Risk management for private equity is essential for protecting portfolio value and meeting regulatory requirements. In June 2023, a mid-market PE firm closed a $340 million acquisition of a healthcare technology company. Sixty days post-close, a ransomware attack encrypted patient records across the portfolio company’s entire network.
The incident response cost $8.2 million, regulatory fines followed at $3.5 million, and two key hospital system clients terminated contracts worth $22 million in annual recurring revenue.
The deal thesis assumed a 3x exit multiple in five years; the revised model showed breakeven at best. Pre-acquisition cyber due diligence had consisted of a single vendor questionnaire that rated the target as “satisfactory.”
| Key Takeaways |
| Global PE AUM reached $10.8 trillion in 2025, yet private equity risk management maturity lags far behind the capital deployed, creating material exposure for GPs and LPs. |
| 80% of PE firms experienced cybersecurity-related disruption during the hold period in the past year, with an average financial impact of $2.1 million per incident. |
| The SEC’s 2026 examination priorities target fiduciary duty, fee practices, valuation methodology, and cybersecurity for private fund advisers, raising the compliance bar. |
| Only 12% of PE firms under $25 billion AUM enforce mandatory cybersecurity baselines across portfolio companies, compared with 55% of firms above $25 billion. |
| Effective private equity risk management requires a layered framework spanning deal-level due diligence, portfolio-level aggregation, and firm-level ERM governance. |
| KRIs calibrated to the PE lifecycle (sourcing, diligence, hold, exit) provide early warning signals that prevent value destruction at each stage. |
| A 90-day implementation roadmap can establish the governance, tools, and reporting cadence for a defensible private equity risk management program. |
Risk management for private equity is no longer a back-office function bolted onto deal execution. With global PE AUM reaching $10.8 trillion in 2025 (McKinsey Global Private Markets Report, 2026) and the SEC’s 2026 examination priorities explicitly targeting private fund adviser practices, the industry faces a clear mandate: build disciplined enterprise risk management capabilities or accept value destruction as a recurring cost of business.
A Kroll survey of 325 PE portfolio leaders found that 80% of firms experienced cybersecurity-related disruption during the hold period over the past year, with an average financial impact of $2.1 million per incident.
Yet the governance gap persists: only 12% of firms under $25 billion AUM enforce mandatory cyber controls across their portfolios.
This guide provides PE operating partners, portfolio risk managers, CFOs, and LP allocators with a practitioner-focused framework for risk management for private equity across the full investment lifecycle.
You will find due diligence risk frameworks, portfolio-level aggregation models, KRI dashboards, SEC compliance maps, and a 90-day implementation roadmap designed for the resource constraints that PE firms actually operate under.
Risk Management for Private Equity: The 2026 Landscape
The scale and complexity of the private equity industry have fundamentally changed the risk calculus. Median purchase multiples reached 11.8x EBITDA in 2025, meaning entry prices leave less margin for error.
Dry powder is moderating after years of accumulation, forcing deployment discipline. North American fundraising increased 8% year-on-year to $432 billion, while take-private deal value rose 72% (Bain Global Private Equity Report, 2026).
These dynamics mean that risk management for private equity is no longer about avoiding catastrophic loss events alone; it is about protecting the operating value that justifies premium entry multiples.
Private Equity Market Growth and Risk Exposure
Figure 1: Global PE AUM reached $10.8T in 2025, with deal value recovering to $750B (Sources: McKinsey, Bain, PwC, 2025-2026)
The risk categories confronting PE firms have expanded well beyond traditional financial and market risk.
Today’s risk management for private equity universe encompasses six interconnected domains: operational risk within portfolio companies, market and valuation risk across the fund, compliance and regulatory risk driven by SEC enforcement, cybersecurity risk that can destroy deal value overnight, ESG and reputational risk that LPs increasingly screen for, and liquidity and exit risk in a market where continuation vehicles are replacing traditional exits.
Each domain requires its own risk assessment methodology while feeding into a unified firm-level view.
Private Equity Risk Universe: Impact and Likelihood
Figure 4: Compliance and operational risk score highest on both axes, while ESG risk is rising rapidly (Source: Author analysis based on Kroll, SEC, McKinsey, 2025-2026)
Due Diligence Risk Framework for Private Equity Risk Management
Pre-acquisition due diligence is the first and highest-leverage point in risk management for private equity. A disciplined diligence process identifies risks that, if missed, become post-close value destroyers.
