top of page

Senior judgement

Senior-led support delivered with discretion.

Prevention first

Readiness built early, with calm response capability.

Bespoke by design

Tailored around context, priorities and trust.

Coordinated end-to-end

Trusted associates integrated when specialist support is required.

How to reach us

A discreet first step

If you’d like to discuss a situation or assess exposure, we’ll respond  promptly and discreetly.

The 5 Questions Every Board Should Be Asking About Risk

  • May 12
  • 3 min read

Updated: May 15

Risk has become significantly more complex over the last decade.

Geopolitical instability, cyber threats, reputational exposure, supply chain disruption and rapidly evolving technology have increased both the pace and complexity of decision-making for organisations of all sizes.

Most boards recognise this.


The challenge is that many conversations around risk remain too high-level, too operationally disconnected, or too focused on compliance rather than preparedness.

Effective risk management is not simply about identifying threats. It is about understanding how an organisation would function under pressure and whether leadership is genuinely prepared to respond.


These are five questions every board should be asking.


1. What are we most exposed to?

Many organisations maintain extensive risk registers, but not all risks carry the same operational or strategic impact.

Boards should have a clear understanding of the incidents most likely to cause serious disruption, reputational damage, financial loss or leadership pressure.

That exposure may differ significantly depending on the organisation. For some, it may be cyber-related. For others, it may involve supply chain vulnerabilities, insider threat, regulatory scrutiny, activism, product contamination or geopolitical instability.

The important point is clarity.

If leadership teams cannot clearly articulate their most significant risks, it becomes far more difficult to prepare effectively.


2. How would we actually respond?

A documented plan is not the same as operational readiness.

Boards should ask whether the organisation has genuinely tested how it would respond during a fast-moving incident.


Who would lead the responseHow would decisions be madeHow would information be managedWhat external support would be requiredHow would stakeholders be communicated with


These questions often expose gaps between policy and reality.

In many cases, organisations only discover weaknesses in structure, communication or decision-making once they are under pressure.


3. Have we tested leadership under pressure?

One of the most overlooked areas of preparedness is leadership performance during a crisis.

Senior individuals may be highly experienced in their professional roles, but crisis environments introduce different pressures entirely. Time compression, uncertainty, incomplete information and reputational risk can significantly affect decision-making dynamics.


This is where exercising and scenario-based training become valuable.

The purpose is not to create unrealistic fear. It is to build familiarity, confidence and alignment before a real incident occurs.


Boards should be asking not only whether plans exist, but whether leadership teams have practised operating under realistic conditions.


4. Are we relying too heavily on assumptions?

Many organisations unintentionally build their preparedness around assumptions.

That systems will remain availableThat key individuals will always be reachableThat external partners will respond immediatelyThat information will be accurate early on

Crises rarely unfold as expected.


Preparedness requires organisations to challenge assumptions and consider how they would operate if conditions deteriorate or information is incomplete.


Boards should encourage constructive challenge around resilience, dependencies and operational blind spots.


5. Are we prepared for the reputational impact?

In many incidents, the operational issue becomes only one part of the challenge.

Stakeholder confidence, public scrutiny, media attention and reputational perception can escalate quickly, particularly in an environment where information moves rapidly and narratives develop in real time.


Boards should consider whether communication strategies are aligned with operational response plans and whether leadership understands the wider reputational implications of decision-making during an incident.


The organisations that navigate crises most effectively are often those that maintain clarity, consistency and credibility throughout the response.


Preparedness is an ongoing process

Risk cannot be removed entirely.


However, organisations can significantly improve their resilience through preparation, exercising and clear leadership structures.


The most effective boards are not those attempting to predict every possible scenario. They are the ones asking better questions, challenging assumptions and ensuring preparedness is treated as an ongoing process rather than a one-off exercise.


In complex environments, preparation is not simply operational good practice. It is a leadership responsibility.


 
 
bottom of page