Outliers Professionals LtdOutliersProfessionals · Ltd
CFO Flagship Playbook/Part V·Risk & Resilience

Enterprise Risk & Resilience

A six-layer Enterprise Risk Architecture™ with appetite, KRIs and resilience — engineered for the Nigerian operating environment.

Enterprise Risk Architecture™: 6 layers, risk categories, scoring, appetite, KRIs, resilience, continuity, crisis.

4 chapters

Chapters

Chapter 1

Six-Layer Risk Architecture

Strategy, Financial, Operational, Compliance, Reputational and External risks are governed in distinct layers with named owners.

Board & Management Relevance

Demystifies enterprise risk for the board and clarifies escalation paths.

Key Operating Questions

  • ·Is each layer owned by a single executive?
  • ·What KRIs sit under each layer?
  • ·How do layers escalate to ExCo and the board?

Implementation Checklist

  • ·Adopt the Enterprise Risk Architecture™
  • ·Map risks to layers and owners
  • ·Refresh KRIs every quarter
frameworkOutliers Enterprise Risk Architecture™dashboardRisk Dashboard™
Chapter 2

Risk Appetite Statement

A board-approved appetite statement converts vague tolerance into measurable thresholds per risk category.

Board & Management Relevance

Lets the board govern by exception rather than by anecdote.

Key Operating Questions

  • ·Is the appetite statement up to date?
  • ·How is breach reported and remediated?
  • ·Are appetite limits embedded in operating decisions?

Implementation Checklist

  • ·Refresh appetite statement annually
  • ·Report appetite utilisation to ExCo monthly
  • ·Embed limits in delegated authorities
toolkitRisk Appetite Statement Template
Chapter 3

KRIs & Continuous Monitoring

Leading KRIs are tracked on the risk dashboard with thresholds, owners and escalation rules.

Board & Management Relevance

Moves the board from quarterly hindsight to monthly foresight.

Key Operating Questions

  • ·What KRIs predict our top 5 risks?
  • ·What is the escalation rule per KRI?
  • ·How often is the dashboard refreshed?

Implementation Checklist

  • ·Define KRI per principal risk
  • ·Wire KRIs into monthly CFO report
  • ·Hold a monthly KRI review
dashboardRisk Dashboard™
Chapter 4

Resilience, BCP & Crisis

The Resilience Maturity Model™ measures BCP testing, crisis playbooks, comms and recovery time.

Board & Management Relevance

Critical assurance for chair, regulators and rating agencies.

Key Operating Questions

  • ·When did we last test the BCP end-to-end?
  • ·Do we have a crisis comms playbook?
  • ·What is our recovery time objective?

Implementation Checklist

  • ·Stand up BCP governance
  • ·Run an annual end-to-end test
  • ·Publish a crisis playbook and rehearse it
frameworkResilience Maturity Model™toolkitBusiness Continuity Plan Template

Recommended Next Action

Translate this part into practice

Run the linked assessment to baseline current state, then use the related toolkits and dashboards to instrument the discipline. Book an advisory session if you want the Outliers team to operate it with you.

Book AdvisoryCFO Excellence Centre
Part IV · Board ReportingPart VI · Tax Strategy & Compliance