Governance and Risk Academy

Objectives

The course aims to raise awareness about information security, good information security practices, and related policy in order to help prevent unintentional compromises of sensitive information and computing systems.

Outcome

By the end of this course, attendees will: 

• Be confident in the decisions they make when creating new passwords, filtering through suspicious emails or browsing the internet.
• Have raised awareness levels and the practical skills needed to better protect your business from the dangers of data breaches, network attacks and ransomware threats.

Agenda

• Importance of security awareness
• Avoiding social engineering
• Using internet safely
• Securing your devices

  1/2 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance team
• Business managers/ End-users

Objectives

The course aims to teach:

• Data privacy, with a focus on how personal information is collected and used.
  
• How to apply privacy awareness best practices. Equip your employees with the right knowledge and skills to make data protection a default behavior.

Outcome

By the end of the course, attendees will:

• Have broadened understanding of data privacy and the many rights and responsibilities it generates.
• Know how to safely handle personal information.
• Be able to support your organisation in fulfilling privacy obligations.

Agenda

• Overview of GDPR and PDPD
• GDPR and PDPD's detailed requirements
• How to conduct GDPR and PDPD compliance audit

  1 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance team
• Internal Audit team
• Legal and Data protection team

Objectives

This programme will help internal auditors learn what goes into an effective audit observation and how to organise reports that meet professional standards, elicit management action, and communicate crucial messages to auditee, senior and executive management and board-level readers. Participants will learn to produce reports that have impact and add value to the decision making within their organisation.

Outcome

By the end of this course, participants will be able to:

• Understand what makes an effective internal audit report
• Understand the report writing process from planning to delivery of a final audit report 
• Identify and effectively articulate observation, associated risk(s), root cause and other internal audit report components 
• Be more influential when writing an internal audit report
• Manage relationship with auditee and ensure acceptance of the draft and final report

Agenda

• Overview
• The journey to an effective internal audit report writing
• Key elements of draft internal audit reports
• The Final Report
• Reporting techniques
• Tools and Techniques 
• Exercise

  1 day

  Classroom / Virtual

Target audience

• This course is valuable for internal auditors who are involved in or are responsible for preparation, review and approval of internal audit reports before issuance.
• Senior internal audit professionals will stand to benefit from the course as a refresher in terms of knowledge and skills for writing an effective internal audit report.
• The course is equally beneficial to internal audit juniors and professionals who are preparing to assume such responsibilities.
  

Objectives

This workshop is designed to help participants to:

• Understand relevant concepts about ERM, COSO ERM Framework and ISO 31000.
• Obtain knowledge about the steps in the risk management process
• Understand the roles and responsibilities in ERM
• Case studies

Outcome

By the end of this course, participants will:

• Understand the ERM concepts
• Be equipped with knowledge concerning the risk management process
• Understand their roles and responsibilities in ERM

Agenda

• Overview of ERM
• Risk management process
• Case study

  1/2 day

  Classroom / Virtual

Target audience

• Risk management practitioners
• Finance managers
• Finance officers
• IT staff 
• Internal auditors
• Operations staff at all levels

Objectives

The course covers the fundamentals and building blocks for the internal audit profession including key definitions, professional background and code of ethical conduct, international internal audit standards and leading risk and control frameworks such as COSO.

Outcome

By the end of this course, participants will:

• Understand background and reasons why the internal audit profession exists
• Know the definition, mission and key performance and attribute standards for the internal audit practice
• Understand the role of an internal auditor towards his organisation and acceptable behaviours
• Know the proper governance structure of internal audit functions
• Understand COSO Internal Control, ERM and Fraud Risk Management
• Understand the relation between objectives, risks and controls.

Agenda

• Day 1
  - History, evolution and prospects of the internal audit profession
  - International Professional Practices Framework (IPPF)
  - Internal audit function

• Day 2
  - Introduction to COSO
  - Principals and attributes of COSO Internal Control

   2 days

   Classroom / Virtual

Target audience

• The topics included in this course are the necessary building blocks for a professional career in internal audit.
• This course is a must for junior and senior internal auditors who are relatively new to the internal audit profession. 
• This course is also ideal for senior internal audit professionals who want to refresh their knowledge and stay up to date with the applicable standards and frameworks.

