About the Course

All organisations, no matter whether private, government, or not-for-profit, have one thing in common – they all take the risk to achieve their goals. Unfortunately, too many organisations either don't have any formal approach to considering the risks they are taking or utilise forms of risk management that are below par. That is, they are not in line with the principles and guidelines of better practice defined in ISO 31000.

This Enterprise Risk Management training course provides the delegates with the requisite knowledge to design, implement and operate enterprise risk programs to successfully manage organisational risk. It takes a holistic approach and calls for management-level decision-making that may need to be clarified for an individual business unit or segment. Thus, firm-wide surveillance is given precedence instead of each business unit being responsible for its own risk management.

Enterprise Risk Management (ERM) is a methodology that looks at risk management strategically from the perspective of the entire firm or organisation. It is a top-down strategy that aims to identify, assess, and prepare for potential losses, dangers, hazards, and another potential for harm that may interfere with an organisation's operations and objectives and/or lead to losses.

Core Objectives

The delegates will achieve the following objectives:

• Determine and master the concepts, approaches, standards, methods, and techniques for the effective implementation of ERM
• Develop the necessary leadership skills enabling to communicate findings to all levels and all stakeholders
• Determine the organisation’s appetite and tolerance for risk
• Investigate the 13 indicators that assess the resilience of an organisation
• Understand how ERM relates to crisis management, business continuity, and business resilience
• Apply invaluable and highly relevant ERM knowledge to put into practice and benefit you and the organisation immediately upon returning

Training Approach

This training course will utilise various proven adult learning techniques to ensure maximum understanding, comprehension, and retention of the information presented. This includes a fast-paced, highly participative event incorporating case studies, current affairs with relevant video material, and group work so the delegates can immediately put what they have learned into practice.

The Attendees

Extensive prior knowledge of the subject is not prerequisite. Professionals will be guided by an experienced risk professional who has both sat on and advised boards on corporate resilience, enhancing their Enterprise Risk Management and associated systems.

Likewise, it will be valuable to the professionals but not limited to the following:

• Designated Incident, Emergency & Crisis Response Managers
• Line & Project Managers need to ensure that they are effectively managing risk
• Professionals who want a practical starting point for establishing an effective ERM, Business Continuity Management, and Business Resilience framework
• Middle to Senior managers benefit from how ERM can be used as a leadership and decision-making tool
• Practitioners & Implementers requiring a refresher, post-pandemic

Daily Discussion

DAY ONE: PRINCIPLES OF RISK AND ENTERPRISE RISK MANAGEMENT 

• Objectives & Governance: Concepts & Definitions
• Mapping and Assessing the current Governance Arrangements
• Commitment: Setting the objectives for implementing the latest guidance
• Who are the internal and external stakeholders?
• The importance of culture, communication, and behaviour in seeking an effective ERM structure
• An overview of the global post-pandemic business environment
• Enterprise Risk Management: The Resilient Organisation

DAY TWO: ISO 31004 – DESIGNING THE FRAMEWORK FOR MANAGING ERM

• ERM Framework and Process
• ERM Responsibilities: Who does what, who is on the team
• ERM Accountabilities and Performance Measures
• Comparison of the current ERM to ISO 31000:2009 Principles
• Alignment between ERM Policy and the Organisation
• Risk Attitude: Pursue, retain or avoid concerning risk appetite and tolerance
• Options for Risk Criteria, Assessment, Identification, Analysis, and Evaluation

DAY THREE: BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS)

• Fundamental Principles of Business Continuity Management
• Implementation of a BCMS under ISO 22301 & 27031
• Business Impact Analysis (BIA) and Risk Assessment 
• Understanding the relationship between BCMS and compliance with the other ERM requirements, including supply chain strategies
• Writing a business case and a project plan for the implementation of a BCMS
• Incident and Emergency Response Management

DAY FOUR: IMPLEMENTING EFFECTIVE ENTERPRISE RISK MANAGEMENT

• Resources and Methodologies to Implement the Plan
• Ensuring ERM becomes part of significant decision-making
• What are the likely barriers to implementation (risk culture)?
• Risk reporting & the limitations of various risk reporting tools & methodologies
• Assess the merits of quantitative risk modelling & qualitative reporting
• Align the risk reporting processes with other strategically important management activities, such as reputation management

DAY FIVE: MONITORING, REVIEW, AND CONTINUOUS IMPROVEMENT OF THE FRAMEWORK

• Key Risk Indicators (KRI´s)
• Evaluating KPI Metrics for the Organisation
• Continuous Improvements: Running your team-based risk workshops
• Collate risk and control information from multiple sources into a central risk register or inventory of risk information system
• Controls Register or Inventory of Controls: The “Five Ws”