Call Us (03) 2035 9258
Call Us (03) 2035 9258
Download PDF
This course is presented as Live Virtual Training. Click for more details.

Information Technology is a fundamental enabler of business in the 21st century that has transformed business models across the globe.  But as well as creating untold opportunities, it has at the same time opened up a whole new range of business risk that has the potential to cause significant financial, reputational, regulatory, or strategic impact. This risk requires managing.

ALC’s TechRisk Management Foundation course is designed to give you a sound understanding and appreciation of both IT-enabled opportunity and risk, and to equip you to better guide your organisation toward optimising the IT risks you will encounter.

In just two days you will learn the key IT risk management concepts and principles in a straightforward and pragmatic way. Although aimed at Foundational level, the course includes methods and insights which will reward experienced risk, assurance, and compliance professionals as well.

The course includes a Foundation Certificate exam.

Learning outcomes

  • Understanding the key concepts in Risk Management
  • Introduction to opportunity and risk
  • Building your Technology Risk Management Framework
  • Preparing for the next level of implementation or audit training

Who should attend

This course will be beneficial to business and IT executives and team members equally. No previous experience with risk management is required.

For professionals with cybersecurity, assurance, compliance or project management responsibilities, this course will bring the benefits of a formal and structured presentation and will provide a strong foundation for those who need to take their knowledge to a more advanced level such as TechRisk Management Lead Implementer.

Typical attendance includes:

  • Business leaders and executives
  • IT executives and leaders
  • Enterprise Risk professionals
  • Internal Audit and compliance professionals
  • InfoSec team members interested in expanding their TechRisk knowledge (i.e., beyond cyber risks)
  • Founders or Senior Leadership team of Technology Companies who are interested in growing their revenue and building brand reputation
  • Anyone intending to pursue a career in TechRisk Management

Course contents

1. What is TechRisk Management?
  • Key concepts
  • Principles (enterprise risk as well as TechRisk management)
  • Risk management and TechRisk management frameworks and approaches (including ISO 31000, COSO ERM, COBIT 2019, COBIT 5 for Risk, and ISO27001)
  • Introduction to risk culture
2. Why manage technology risks in a structured way?
  • Challenges with TechRisk Management
  • Drivers and benefits of managing TechRisk Management effectively
  • Understanding the business and its objectives in the context of TechRisk Management
  • TechRisk Myth Busters:
    • a) Not just about technology
    • b) Management vs. Mitigation
    • c) Processes vs. Function
    • d) Risk or Compliance team’s job
    • e) Cybersecurity team’s job
    • f) Positive vs negative risk management
3. What does TechRisk Management involve?
  • The Role of TechRisk Management in an organisation
  • Expressing TechRisk assessment and acceptance criteria in business terms
  • Establishing effective risk governance – roles, responsibilities, and authorities (incl 3LOD)
  • Skills, knowledge, and competence requirements for TechRisk Management
  • Introduction to the risk management processes
  • Using a TechRisk Management Framework (TRMF) to manage TechRisk Capabilities and Processes
  • Assigning risk and control ownership
  • The role and composition of a TechRisk Function
  • Integration of TechRisk Management with Enterprise Risk Management and Cybersecurity Risk Management
4. TechRisk Management Processes
  • Identifying ‘key’ risk scenarios
    • Understanding the business and its systems and processes
    • Aligning ‘key’ risk scenarios with business objectives (e.g., using the Top-down and Bottom-up approach and Bow-tie model)
  • Assessing risks
    • Understanding inherent, current, and residual risk states
    • Controls assessment techniques
    • Quantitative and qualitative risk assessment
  • Evaluating and treating risks
    • Evaluating risks for acceptance or treatment
    • Identifying and selecting risk response options
    • Assigning risk and control ownership
    • Using a capabilities framework
    • Risk treatment prioritisation
  • Risk reporting and monitoring
    • Monitoring risks with KRIs
    • Risk reporting techniques and pitfalls (including risk aggregation, heat maps)
5. TechRisk Management Foundation Exam

Course fees

Fees per person
  • TechRisk Management Foundation (2 days)
  • MYR 
Course fee includes:
  • Comprehensive workbook hardcopy, printed in colour
  • TechRisk Management Foundation Certificate exam
Foundation Exam

Live Virtual Training – Participants of the TechRisk Management Foundation course will sit the exam online during the course at the end of Day 2. The exams are invigilated live by the ALC trainer and supporting staff. The online exam is run via the exam portal Test Invite and accessed via a web browser.

  • 50-minute duration
  • 50 Multiple choice questions (MCQ)
  • Closed book exam
  • 60%+ score to pass (i.e. 30 or more correct answers required to pass from 50 available MCQ)
Make an enquiry

Next Available Dates

No public courses currently scheduled. Please contact ALC.