Protecht

In this course, David Tattam, Chief Research and Content Officer at Protecht, covers essential risk management concepts and provides practical training on how Line 1 can excel in their role and contribute to effective risk management.

For risk management to be effective, it needs to be embedded as part of day-to-day activities – not something separate.

In this training we cover the role of Line 1 in risk management, what ‘Line 1’ really means, the key risk management processes Line 1 may be involved in, and the skills and behaviours required to achieve organisational objectives.

Course description

In this course, you’ll learn:

1. Defining Your Role as Line 1

• An overview of the 3 Lines model
• Introduction to risk and objectives
• Introduction to roles and responsibilities
• Everyone as a risk manager
• Risk and control ownership

2. Why do we need risk management?

• Perceptions of risk and risk management
• Definitions of risks
• The main types of risks
• Risk management as an enabler

3. Objectives of Risk Management

• Protection
• Pursue opportunities
• Make better decisions
• A practical example
• What’s in it for you?

4. Understanding Risk

• Components of risks
• Introduction to risk bow ties

5. Understanding Controls

• Definition of controls
• Types of controls
• How controls modify risk

6. How to Manage Risks

• Informal risk management
• Formal risk management
• Key risk processes:
  • Risk and control self-assessment
  • Risk metrics
  • Incident Management
  • Risk Treatment
  • Controls Assurance
  • Compliance Management
  • The definition of risk and objectives
• Introduction to roles and responsibilities
• Everyone as a risk manager
• Risk and control ownership

7. When Do We Manage Risks

• Effect of risk velocity on risk management cadence
• Integrating risk into day-to-day activities
• Essential Line 1 Skills & Behaviours
• Key Skills of Line 1
• Desirable risk behaviours

Course expectations

• Watch 23 videos
• Answer 5 knowledge questions
• 1 x Interactive example
• Answer 10 quiz questions
• Watch 27 videos

Timings

• 3 hours of video content
• 3.5-4 hours for the whole course

Cost

RiskNZ Members: $400+GST | Non-member: $470+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

Board members play a critical role in ensuring sustainable success in their organisation – which can only be achieved through intelligent risk taking and effective governance.

In this course, David Tattam, Chief Research and Content Officer at Protecht, provides directors and board members the knowledge and skills to both work with and provide challenge to executive management on the effectiveness of risk frameworks, processes and culture within their organisation.

The course distinguishes between the oversight responsibilities of the board and the day-to-day practices of management, enabling boards to discharge their oversight responsibilities while understanding ‘what good looks like’.

Course description

In this course, you’ll learn:

1. Who is responsible for risk management?

• Everyone as a risk manager
• Corporate Governance Guidance
• The 3 Lines Model
• Roles across the Organisation
• Roles and Responsibilities of the Board

2. The value of risk management

• Risk perceptions
• Redefining risk management as outcome management
• Benefits of risk management to the Board

3. Understanding risks

• Components of risk
• The importance of a consistent approach
• Applying risk taxonomies at Board level

4. Understanding controls

• Board accountability for the internal control framework
• How controls modify risk

5. Risk management frameworks

• Informal and formal risk management
• The ISO 31000 risk management process
• The Risk and Reward pyramid

6. Board risk management processes

• Assurance over the Enterprise Risk Management Framework
• Assurance over the Internal Control Framework
• Link to organisational risk processes

7. Board risk appetite

• Definition of risk appetite
• Benefits of risk appetite
• Developing the Risk Appetite Statement
• Setting appetite for outcomes and risks
• Risk and control ownership

8. Organisational risk management processes

• Risk and control self-assessment
• Risk metrics
• Incident management
• Controls assurance
• Issues and actions
• Compliance
• Risk in change

9. Risk reporting

• Purpose of board risk reporting
• Data structure
• Types of risk reports

10. Cadence of risk management

• The dynamism of risk
• Alignment with Board meetings
• Alignment with strategy and change

11. Risk culture and behaviours

• Importance of risk culture
• Measuring culture
• Essential skills and actions of the Board

Course expectations

• Watch 18 videos
• Answer 5 knowledge questions
• Answer 10 quiz questions

Timings

• 3 hours of video content
• 3.5-4 hours for the whole course

Cost

RiskNZ Members: $400+GST | Non-member: $470+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

In this course, David Tattam, Chief Research and Content Officer at Protecht, provides an introduction to Enterprise Risk Management (ERM), and the value that it brings to an organisation when it is well designed and put into practice.