The framework below extends traditional financial and legal diligence into the operational, cyber, and ESG domains that increasingly drive hold-period outcomes.
Comprehensive PE Due Diligence Risk Categories
| Diligence Domain | Key Risk Areas | Assessment Methods | Red Flags |
| Financial | Revenue quality, working capital, debt structure, off-balance-sheet liabilities | Quality of earnings analysis, forensic accounting, normalized EBITDA reconciliation | Customer concentration > 20%; aggressive revenue recognition; related-party transactions |
| Operational | Management depth, key-person dependency, process maturity, supply chain | Management interviews, RCSA workshops, process mapping, supplier concentration analysis | Single-source dependencies; no documented SOPs; founder-dependent customer relationships |
| Cybersecurity | IT architecture, data protection, incident history, OT/IoT exposure | Penetration testing, vulnerability scanning, security rating (BitSight/SecurityScorecard), data flow mapping | No CISO/security function; unpatched critical vulnerabilities; prior breach not disclosed |
| Compliance & Regulatory | Licensing, regulatory filings, litigation pipeline, sanctions exposure | Regulatory filing review, litigation database search, sanctions screening, interview with GC | Open regulatory investigations; history of enforcement actions; incomplete filings |
| ESG & Reputation | Environmental liabilities, labor practices, supply chain ethics, DEI metrics | Environmental site assessments, ESG questionnaire, media/social sentiment analysis | Environmental remediation obligations; labor violations; greenwashing claims |
| Market & Competitive | Market position, competitive moats, technology disruption exposure | TAM/SAM/SOM analysis, competitive benchmarking, customer NPS/churn analysis | Declining market share; commoditized offering; technology obsolescence risk |
Each diligence workstream should produce a risk register that quantifies identified risks using calibrated ranges (best/most likely/worst case) rather than simple red-amber-green ratings.
This quantified output feeds directly into deal pricing, representation and warranty insurance negotiations, and the first 100-day integration plan.
The risk assessment process at the diligence stage sets the quality ceiling for all downstream risk management for private equity activities.
Portfolio-Level Risk Aggregation in Private Equity Risk Management
Deal-level diligence addresses company-specific risk, but risk management for private equity must also account for correlations and concentrations across the portfolio.
A PE fund with 12 portfolio companies may appear diversified until risk analysis reveals that 8 of them share the same cloud hosting provider, 6 operate in sectors exposed to the same regulatory change, or 4 depend on overlapping supply chains.
Portfolio-level risk aggregation surfaces these hidden correlations before they produce correlated losses.
Portfolio Risk Aggregation Matrix
| Concentration Type | What to Measure | Aggregation Method | Action Threshold |
| Sector Concentration | Revenue exposure by GICS sector across all portfolio companies | Sum portfolio revenue by sector; calculate Herfindahl-Hirschman Index (HHI) | HHI > 2,500 = highly concentrated; diversification review required |
| Geographic Concentration | Revenue and operations by country/region | Map revenue and FTE by geography; overlay geopolitical risk ratings | > 40% in single country triggers geographic hedge analysis |
| Customer Concentration | Shared major customers across portfolio companies | Cross-reference top-10 customer lists across portfolio; identify overlaps | Any customer representing > 15% of aggregate portfolio revenue |
| Technology / Vendor | Shared IT infrastructure, SaaS platforms, cloud providers | Vendor dependency mapping across portfolio; single-point-of-failure analysis | Same vendor serving > 50% of portfolio = single-point risk |
| Regulatory Exposure | Common regulatory regimes and pending rule changes | Map each portfolio company to applicable regulators; scan for pending changes | Regulation affecting > 30% of portfolio value triggers scenario analysis |
| Key Person Dependency | Shared management talent and succession gaps | Map critical roles across portfolio; identify succession readiness | Any portfolio company with 0 successors for CEO/CFO/CTO |
The output of portfolio risk aggregation should be a quarterly portfolio risk dashboard that the investment committee reviews alongside financial performance.
This dashboard integrates key risk indicators from each portfolio company into a fund-level heat map, enabling the GP to identify emerging concentration risks and take corrective action, whether through add-on acquisitions that diversify, strategic exits that reduce overweight positions, or targeted risk mitigation investments at the portfolio company level.
