Index

Governance and Risk Academy

Our Governance and Risk Academy helps you navigate your strategic goals in an environment of evolving risks and constant regulatory change.

From risk assessments to internal audits, our industry experience in identifying, understanding, and managing risk day-to-day is integrated into our programmes, helping you balance risks and opportunities.

Our programmes

To register for preferred course(s), please contact us.

Cybersecurity awareness training
Data privacy awareness training (focus on GDPR, PDPD)
Internal audit report writing
Introduction of Enterprise Risk Management
Introduction to internal audit
Introduction to PCI-DSS (Payment Card Industry Data Security Standard)
ISAE 3402/3000 (SOC 1/2) awareness training
ISO 27001 Information Security Risk Assessment Methodology
ISO 27001 Internal Audit
ISO 27001 IT Risk Treatment and Security controls
Process Intelligence and Mining
Reshaping your Business with Effective Financial Management
Risk-based internal audit planning
Secure development for web applications (focus on OWASP)
Strategy in Practice
The fundamentals of great Business Continuity Management (BCM) & Business Continuity Planning (BCP)
The Surge: How can your company fuel the urge to surge
Third party assurance and risks

Cybersecurity awareness training

Increased security is the obvious reason why all businesses, big or small, should have employees of all levels learn the importance of protecting themselves and the company from "human exploits" and cyber-attacks. Many compliance regulations such as ISO, HIPAA, PCI, SOX, GDPR, and even some local regulations require cybersecurity training for all employees.

Objectives

The course aims to raise awareness about information security, good information security practices, and related policy in order to help prevent unintentional compromises of sensitive information and computing systems.

Outcome

By the end of this course, attendees will:

Be confident in the decisions they make when creating new passwords, filtering through suspicious emails or browsing the internet.
Have raised awareness levels and the practical skills needed to better protect your business from the dangers of data breaches, network attacks and ransomware threats.

Agenda

Importance of security awareness
Avoiding social engineering
Using internet safely
Securing your devices

1/2 day

Classroom / Virtual

Target audience

IT Risk and Compliance team
Business managers/ End-users

Data privacy awareness training (focus on GDPR, PDPD)

Data privacy and data protection have become front-and-center issues around the world, as individuals demand more control of their personal information, and organisations face greater information security threats and risks. And with more people working remotely, it’s more critical than ever to ensure that employees understand the rules and guidelines for using and protecting data and avoiding costly data breaches. Information security focuses on keeping all kinds of nonpublic information and systems safe. The consequences for data breaches, mishandling personal information and violating data privacy laws are serious and can involve fines, damage to an organisation’s reputation and loss of customer trust.

Objectives

The course aims to teach:

Data privacy, with a focus on how personal information is collected and used.
How to apply privacy awareness best practices. Equip your employees with the right knowledge and skills to make data protection a default behavior.

Outcome

By the end of the course, attendees will:

Have broadened understanding of data privacy and the many rights and responsibilities it generates.
Know how to safely handle personal information.
Be able to support your organisation in fulfilling privacy obligations.

Agenda

Overview of GDPR and PDPD
GDPR and PDPD's detailed requirements
How to conduct GDPR and PDPD compliance audit

1 day

Classroom / Virtual

Target audience

IT Risk and Compliance team
Internal Audit team
Legal and Data protection team

Internal audit report writing

The success of an audit project is usually measured by its primary output: the internal audit report. Hence, it is essential that the report is easy to read, compelling and authoritative. If the report influences a reader to think differently or take action, it has met its purpose.

Objectives

This programme will help internal auditors learn what goes into an effective audit observation and how to organise reports that meet professional standards, elicit management action, and communicate crucial messages to auditee, senior and executive management and board-level readers. Participants will learn to produce reports that have impact and add value to the decision making within their organisation.

Outcome

By the end of this course, participants will be able to:

Understand what makes an effective internal audit report
Understand the report writing process from planning to delivery of a final audit report
Identify and effectively articulate observation, associated risk(s), root cause and other internal audit report components
Be more influential when writing an internal audit report
Manage relationship with auditee and ensure acceptance of the draft and final report

Agenda

Overview
The journey to an effective internal audit report writing
Key elements of draft internal audit reports
The Final Report
Reporting techniques
Tools and Techniques
Exercise

1 day

Classroom / Virtual

Target audience

This course is valuable for internal auditors who are involved in or are responsible for preparation, review and approval of internal audit reports before issuance.
Senior internal audit professionals will stand to benefit from the course as a refresher in terms of knowledge and skills for writing an effective internal audit report.
The course is equally beneficial to internal audit juniors and professionals who are preparing to assume such responsibilities.

