthChecks of enterprise Risk Management Frameworks, including policies, procedures, Risk Appetite Statements and risk registers
Developed strategic risk refresh programs and risk improvement roadmaps
Provided recommendations to strengthen governance, reporting and organisational risk maturity

Manningham City Council

Developed a Risk Process Improvement Roadmap to create a new risk framework linked to the strategic objectives of the Council
Facilitated executive and organisational wide risk management workshops that educated staff on the new approach, creating buy-in and change momentum
Facilated a Risk Appetite Discover Workshop with the Executive Management Team
Developed a risk reporting process, including how to manage incidents, quarterly Directors sign-off on their operational risks, and reporting for the Risk Management Committee and Audit Committee

auDA (Australian domain infrastructure)

Supported the refresh of enterprise-wide risk governance frameworks, Risk Appetite Statements and strategic risk processes
Facilitated operational risk identification workshops across functional teams and Risk Domains
Developed risk reporting structures, KRIs and strategic risk alignment methodologies
Assisted with establishing a forward-looking risk roadmap aligned to strategic objectives

Australian & New Zealand College of Anaesthetists

Reviewed and benchmarked Risk Management Policies and Procedures against ISO 31000 and better practice methodologies
Developed a risk improvement roadmap aligned to strategic objectives
Refreshed risk governance documentation and reporting structures

Plumbing Industry Climate Action Centre (national trades training organisation)

Reviewed the existing Risk Management Framework, Risk Appetite maturity, risk registers and governance structures, and developed a comprehensive Risk Improvement Roadmap to modernise and operationalise PICAC’s enterprise risk management framework
Developed a methodology for Executive and Business Unit risk workshops to strengthen risk culture, accountability and operational ownership of risk
Provided recommendations to strengthen Board and Finance, Audit & Risk Committee (FARC) oversight, including enhancements to risk cadence, reporting dashboards, attestations and escalation processes

Financial Services

Nexus Mutual (Exxon Mobil’s staff bank)

Assessment of the effectiveness of the existing risk framework and developed a Risk Improvement Roadmap to comply with Prudential Standard CPS 220
Modernised the Risk Management Policy and Procedure with the risk methodology changed to become strategy based, ie. risks to the successful implementation of the strategic business goals
Conducted Risk Identification and Risk Rating workshops for both strategic and operational objectives
Provided strategic input into the choice of risk software for the risk registers as well as advice on the creation of risk dashboards and insight reports for management, executive and the ARC

Sporting and Not-for-Profit Organisations

Hawthorn Football Club

Developed Director Risk Appetite Assessment Surveys and facilitated Board workshops to articulate risk tolerances and governance expectations
Consolidated outcomes into Board-approved Risk Appetite Statements
Developed Risk Management Framework Policies outlining the governance structures, methodologies and reporting processes used to identify and manage strategic and operational risks

Adelaide Football Club

Developed Director Risk Appetite Assessment Surveys and facilitated Board workshops to articulate risk tolerances and governance expectations
Consolidated outcomes into Board-approved Risk Appetite Statements
Developed Risk Management Framework Policies outlining the governance structures, methodologies and reporting processes used to identify and manage strategic and operational risks

National Disability Services Gateway Support Services Beyond Housing

Developed Director Risk Appetite Assessment Surveys and facilitated Board workshops to agree organisational risk appetite and governance expectations
Developed practical and easy-to-use Risk Management Framework Policies incorporating clear risk identification and assessment methodologies

Effective risk management is no longer just about compliance — it is about strengthening governance, improving preparedness and enabling organisations to confidently navigate uncertainty and pursue opportunity. Are you confident your organisation is identifying and managing those events that could impact strategic success? Speak to us about how we can help strengthen governance, improve preparedness, increase resilience and embed practical, forward-looking risk management across your organisation.