The risk monitoring process must be embedded in the fund’s operating cadence, not treated as a periodic exercise.
Cybersecurity Risk in Private Equity Risk Management
Cybersecurity has become the single most consequential operational risk in private equity. The Kroll 2025 survey found that 80% of PE firms experienced cyber disruption during the hold period, and the financial impact extends far beyond incident response costs.
Cyber events delay exits, trigger regulatory investigations, void representations and warranties, and destroy the operational improvements that PE firms spend years building.
risk management for private equity programs that treat cybersecurity as an IT issue rather than a board-level investment risk are systematically underpricing their exposure.
Cybersecurity Risk Management Maturity by PE Firm Size
Figure 2: A stark governance gap exists: 55% of large PE firms enforce cyber baselines vs. only 12% of smaller firms (Sources: Kroll, QBE, Wellington Management, 2025)
The governance disparity between large and small PE firms creates a two-tier risk management for private equity landscape.
Firms above $25 billion AUM are 4.5 times more likely to enforce mandatory cybersecurity baselines across portfolio companies, have dedicated portfolio cyber leaders, and conduct pre-acquisition penetration testing.
Smaller firms, managing the majority of mid-market deals where cyber maturity tends to be lowest, face the paradox of higher risk exposure with fewer risk management resources.
The solution is not to replicate the large-firm approach at smaller scale but to implement a risk-based tiering model that concentrates cyber investment on portfolio companies with the highest data sensitivity, regulatory exposure, and customer-facing digital operations.
PE Cybersecurity Risk Management Baseline
| Control Category | Minimum Baseline | Enhanced (High-Risk Portcos) | Evidence for SEC/LP |
| Governance | Designated cyber risk owner at each portco | CISO or vCISO with board reporting line | Org chart + board reporting cadence documentation |
| Access Control | MFA on all privileged accounts; quarterly access reviews | Zero-trust architecture; PAM solution deployed | MFA audit logs; access review completion records |
| Patch Management | Critical patches within 30 days; high within 60 | Critical within 14 days; automated patching for endpoints | Patch compliance reports; vulnerability scan results |
| Incident Response | Documented IR plan; tabletop exercise annually | IR retainer with forensics firm; quarterly exercises | IR plan document; exercise after-action reports |
| Third-Party Risk | Annual vendor security questionnaire for critical vendors | Continuous monitoring via security rating platform | Vendor risk register; security rating trend reports |
| Data Protection | Encryption at rest and in transit; backup testing quarterly | DLP solution; immutable backups; air-gapped recovery | Encryption audit; backup recovery test logs |
SEC 2026 Examination Priorities and Private Equity Risk Management
The SEC’s Division of Examinations released its 2026 priorities under Chairman Paul Atkins, and private fund advisers remain squarely in the crosshairs.
For risk management for private equity leaders, these priorities translate directly into the compliance controls, documentation, and governance structures that examiners will scrutinize.
The six priority areas map to specific risk management actions that PE firms must embed in their operating model.
SEC 2026 Examination Priority Areas for Private Equity
Figure 3: Fiduciary duty and cybersecurity dominate SEC exam intensity for PE advisers in 2026 (Sources: SEC, Goodwin, Harvard Law, 2025-2026)
| SEC Priority Area | What Examiners Will Scrutinize | Private Equity Risk Management Response |
| Fiduciary Duty & Conflicts | Fee allocation, co-investment allocation, side letter consistency, related-party transactions | Conflicts register mapping all affiliated transactions; annual conflicts review by CCO; LP disclosure audit |
| Fee & Expense Practices | Management fee calculations, broken-deal expenses, portfolio company monitoring fees, fee offsets | Fee waterfall documentation; expense allocation policy with LP-approved methodology; quarterly fee reconciliation |
| Valuation Methodology | Fair value policies, valuation committee governance, third-party valuation use, quarter-over-quarter changes | Documented valuation policy per ASC 820; independent valuation committee; annual third-party review of material positions |
| Cybersecurity & Operational Resilience | Cyber policies, incident response plans, vendor oversight, business continuity | Cybersecurity baseline enforcement across portfolio; incident response plan with tabletop evidence; BCP testing documentation |
| ESG / AI Governance | ESG claims in marketing, AI use in portfolio monitoring, automated investment tools | ESG policy with substantiation requirements; AI governance framework; marketing review for ESG accuracy |
| Marketing & Performance Claims | Performance track record, gross-to-net returns, cherry-picked case studies, hypothetical performance | Marketing review process per SEC Marketing Rule; standardized performance calculation methodology; pre-clearance workflow |
Each SEC priority area should map to a control in your compliance risk assessment framework.