Objectives

The course will teach:

• Understanding of PCI compliance before you go through an assessment
• Application of PCI DSS security principles across your business

Outcome

By the end of the course, attendees will be able to:

• Build a secure payments environment
• Support your organisation’s compliance efforts through your knowledge of how to apply PCI Standards

Agenda

• Overview of PCI requirements, how they enhance data security, and support compliance with the PCI Data Security Standard
• Roles and responsibilities of key players in the compliance process
• Including overviews of the Internal Security Assessor (ISA), Qualified Security Assessor (QSA), and Approved Scanning Vendor (ASV) programmes
• The need for PCI Data Security Standard (DSS) compliance
• PCI DSS Overview
• PCI DSS's requirements

  1/2 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance team
• IT Security team
• Card operations team

Objectives

The course aims to provide:

• Understanding of the differences between ISAE 3402 and 3000
• Understanding of how an ISAE audit is performed
• Understanding of how to prepare for an ISAE audit report

Outcome

By the end of the course, attendees will be able to:

• Choose the proper types of ISAE audit
• Understand all related internal controls in scope
• Prepare an ISAE 3402/3000 audit report properly

Agenda

• An overview of ISAE 3402/3000 (SOC 1/2) for IT Security risk assurance.
• SOC 1, 2 readiness assessment health check for SOC (Type 1 and 2) audits.
• SOC 1, 2, 3 – audit reporting overview.
• SOC 1, 2 internal controls overview.

  1 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance team
• IT/Business Operations team
• IT Security team

Objectives

The course will:

• Provide the general concepts specified in ISO 27001 
• Assist with the satisfactory implementation of information security based on a risk management approach.
• Enable participants to conduct an information security risk assessment in accordance with the requirements of ISO 27001.

Outcome

By the end of the course, attendees will understand:

• How to identify and assess IT security risk quantitatively
• Risk likelihood and the consequences for the business
• How to establish a priority order for risk treatment
• How to complete the risk assessment report according to ISO 27001's requirements

Agenda

• Identifying IT assets
• IT security risk assessment
• IT security risk treatment
• IT security risk residual
• A case study

  1/2 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance teams
• ISO/ISMS teams
• IT/Security teams

Objectives

This course will:

• Help attendees acquire the knowledge and skills to plan and carry out internal audits in compliance with ISO 19011 process.
• Enable attendees to master audit techniques and become competent to manage an audit program, audit team, communication with parties, and conflict resolution.

Outcome

By the end of this course, attendees will be able to:

• Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
• Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor
• Plan, conduct, and close an ISO/IEC 27001 compliance audit, in accordance with ISO 19011 guidelines, and other best practices of auditing
• Manage an ISO/IEC 27001 audit program

Agenda

• Summary of ISO 27001 requirements
• Basics of Internal Auditing Principle
• Managing the audit programme
• Perform an Internal Audit Process
• Essential attributes of a successful auditor

  1 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance team
• IA/ISO/ISMS team
• IT Security team
  

Objectives

The course will:

• Help individuals be familiar with the guidelines needed to initiate, implement, maintain, and improve information security management in an organisation.
• Help select the controls needed for implementing an ISMS based on ISO/IEC 27001.

Outcome

By the end of the course, attendees will:

• Be able to demonstrate comprehensive knowledge and the ability to assess information security risks based on a formal risk assessment approach and select appropriate risk treatment options by applying relevant controls.
• Have the knowledge to implement information security controls based on ISO 27002
• Understand the process of performing periodic risk assessments and selecting the appropriate risk treatment options to help an organisation improve its information security approach

Agenda

• IT Security risk treatment options
• IT Security controls

  1 day

  Classroom / Virtual

Target audience

• IT Risk and Compliance team
• ISO/ISMS team
• IT Audit/Security team

Objectives

This course aims to teach controls optimisation through data and process mining technology.

Outcome

By the end of this course, attendees will understand how process mining can be utilised to support a client’s compliance, process improvement and audit reviews. 

Agenda

• Introduction of process mining
• How process mining achieves intended process or controls optimisation objectives.
• Differences between process mining and data analytics.
• Example of how process mining works and is applied in actual industry and with clients.

  1/2 day

  Classroom / Virtual

Target audience

• Internal Audit
• Financial controllers
• Risk Management

Objectives

The course aims to provide SMEs better understanding of how to read and interpret financial terms presented and disclosed in a set of financial statements as well as how to analyse some of the common key financial performance ratios to be able to make informed business decisions. The course also covers cashflow management, investment appraisal and monitoring budgets.

Outcome

By the end of this course, attendees will:

• Understand the significance of financial statements and their components
• Be able to perform financial analysis
• Understand cash operating cycle and how to manage it
• Understand how to perform inventory costing
• Understand how to appraise investments and what are some of the investment appraisal tools
• Be able to manage foreign currency exposures
• Understand how to do good budgeting and monitor it
• Recognise some of the potential warning signals that may arise from financial statements
• Understand other impacts of Covid-19 on financial reporting
• Understand tax considerations

Agenda

• What are cash and cost levers that impact a Business performance
• How can we baseline cash and cost levers for An organization (qualitative and quantitative)
• What are benchmarks and performance indicators that indicate sub-optimal Financial management
• What are Assessment dimensions to articulate Financial performance improvement for An organization
• How can we enable improved Financial performance management through focused initiatives
• How do we prioritize Key initiate to ensure short to medium term improvement
• Elements/Constituents of action plan for improvement

  1/2 day

  Classroom / Virtual

Target audience

• SME owners / directors
• SME Finance senior management
• SME Finance and tax managers/executives
• Regulators, academics and accountancy students

Objectives

This course provides participants with the knowledge to develop a risk-based internal audit plan. During this course, you will participate in interactive activities and real-life scenarios. Be prepared to walk away with concepts and tools to develop a value-added risk-based audit plan.
This course is also designed for senior internal audit practitioners who want to build on their knowledge and increase their value to the organisation by developing effective risk-based audit plans that address emerging risks.

