Risk Management
Risk affects every organisation, from charities and SMEs to large, complex bodies. Strategic, operational, financial and reputational risks can all undermine delivery if they are not properly understood and managed. Weak risk management can lead to poor decision-making, loss of funding or confidence, regulatory concern, and avoidable disruption.
Durrant Riley Advisory provides bespoke risk management support, combining strategic oversight, practical implementation, and independent assurance. Our work is grounded in recognised good practice, including the principles of ISO 31000, and led by a senior practitioner with over two decades of experience managing risk across the charity, public and commercial sectors. Every engagement is tailored to your organisation, your objectives, and your risk environment.
Some organisations come to us for Board-level risk strategy, governance and assurance; others for practical support with risk frameworks, appetite and risk registers, or to respond to specific risk events or concerns. Many use a combination of services over time as their risks, priorities and operating context evolve.
Built for organisations with limited capacity
Not every organisation has , or needs, a dedicated risk function. Smaller charities, SMEs and public bodies often carry the same breadth of risk as much larger organisations, but without the in-house resource to manage it. Trustees and senior leaders end up responsible for a risk register that no one has time to maintain, or an appetite statement that exists on paper but never informs a decision.
That is exactly where proportionate, external support works best. We give you the benefit of senior risk expertise without the cost of a permanent hire. Practical arrangements that fit the capacity you actually have, and a register and framework your people will genuinely use. For charities in particular, this also means trustees can evidence sound risk governance to funders, regulators and auditors with confidence.
How We Help
Strategic Service
Risk Management Strategy, Governance & Assurance
This service provides clarity over your real risks and confidence that they are being managed properly.
We help Boards and senior leaders understand the risks that could genuinely affect delivery of objectives, not just those that are easy to list. We assess how risks are identified, evaluated, owned and reported, and whether decision-makers receive the information they actually need.
Our focus is on useful, embedded risk management: proportionate, aligned to your operating model, and integrated into strategic and operational decision-making. This includes reviewing risk governance, escalation routes, and how risk information supports Board and committee oversight.
Why this is good for you
- You understand your most significant risks and trade-offs
- Risk information supports better, more confident decisions
- Board and committee oversight becomes clearer and more effective
- You can demonstrate sound governance to regulators, funders and auditors
Best for: Boards and leadership teams, including trustees, who want risk management to inform decisions, not just satisfy governance.
Foundations
Risk Frameworks, Appetite & Registers
This service establishes clear, practical risk foundations.
We design or refine your risk management framework, define or clarify risk appetite, and ensure risk registers are meaningful, consistent, and aligned to your real operating environment. Risks are written in clear language, with realistic causes, impacts and controls.
Why this is good for you
- Risk ownership and accountability are clear
- Risk appetite is understood, applied and evidenced
- Risk registers reflect reality, not theory
- Risk management becomes easier to maintain
Best for: Organisations with inconsistent risk practices, unclear appetite, or registers that are overly complex, unused, or disconnected from decision-making.
Active Risk Management
Monitoring, Reporting & Challenge
This service focuses on keeping risks under active review.
We support ongoing risk monitoring, reporting to senior leadership and Boards, and provide independent challenge where risks are not being managed as intended. This includes horizon scanning, emerging risk identification, and integration with audit, assurance and performance reporting.
Why this is good for you
- Emerging risks are identified early
- Leaders receive clear, decision-useful reporting
- Controls are reviewed and strengthened over time
- Risk discussions become more focused and productive
Best for: Organisations operating in changing environments or facing increasing scrutiny and complexity.perating in changing environments or facing increasing scrutiny and complexity.
IncIncident Response
Risk Events, Deep Dives & Remediation
This service supports you when risks materialise or require deeper examination.
We provide targeted risk deep dives, support following incidents or near-misses, and help redesign controls where weaknesses are identified. The focus is on understanding root causes, strengthening resilience, and restoring confidence in risk management arrangements.
Why this is good for you
- Risk events are handled in a structured, proportionate way
- Lessons are captured, understood and applied
- Weak controls are strengthened and clarified
- Confidence in risk management is restored
Best for: Organisations dealing with incidents, control failures, or Board concerns about specific high-risk areas.
Let’s talk
If you’re weighing up a decision, facing a tricky issue, or simply want a second opinion from someone who has been in your position, we are here to talk it through. No obligation.