The most defensible approach is to build a regulatory compliance risk assessment template that cross-references SEC exam priorities with your firm’s specific policies, identifies gaps, and assigns remediation owners with deadlines.
risk management for private equity teams that wait for an examination letter to begin this mapping will find themselves in a reactive posture that compounds both compliance risk and examination duration.
Building an ERM Framework for Private Equity Risk Management
Traditional enterprise risk management frameworks designed for operating companies do not translate directly to PE firms, where the entity managing risk (the GP) and the entities bearing risk (portfolio companies) are legally and operationally distinct.
A risk management for private equity ERM framework must operate at three levels simultaneously: the firm level (GP operations, fund compliance, LP governance), the portfolio level (cross-company aggregation and concentration), and the company level (individual portfolio company operational risk).
ISO 31000 provides the overarching risk management principles, while COSO ERM offers the governance architecture that links strategy to risk appetite.
Three-Tier PE Risk Management Architecture
| Tier | Scope | Risk Categories | Governance Owner | Reporting Cadence |
| Tier 1: Firm Level | GP operations, fund compliance, LP commitments | Regulatory (SEC), fundraising, reputational, key-person, operational | Managing Partner + CCO | Quarterly to LPAC; annual to full LP base |
| Tier 2: Portfolio Level | Cross-portfolio aggregation and concentration | Sector concentration, vendor dependency, correlated market exposure, aggregate cyber risk | CIO / Head of Portfolio Operations | Monthly to IC; quarterly to LPAC |
| Tier 3: Company Level | Individual portfolio company risks | Operational, financial, cyber, compliance, ESG, market-specific risks | Portfolio Company CEO + Operating Partner | Monthly to operating partner; quarterly to IC |
The three-tier architecture requires a standardized risk register template deployed across all portfolio companies. Each company completes a quarterly RCSA that feeds into the portfolio-level aggregation engine.
The risk management lifecycle (identify, analyze, evaluate, treat, monitor) runs at all three tiers, with the portfolio tier acting as the aggregation and correlation layer that surfaces risks invisible at the company level.
Key Risk Indicators for Private Equity Risk Management
Effective risk management for private equity requires KRIs calibrated to the PE investment lifecycle.
Unlike operating companies where KRIs track steady-state performance, PE KRIs must signal risk at four distinct stages: deal sourcing, due diligence, hold period, and exit preparation.
The following KRI framework maps indicators to lifecycle stages with thresholds designed for mid-market PE firms.
| KRI | Lifecycle Stage | Green | Amber | Red |
| Due Diligence Completion Rate | Sourcing / Diligence | 100% of 6 diligence workstreams complete | 1 workstream incomplete | > 1 workstream incomplete or waived |
| Portfolio Company EBITDA vs. Plan | Hold Period | Within 5% of plan | 5-15% below plan | > 15% below plan |
| Cyber Baseline Compliance | Hold Period | 100% of portcos meeting baseline | 80-99% compliant | < 80% compliant |
| SEC Compliance Finding Aging | Firm Level | 0 findings > 60 days open | 1-2 findings > 60 days | > 2 findings > 60 days |
| LP Capital Call Compliance | Firm Level | 100% funded within 10 business days | 95-99% funded | < 95% funded |
| Portfolio Concentration (Top Sector) | Portfolio Level | < 30% of NAV in single sector | 30-40% of NAV | > 40% of NAV |
| Exit Readiness Score | Exit Preparation | All exit diligence items green | 1-2 amber items | Any red items or unresolved findings |
| Vendor Risk Rating (Portfolio-Wide) | Hold Period | > 850 average security rating | 700-850 average | < 700 average |
| Valuation Markup/Markdown Frequency | Hold Period | < 10% of positions adjusted > 10% | 10-20% | > 20% of positions with large adjustments |
| Conflicts Disclosure Completion | Firm Level | 100% of conflicts disclosed per policy | 95-99% disclosed | < 95% disclosed |
These KRIs should be visualized in an integrated KRI dashboard that the investment committee reviews monthly.