Outcome

By the end of this course, attendees will:

• Be able to establish a true risk based internal audit plan, covering the risk theories and frameworks
• Understand the benefits of risk management and how to align work with the risk appetite of the Board.

Agenda

• Overall concepts
• Planning the risk assessment
• Conducting the risk assessment
• Bringing it all together – developing the internal audit plan

  1 day

  Classroom / Virtual

Target audience

• This course is valuable for senior internal auditors and internal audit managers who are involved or are responsible for developing an annual risk-based planning.
• The course is equally beneficial to internal audit juniors and professionals who are preparing to assume such responsibilities.

Objectives

The course aims to:

• Enable attendees to incorporate security into the software development life cycle. Move security into your design and build phases by identifying common insecure code issues and embracing the mindset of a security professional.
• Teach understanding of your attackers and risks and mitigate issues at critical junctures in your code, including client, and server interactions.
• Teach how to prevent unauthorised access and data leaks with authentication and cryptography.

Outcome

By the end of the course, attendees will be able to:

• Describe each of the OWASP Top 10 risks and the common activities that might lead to the introduction of these vulnerabilities
• Explain how the issues can be exploited, as well as the security vulnerabilities they create for both standard and emerging technologies
• Understand how the OWASP top 10 threats may be mitigated

Agenda

• Web application security
• OWASP Top 10
• Threat modelling and Risk management
• Application mapping
• Authentication and authorisation attacks
• Session management attacks
• Application logic attacks
• Data Validation
• AJAX attacks
• Code review and security testing
• Web app penetration testing
• Secure SDLC
• Cryptography

  3 days

  Classroom (including hands-on labs)

Target audience

• IT Security team
• IT Application Development/Software team
• IT Risk and Compliance team
  

Objectives

This course aims to:

• Encourage strategic thinking
• Provide the toolkit to do strategic thinking well
• Enable participants to make the right long-term decisions in managing their businesses.

Outcome

By the end of this course, attendees will have:

• Explored the fundamental determinants of business success
• The tools for recognising the fundamental determinants of business success in a practical way

Agenda

Theories of Strategy: 

• Understand what strategy means, how companies usually define strategy, and what makes a good strategy
• Comprehend concepts such as Strategic Ambition, Vision, Competitive Advantage, Growth Options, etc.;
• Knowledge of Strategic Frameworks and tools 
• Strategy Formulation
• Understand how companies usually develop their strategy, in practice, and through case studies
• Strategy Implementation
• Understand key challenges in Strategy implementation, and why strategies fail
• Share best practices for strategy implementation

  2 days

  Hybrid

Target audience

• C-Suite, Directors and Managers who need to
  make business decisions and are involved in strategic planning.
  

Objectives

You will learn business planning methodologies, recovery strategies and how to apply the Business Continuity Management Framework to improve Business Continuity Planning.
Real-life case studies will be featured to give you a better understanding of the critical importance of Business Continuity Planning.

Outcome

By the end of this course, participants will be able to:

• Understand how to use a Risk Analysis Framework
• Be equipped with knowledge concerning organisational survival and resilience using the Business Continuity Management Framework.
• Identify and analyse potential threats and corresponding potential impact
• Identify functions that are critical to business operations and have appropriate alternative business continuity strategy options

Agenda

• What a good BCM is Framework
• What a BCP is
• Breakdown of a BCP
• Crisis management vs Business Recovery
• Case studies

  1/2 day

  Classroom / Virtual

Target audience

• Business Leaders, C Suites, Enterprise Risk Management (ERM) Professionals and Audit Professionals.
• Finance and non-finance professionals wanting to update their awareness levels of BCM and BCP will also benefit from this workshop.

Objectives

Key Objective is to sensitise and orient senior management of companies on what the secret ingredient that enables this “surge” to happen is. How it happens, when it happens, and — keeping in mind that we don’t yet know what the full fallout from the coronavirus global health emergency will be — how organisations can position themselves for a surge

Outcome

By the end of this course, attendees will:

• Be able to answer key questions
• Be able to develop strategic framework on whether their companies are ready to surge
• Know how to approach and develop a surge strategy
  

Agenda

• Factors and enablers that position an organisation to make a successful surge
• Key questions to help business leaders identify whether this is the right time to push forward
• Developing game-changing strategies

  1/2 day

  Hybrid

Target audience

• Board of Directors/ C-Suites/ Business Owners