From Risk to Resilience
Tailored, full-spectrum risk analysis and advice in fragile contexts
We are a boutique risk management advisory firm specialising in supporting small businesses operating in fragile and hostile environments. We offer services tailored to each client’s needs, delivered by a highly experienced and always accessible team.
Avalon Risk Advisory was founded by Adrian Smith, a senior lawyer, project and risk management specialist with over 20 years’ experience managing risks and delivering results in the most fragile contexts around the world. Working with a range of clients from start-ups to governments and multilaterals including the EU and UN, Adrian has successfully led large and small teams to effectively identify, monitor and mitigate risks to help achieve project and business objectives. With a wealth of legal, technical and geographic experience, we bring a unique blend of ground-level experience and practical insights to every project.
Our risk management services provide strategic guidance and practical tools to navigate complex risk landscapes, driving your business success while protecting your reputation. Our full-spectrum services span political, security, operational, financial, legal and compliance and reputational risks. We are also able to advise on risks relating to the development and deployment of renewable energies, including climate-conflict assessments, stakeholder engagement and community resilience.
Our tailored approach is based on building personal relationships with our clients to identify and assess their specific needs and provide principled, pragmatic and proportionate risk management support. Whether you’re looking to enhance your Enterprise Risk Management (ERM) through a strengthened risk governance framework, robust risk measurement and monitoring processes, or effective risk mitigation strategies, our team has the expertise and experience to support you every step of the way.
Why choose us?
Deep, multi-sectoral risk management experience

Our founder Adrian Smith has more than 20 years’ professional experience managing risks across the corporate, legal, political, security, and environmental sectors, and is a member of the Institute of Risk Management. He has more than 14 years’ experience operating in fragile and conflict-affected settings, working with political, security, commercial and community stakeholders to identify, assess, monitor and mitigate political, security, operational, financial, legal and regulatory, environmental and reputational risks for a range of demanding clients from start-ups to governments and multilaterals.
Adrian’s risk management experience ranges from managing a global corporate restructuring process to overseeing a secure centre for the rehabilitation of defectors from al Shabaab in Mogadishu, Somalia; from identifying and managing security risks posed to the UK by the Brexit negotiations, to assessing the impact of climate volatility on communities in the Lake Chad Basin. Adrian has worked in and on Somalia for 14 years, and has further experience working in Somaliland, Nigeria, Sierra Leone, Libya, Kenya, Malawi, Palestine and Pakistan.
Boutique agility and tailored service, with global reach

We combine boutique agility and personalised service with a global network, with experience and established networks in the Horn of Africa, Sahel, West Africa, MENA.
We understand the needs of small organisations operating in fragile contexts; often flexibility and scalability. Rather than implementing complex frameworks overnight, we suggest starting with building a risk-aware culture, consistent risk assessments, clear role definitions, and simple monitoring practices that can evolve as the company does. Through the early integration of ERM with deep understanding of local contexts, including political economy analysis, human rights considerations and ethical business practices, we help companies to effectively navigate the uncertainty of fragile operating environments, We help prevent costly surprises while creating sustainable growth for the company and long-term value for the communities where they operate.
Personal and pragmatic
We believe the best way to deliver effective support is through taking the time to build personal relationships, to get to know our clients and their needs. You will not deal with the overworked junior employees at larger professional service firms. Our senior team is always available and accessible, open to two-way communication, and will revise and refine our approach in line with your evolving needs.
While ERM frameworks like ISO 31000 and COSO are widely recognised globally, smaller companies operating in fragile contexts face unique challenges requiring tailored, flexible approaches that balance comprehensive risk management with finite resources. Our pragmatic approach incorporates the most useful elements of these frameworks to address clients’ specific needs. We combine the integration, customisation and flexibility of ISO 31000, with CSOS’s thematic structure of governance and culture, strategy and performance, review and revision, and communication and reporting.
Cost effective and transparent
Ready to move from Risk to Resilience, and focus on achieving your strategic objectives?
Contact us today to learn more about how we can help you navigate the complexities of risk management in fragile contexts and drive sustainable growth for your business.
Services:
Governance and Culture:
- Establishing risk oversight through securing leadership buy-in and accountability, defining risk appetite and embedding risk-awareness throughout the organisation
- In fragile contexts, clarifying relationships with government actors and maintaining transparent operations
- Developing appropriate tools and processes: Risk Appetite Statement, Roles and Responsibilities Matrix; Risk Management Policy
Strategy and Objective-Setting:
- Integrating risk considerations into strategic planning and evaluating risks in the context of specific business objectives
- In fragile contexts, analysing political and security dynamics, instability, supply chain vulnerabilities, and local stakeholder dynamics
- Developing appropriate tools and processes: Strategic Risk Assessment, Context Analysis, Scenario Planning Framework
Risk Identification and Assessment:
- Systematically documenting threats and opportunities across strategic, political, security, operational, financial, legal and compliance, and reputational categories
- In fragile contexts, understanding both country and local-level dynamics to assess and prioritise political and security-related risks
- Developing appropriate tools and processes: Risk Registers, Standardised Risk Evaluation Methodology, combining open source, specialist reporting and local networks to inform conflict and political economy analysis
Risk Response and Monitoring:
- Implementing clear and consistent mitigation strategies, continuous monitoring through user-friendly dashboards and key risk indicators to ensure responses remain effective
- In fragile contexts, adopting a proportionate approach based on simple but scalable tools and processes rather than complex and burdensome frameworks
- Developing appropriate tools and processes: Risk Treatment Plans, Key Risk Indicators (KRIs), Contingency and Crisis Plans
Review and Communication:
- Ongoing assessment of risks, especially following significant events, and clear communication across all organisational levels
- In fragile contexts, this can include scenario planning for crisis events and developing contingency protocols
- Developing appropriate tools and processes: Risk Review Schedule, Risk Reporting Templates, Lessons Learned Reviews
Selected Project and Risk Management Experience
- Legal
- Political
- Security & Governance
- Environmental
- Corporate