Helping you understand your Risks

Organisations encounter risks every day. Whether they arise from the business processes they use or simply travelling to conduct business, risk is always present.

While we cannot have zero risk, we can establish Risk Management Systems to identify and manage a range of risks such as those from operations, or natural hazards.

We have developed a robust, practical approach to managing risk to provide clients with holistic risk management systems and solutions based on the principles of ISO 31000:2009 Risk management – principles and guidelines and our own methodologies.

If your business needs quantitative risk assessment, qualitative Bow-Tie hazard analysis, or an all encompassing Enterprise Risk Management system we can help you.

Building Organisational Resilience

A resilient organisation anticipates, prepares for, responds and adapts to incremental change and sudden disruptions in order to survive and prosper.

Resilience goes a step further than risk management to provide a holistic view of the health of an organisation and its success over a long term.

Gaining organisational resilience cannot be achieved ‘over-night’, it’s a journey achieved over time and for the long-term.

Organisational resilience adopts good habits and best practices to deliver continuous improvement by building and embedding competence and capability organisation-wide, allowing business leaders to take measured risks with confidence and make the most of opportunities that present themselves.

We use a combination of BS 65000 – Guidance for Organisational Resilience and our own concepts to help you on your journey to building organisational resilience.

Contact us to find out how we can help you build Organisational Resilience.

Enterprise Risk Management

Enterprise Risk Management (ERM) is a plan-based business strategy that aims to establish the oversight, control and discipline to drive continuous improvement of an organisation’s risk management capabilities in a changing operating environment.

The framework of an ERM system should be:

  • An ongoing process flowing throughout the organisation,
  • Effected by people in the organisation at every level,
  • Applied in setting strategies,
  • Applied at every level and business unit of the organisation,
  • Designed to identify potential events affecting the organisation and managing risk within the risk-appetite,
  • Able to provide reasonable assurance to an organisations management and board of directors,
  • Geared to achieving an organisations objectives – a means to an end, not the end itself!

We have the experience to help you build a complete ERM system or enhance an element of your existing system.

Quantative Risk Assessment

A Quantative Risk Assessment (QRA) is a formal and systematic approach to estimate the likelihood and consequences of hazardous events, and expressing the results quantitatively as risk to people, the environment or your business.

A QRA is typically carried out for production and processing facilities where there is a need for improved decision-making by identifying potential risks and managing/controlling them to a level As Low As Reasonably Practicable (ALARP).

We conduct comprehensive risk assessments that evaluate scenarios, frequency and consequence.

Through a combination of risk modelling techniques, data analysis and assessment processes that evaluate the probability and impact of potential risks, we help our clients control risks that impact their operations.

Bow-Tie Risk Analysis

A Bow-Tie risk analysis is primarily a qualitative risk analysis well suited to complex operating environments such as the aviation industry.

The complexity of an aviation business imposes challenges for quantifying all the interactions (between people, equipment, time, weather, organisational factors, etc.) and so adopting a qualitative approach is particularly suitable for safety risk assessments.

A Bow-Tie risk analysis adopts a visual approach and focuses on a particular hazard and its associated undesired state termed the ‘top event’, and considers multiple triggering events (threats) and multiple outcomes (consequences).

Because Bow-Tie is extremely visual, it easily communicates a risk scenario to provide a better overview of the situation and help people understand the relationship between risks and organisational factors.


Performing a Bow Tie Risk Analysis involves asking a structured set of questions:

  • What is the hazard?
  • What happens when a hazard control is lost?
  • What safety event (threat) could release the hazard?
  • What are the potential outcomes?
  • How can we avoid the hazardous event?
  • How can we recover if the event occurs?
  • How can the potential outcome likelihood or consequence severity be limited?
  • How might controls fail?
  • How could effectiveness of controls become undermined?
  • How do we make sure that controls do not fail?

HSRC assists clients to identify their safety risks and to develop plans to manage these risks within their operation effectively, efficiently and sustainably.

Contact Us

Kevin Rookes

For more information on how we can help you with Risk and Resilience call now on
+852 2117 1445 or email us here: hello@hsrc.com.hk