To keep up with the lightning speed of development in business digitisation, a proactive approach to risk management is
not a luxury but a necessity to cater for, and catch-up with, the market. This module helps participants drive the proactive
evolution of risk management methodologies from compliance-based, reactive, and linear to proactive, risk-based, iterative
and future proof.

Participants will learn how to effectively adapt existing risk and control frameworks to new technologies and innovation
and receive practical guidance on how to drive the evolution of risk culture in the company to support the digitisation
journey. The contents include how to approach risk as an overarching business strategic concern and become a value-adding
partner to digital project lifecycles – from planning/design through deployment and monitoring.

Participants will be equipped with knowledge on digital ERM fundamentals, concepts and standards as well as exposed to the
end-to-end process of integrating/applying ERM in the organisation’s digitisation blueprint. The content extends practical
guidance on addressing digitisation risks, the case for digitising ERM in overcoming these challenges as well as practical
guidance on gaining management buy-in, designing the company’s bespoke digital ERM framework and its application,
as well as driving the organisation culture change needed to provide a firm foundation for the digitised ERM to work.

In this age of increasing cybersecurity threats, what is required is a prioritized, flexible, repeatable, performance based, and
cost-effective approach. The program teaches a flexible way to address cybersecurity, including cybersecurity’s effect on
physical, cyber, and people dimensions. This includes information security measures and controls – especially over critical
infrastructure – to help organisations identify, assess, and manage cyber risks. Management and risk managers should focus
on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s
risk management processes. This can assist organizations in addressing cybersecurity as it affects, amongst others, the
privacy of customers, employees, and other parties. At the core of this program is a set of cybersecurity activities, outcomes,
and informative references that are common across sectors and critical infrastructure which organisations should bear in
mind. Organizations can determine activities that are important to critical service delivery and can prioritize investments
to maximize the impact of each dollar spent. The Framework taught enables organizations – regardless of size, degree of
cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to
improving security and resilience.

Machine learning is all around us, getting smarter each day as we generate more data. It’s become such an integral part
of our lives that we probably don’t even realize how omnipresent it is. Many industries now use artificial intelligence (AI)
to transform huge amounts of data into the knowledge that drives suggestions and decisions. And, as machine learning
continues to weave its way into everyday life, you can’t overlook the associated risk assessments and management
strategies. Although, like many things in life, machine learning and AI introduce exciting new opportunities, they also
introduce risk. These powerful technologies are always evolving, allowing risks to appear―and multiply―quickly. And, like
many real-world applications, humans can manipulate these tools for more sinister purposes. This program is designed to
help business and risk professionals approach machine learning from a risk-based perspective, rather than a technical one.
We aren’t going to dive into decision trees or random forest algorithms, but we are going to review the role of risk
identification, assessment, and management in AI and machine-learning applications.

Technology and Data risks, synonymous with modern organisational activities, are becoming more prominent―and more
dangerous. In response, many organisations simply deploy their considerable IT expertise on patching holes, maintaining
systems, and meeting regulations – or just set up specialized teams to cope with acute problems such as cybersecurity.
But these half-measures are unlikely to afford sufficient protection. An IT-oriented approach may be unable to account for
wider business implications and operational as well as strategic interdependencies.

The adequate mitigation of technology and data risk requires a coordinated effort that goes beyond IT-centred remedies.
Leading organisations are creating specialized teams within the enterprise-risk-management group to manage technology
and data risk across the organisation.

This program covers the tools, principles, frameworks and practices that these teams need to employ to stay well connected
and integrated with the rest of the organisation, to develop the skills needed for these complex jobs, and to drive
transformation and remediation activities to ensure a successful conclusion

In an age of unprecedented business and supply chain connectivity supported by technological advancement and disruption,
the ability of firms to transform themselves to remain agile and meet the needs of tech-savvy, connected and informed
customers is crucial to their sustainability and survival. The recent pandemic has also significantly accelerated customer
technology and digital adoption, new ways of working (remotely) and new business models which further heighten the
criticality of pre-planned, preventive and effective technology and cyber risk management by firms. Technology today is more
than an enabler, it has become a strategy. Yet, it is precisely this enabler and strategy which poses deep and hidden threats
which, if not understood and managed properly, can pose a significant threat to the very survival of a firm.