Introduction of Enterprise Risk Management

Today’s business world is constantly changing - it is unpredictable, volatile, and seems to become more complex every day. By its very nature, it is fraught with risk. Enterprise Risk Management is a comprehensive, systematic approach for helping the organisation to identify, measure, prioritise and respond to the risks challenging its most critical objectives and related projects, initiatives and day-to-day operating practices.

Objectives

This workshop is designed to help participants to:

Understand relevant concepts about ERM, COSO ERM Framework and ISO 31000.
Obtain knowledge about the steps in the risk management process
Understand the roles and responsibilities in ERM
Case studies

Outcome

By the end of this course, participants will:

Understand the ERM concepts
Be equipped with knowledge concerning the risk management process
Understand their roles and responsibilities in ERM

Agenda

Overview of ERM
Risk management process
Case study

1/2 day

Classroom / Virtual

Target audience

Risk management practitioners
Finance managers
Finance officers
IT staff
Internal auditors
Operations staff at all levels

Introduction to internal audit

All internal audit professionals need to understand the background, standards, frameworks and leading practices in Internal Audit. This is fundamental to the success of any internal audit professional.

Objectives

The course covers the fundamentals and building blocks for the internal audit profession including key definitions, professional background and code of ethical conduct, international internal audit standards and leading risk and control frameworks such as COSO.

Outcome

By the end of this course, participants will:

Understand background and reasons why the internal audit profession exists
Know the definition, mission and key performance and attribute standards for the internal audit practice
Understand the role of an internal auditor towards his organisation and acceptable behaviours
Know the proper governance structure of internal audit functions
Understand COSO Internal Control, ERM and Fraud Risk Management
Understand the relation between objectives, risks and controls.

Agenda

Day 1
- History, evolution and prospects of the internal audit profession
- International Professional Practices Framework (IPPF)
- Internal audit function

Day 2
- Introduction to COSO
- Principals and attributes of COSO Internal Control

2 days

Classroom / Virtual

Target audience

The topics included in this course are the necessary building blocks for a professional career in internal audit.
This course is a must for junior and senior internal auditors who are relatively new to the internal audit profession.
This course is also ideal for senior internal audit professionals who want to refresh their knowledge and stay up to date with the applicable standards and frameworks.

Introduction to PCI-DSS (Payment Card Industry Data Security Standard)

Knowledge of and compliance with data security standards can bring major benefits to your business, while failure to comply can have serious and long-term negative consequences. This course outlines the challenges surrounding payment card security and explains what the PCI Standards do to mitigate these issues.

Objectives

The course will teach:

Understanding of PCI compliance before you go through an assessment
Application of PCI DSS security principles across your business

Outcome

By the end of the course, attendees will be able to:

Build a secure payments environment
Support your organisation’s compliance efforts through your knowledge of how to apply PCI Standards

Agenda

Overview of PCI requirements, how they enhance data security, and support compliance with the PCI Data Security Standard
Roles and responsibilities of key players in the compliance process
Including overviews of the Internal Security Assessor (ISA), Qualified Security Assessor (QSA), and Approved Scanning Vendor (ASV) programmes
The need for PCI Data Security Standard (DSS) compliance
PCI DSS Overview
PCI DSS's requirements

1/2 day

Classroom / Virtual

Target audience

IT Risk and Compliance team
IT Security team
Card operations team

ISAE 3402/3000 (SOC 1/2) awareness training

An ISAE 3402/3000 (SOC 1/2) audit report provides detailed information and assurance about a service organisation’s internal controls based on their compliance with the ISAE (International Standard on Assurance Engagements) standards.
SOC 1 audits, which relate to organisations’ ICFR (internal control over financial reporting), are conducted against the assurance standards ISAE 3402.
SOC 2 audits, which are essential in regulatory oversight, vendor management programmes, internal governance and risk management, are conducted against the assurance standards ISAE 3000. It focuses on security, availability, processing integrity, confidentiality and/or privacy controls.

Objectives

The course aims to provide:

Understanding of the differences between ISAE 3402 and 3000
Understanding of how an ISAE audit is performed
Understanding of how to prepare for an ISAE audit report

Outcome

By the end of the course, attendees will be able to:

Choose the proper types of ISAE audit
Understand all related internal controls in scope
Prepare an ISAE 3402/3000 audit report properly

Agenda

An overview of ISAE 3402/3000 (SOC 1/2) for IT Security risk assurance.
SOC 1, 2 readiness assessment health check for SOC (Type 1 and 2) audits.
SOC 1, 2, 3 – audit reporting overview.
SOC 1, 2 internal controls overview.

