The group's risk register had not been comprehensively rebuilt in years. A financial audit was approaching. Equilibrium rebuilt the entire register across four structured domains, added 22 new corporate risks, and delivered it signed off before the audit window opened.
The same national labour hire group profiled in the dashboard case study. Multi-state operation with ISO 9001, 14001, 45001 and 27001 certifications. Around 700 employees across labour hire, traffic control and line marking divisions. A scheduled financial audit was approaching with a focus on operational and compliance risk.
The existing risk register had served its original purpose at the point of ISO certification, but the document had not kept pace with the business. Several risks were duplicated across different parts of the document. New risks introduced by recent business activity (entering new states, taking on new client types, growing the contractor pool) were not represented. Mitigation actions were listed but not consistently linked to control owners or review cycles. The risk matrix being applied was inconsistent across entries. Auditor feedback was likely to flag the document as out of date.
The financial audit had a fixed deadline. The register needed to be rebuilt, populated, reviewed and signed off in time, without disrupting normal operations.
Structural redesign. The single flat register was rebuilt into four logically separated tabs: SEQ Risks (safety, environmental and quality risks organised by source and category), Environmental Aspects (ISO 14001-aligned aspects and impacts register), Corporate Risk (business, financial, strategic, legal, IT and reputational risks), and a Risk Matrix (single consistent rating matrix applied across all tabs). This separation made the register usable for different purposes. The SEQ tab feeds operational HSE conversations. The Corporate Risk tab feeds board-level discussions. The Environmental Aspects tab supports ISO 14001 surveillance.
Content rebuild. Working with the executive team and operational managers, 22 new corporate risks were added covering areas the previous register had not addressed: cyber and data risks, contractor pool risks, multi-state regulatory exposure, key person dependency, IT vendor concentration, and several others. Existing risks were re-rated using the new matrix. Mitigation actions were aligned to named owners with review frequencies.
Integration with operational systems. Rather than leaving the register as a static spreadsheet, key risks were cross-referenced to the underlying operational systems (Donesafe sub-forms, internal audit programs, management review minutes). Changes in one place trigger review elsewhere.
Pre-audit review. A dry-run review was conducted before the audit window, with executives walking through the register tab by tab. Gaps surfaced in this dry run were closed before the audit.
This was a specialist on-demand engagement: a defined deliverable with a fixed deadline. Equilibrium scoped the work, embedded with the relevant stakeholders, delivered the document, and exited. It does not require an ongoing relationship to be valuable.
Document review and rebuild work is a common entry point for clients who are not yet ready for an ongoing relationship. It also surfaces, fast, whether deeper work is needed. In this case it led directly into the integrated managed services arrangement now in place.
Book a free scoped review. Two weeks, no cost. We map your compliance obligations and tell you where the gaps are.
Book a scoped review