Menu

Assurance that delivers confidence

In today's environment of heightened scrutiny, regulatory complexity and rapid technological change, organisations face risks at every turn; financial, operational, digital, people, reputational, and environmental. Governance gaps erode trust, create systemic vulnerabilities, and threaten organisational sustainability.

Combined, Assurance & Risk is a powerful force which safeguards integrity, protects people and resources, builds trust, and creates the foundation for sustainable performance.

Independence

Unbiased oversight that strengthens governance and trust, building stakeholder confidence.

Foresight

Anticipating risks and opportunities before they emerge.

Confidence

That you have the right systems, processes and information to make informed decisions.

Impact

Driving measurable outcomes that create lasting organisational value.

Capabilities

OCM delivers practical and tailored Assurance & Risk solutions across the full spectrum, from traditional internal audit to digital assurance, from ESG and sustainability to investigations.  

Together, we deliver progress that matters on...

OCM conducts independent and risk-based reviews of controls, efficiency, and compliance that drive stronger governance and continuous improvement. Our audits focus on operational, strategic, and financial risks, bringing together generalist and specialist auditors to deliver outstanding results on:

  • Operational effectiveness audits
  • Financial and compliance audits
  • Performance and efficiency reviews
  • Process mapping and control evaluation
  • Quality assurance reviews 

We ensure the establishment and enhancement of risk frameworks that are built around ISO 31000 and aligned with other regulatory standards. We help organisations develop fit-for-purpose risk and governance frameworks that provide clarity and confidence in managing uncertainty, including: 

  • Enterprise risk management framework design
  • Risk appetite, tolerance setting, and reporting
  • Framework maturity assessments
  • Board and committee governance structures
  • Policy and procedure development
  • Governance health checks and effectiveness reviews 

We lead reviews that are focused on adherence to regulatory guidelines, industry standards, and policy requirements. We provide subject matter experts to monitor compliance to provide the confidence you are meeting:

  • Legislative and regulatory obligations, industry standards, and frameworks
  • Internal policy adherence
  • Contractual compliance
  • Grant funding conditions
  • Environmental and safety regulations 

Technology brings risk through digital infrastructure, systems, and data reliance. Our integrated digital assurance approach builds digital trust, empowering organisations to leverage the potential of data and elevate their digital landscape: 

  • Cyber security: Safeguarding information regardless of how it’s handled, processed, transported or stored
  • Threat and incident management: Enhancing threat and vulnerability management maturity in business applications, systems, and networks through assessments, patching, monitoring, and threat intelligence
  • Data governance: Establishing frameworks that enable better coordinated management of data availability, usability, integrity and security
  • IT general controls: Assurance across the digital ecosystem including data accessibility, response to disruption, digital resilience, change management, cloud services and security controls 

We offer independent program and project assurance aligned with leading frameworks including Gateway Review methodology. We validate scope, assess risk, and conduct reviews at critical milestones to ensure delivery remains on track, benefits are realised, and governance standards are upheld. Our approach includes: 

  • Gateway reviews at key decision points
  • Project health checks and readiness assessments
  • ECI and competitive alliance reviews
  • Financial audit of construction progress claims
  • Financial viability of contractors prior to contract award
  • Benefits realisation validation
  • Transparent reporting to give stakeholders confidence in complex delivery environments 

Environmental, Social, and Governance (ESG) factors are now central to organisational resilience, reputation, and long-term value creation. We help clients embed sustainability into operations through reviews aligned with ISO 20400 (Sustainable Procurement) and global best practices. We assess: 

  • Compliance with modern slavery legislation
  • Ethical sourcing and supply chain transparency
  • Sustainability framework implementation
  • Climate-related financial disclosures
  • Social procurement commitments
  • Environmental management systems
  • Stakeholder engagement and reporting 

Fraud and misconduct can have severe financial, operational, and reputational consequences. Working with clients to provide independent, confidential investigations into suspected fraud, conflicts of interest, corruption, and unethical behaviour. Our experienced team applies: 

  • Independent investigations into misconduct, safety breaches, fraud and corruption
  • Post-incident reviews to prevent recurrence and ensure compliance
  • Document and transaction analysis
  • Root cause analysis and detailed reporting with actionable recommendations 

We work with organisations to build and maintain resilience, promote reliability, and be ready to respond. By working together, we identify vulnerabilities, workshop solutions and implement recommendations through:

  • Disaster & Emergency Preparedness: Integration of disaster management planning, emergency procedures, and hazard/risk identification (e.g. bushfire protocols)
  • Incident Response & Recovery Capability: Defined incident response procedures, post-incident reviews, and tracking of lessons learned
  • Backup & Restore Readiness (RPO/RTO): Regular testing of backups, clearly defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), and alignment with business expectaions
  • Risk Identification, Assessment & Treatment: Identifying risks, linking them to enterprise risk registers, and maintaining treatment plans monitored through governance bodies
  • Staff Training, Awareness & Capability: Regular, scenario-based exercises, training on continuity/incident plans, and building staff understanding of roles during disruptions
  • Testing, Review & Continuous Improvement: Desktop exercises, scenario tests, audits, and refinement of plans based on outcomes and emerging risks. Protocols for internal and external communication during disruptions, ensuring clarity and continuity

Strengthening trust. Leading with clarity.

More on Assurance

Our people

Cathy Blunt

Partner | Assurance | QLD

Judy Malpas

Partner | Assurance | NSW

Susanne Kennedy

Partner | Assurance | ACT

Wayne Gorrie

Partner | Assurance | QLD

Yas Wickramasekera

Executive Director, Local Government

Client stories

Making tomorrow better, together

Building confidence in Government accountability

Building confidence in Government accountability

A structured, independent audit can strengthen organisational performance. By working closely with stakeholders and maintaining procedural rigour, we delivered a comprehensive assessment of the Victorian Ombudsman’s Office across four key domains of performance - meeting tight timeframes and achieving strong engagement throughout.

Read full story

We help protect today and safeguard tomorrow. You shape the future.

Progress needs a partner. We're ready.

Let's talk
Close