The dashboard should present both individual portfolio company traffic lights and aggregated portfolio-level heat maps, enabling the GP to spot emerging patterns, such as multiple portfolio companies simultaneously missing EBITDA targets (suggesting a macro downturn rather than company-specific issues) or a clustering of cyber incidents across portfolio companies sharing the same IT service provider.
90-Day Private Equity Risk Management Implementation Roadmap
This roadmap is designed for mid-market PE firms ($1-10 billion AUM) that have informal or ad hoc risk management practices and want to build a structured, defensible risk management for private equity program.
Larger firms can accelerate timelines; smaller firms may need to phase over 120 days.
| Phase | Actions | Deliverables | Success Metrics |
| Days 1-30: Foundation | Appoint risk management owner (CCO, Operating Partner, or dedicated hire). Conduct firm-level risk inventory across all funds and portfolio companies. Map SEC 2026 exam priorities to existing policies; identify gaps. Deploy standardized risk register template to all portfolio companies. Establish risk governance: IC risk agenda item, LPAC risk reporting cadence. | Risk governance charter and RACI. Firm-level risk inventory (draft). SEC compliance gap analysis. Standardized risk register template. Risk reporting calendar. | Risk owner appointed with clear mandate. Inventory covers all portfolio companies. SEC gap analysis reviewed by CCO. Risk register template deployed to 100% of portcos. |
| Days 31-60: Build & Quantify | Complete RCSA workshops at top 5 portfolio companies (by NAV). Quantify top 10 risks using scenario analysis (best/likely/worst case). Build portfolio-level aggregation dashboard (concentration, correlation). Implement cybersecurity baseline assessment across portfolio. Draft risk appetite statement for GP and fund level. | Completed RCSAs for top 5 portfolio companies. Quantified risk register with scenario outputs. Portfolio risk aggregation dashboard (beta). Cybersecurity baseline scorecard per portfolio company. Draft risk appetite statement. | All 5 RCSAs produce actionable risk registers. Top 10 risks quantified with dollar ranges. Dashboard shows concentration metrics. Cyber baseline gaps documented. Risk appetite reviewed by Managing Partner. |
| Days 61-90: Integrate & Report | Present integrated risk profile to investment committee. Deliver first LP risk report (alongside quarterly financial report). Integrate KRIs into portfolio monitoring cadence. Conduct first SEC exam readiness self-assessment. Document risk management policy and procedures. | IC-approved risk profile and risk appetite. LP risk report template and first issuance. KRI dashboard live with monthly monitoring. SEC exam readiness assessment with remediation plan. Risk management policy document. | IC approves risk appetite covering all 6 risk domains. LP risk report delivered on schedule. KRI dashboard operational with automated data feeds. SEC readiness score > 80%. Policy approved and published. |
Common Pitfalls in Private Equity Risk Management
| Pitfall | Root Cause | Remedy |
| Due diligence as checkbox | Time pressure and deal fever override diligence rigor; cyber/ESG workstreams waived to meet closing deadlines | Establish non-negotiable diligence minimums across all 6 domains; use diligence risk register to track waivers |
| No post-close risk monitoring | Diligence findings filed away after closing; no systematic follow-through on identified risks | Convert diligence risk register into 100-day integration risk plan with named owners and deadlines |
| Portfolio-level blindness | Each portfolio company managed in isolation; no cross-portfolio risk aggregation or correlation analysis | Implement quarterly portfolio risk aggregation dashboard; mandate standardized risk reporting from all portcos |
| Underinvesting in cyber | Cybersecurity treated as IT cost center rather than value protection investment; no GP-level cyber governance | Enforce minimum cyber baseline across portfolio; tie cyber KRIs to operating partner performance review |
| Valuation subjectivity | Valuation methodology applied inconsistently; no independent validation; quarter-over-quarter changes unexplained | Document ASC 820-compliant valuation policy; establish independent valuation committee; annual third-party review |
| SEC compliance as CCO silo | Compliance function disconnected from investment and operations teams; policies exist but are not operationalized | Embed compliance checkpoints in deal process, portfolio monitoring, and marketing workflows; quarterly compliance testing |
| LP reporting gap on risk | Quarterly reports focus exclusively on financial returns; risk information shared only when problems emerge | Include risk section in every quarterly LP report: top risks, KRI dashboard, compliance status, and risk appetite alignment |
| Ignoring ESG beyond marketing | ESG positioned as fundraising differentiator but not integrated into diligence, monitoring, or exit readiness | Embed ESG assessment in diligence, quarterly monitoring, and exit value story; substantiate all ESG claims per SEC guidance |
Looking Ahead: Private Equity Risk Management Trends (2025-2027)
Three forces will reshape risk management for private equity over the next 24 months, creating both compliance imperatives and competitive advantages for firms that move early.