1 day

Classroom / Virtual

Target audience

IT Risk and Compliance team
IT/Business Operations team
IT Security team

ISO 27001 Information Security Risk Assessment Methodology

Risk assessments are one of the most important parts of an organisation’s ISO 27001 compliance project. ISO 27001 requires organisations to demonstrate evidence of information security risk management, risk actions taken and how relevant controls have been applied.

Objectives

The course will:

Provide the general concepts specified in ISO 27001
Assist with the satisfactory implementation of information security based on a risk management approach.
Enable participants to conduct an information security risk assessment in accordance with the requirements of ISO 27001.

Outcome

By the end of the course, attendees will understand:

How to identify and assess IT security risk quantitatively
Risk likelihood and the consequences for the business
How to establish a priority order for risk treatment
How to complete the risk assessment report according to ISO 27001's requirements

Agenda

Identifying IT assets
IT security risk assessment
IT security risk treatment
IT security risk residual
A case study

1/2 day

Classroom / Virtual

Target audience

IT Risk and Compliance teams
ISO/ISMS teams
IT/Security teams

ISO 27001 Internal Audit

This training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognised audit principles, procedures and techniques.

Objectives

This course will:

Help attendees acquire the knowledge and skills to plan and carry out internal audits in compliance with ISO 19011 process.
Enable attendees to master audit techniques and become competent to manage an audit program, audit team, communication with parties, and conflict resolution.

Outcome

By the end of this course, attendees will be able to:

Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor
Plan, conduct, and close an ISO/IEC 27001 compliance audit, in accordance with ISO 19011 guidelines, and other best practices of auditing
Manage an ISO/IEC 27001 audit program

Agenda

Summary of ISO 27001 requirements
Basics of Internal Auditing Principle
Managing the audit programme
Perform an Internal Audit Process
Essential attributes of a successful auditor

1 day

Classroom / Virtual

Target audience

IT Risk and Compliance team
IA/ISO/ISMS team
IT Security team

ISO 27001 IT Risk Treatment and Security controls

This course will provide guidance on best practice for information security management to help you select, implement, and manage controls, policies, processes, procedures, and organisational structures’ roles and responsibilities.

Objectives

The course will:

Help individuals be familiar with the guidelines needed to initiate, implement, maintain, and improve information security management in an organisation.
Help select the controls needed for implementing an ISMS based on ISO/IEC 27001.

Outcome

By the end of the course, attendees will:

Be able to demonstrate comprehensive knowledge and the ability to assess information security risks based on a formal risk assessment approach and select appropriate risk treatment options by applying relevant controls.
Have the knowledge to implement information security controls based on ISO 27002
Understand the process of performing periodic risk assessments and selecting the appropriate risk treatment options to help an organisation improve its information security approach

Agenda

IT Security risk treatment options
IT Security controls

1 day

Classroom / Virtual

Target audience

IT Risk and Compliance team
ISO/ISMS team
IT Audit/Security team

Process Intelligence and Mining

Process mining and intelligence allows organisations to gather insights into their processes and controls to detect inefficiencies, overrides or non-compliance. The solution adopts a data analytics foundation to allow users to simulate their transactions for a duration to identify where variants occurred. Hence it allows users to identify root causes, determine where existing efficiencies can be utilised as well as improve their internal control environment or transform their business processes to optimise their efficiencies and controls.

Objectives

This course aims to teach controls optimisation through data and process mining technology.

Outcome

By the end of this course, attendees will understand how process mining can be utilised to support a client’s compliance, process improvement and audit reviews.

Agenda

Introduction of process mining
How process mining achieves intended process or controls optimisation objectives.
Differences between process mining and data analytics.
Example of how process mining works and is applied in actual industry and with clients.

1/2 day

Classroom / Virtual

Target audience

Internal Audit
Financial controllers
Risk Management

Reshaping your Business with Effective Financial Management

Unforeseen risks lead to many businesses including SMEs being badly affected, depending on which industry they are in. In ensuring business sustainability, productivity and employee’s employability, SMEs and their employees must consider action plans & initiatives which include managing the business finances effectively.

Objectives

The course aims to provide SMEs better understanding of how to read and interpret financial terms presented and disclosed in a set of financial statements as well as how to analyse some of the common key financial performance ratios to be able to make informed business decisions. The course also covers cashflow management, investment appraisal and monitoring budgets.

