The success of your business is determined by a range of internal and external factors. What is the impact of all those events and circumstances on the company's objectives? As management, you are constantly looking for answers to that question and for ways in which you can get a grip on those factors.

In KPMG's view, that is the core of risk management: acquiring a deep understanding of the consequences of everything that is going on around us for your company’s chances of success. This has only become more relevant in a world in which changes are happening as quickly as they are now. How do you obtain the confidence that your organisation is properly prepared for the new opportunities and challenges that lie ahead?

Risk management is building the necessary resilience to this end. With risk management, you increase the resilience of your organisation. That enhances the confidence of all stakeholders in the business and gives management the reassurance that the organisation is under control.

Towards increased resilience

How do you grow resilience? In order to answer that question, KPMG has developed an explicit, consistent and disciplined framework that is best visualised as a wheel, an axle and a drive. The wheel consists of four segments that together form a cycle: setting objectives, identifying and understanding risks, designing control measures and obtaining assurance about the operation of the system. The axle is made up of the technology and the skills that make it possible to take data-driven decisions in all segments of the wheel. The drive, finally, represents the driving force of the organisation: its governance and culture. How is the organisation structured, what tasks and responsibilities are there and what are the shared values based on which those tasks and responsibilities are put into practice?


The first quadrant of the wheel focuses on the indisputable starting point of risk management, the strategy of the business, and linked to that the strategic, operational, financial and compliance-related objectives. Without those objectives, clearly defined, as a reference point, risk management is a bottomless pit.


The second quadrant of the wheel focuses on identifying the significant uncertainties that may impact on the achievement or otherwise of the objectives. This is followed by acquiring a deep understanding of the risk landscape, among other things by categorising, by evaluating and by focusing on the (ever more complex) relationships between the risks.

Control measures

The third quadrant of the wheel centres on considering how the identified risks can be effectively and efficiently managed. Based on that, measures are designed – policy, mandates, management reviews, etc. – and subsequently introduced at all relevant levels of the organisation.


The fourth quadrant of the wheel answers the question whether risk management is functioning the way it is supposed to. Self-assessment, audits and other instruments are employed to enhance confidence in this regard. These can be implemented by those responsible themselves or by an independent (audit) function or a third party.

Technology & Skills

The axle of risk management consists of the capacity of the organisation to take decisions based on the maximum available quantity of knowledge and information. This ability to take data-driven decisions is relevant in each of the four phases. The quality of the automation and of the integration of automated systems is therefore of crucial importance.

Governance & Culture

Risk management is fed by the convictions and motivations of the people who implement it, within the framework of the organisational structure, the way in which tasks and responsibilities are devolved. Understanding and getting a grip on the aspects of governance, culture and conduct are therefore crucial. This component of risk management answers the question: What makes the organisation tick?

How KPMG can help you

The quality of your risk management is key to the resilience of your organisation. Is your organisation capable of capitalising on promising developments? Can it respond adequately to setbacks? The answers to those questions will determine your success.

KPMG can contribute to that success. We will be delighted to put our extensive and deep knowledge and expertise in each of the six elements of risk management described at your service. KPMG has more than 200 risk consultants to assist you. They work every day for all kinds of organisations, from public authorities to listed companies and from financial institutions to family-owned businesses. That broad outlook is crucial because it enables us to share the best practices we develop widely.

KPMG's perspective on risk management is also founded on the same broad outlook. A hallmark of KPMG is our focus on all dimensions of the organisation. So an affinity for strategy is coupled with an eye for implementation, and our technological expertise goes hand in hand with a focus on culture and conduct and what those factors mean for risk management and internal control.

Contact our experts