ERM is all about managing the full range of enterprise risks in a consistent, common, and integrated way so as you deliver a complete aggregated view of risk across the organisation. The key is moving from a siloed, risk and business area centric view of risk to one that is truly enterprise wide.

This course provides the complete jigsaw puzzle that is ERM, covering in a practical way, the elements that make up a strong ERM capability from Governance, People and Culture, Escalation and Reporting and Continuous Improvement, through to a focus on all of the typical systems and processes that need to be in place. These include Risk Assessment, Risk Metrics, Incident Management, Controls Assurance, Issues and Actions Management and Compliance.

The course will build an ERM ecosystem that sets out the complete picture of practical ERM to enable you to develop a blueprint in order to benchmark your current framework and capabilities and assist you in developing your strategy for your Enterprise Risk Management going into the next decade.

Course description

In this course, you’ll learn:

1. What is ERM?

2. The value of ERM

• Clearly defining and articulating the objectives, purpose, uses and value add of ERM
• Moving risk management from hindrance to outcome management as an enabler

3. Understanding risk and controls

• Having a clear understanding of risk and controls, their components and types
• Using risk bow tie analysis
• Creating a strong risk taxonomy of risk and control libraries

4. An enterprise risk management framework

• The overall ERM ecosystem/framework. The “jigsaw”
• Integrating with, and linking to, strategy and objectives
• The importance of linking through critical processes
• The key parts of the framework

5. The risk management framework components

• Governance
• Processes and systems
• People and culture
• Escalation, reporting and response
• Continuous improvement

6. ERM Governance

• Risk appetite
• Three lines model
• Frameworks and policies
• Roles, responsibilities and accountabilities

7. Processes and systems

• Risk assessment
• Incident management
• Risk metrics
• Issues and actions
• Controls assurance
• Compliance

8. Escalation, reporting and response

• Dynamic and integrated risk reporting and analytics
• Assurance and early warnings
• Using for decision making

9. Continuous improvement

• Issues and actions management
• Risk treatment

10. People & culture

• Everyone’s a risk manager
• Risk culture
• Roles, responsibilities, accountabilities and ownership

Course expectations

• Watch 27 videos
• Answer 13 knowledge questions
• Answer 10 quiz questions

Timings

• 3 hours 30 minutes of video content
• 4-5 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

In this course, David Tattam, Chief Research and Content Officer at Protecht, provides an introduction to the principles of bow tie analysis, leading into hands-on exercises in creating risk bow ties.

Bow tie and root cause analysis are the keys to the effective and proactive management of risk. Prevention is better than cure and prevention comes from managing risk at its source, the root causes. In addition, root cause analysis applied to incident management allows us to understand where things went wrong, to identify the issues and develop actions to remediate.

This course provides you with a detailed working knowledge of the risk bow tie analysis technique and its application in not only root cause analysis but in providing a wider and more intimate knowledge of your risks. Risk bow ties should be at the centre of everything we do in risk management.

The deep analysis of risk using risk bow tie will also be used to develop clear risk taxonomies and ensure risk descriptions are clear and consistent.

Course overview

In this course, you’ll learn:

1. The case for bow tie analysis – what are its uses?

• The value add of risk bow ties
• Use cases for risk bow ties
• Root cause analysis
• Incident management
• A picture of risk
• A hub for integrating all risk information for comprehensive risk profiling

2. Nature and components of risk and bow tie analysis

• Root causes
• Risk events
• Risk impacts/consequences
• Failed processes
• Defining inherent risk
• The implications for risk definitions and risk taxonomies
• Mapping controls to a risk bow tie

3. Various risk analysis techniques

• Summary of similar risk analysis techniques in ISO 31010

4. A history of bow ties

• Where did risk bow ties originate?
• Popularisation of risk bow ties

5. The principles of bow tie analysis

• Breaking out the components of risk
• Root cause analysis – the power of why?
• Linking root cause to impact on objectives – asking “what next?”
• The types of controls that can be applied to the risk bow tie

6. The methods of bow tie analysis

• The barrier method
• The comprehensive method
• Skills for effective risk bow ties

7. The methods of root cause analysis

• Common root causes
• Using risk bow ties to analyse incidents
• Key weaknesses to identify when conducting root cause analysis

8. Use cases for bow tie and root causes

• Integrating into your ERM framework
• Control assurance and controls assessment
• Identification of risk metrics
• Incident management
• Issues and actions management
• Compliance risk
• Communicating and reporting

9. Who should use the techniques?

• Everyone as a risk manager
• Risk bow ties for boards

10. When should the techniques be used?

• Cadence of risk management
• Alignment with risk management processes
• Tools to use to create risk bow ties

Course expectations

• Watch 31 videos
• Answer 14 knowledge questions
• Complete 3 interactive bow ties
• Answer 10 quiz questions

Timings

• 3 hours 30 minutes of video content
• 4-5 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

In this course, David Tattam, Chief Research and Content Officer at Protecht, focuses on improving knowledge and skills in relation to setting risk appetite and tolerance for your organisation’s key risks.

