Business Risk Services

Effective management of risk is critical to the success of public and private sector businesses.

Starfish business risk services (BRS) offers independent specialist advice to public and private sector businesses in order to assist them with the identification of their business risks and to develop a better understanding of the potential impacts on business performance.  In today’s regulatory environment, the profile of risk management has increased with stakeholders demanding continuous improvement and effective management practices to minimise incidences of non-compliance.

Success in business can be linked to how well risks are identified, assessed and most importantly, managed.  Starfish BRS can help clients to recognise and understand their risk profile, define their ‘appetite’ to accept risk and put in place ‘risk based’ frameworks to mitigate and manage their risks.

Through providing greater transparency and improved governance by developing and implementing robust frameworks supported by policies, procedures and controls, ensures that stakeholders concerns are effectively managed.  Identification of the linkages between key risks and business drivers ensures that control efforts are focussed on the risks with a higher potential impact, achieving a better utilisation of resources and minimisation of costs.

In summary, Starfish provides risk management services in the following areas:

  • Risk Assessment and Assurance, utilising ISO standards – specifically providing risk assessments against ISO 31000 in the areas of IT systems, application development, business processes
  • Anti-Money Laundering (AML) Risk Assessment – providing AML assessments in preparation for audits on behalf of the regulatory body, the DIA.  Currently these are all private sector clients in the financial sector
  • Business Continuity Planning (BCP) Assessment – providing assessment of Disaster Recovery, Continuity Planning for business systems and data and Crisis Scenario Planning.

Risk Advisory Services

  • Enterprise Risk Management (ERM):  ERM is a framework for risk management which typically involves identifying particular events or circumstances relevant to the organisation's strategic objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy and monitoring progress
  • Credit Risk:  Financial institutions are coming under increasing regulatory scrutiny in respect to their credit risk management standards.  Financial institutions are being asked to comply with increasingly sophisticated credit risk management practices as a result of the impacts from the Global Financial Crisis.  Starfish can support the development of, or improvement in, credit risk frameworks and models to meet the new regulatory requirements
  • Risk Management Frameworks:  A lack of time and in-house skilled resource, experienced in developing and implementing risk management frameworks, is a key constraint on business.  The ability to provide and embed cost effective frameworks and solutions which improve the efficiency of risk functions and processes is a key Starfish service offering.

Operational Risk Frameworks

Operational Risk is defined by the Basel II Accord as the risk of loss resulting from inadequate or failed internal processes, people and systems.  Starfish Risk Consultants can provide support in the following:

Business Continuity Planning (BCP):  BCP is how to maintain critical functions in order to stay in business in the event of disaster.  Incidents include local incidents (building denial), regional incidents (earthquakes), or national incidents (pandemic).  BCP is increasingly becoming a topic of interest given recent local and overseas disasters.  Starfish Risk Consultants can assist with the development or quality assurance of your BCP.

There is also a statutory requirement for Government organisations to be able to maintain function at a reduced level during an emergency.

Financial Crime and Fraud Risk:  Financial Crime and Fraud occurs from both external and internal sources with growing incidents of collusion by both employees and organised crime.  The value of customer information has been recognised by organised crime for many years (identity theft).  Your  company may also be financially liable for losses incurred by a third party as a result of breaches of your data security.  Numerous high profile incidents are emerging, frequently resulting in reputational damage. 


Organisations are now required to maintain systems of internal control which require management to certify independent auditors to attest to the ongoing effectiveness of those systems.  Regulatory supervisors are also increasingly adopting a certification approach supported by external assurance to ensure compliance with regulations.  Therefore an adoption of control frameworks supported by effective reporting is essential.  Starfish Risk Consultants can assist you to develop internal control frameworks and systems or review your present internal control systems for effectiveness.