Step 1: Assess existing risk management function, risk register, past reports, Internal Audit Reports, Compliance Reports etc.

 Step 2: Review Risk Polices (including Risk Tolernace Statement) & make recommendations for improvements (where required)

 Step 3: Risk identification review/workshop

 Step 4: Reassess and analyse all risks

 Step 5: Review effectiveness of risk treatments and apply treatments if necessary

 Step 6: Deliver risk reports to Management team and Board of Directors

 Step 7: Develop Risk Management Handbook

 Step 8: Deliver risk training to help embed risk culture

 Step 9: Review loss events and leading indicators

 Step 10: Develop mature embedded Risk function with an aim to transition to Bow Tie Risk Management