First, AI is transforming every stage of the PE lifecycle, and the risk management implications are profound.
AI-powered deal sourcing is accelerating pipeline velocity, AI-enabled due diligence is analyzing target companies at speeds impossible for human teams, and AI-driven portfolio monitoring is detecting operational anomalies before they appear in financial statements.
But AI also introduces new risks: algorithmic bias in deal screening, overreliance on AI-generated due diligence conclusions, and the SEC’s explicit focus on “automated investment tools” in its 2026 exam priorities.
risk management for private equity programs must develop AI governance frameworks that cover both the use of AI by the GP and the deployment of AI within portfolio companies. The risk assessment policy should explicitly address AI-related risks, including model validation, data quality, and human oversight requirements.
Second, LP demands for risk transparency are intensifying. Institutional investors are asking increasingly sophisticated questions about cybersecurity governance, ESG integration, and operational due diligence as part of their ODD process.
The compliance risk assessment conversation has shifted from “Do you have a compliance program?” to “Show me the evidence that your risk management program actually works.”
GPs that can produce quantified risk dashboards, demonstrated KRI monitoring, and documented risk-based decision-making will win allocations from LPs who have been burned by risk management failures at other funds.
The RCSA methodology adopted from financial services provides the structured, evidence-based approach that LPs expect.
Third, the regulatory landscape is converging. The SEC’s private fund focus, the EU’s AIFMD revisions, and evolving ILPA best practices are creating a multi-jurisdictional compliance matrix that global PE firms must navigate.
Firms that build their risk management for private equity infrastructure on a principled framework like ISO 31000 or COSO ERM will find it easier to map controls to multiple regulatory regimes simultaneously, rather than maintaining parallel compliance programs for each jurisdiction.
The ERM technology platforms designed for alternative asset managers are maturing rapidly, offering portfolio-level risk aggregation, automated KRI monitoring, and regulatory reporting that reduces the compliance burden while improving risk visibility. Firms that invest in these capabilities now will compound the advantage as regulatory complexity continues to increase.
Ready to build a defensible risk management for private equity program? Our risk management consultants specialize in PE-specific ERM frameworks, due diligence risk integration, and SEC exam readiness. Explore our services or contact us directly to schedule a discovery call.
References
1. McKinsey & Company (2026). “Global Private Markets Report 2026.”
2. Bain & Company (2026). “Global Private Equity Report 2026.”
3. PwC (2026). “Private Equity US Deals 2026 Outlook: M&A Trends.”
4. SEC Division of Examinations (2026). “Fiscal Year 2026 Examination Priorities.”
6. Goodwin Procter (2025). “2026 SEC Exam Priorities for Registered Investment Advisers.”
7. Kroll (2025). “Private Equity Cybersecurity: A Significant Risk to Deals.”
8. QBE (2025). “Private Equity Firms Enhancing Cyber Resilience of Portfolio Companies.”
9. Wellington Management (2025). “Private Equity Cybersecurity & Data Transparency.”
10. FTI Consulting (2025). “Cybersecurity for Private Equity Firms: Adding Value, Reducing Risk.”
11. Oliver Wyman (2025). “Why Private Equity Needs Better Risk Management Now.”
12. Woodruff Sawyer (2026). “Private Equity Risk and Insurance Trends: Looking Ahead to 2026.”
13. BDO (2026). “2026 Private Equity Industry Predictions.”
14. Silicon Valley Bank (2026). “How Private Funds CFOs Can Prepare for 2026 SEC Exams.”
15. IQ-EQ (2026). “Global Private Markets Predictions for 2026.”
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.