Context and Challenges

All organisations have business objectives on performance and growth that must be met or exceeded whilst managing risk. The only internationally recognised standard to achieve these goals while minimising risk is Enterprise Risk Management (ERM) to ISO31000. ERM Principles, Frameworks and Processes are used to manage the risks and opportunities that materially influence each business objective at all levels from the site to the boardroom.


A holistic ERM approach encompasses the real estate of the organisation, projects impacting the real estate, the provision of facilities, and ongoing operations and maintenance. Within the ERM framework, Business Criticality determines the mission-critical systems and processes that are necessary for the success of a business. Also, Business Criticality determines the vendor or landlord service levels, incident and crisis response priorities for Business Continuity Management and Disaster Recovery.

ERM drives an organisation forward to:

Meet and exceed business objectives

Define the risk appetite and reduce risk

Increase performance and revenue

Reduce costs

Reduce incident frequency and impact

Achieve compliance

Ensure business continuity

Our Expertise

CRA provide a full life-cycle risk management service.


We are able to review and develop systems consistent with ERM requirements to ISO31000 and our client’s Business Objectives, irrespective of how narrow or wide the scope of the task. These include setting up of Policy, Strategy, Governance, Audit, Operational Risk Management (ORM), Compliance, Management Information System (MIS), KPIs, KRIs, Responsibility Assignment (RACI) matrices, down to procedures and tools. We gain a deep first-hand understanding of our client’s needs by reviewing the engagement of all stakeholders, costs, control/governance arrangements and the consequences of all management actions.


CRA can significantly improve performance and compliance while reducing the risk in the impact, duration and the likelihood of adverse events. By pioneering tools and processes in several safety and mission critical industries, such as Nuclear Power, Defence and Banking, CRA can bring the benefits of cross-propagation from several sectors. CRA are specialists in Quantitative Risk Assessment, Business Impact Analysis, Dependency Modelling, setting and analysing KPI/KRIs, and testing performance during normal operation or in the event of disruption.


CRA can help you and your clients by working closely with your teams and stakeholders within an ERM framework to improve performance and risk.

Related Pages


read more


read more


read more


read more


read more

Get in touch