Internal Controls Design graphic Internal Controls Design
consulting and research for internal control with risk management


MugshotMatthew Leitch

About the author: Matthew Leitch has been an independent consultant, tutor, and researcher since 2003 and is the author of two groundbreaking books. He has helped a variety of organizations improve the way they manage uncertainty and contributes to the development of guidance on risk management. He is an active member of the risk management committee at the British Standards Institute and has contributed to guidance from the Association for Project Management. His background includes writing, psychology, mathematics, software development, audit, and accountancy. For 7 years until 2002 he worked for PricewaterhouseCoopers as a specialist in internal controls and risk management. He is a qualified chartered accountant and holds a BSc in psychology from University College London.

Matthew learned design at an early age from his father, who is an architect and designer, and has pursued elegant, original solutions to important problems ever since.

He is the author of another website dedicated to his consulting business. The site, Managed Luck, is a free resource for anyone who wants to promote everyday risk management skills in their organisation. It provides Guides to the skills that managers at every level can benefit from, and concentrates on the personal benefits of better uncertainty management.

Matthew Leitch: the story so far

If you had asked me in 1994 where my career was going I would have been stumped. As a boy I'd learned design skills at my father's drawing board, then been great at maths at school, but studied psychology passionately (especially learning, memory, and cognition) at University College London and since. I was a software developer for two years, a marketing author for a year, and then a trainee Chartered Accountant who qualified and went to work for one of the big firms, Coopers & Lybrand, as a computer auditor.

7 years as an internal control and risk management specialist with PricewaterhouseCoopers

Then something happened that set me on a new course where all my previous interests and knowledge came into play. The computer audit group was combined with a small consulting team called "In Control" and renamed "Risk Management Services". That started me thinking. I was seconded to a small team of internal controls specialists to establish internal control requirements for the systems underpinning the 1998 competitive market for electricity supply in the UK. I enjoyed it and contributed far beyond my seniority at the time.

Designing internal control systems

Afterwards I joined a team of people to rethink controls design and proposed a new approach that overturned many previous assumptions. This method was influential in the UK firm and led to one partner selling a multi-million pound assignment. Separately, I continued to develop this method and add to it through a series of projects with clients including Volkswagen Financial Services, BT, PPP healthcare, Carrier1, Global Crossing, Excel Communications, and Your Communications.

Through these and other projects I had the priviledge of working with many other leading organisations including Mars, Microsoft, Railtrack (during the flotation), West LB, and the Electricity Pool. I became known in the firm for my expertise and, using my methods of analysis and design, helped colleagues with problems as diverse as implementing controls around SAP at the BBC, controlling stocks of low-grade radioactive material, reducing revenue leakage in car parks, managing new product development in mobile telephony, and processing claims for agricultural grants.

Taking risk management personally

Gradually my approach expanded to deal with an increasing scope and range of risks, though my best areas are processes, systems, management control, and projects. I researched risk management methods intensively and applied them to my daily work. (Yes, a consultant taking his own advice.)

To manage work and costs on my projects I used my own style of uncertainty management, including rolling reforecasts. Asked for a business plan I would use Monte Carlo simulation with programmed decisions. Even my daily "to do" list used Monte Carlo simulation to judge the risk that I would run out of time. My project proposals became increasingly phased and evolutionary, with alternative outcomes considered in advance.

Risk and uncertainty management have given me a new outlook on life and a new set of tools for coping at work.

Writing and speaking

As a minor guru in PricewaterhouseCoopers I delivered several training courses. I spoke at various internal events, lectured at University College London, and was asked to devise and present pre-conference workshops. I facilitated large and small meetings using risk management methods ranging from a staff appraisal meeting based on Bayesian evidence accumulation to a creative workshop to devise a framework of controls for telecoms revenue systems.

As an independent consultant and researcher

The internet has provided a perfect outlet for my work and I now run two professional websites fuelled by my work, and two personal websites. The content of the personal sites has been used to build the professional sites. "Managed Luck" is a resource for risk managers and their colleagues dedicated to a pragmatic, personal approach to dealing with uncertainty at work.

Consulting clients so far include BP, Land Securities, British Telecommunications, the Department for Communities and Local Government, UBS, UKAS, Wates Group, BankInvest, BDO Stoy Hayward, Oxfordshire County Council, IIR, and the United States Army. Many, many more organizations have benefited from their people attending my training courses.

In addition I have carried out research in conjunction with the Beyond Budgeting Round Table into implementation of their management model, surveyed beliefs about performance management, and launched a potentially important survey about sustainability and pay.

In 2008, after a mammoth effort, my first book was published. It's about 95,000 words of concentrated wisdom, fresh ideas, practical techiques, and even a little bit of fun.

Then in 2010 the second book was published, opening up new possibilities for auditors. It remains to be seen how much impact this has but it was written to make a real difference in the world and I hope it does.

After doing a huge amount of work on the British Standard for generic risk management, BS 31100:2008 and the second edition BS 31100:2011, Matthew began to see things in a new, simpler, and more natural way and started writing a new website from a new perspective:

He has also moved towards more teaching work, both at the University of Southampton's business school, and through individual technical tutoring and teletutoring. This one-to-one teaching service has already helped a variety of people in a variety of ways and much more is expected in future.

To contact the author click here or visit to read about the new approach and about individual tutoring.


Author and services


The author (picture, CV)

Books and services

The NEW BOOK: "A pocket guide to risk mathematics: key concepts every auditor should know"

The FIRST BOOK: "Intelligent internal control and risk management: designing high performance risk control systems"

Tutoring and mind expanding events

Consulting services

Preferred ways of working

Contact the author

Conference schedule

Useful links

Add to favourites

Other websites by Matthew Leitch

  © 2004 Matthew Leitch