This part of the program provides an analysis of the various definitions of Risk and the evolution of Risk Management over time. The module then proceeds to study the history, rationale, development, benefits and disadvantages of a selection of generally accepted and International ERM standards and models. Participants will be taken through the details of both COSO models and ISO 31000 as well as the pros and cons of the various models and approaches. The final part of this module involves group discussions on the applicability of the various standards and models in practical ERM implementation projects as well as its linkages to achieving organisational objectives and improving the quality of decision-making.

This module encompasses a detailed examination into RCSA options, approaches and methodologies including their purpose and design, tools, and their fit into an ERM framework. The content encapsulates a practical approach to implementing RCSAs, its fit into, and use as, a critical ORM tool as well as its critical stakeholders. Participants will be taken through a detailed case study and exercise over a complete RCSA lifecycle and will be given the opportunity of practicing their new skills via a mini RCSA practical workshop.

The module also takes participants through various Internal Control models and frameworks, including elements of COSO’s internal control framework – and their limitations. Participants will also be exposed to the linkages between RCSA, Internal Control frameworks and best practice governance recommendations and practices, as well as Corporate Governance codes and principles.

As risk is about uncertainty in facing the future, a desirable risk culture positions the organization to be proactive as an early mover that quickly recognizes unique opportunities or risks and uses that knowledge to evaluate its options, either before anyone else or along with other firms that likewise seize the initiative. Such a culture provides management the advantage of time, with more decision-making options before shifts in the market invalidate critical assumptions underlying the strategy.

Many Companies recognize that risk culture is important but struggle to develop a robust method for measuring and tracking progress over time. Since the challenge of measuring risk culture is intrinsically linked to measuring other organizational features, you need an approach and appropriate diagnostic tools that reflects such identified organisational features.

Many organizations approach GRC by constructing irrelevant and overly complex and specialized programs in risk management, performance management, compliance, internal auditing and sustainability; creating many disconnected silos, slowing down communication, limiting access to critical information and duplicating activities due to a lack of transparency and knowledge across the organization.

Organizations often believe that buying a single GRC system or forming a specialized department will resolve their
GRC-related concerns. The best GRC strategy is invisible, rather than being about specific tools or sets of roles. The end goal is that your tools, technologies and processes become a natural part of doing business. GRC practices are built in view of corporate strategies rather than in isolation. When business strategies and GRC are well-integrated, it reinforces confidence in the organisation amongst all stakeholders.

Cybersecurity threats exploit the increased complexity and connectivity of systems, placing the organisation’s sustainability, performance and viability at risk. This module has been designed to enable Risk and Management professionals to better assess the cyber-resilience and exposures of their organisations and to design and implement effective cybersecurity mitigation and governance plans for their organisation. Participants will also be grounded in selecting, designing and implementing a practical Cyber Risk Maturity framework for their organisation and exposed to various cyber threat scenarios as well as the importance of ensuring the various perimeters within and without the organisation are secure. With so much at stake for a business – financial loss, operational disruption, competitive disadvantage, legal liability, and harm to corporate reputation – the question for corporate directors and management is not whether to become involved in cyber risk management, but how to appropriately implement and oversee their company’s initiatives.

Business Continuity Management (BCM) is a risk management mitigation process under the overall practice and discipline of ERM. This module provides an overview of BCM and guides participants on the basis behind BCM, Disaster Recovery Plans (DRP), and Business Continuity Plans (BCP) as well as their interrelationships. Coverage also includes BIA and BCM systems, BCM audits, as well as BCM pitfalls and common BCM risks. Participants will also study some of the key features of current international standards relating to BCM as well as receive practical instructions and guidance on how to build an effective BCP document and how to keep it current and relevant as the organisation evolves. The content includes definitions and understanding of the various terminologies and metrics as well as best practice BCM frameworks.

One of the most powerful attributes of Enterprise Risk Management is its potential as a strategic management tool. This program coaches participants on how to establish a framework to identify, measure, and manage the various sources of strategic risk in their businesses. The module includes practical guidance and tools on how to assess and measure internal strategic risk pressures. This is then reinforced by studies on how strategic decisions impact overall risks and the possible consequences of managing or failing to manage strategic risk in a business. Participants will also be trained on the various strategic risk management tools to support the process as well as workshop based exercises and examples.

The adequate mitigation of technology and data risk requires a coordinated effort that goes beyond IT-centred remedies. Leading organisations are creating specialized teams within the enterprise-risk-management group to manage technology and data risk across the organisation.

This program covers the tools, principles, frameworks and practices that these teams need to employ to stay well connected and integrated with the rest of the organisation, to develop the skills needed for these complex jobs, and to drive transformation and remediation activities to ensure a successful conclusion.

In this module, participants will learn how to drive the proactive evolution of risk management methodologies from compliance-based, reactive, and linear to proactive, risk-based, iterative and future proof. The module also covers Black swans – highly unpredictable events that occur beyond what is expected for the situation, with potentially severe consequences. A number of events over the last century described as black swan include World Wars 1 and 2, the September 11 incident and the 2008 financial crisis – but is this analysis correct? The most recent debate is whether the COVID-19 pandemic is a black swan event. On the one hand, the threat of a pandemic has been known to risk experts. On the other, the unpreparedness of organisations and countries has shown that it was considered an outlier event and did not need proper preparation for. Content includes what black swan events really are, why and how it affects your organisation, and several methods of reducing the effects of black swan events.

This module has been designed to provide practitioners with a proper practical overview of ESG and the SDGs. Many still view ESG, as a narrow, non-core activity that primarily focuses on philanthropy through corporate giving and volunteering. However, ESG encompasses business practices far beyond the concept of corporate social responsibility, under whose umbrella those charitable activities traditionally fall.

Participants will be grounded with a practical understanding that whether companies are subject to ESG related regulations or otherwise, there is an expectation on the part of investors and regulators for corporations to address ESG impacts and to incorporate this broader perspective into their strategy and decisions. In practice, therefore, corporations should expand their remit and start to delve into the various ESG aspects relevant to their entities. Core to all of this is an understanding of the Risk Management implications and its relationship relative to ERM.

This module coaches participants on how to implement ERM practically and effectively to ensure it becomes a driver for Commercial Sustainability as well as Organisational Agility and Resilience. The module explains and re-emphasises the fundamentals of ERM, GRC, internal controls and their interdependence. Participants will also be taught how to set up ERM monitoring systems to track progress and to maintain schedule as well as how to effectively implement ERM concepts to enhance decision making processes and value to the business as well as to achieve organisational objectives.

The module also explains how to establish effective risk mitigation strategies. Participants will also learn how to achieve results through the effective use of ERM frameworks and risk management tools vide a 1/2 day case study workshop where the participants will apply the tools introduced during the training to identify, record, prioritise and mitigate risks.