Seeing the cracks before they spread¶
Most audits are paperwork theatre. Not all, but most. Boxes get ticked, reports gather dust, and everyone pretends risks are “managed.” Meanwhile, attackers, accidents, and reality itself continue unimpeded.
This workshop takes a different approach. Instead of focusing solely on compliance, we make risks visible in practical, human terms so your team can actually act on them. It is about surfacing weak points before they break and building resilience that survives first contact with the unexpected.
Core principles¶
Evidence over paperwork: No checklists for their own sake. Every finding is tied to observable practices, processes, or assets.
Cross-functional, not siloed: Risks rarely respect departmental boundaries. We bring IT, operations, finance, and HR into the same conversation.
Transparent, not performative: The goal is clarity, not “scoring well.” Problems are surfaced to be solved.
Resilience, not just risk identification: We do not stop at identifying what can break. We explore how your organisation can bend without snapping.
How it works¶
The workshop is modular and adaptable, scalable from a focused half-day session to a multi-day deep dive depending on your organisation’s complexity and needs.
1. Mapping what matters (The “What”)¶
Identify your most critical assets: systems, processes, and relationships
Capture interdependencies that often get ignored (key personnel, vendors, data flows)
Surface hidden assumptions about what “keeps the lights on”
2. Running stress scenarios (The “So What”)¶
Explore realistic “what-if” events: supply chain disruption, ransomware outbreak, critical staff absence, regulatory changes
Discuss cascading consequences across departments
Map recovery pathways and decision points under pressure
3. Prioritising weak spots (The “Now What”)¶
Evaluate single points of failure and fragile processes
Distinguish between acceptable risks and unacceptable exposures
Highlight practical opportunities for mitigation, redundancy, or monitoring
4. Actionable output¶
A concise, visual “resilience map” showing risks, dependencies, and potential mitigations
Prioritised recommendations that enable immediate action rather than filing another report
Clear ownership and next steps for addressing critical gaps
Who it is for¶
This workshop is designed for organisations that want clarity and action. We can tailor the content for:
Executive & leadership teams: Understand systemic risk without technical jargon. See the big picture of organisational vulnerabilities.
IT & security teams: Map technical risks within real-world operational context. Connect infrastructure concerns to business impact.
Operations, HR, and finance teams: Surface overlooked dependencies and non-technical risks that can bring operations to a halt.
Cross-functional task forces: Get everyone speaking the same language about risk, resilience, and organisational priorities.
What makes this different¶
Traditional risk assessments often (not always) produce lengthy documents that look impressive but change little. This workshop is designed for teams who want to:
Understand their vulnerabilities, not just document them
Have honest conversations about what could go wrong
Develop practical responses rather than theoretical frameworks
Build organisational muscle for handling the unexpected
We work with your actual or by you chosen systems, processes, and people, not generic templates or hypothetical scenarios that do not reflect your reality.