TechRisk Management Foundation: Course Contents | ALC Training News

  • No comments
1. What is TechRisk Management?
  • Key concepts
  • Principles (enterprise risk as well as TechRisk management)
  • Risk management and TechRisk management frameworks and approaches (including ISO 31000, COSO ERM, COBIT 2019, COBIT 5 for Risk, and ISO27001)
  • Introduction to risk culture
2. Why manage technology risks in a structured way?
  • Challenges with TechRisk Management
  • Drivers and benefits of managing TechRisk Management effectively
  • Understanding the business and its objectives in the context of TechRisk Management
  • TechRisk Myth Busters:
    • a) Not just about technology
    • b) Management vs. Mitigation
    • c) Processes vs. Function
    • d) Risk or Compliance team’s job
    • e) Cybersecurity team’s job
    • f) Positive vs negative risk management
3. What does TechRisk Management involve?
  • The Role of TechRisk Management in an organisation
  • Expressing TechRisk assessment and acceptance criteria in business terms
  • Establishing effective risk governance – roles, responsibilities, and authorities (incl 3LOD)
  • Skills, knowledge, and competence requirements for TechRisk Management
  • Introduction to the risk management processes
  • Using a TechRisk Management Framework (TRMF) to manage TechRisk Capabilities and Processes
  • Assigning risk and control ownership
  • The role and composition of a TechRisk Function
  • Integration of TechRisk Management with Enterprise Risk Management and Cybersecurity Risk Management
4. TechRisk Management Processes
  • Identifying ‘key’ risk scenarios
    • Understanding the business and its systems and processes
    • Aligning ‘key’ risk scenarios with business objectives (e.g., using the Top-down and Bottom-up approach and Bow-tie model)
  • Assessing risks
    • Understanding inherent, current, and residual risk states
    • Controls assessment techniques
    • Quantitative and qualitative risk assessment
  • Evaluating and treating risks
    • Evaluating risks for acceptance or treatment
    • Identifying and selecting risk response options
    • Assigning risk and control ownership
    • Using a capabilities framework
    • Risk treatment prioritisation
  • Risk reporting and monitoring
    • Monitoring risks with KRIs
    • Risk reporting techniques and pitfalls (including risk aggregation, heat maps)
5. TechRisk Management Foundation Exam

Jes Irving