The setting of an organisation’s risk appetite is a critical component of a robust risk management framework.

By the end of this course, you will gain insights into how to develop a comprehensive Risk Appetite Framework and Risk Appetite Statement for your organisation.

Course overview

In this course, you’ll learn:

1. The uses and value of risk appetite

• Freedom to operate
• Escalation and reporting
• Decision making
• Assurance

2. What risk appetite is and what it means

• The concept of risk appetite
• Appetite, tolerance, capacity
• Risk appetite framework
• Risk appetite and ISO 31000
• Risk appetite as part of your ERM framework
• The relationship between risk and reward

4. Determining risks to set appetite for

• Linking to risk taxonomy
• How granular?

5. Articulating risk appetite

• Qualitative, quantitative and semi quantitative
• Appetite for inherent and/or residual risk
• The various ways risk can be measured and appetite articulated
• A suggested framework for articulation
  • Qualitative
  • Quantitative – risk tolerances
  • Semi quantitative – risk matrix
• Prohibition statements

6. Appetite articulation and appetite evaluation zones

• Qualitative appetite zones
• Escalation zone

7. Setting appetite and tolerance for outcomes and risks

• Setting appetite for outcomes
• Setting appetite for risks
• Setting boundary thresholds
• Visualising risk appetite and tolerances

8. Using the likelihood and impact matrix

• Limitations of the risk matrix for risk appetite
• Modifications needed to reflect risk appetite

9. Setting risk tolerances for financial and non-financial risks

• Practically setting risk appetite
• The principles of setting risk appetite
• Setting risk appetite for financial risks
• Examples of financial risk categories and measures
• Setting risk appetite for operational risks
• Setting risk appetite for strategic risks

10. The risk appetite statement

• Content and Format – A blueprint RAS

11. Operationalising the risk appetite

• Cascading through the business
• Artefacts to use: policies, delegations etc.

12. Risk reporting using the risk appetite

• Purpose of risk appetite reporting
• Examples of reporting against risk appetite

13. Responsibilities for risk appetite

• Roles, responsibilities and ownership
• Who uses risk appetite

14. When risk appetite is revised

• Dynamic risk appetite
• Integration into strategic planning
• Reviewing tolerance levels

Course expectations

• Watch 23 videos
• Answer 4 knowledge questions
• Complete 1 interactive risk appetite test
• Answer 10 quiz questions

Timings

• 3 hours of video content
• Approximately 4 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

In this course, David Tattam, Chief Research and Content Officer at Protecht, covers all aspects of the RCSA process from design and implementation through to carrying out assessments, reporting results and creating follow up actions.

The course is aimed at risk practitioners and business managers who have, or are looking to implement, a robust and comprehensive Risk & Control Self Assessment (RCSA) process within their organisation. It considers the RCSA process both as a stand-alone process and as part of an integrated Enterprise Risk Management framework.

The course applies the ISO 31000 and 31010 standards.

Course overview

In this course, you’ll learn:

1. Objectives & purpose of RCSA

• Objectives of RCSA
• What is RCSA?

2. What are we assessing – risks

• Types of risk
• Components of risk
• Risk bow ties
• Measures of risk

3. What are we assessing – controls

• Types of controls
• How controls modify risk
• Control classifications

4. Risk & control taxonomies

• Objectives of taxonomies
• Common types of taxonomies
• Using taxonomies in RCSA

5. Risk management & RCSA frameworks

• How RCSA integrates with other risk processes
• Risk and reward framework
• RCSA in an enterprise risk management framework

6. Approaches to risk assessment

• Tools and techniques for risk assessment

7. RCSA methods

• Determining what we will assess
• Likelihood and impact scales
• Setting likelihood scales: what measure?
• Setting impact scales: how many types of impact?
• Assessing risks: inherent, residual and targeted
• Assessing the effectiveness of controls

8. RCSA process

• Identifying business and process objectives
• Identifying critical processes
• Identifying risks
• Identifying controls
• Evaluating risks
• Treatment methods
• Methods for collecting information
• Preparing for a risk workshop
• Facilitating a risk workshop

9. RCSA reporting

• Types of report and information
• Information to report
• Including RCSA in an aggregated dashboard report
• Interpreting reports

10. When should risk assessment be carried out?

• Periodic risk assessment
• Dynamic risk assessment
• Integration with other risk processes
• Formal and informal risk assessment

11. Roles and responsibilities

• RCSA and the three-lines model
• Who owns risk and controls?
• Who owns risk and control self assessment?

