Manor Group offers tailor made services

Be the disruptor or be disrupted

Design and implement integrated risk-management solutions and bring a risk-reward perspective to strategic decision making and day-to-day operations.


Many risk-management activities at the enterprise level are influenced by various types of pressure. Some are external, such as compliance or regulatory changes, for example. Sometimes, unfortunate events in one’s own company or in the industry prompt internal soul searching regarding whether existing risk-management approaches are adequate. In more and more cases, however, CEOs and business leaders take a more proactive stance, as their goal is to further develop risk-management capabilities (proactively based on their strategic and economic priorities and growing aspiration levels) into a true competitive advantage—ultimately improving business decisions and increasing the value of the company in a risk-conscious way.

We have worked with clients in many different industries, including finance, energy and basic materials, automotive, pharmaceuticals, infrastructure, logistics, and travel. We have also assisted public entities, as many of them are increasingly aiming to improve their enterprise-risk-management (ERM) capabilities.

We have supported our clients in large and broad multiyear ERM transformation programs in order to build the ERM capabilities that are necessary for an institution to thrive in a new economic, competitive, and regulatory environment. We focus on strengthening the structural elements of ERM, including the link between risk and strategy, for example, in identifying and managing M&A or capex risks; the impact of risk-return on portfolio management, and sometimes, portfolio “de-risking”; and the strong link between risk and financial management, such as in balance-sheet management. Many boards and CEOs have asked us to discuss risk governance as it relates to their companies, including the roles and involvement of the board and the CEO in risk management. 

Our systematic approach to ERM focuses on four dimensions, each of which is substantiated with industry-specific diagnostics, benchmarks, and best-practice recommendations:

Risk-return transparency and insight
We help our clients identify, quantify, and prioritize their most important risks as well as related returns. We do this using a combination of advanced quantification methods (such as analytic modeling and stress testing, also using nontraditional data sources) and the systematic integration of qualitative factors, including business-management judgment. To complement statistically validated approaches, we integrate forward thinking, especially in risk measurement and management reporting. In close cooperation with our Business Technology Office, we advise our clients on appropriate data and IT solutions. As a result, our clients gain a clearer perspective of their most important risks and the related returns, as well as on the structure of their portfolio of risks and how they can use insights in order to improve strategic, financial, and operational decision making (for example, on risk mitigation, portfolio adjustments, contracting or risk based pricing).

Risk ownership and strategy
Companies should choose consciously what types and levels of risk to take and what to avoid and mitigate (“risk ownership”). We help clients gauge their unique strategic, financial, and operational circumstances (“risk bearing capacity”) in order to ensure that their risk choices are aligned with their strategy and with their financial and operational risk-taking capabilities (“risk strategy and risk appetite”), so that they can optimize the risk-return trade-off.

Risk-enabled decisions and processes
When making important strategic, financial, and operational decisions, decision makers must consider risks related to information and associated trade-offs. We support our clients in integrating risk-return-related considerations into important decisions in M&A; routine processes, such as planning and capital allocation; and daily frontline transactions, such as contract structuring and pricing. We pay particular attention to ensuring sound risk reporting, monitoring, and control processes.

Risk culture
Mind-sets and behaviors of individuals and groups inside the organization—and not only the risk organization—play a crucial role in the execution of a company’s enterprise-risk-management strategy. We have developed a proprietary approach to risk culture that, for the first time ever, allows for the creation of a specific and detailed description of the core elements of a company´s risk culture, an analytical approach toward measuring and profiling that culture, overarching industry-specific benchmarking, and the identification of specific levers for actively influencing and developing risk culture.

To assess, benchmark, and improve a client’s ERM capabilities, we use a combination of proprietary data and unique tools, including the following:

Enterprise Risk Management (ERM) Diagnostic. A holistic assessment of the effectiveness of enterprise-wide risk management, this diagnostic helps generate a view on the perceived strengths and weaknesses of a bank's current risk management capabilities. It is structured along a five-part framework covering all aspects of risk management, including risk transparency and insights; natural ownership, and risk appetite and strategy; risk-related decisions and processes; risk organization and governance; and risk culture. The diagnostic encompasses a self-assessment as well as a peer benchmarking and provides detailed insights into global best practices as a basis for developing initiatives.

Management questions addressed:

  • What is the bank-internal view on the overall enterprise risk management capabilities?
  • How do my current capabilities compare to those of peers and industry best practices?
  • What does this imply for my aspiration level?

Risk Organization Diagnostic and Benchmarking Tool. Risk organization diagnostic benchmarks the number or allocation of resources and operational costs against peers, using a detailed, activity-level risk taxonomy. The tool further helps analyze organizational structure in terms of archetype models—span of control, for example. The results of the diagnostic enable the identification of potential levers to increase effectiveness and cost efficiency. The tool can also be applied to the compliance function.

Management questions addressed:

  • How many resources perform specific activities (across risk types and lines of business) in my organization, and in which organizational setup (central versus business-aligned functions)?
  • Is my risk organization set up efficiently compared to that of my peers?
  • What organizational designs can we adopt to become more efficient and effective?
  • What are the major opportunity areas for my risk organization?

Risk Culture Diagnostic. Historical evidence suggests that many risk incidents involve a cultural root cause. Risk culture diagnostic helps measure risk culture and identify these causes, which can then be addressed with tangible initiatives. The diagnostic uses a framework of attitudes and behaviors based upon a rigorously tested methodology. Actively shaping the risk culture will mitigate future risks and improve overall performance.

Management questions addressed:

  • How can risk culture be measured?
  • Do I understand where risk culture is in my organization?
  • Which interventions are necessary to improve risk culture?
  • How can risk culture be actively shaped?

Cash Flow at Risk (CFAR) Models. Risk technology and operations is a priority topic for banks and regulators to achieve sound risk management practices. This diagnostic tool helps assess current capabilities in this area (such as data availability and consistency, and system functionalities) against current and future regulatory requirements as well as against target sound industry practices. The results provide a basis for an informed discussion on required developments and investments.

Management questions addressed:

  • How well are risk IT processes designed with respect to supporting risk management?
  • How sophisticated is IT application coverage for critical risk functionality?
  • How advanced are data capabilities such as quality, consistency, integration, and especially an aggregated risk view?
  • How mature are operating systems, databases, servers, and backup facilities, and how well do they perform?
  • What are mechanisms for managing risk technology and operations and achieving IT security or compliance?