March 28-30 2023

(Lagos/Abuja Time Zones)

Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risktech & Advisory Limited.

All our 2022 Virtual Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises, and case studies for a tried-and-true engaging and gratifying learning experience.

Session 1: Focus on enterprise governance – how do we include cyber?

Session 2: Focus on Cyber

Session 3: Understanding Risk Within Cyber-Savvy Enterprise Governance Frameworks

Session 4: Managing the control environment for desired Cyber-related GRC outcomes

Session 5: The role and purpose of the internal control environment

Session 6: Building on what we already have

Session 7: How Cyber Underpins Enterprise Governance, Risk and Compliance

The relationship between Governance, Risk and Compliance (GRC) is well understood but with increasing IT complexity and cyber-security incidents, how can organisations best expand and integrate cyber into GRC policies and practices? This course takes delegates through the range of emerging requirements, identifying the approach necessary to provide the necessary framework for continued success in fulfilling GCR requirements and how these impact on current approaches to strategic and operational activity.

Focusing on practical solutions to blend the technical issues into the conceptual requirement of GRC, the course provides both guidance and detail on how to incorporate cyber-security within the existing GRC framework: lead, direct, assess, manage and assure that cyber can be used safely and reliably to ensure the organisation’s explicit and implicit license to operate.

This course is designed for people across all levels of the organisation who are accountable for the organisation’s behaviour and performance. This includes directors and operational technicians involved in some or all aspects of GRC such as strategists, risk managers, legal and compliance personnel, IT specialists, internal auditors, and compliance managers and personnel.

Focus on enterprise governance – how do we include cyber? 

• What is enterprise governance? 
• How is Cyber defined? 
• Combining cyber into the organisation’s governance structure  
• The virtuous relationship between governance, risk and compliance 

• Do governance codes help or hinder when it comes to cyber? 

Case Study: examining and evaluating the key attributes of GRC.   

Focus on Cyber 

• Understanding the paradox of Cyber – its ease of use and difficulty to secure. 

• The underlying complexity. 
• Reliance on 3rd parties. 
• Basic governance requirements. 
• How best to assess and manage risks? 
• Is our legislation a help or hindrance to cyber-security GRC?  

• How can standards help?   
• Creating and integrating policies, procedures, and practices from strategy to crisis management. 
• Achieving demonstrable compliance. 

Case Study: designing the framework and identifying the necessary actions. 

Understanding Risk Within Cyber-Savvy Enterprise Governance Frameworks 

• The role of operational resilience 
• Assessing cyber-related activity on the impact and probability of key risks  
• Using key risk, and performance indicators to enhance understanding  
• Building this into effective structures 

• Considering the impact of stress testing 

Case Study:  Designing useful metrics for demonstrable Cyber-Security GRC  

Managing the control environment for desired Cyber-related GRC outcomes. 

• A strategic approach. 

• Preventative versus corrective approach to cyber governance. 
• How Cyber exacerbates GRC weaknesses. 
• Managing GRC failures. 
• Promoting the good news. 

Case study: finding out who is in your cyber supply chain 

The role and purpose of the internal control environment 

• The value of control 
• Role of cyber-related controls as part of internal control 
• Basic building blocks of control 

• Embedding risk management into the corporate culture 
• Key control indicators 

Case Study:  how risk and control self-assessment enlightens corporate capability and resilience 

Building on what we already have 

• How does cyber affect operational resilience 
• Assessing the impact and probability of cyber activity on key risks  
• Proposing and implementing key risk, performance and control indicators 
• Considering cyber as part of stress testing 
• Cyber-related information flows – are we sharing what is relevant and comprehensible? 

• Relationship with regulators – does legal compliance explicitly include Cyber? 
• Making compliance truly useful to society. 
• Creating a culture for sound Cyber GRC. 

Case Study: building effective cyber-related GCR structures internally and across the supply chain. 

How Cyber Underpins Enterprise Governance, Risk and Compliance 

• Cyber and Cyber-security’s influence on GRC 
• Is  Governance just another way of saying Compliance? 
• Can an institution’s cyber policies, corporate governance and ethical approach operate independently of its compliance policy? 

• The role of the compliance function 
• Cyber and Business controls to achieve compliance – how to combine them  
• Benefits of a coordinated approach to all aspects of risk management 

Case Study:  How can those responsible for compliance include cyber-related issues? 

Delegates will gain specialist knowledge that complements and builds on existing understanding of GRC through interactive discussion, case study exercises and some presentations on the concepts, issues and intended outcomes of GRC – the ability to provide safe, secure and usable technology for use by the supply chain:

• Review of current GRC requirements
• Impact of cyber on how organisations operate
• What regulators want to see
• Consider the governance needed to provide cyber-related activity wisely
• How risk management helps improve governance and makes compliance easier to demonstrate
• A strategic approach to ensuring cyber-security GRC works 24X7
• Case studies of recent and historic cases

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes. (An invitation via email with access link is included for all participants.)