Learning objectives

• An in-depth understanding of the objectives and outcomes of a robust RCSA process
• An understanding of how the RCSA process integrates into an enterprise risk management framework and how the results of RCSA can be used in scenario analysis, key risk indicators, incident management and compliance
• The ability to design an effective and efficient RCSA process
• The ability to set relevant risk scoring scales to reflect risk appetite and tolerance
• The ability to produce meaningful reports as output from the RCSA process
• How to use the RCSA in risk and general management
• How to use RCSA results to develop risk treatment improvements
• An appreciation of the system requirements and system pitfalls for an effective RCSA process
• The skills to be able to carry out effective and engaging RCSA workshops
• An understanding of the pitfalls to a successful RCSA process and how to overcome them
• An understanding of relevant external guidance and requirements including ISO 31000 and ISO 31010

Course expectations

• Watch 25 videos
• Answer 12 knowledge questions
• Complete 1 Interactive Risk Assessment Forecast
• Answer 10 quiz questions

Timings

• 4.5 hours of video content
• Approximately 5-6 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

Your internal control framework and individual controls are the front line in managing your risks, yet they are often misunderstood, neglected and operating inefficiently and ineffectively.

This course presented by David Tattam, Chief Research and Content Officer at Protecht, is focused on providing a deep understanding of controls to enable optimally designed controls to be implemented to achieve maximum effect for minimum cost.

Once we are comfortable that we have a well-designed controls framework, we need to gain assurance that our key controls are working effectively. Having a robust controls assurance function is key.

The course will take you through best practice in controls assurance to allow you to benchmark your existing process or assist in building an effective and efficient function.

Course overview

In this course, you’ll learn:

1. The purpose and value of controls and controls management

• The value add of controls management
• Key objectives of controls and controls management
• Controls as enablers

2. What are risks, treatments and controls?

• Understanding objectives and critical processes
• Components of risk
• Introduction to the risk bow tie method
• Treatment methods

3. Types of controls and control frameworks

• Types of control classifications
• Benefits of control classifications
• Control taxonomies
• What is and is not a control
• Introduction to control frameworks

4. How controls modify risk

• Measures of risk
• Side effects of controls
• How different types of controls modify risk

5. Measuring controls

• Difference between effectiveness of individual controls and
• Groups of controls
• Key elements to determine control effectiveness

6. Control objectives

• Importance of well articulated control objectives
• A method to consistently articulate control objectives
• Alternative control objective methodologies

7. Designing effective controls

• Starting with control objectives
• Factors to consider when assessing design effectiveness

8. Operating effective controls

• Factors to consider when assessing operating effectiveness

9. Control assurance

• Components of control assurance
• Types of control tests
• Sources of information about controls
• Overview of sampling methods
• Measuring control effectiveness

10. Controls assessment

• Assessing groups of controls
• Using bow ties to identify control gaps

11. Issues & actions

• Types of issues identified during controls management
• Considering treatment methods and cost of controls

12. Controls reporting

• Reporting for controls
• Providing controls assurance through reporting
• Escalation, response and issues and action management

13. Control ownership and culture

• Reinforcing the three lines of defence
• Ownership, accountability and responsibility for controls
• Building a strong control culture

Course expectations

• Watch 25 videos
• Answer 9 knowledge questions
• Answer 10 quiz questions
• 4 downloadable materials

Timings

• 4 hours of video content
• Approximately 5 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

This course, presented by David Tattam, Chief Research and Content Officer at Protecht, covers both Compliance Management and Compliance Risk Management.

The focus is on the development of an efficient risk-based approach to compliance management and what that means in practice from recording compliance obligations to setting up a risk-based approach to monitoring compliance. The management of compliance risk is also covered using an ERM framework.

The course also covers the ISO 37301 standard and aligns the concepts to this standard.