Outcome

By the end of this course, attendees will:

Understand the significance of financial statements and their components
Be able to perform financial analysis
Understand cash operating cycle and how to manage it
Understand how to perform inventory costing
Understand how to appraise investments and what are some of the investment appraisal tools
Be able to manage foreign currency exposures
Understand how to do good budgeting and monitor it
Recognise some of the potential warning signals that may arise from financial statements
Understand other impacts of Covid-19 on financial reporting
Understand tax considerations

Agenda

What are cash and cost levers that impact a Business performance
How can we baseline cash and cost levers for An organization (qualitative and quantitative)
What are benchmarks and performance indicators that indicate sub-optimal Financial management
What are Assessment dimensions to articulate Financial performance improvement for An organization
How can we enable improved Financial performance management through focused initiatives
How do we prioritize Key initiate to ensure short to medium term improvement
Elements/Constituents of action plan for improvement

1/2 day

Classroom / Virtual

Target audience

SME owners / directors
SME Finance senior management
SME Finance and tax managers/executives
Regulators, academics and accountancy students

Risk-based internal audit planning

Today, effective internal auditing requires thorough planning coupled with nimble responsiveness to quickly changing risks. To add value and improve an organisation’s effectiveness, internal audit priorities should align with the organisation’s objectives and should address the risks with the greatest potential to affect the organisation’s ability to achieve those objectives.

Objectives

This course provides participants with the knowledge to develop a risk-based internal audit plan. During this course, you will participate in interactive activities and real-life scenarios. Be prepared to walk away with concepts and tools to develop a value-added risk-based audit plan.
This course is also designed for senior internal audit practitioners who want to build on their knowledge and increase their value to the organisation by developing effective risk-based audit plans that address emerging risks.

Outcome

By the end of this course, attendees will:

Be able to establish a true risk based internal audit plan, covering the risk theories and frameworks
Understand the benefits of risk management and how to align work with the risk appetite of the Board.

Agenda

Overall concepts
Planning the risk assessment
Conducting the risk assessment
Bringing it all together – developing the internal audit plan

1 day

Classroom / Virtual

Target audience

This course is valuable for senior internal auditors and internal audit managers who are involved or are responsible for developing an annual risk-based planning.
The course is equally beneficial to internal audit juniors and professionals who are preparing to assume such responsibilities.

Secure development for web applications (focus on OWASP)

Security on the web is becoming an increasingly important topic for organisations to grasp. Recent years have seen the emergence of the hacktivist movement, the increasing sophistication of online career criminals and now the very real threat posed by nation states compromising personal and corporate security. The Open Web Application Security Project gives us the OWASP Top 10 to help guide the secure development of online applications and defend against these threats.

Objectives

The course aims to:

Enable attendees to incorporate security into the software development life cycle. Move security into your design and build phases by identifying common insecure code issues and embracing the mindset of a security professional.
Teach understanding of your attackers and risks and mitigate issues at critical junctures in your code, including client, and server interactions.
Teach how to prevent unauthorised access and data leaks with authentication and cryptography.

Outcome

By the end of the course, attendees will be able to:

Describe each of the OWASP Top 10 risks and the common activities that might lead to the introduction of these vulnerabilities
Explain how the issues can be exploited, as well as the security vulnerabilities they create for both standard and emerging technologies
Understand how the OWASP top 10 threats may be mitigated

Agenda

Web application security
OWASP Top 10
Threat modelling and Risk management
Application mapping
Authentication and authorisation attacks
Session management attacks
Application logic attacks
Data Validation
AJAX attacks
Code review and security testing
Web app penetration testing
Secure SDLC
Cryptography

3 days

Classroom (including hands-on labs)

Target audience

IT Security team
IT Application Development/Software team
IT Risk and Compliance team

Strategy in Practice

To make better business decisions, C-Suite professionals and top managers need to raise their awareness of strategy.

Objectives

This course aims to:

Encourage strategic thinking
Provide the toolkit to do strategic thinking well
Enable participants to make the right long-term decisions in managing their businesses.

Outcome

By the end of this course, attendees will have:

Explored the fundamental determinants of business success
The tools for recognising the fundamental determinants of business success in a practical way

Agenda

Theories of Strategy:

Understand what strategy means, how companies usually define strategy, and what makes a good strategy
Comprehend concepts such as Strategic Ambition, Vision, Competitive Advantage, Growth Options, etc.;
Knowledge of Strategic Frameworks and tools
Strategy Formulation
Understand how companies usually develop their strategy, in practice, and through case studies
Strategy Implementation
Understand key challenges in Strategy implementation, and why strategies fail
Share best practices for strategy implementation

2 days

Hybrid

Target audience

C-Suite, Directors and Managers who need to
make business decisions and are involved in strategic planning.

