Case Study

Rethinking Risk – from compliance to capability

The team at Pelorus Insights helped deliver risk management improvements on a major UK defence programme. Not by adding process, but by building capability. 

We partnered with P3M leaders to advise on a series of incremental improvements designed to reduce the compliance burden, increase engagement, and improve the quality of risk information available to decision-makers.

The brief

Recommend risk management improvements for a major UK defence programme.

While the brief focused on improving the risk management process, it became clear early on that the real opportunity — and challenge — lay in shifting how risk was perceived throughout the programme.

The problem

Risk management had become a tick-box exercise – compliance-heavy, leadership-light, and fundamentally disconnected from the decisions that shape outcomes.

The process had become heavily reliant on the efforts of the risk manager and had stagnated – engagement was poor, and external customer relationships had started to sour.

What We Did Differently

With the support of the senior leadership team, we quickly acknowledged the problem, designed our approach, and were trusted to enact our improvements.

Our first priority was to improve the relationships with internal and external risk management stakeholders.

We reset the external relationships by re-establishing our clients’ lead role in critical face to face engagement with the end customer, presenting a roadmap for change that demonstrated a path to improvement.

Internal risk engagements were re-ignited through a series of risk management briefings, presenting a simplified process that had real-world benefits for each delivery team.

We developed guiding principles that focused risk identification and assessment away from risk list admiration and towards critical uncertainties that could impact programme objectives.

Key interventions included:

  • Representing the client externally: Acting as strategic advocates in enterprise risk forums, we ensured our client’s voice was heard, respected, and aligned with wider decision-making structures.
  • Rewiring the governance: We established a risk reporting mechanism that worked across all levels — from technical working groups to programme and strategy boards — enabling a more effective flow of risk information.
  • Embedding capability, not dependency: Through close coaching and team engagement, we helped internal staff take back ownership of the risk function with renewed confidence.
  • Supporting cultural change: Working shoulder-to-shoulder with senior leaders, we fostered an environment of psychological safety — where raising a risk wasn’t a risk in itself.
  • Delivering under pressure: As part of the project controls function, we managed contractual risk deliverables to high standards, freeing up internal capacity and ensuring compliance didn’t come at the expense of quality
  • Connecting the dots: We collaborated with cost estimating and commercial teams to feed real risk data into cost, schedule and scenario analysis—turning uncertainty into strategic insight.

The outcome

  • An enduring capability: The risk team was supported in taking back ownership of the process, with renewed confidence.
  • A more influential client voice: We were able to represent our client’s interests within external forums—enhancing both influence and reputation.
  • Improved decision quality: Senior leadership gained clearer visibility of risks across both contracted delivery and emerging future scope, allowing for more informed, forward-looking decisions.
Gareth Day
Our view

“In complex delivery environments, the real risk is pretending risk management is working when it’s not. The real value comes when you turn risk from a reporting obligation into a decision-making asset.

That’s not a process problem. That’s a capability challenge — and it’s one that is best solved in partnership.

Risk management can be an asset – a feature, not a bug.”

Gareth Day, Co-Founder of Pelorus Insights

Back to case studies