Services
Enterprise risk expertise drawn from 30+ years of real-world leadership across 40+ countries.
Enquire NowSpecialist services
Enterprise risk expertise drawn from 30+ years of accountable leadership across 40+ countries. Not frameworks recycled from a textbook. Not generic consulting outputs. Bespoke, practitioner-led work that is defensible, actionable and proportionate to the actual risk. Each engagement is scoped to your situation, not a pre-packaged methodology.
Enterprise Risk Governance
Designing and embedding risk governance frameworks that hold up under regulatory scrutiny, board-level examination, and real-world incidents.
- Risk appetite and tolerance frameworks
- Board and executive risk reporting
- Policy, procedure and standards architecture
- Risk culture assessment and uplift
Critical Infrastructure & SOCI/CIRMP
Australia's Security of Critical Infrastructure (SOCI) Act and Critical Infrastructure Risk Management Programme (CIRMP) obligations are complex. I've done this work operationally — not just advised on it.
- CIRMP development and implementation
- Sector-specific SOCI compliance review
- Responsible Entity obligations
- Uplift planning and gap analysis
Travel Risk & Duty of Care (ISO 31030)
Organisations sending people to high-risk locations face significant legal, reputational, and moral obligations. ISO 31030 provides the framework — I provide the operational expertise to make it work.
- Travel risk policy and programme design
- ISO 31030 gap assessments
- Duty of care frameworks
- Pre-travel briefings and country risk assessments
Board & Executive Advisory
Providing boards, C-suite executives, and senior leadership teams with direct, frank, experience-based risk advice. No fluff. No vague recommendations. No recycled matrices.
- Board risk committee support
- Executive risk briefings
- Strategic risk identification and framing
- Crisis scenario planning and war-gaming
Expert Witness Engagements
Retained expert witness in international investment arbitration (Tethyan Copper Company v Islamic Republic of Pakistan, ICSID Case No ARB/12/1, USD 6 billion mandate) and in Supreme Court personal injury litigation, providing formal evidence under a signed duty to the court on foreseeability, threat-and-location-specific risk assessment, and employer duty of care.
- Expert reports and affidavits
- Concurrent evidence (hot tubbing)
- Risk management standard of care opinions
- Security and safety failure analysis
Bespoke Intelligence & Risk Assessment
Scalable, defensible risk intelligence built around your actual situation — not generic threat reports or open-source summaries repackaged as insight.
- Country and location risk assessments
- Defensible Risk Briefs (DRB)
- Scalable intelligence collection
- Threat landscape analysis for specific sectors
What this practice will not do
Independence is the asset you are buying, so it is stated as refusals you can hold us to.
We will not produce an opinion that confirms a decision already made. A review written to reassure has no evidentiary weight at the one moment it matters.
We will not engineer a procurement process in our own favour. A captured appointment produces a captured finding.
We will not price the work as a share of the savings we recommend. Tying a fee to cost taken out of a control environment rewards stripping out the controls.
We will not build dependency by design. What we produce is yours to own, reuse and defend. Where the work can be done internally, we will say so.
We will not blur mandatory compliance with better practice. Statutory obligations are met first and separately.
We will not bury an assumption or a scope limit. A scope limitation is itself a risk finding, so it sits in the body of the deliverable.
Independence, demonstrated
Independence here is structural, not asserted. The practice sells advice and assurance only. There is no delivery arm whose revenue depends on the finding, and no standing vendor or panel seat a finding could jeopardise. The fee is fixed against the defensibility of the work, never a share of any saving. High-value work is put to an independent second review by choice. The proof is on the record: the full standard of a major resources-dispute analysis was delivered despite an internal decision to under-price it, and the work later stood as evidence in a multi-billion-dollar arbitration.
Three ways to engage
1. Review and remediation.
We examine assurance work already produced, by your team or another provider, against the applicable standard, document where it falls short as a compliance-risk finding, and remediate to a defensible state. You keep primary carriage; we carry the defensibility of the corrected position.
2. Partial delivery with oversight.
We deliver the highest-risk components directly and supervise the remainder against the standard. You keep capacity and ownership of the routine elements; we carry the components most likely to be tested.
3. Full delivery.
We deliver end to end and hand over the underlying frameworks and registers. We carry the defensibility of the whole; you own and reuse the deliverables.
Fees are quoted separately at scoping so the option is weighed on value before cost. Where a smaller fee is preferred, scope is reduced to match, never the rigour of what remains.
Advisory retainer
Retained access to a senior practitioner on an ongoing basis. Each retainer is scoped and confirmed in writing before it begins: defined advisory hours per month, the subject matter within scope, and the format of delivery. Work beyond the agreed scope, and any deliverable beyond the agreed format, is at the standard engagement rate. The retainer is advisory access, not unlimited delivery, and not a standing endorsement. From A$4,500/month. Limited to six concurrent retainers.
Capability transfer
An engagement is complete only when your people can run and defend the deliverable without us. Three things are agreed at the start: a named owner on your side, the handover or training that lets your team operate and defend the work, and the disengagement date. The frameworks and registers are yours to keep.
How an engagement works
No intake forms. No sales team. Three steps.
1. Initial enquiry. You outline the situation through the contact form.
2. Scoping conversation. A short exchange establishes scope, fit and format. No commitment. If it is not the right match, that is said clearly, and where the work can be done internally that is said too.
3. Engagement and delivery. Work is scoped, priced on the defensibility carried, and begins once scope is agreed.
PROCESS
How an engagement works
No intake forms. No sales team. Three steps.
1. Initial enquiry
You outline the situation through the contact form.
2. Scoping conversation
A short exchange establishes scope, fit and format. No commitment. If it is not the right match, that is said clearly, and where the work can be done internally that is said too.
3. Engagement and delivery
Work is scoped, priced on the defensibility carried, and begins once scope is agreed.
Free · Practitioner-level · Weekly
Not ready to engage yet? Stay informed.
Tony's LinkedIn newsletter has 19,500 subscribers across risk, security, and resilience practice. Free, no spam, unsubscribe any time.
Subscribe on LinkedInReady to act now?
A bespoke retainer or corporate engagement starts with a scoping conversation below. If you want value today, you can activate immediately.
Advisory retainers and corporate engagements are scoped and priced on enquiry.
Start a scoping conversation.
Outline your situation through the contact form. A short exchange establishes scope, fit and format. No commitment required.
Contact & Enquiry Form Request via LinkedIn Listen to the Podcast