The fundamentals of great Business Continuity Management (BCM) & Business Continuity Planning (BCP)

In an increasingly interconnected world, it’s imperative for companies to rethink contingency planning. This programme will help participants understand the principle elements of great Business Continuity Management (“BCM”) and equip participants with skills and knowledge for Business Continuity Planning (“BCP”).

Objectives

You will learn business planning methodologies, recovery strategies and how to apply the Business Continuity Management Framework to improve Business Continuity Planning.
Real-life case studies will be featured to give you a better understanding of the critical importance of Business Continuity Planning.

Outcome

By the end of this course, participants will be able to:

Understand how to use a Risk Analysis Framework
Be equipped with knowledge concerning organisational survival and resilience using the Business Continuity Management Framework.
Identify and analyse potential threats and corresponding potential impact
Identify functions that are critical to business operations and have appropriate alternative business continuity strategy options

Agenda

What a good BCM is Framework
What a BCP is
Breakdown of a BCP
Crisis management vs Business Recovery
Case studies

1/2 day

Classroom / Virtual

Target audience

Business Leaders, C Suites, Enterprise Risk Management (ERM) Professionals and Audit Professionals.
Finance and non-finance professionals wanting to update their awareness levels of BCM and BCP will also benefit from this workshop.

The Surge: How can your company fuel the urge to surge

Every organisation wants to move from being an industry player to an industry leader. The course enables the senior management of organisations to respond fundamentally to the key question on what it takes to surge ahead of their competition

Objectives

Key Objective is to sensitise and orient senior management of companies on what the secret ingredient that enables this “surge” to happen is. How it happens, when it happens, and — keeping in mind that we don’t yet know what the full fallout from the coronavirus global health emergency will be — how organisations can position themselves for a surge

Outcome

By the end of this course, attendees will:

Be able to answer key questions
Be able to develop strategic framework on whether their companies are ready to surge
Know how to approach and develop a surge strategy

Agenda

Factors and enablers that position an organisation to make a successful surge
Key questions to help business leaders identify whether this is the right time to push forward
Developing game-changing strategies

1/2 day

Hybrid

Target audience

Board of Directors/ C-Suites/ Business Owners

Third party assurance and risks

A more integrated and connected business environment means more businesses outsource many of their activities and functions to third party However, the rise in security threats means all parties must provide a high degree of security and assurance over the controls, including third party providers.
Hence it is important that organisations should be aware of their responsibilities and obligations regarding third parties and the solutions available to handle them.

Objectives

The course aims to:

Provide detailed knowledge of risks and obligations when using third parties
Give an introduction to the solutions available

Outcome

By the end of this course, attendees will:

Understand how to manage the organisation’s third party service provision risks
Understand the risks of using third parties
Be aware of the assurance solutions which are available

Agenda

Understanding third party risks and obligations
Implications of third party risk exposures for the organization, particularly regarding IT controls.
Introduction to the third party assurance solutions that are available and have been adopted by organisations.
Summary of existing 3rd party obligations from a regulatory perspective.

1/2 day

Classroom / Virtual

Target audience

Financial controllers
Internal audit
Risk Management

FAQs & Other insights

Keen to learn more about PwC's Academy? Click the button below to explore.

FAQs & Insights

Download our brochure

English

Vietnamese

Hide

Required fields are marked with an asterisk(*)

Full name*

Email address*

Mobile phone*

Location*

Are you requesting our Academy’s services for? *

Yourself

Your organisation

Organisation*

Select your function*

Select your level*

Add details about your inquiry*

Would you like to receive latest updates about

PwC Vietnam

PwC’s Academy Vietnam

Please click here*

By submitting your personal data to us, you acknowledge that you have read the Privacy Statement and that you consent to our processing in accordance with the Privacy Statement. If you change your mind at any time,you can send us an email message using the Contact Us page.

Get in touch

Dinh Thi Quynh Van

Chairwoman, PwC's Academy Leader, PwC Vietnam

Tel: +84 24 3946 2246

Tran Thu Huong

Senior Manager, PwC's Academy, PwC Vietnam

Tel: +84 24 3946 2246, ext. 4607

Le Ngoc Huy

Manager, PwC's Academy, PwC Vietnam

Tel: +84 28 3823 0796

Governance and Risk Academy

Our programmes

To register for preferred course(s), please contact us.

Third party assurance and risks

Objectives

Outcome

Agenda

Target audience

FAQs & Other insights

Download our brochure

We welcome your comments

Get in touch