Course overview

In this course, you’ll learn:

1. Why we need compliance management

• Why we have regulations – society’s risk appetite
• Organisation objectives related to compliance
• The changing face of compliance

2. What is compliance management and compliance risk management?

• Defining compliance
• Mandatory and voluntary requirements
• Scoping the compliance function
• Defining compliance risk management

3. What are compliance obligations?

• Sourcing obligations
• Translating into plain language obligations

4. Compliance risk and compliance controls

• ISO 31000 and ISO 37301 definitions of risk
• A risk-based approach to compliance
• The link to operational risk
• Introducing risk bow ties and the components of risk
• Controls over compliance and compliance risks

5. Compliance management

• Understand compliance obligations
• Convert to plain language
• Risk rating obligations
• Preparing the organisation to comply
• Manage ongoing compliance
• Compliance attestations
• Record and analyse results
• Reporting and analytics

6. Compliance change management

• Internal and external changes
• Risk managing external regulatory change
• Risk managing internal systems, process, people, product changes

7. Compliance risk management

• Applying ISO 31000 risk processes to compliance
• Assessing risks leading to noncompliance
• Linking obligations to risk bow ties

8. Risk appetite for compliance

• What is risk appetite for compliance risk?
• Setting an appetite for compliance risk
• What does “zero-appetite / tolerance” mean?

9. Compliance risk assessment

• Linking compliance to risk processes
• Incorporating compliance into risk and control self-assessments

10. Risk metrics for compliance risks

• Identifying risk metrics for compliance risk
• Determining thresholds for compliance risk metrics
• The risk metrics process

11. Compliance controls management

• Identifying key controls for compliance risk
• Obtaining assurance over key controls
• Controls testing and developing a test plan

12. Compliance incident management

• Defining a compliance breach
• Identifying a compliance breach
• Developing a process for breach management
• Meeting external requirements
• Setting up and managing a breach register

13. Compliance reporting

• Objectives of reporting
• Receivers of compliance reports
• Types of compliance reports
• Defining your reports

14. Compliance roles and responsibilities

• Introduction to the 3 lines model
• Compliance across the 3 lines
• Features of strong compliance culture
• Challenges and solutions for effective compliance management

Course expectations

• Watch 16 videos
• Answer 9 knowledge questions
• Answer 10 quiz questions
• 5 downloadable materials

Timings

• 4.5 hours of video content
• Approximately 5 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us

The measurement of risk greatly assists in its management, yet the measurement of particularly non-financial risk is providing elusive. Risk metrics are the key.

David Tattam, Chief Research and Content Officer at Protecht, presents this practical course aimed at risk practitioners and business managers who have implemented or are looking to implement, a robust and comprehensive Key Risk Indicator capability within their organisation.

The course covers all aspects of setting up, running and developing KRI processes that can be used both as an essential component of the overall risk management framework as well as a powerful tool to assist management in the day-to-day control of the business.

Course overview

In this course, you’ll learn:

1. Objectives of risk metrics

• The benefits and value of risk metrics
• Case study on the power of metrics

2. What are risk metrics

• Examples of risk indicator systems
• Formal and informal risk metric systems

3. What are risks and controls

• Breaking down the components of risk – causes, risks, impacts and controls
• Introduction to risk bow ties
• Using risk bow ties as the basis for risk metrics

4. Types of risk metrics

• Key risk indicators, key performance indicators and key control indicators
• Mapping risk metrics to bow ties
• Single number and composite risk metrics
• Leading and lagging metrics
• Detective controls and risk metrics

5. Identifying relevant and strong metrics

• Link to key risks and risk appetite
• Strength of relationship to what is being tracked
• Mapping risk metrics to risk bow ties
• Quality of indicators
• Using averages, deviations and concentrations

6. Setting up risk metrics

• Setting risk metric thresholds
• Cascading risk metrics
• Developing a risk metric library
• Linking risk metrics to risks and controls
• Determining collection and reporting frequency
• Assigning responsibility
• Revising tolerances

7. A risk metrics process

• Collecting risk metrics
• Evaluating and scoring risk metrics
• Investigating and explaining risk metrics
• Escalation, follow up and workflow

8. Reporting risk metrics

• Objectives of reporting
• Types of reports
• Aggregated dashboards and drill down reports
• Using risk metrics in an overall risk profile
• Integrated and dynamic reporting

9. How to use risk metrics

• As a risk monitoring tool
• As feedback and incentive tool
• As a management tool
• As a benchmarking tool
• Forecasting
• Risk metrics for culture

10. Roles and responsibilities for risk metrics

• An introduction to the three lines model
• Metrics roles

Course expectations

• Watch 12 videos
• 3 downloadable materials
• Answer 10 quiz questions

Timings

• 4 hours of video content
• Approximately 5 hours for the whole course

Cost

RiskNZ Members: $800+GST | Non-member: $940+GST

Next steps

Register now via: [email protected]

Please contact RiskNZ directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available.

Email us