TechRisk Management Lead Implementer

This course is presented as Live Virtual Training. Click for more details.

While information technology is a fundamental enabler for any organisation in the 21^st century, the accompanying opportunities and challenges require a structured approach to managing TechRisks to optimise investments.

Successful organisations and professionals differentiate themselves by focusing on positive risk (opportunities) management with an equal level of importance that they provide in managing negative risks (issues and challenges).

With no single internationally accepted best practices framework to guide an implementation of a TechRisk Management Framework, most GRC (Governance-Risk-Compliance) professionals have relied on disparate frameworks for IT Governance or Information / Cyber Security to anchor their TechRisk management capability implementation. This often results in moderate to limited success in supporting organisations achieve their business objectives or to optimise the benefits from their technology capabilities.

The TechRisk Management Lead Implementer training is designed to assist:

• Organisations with approaching their TechRisk management capability implementation in a holistic manner, and to optimising the opportunities and risks associated with their technology investments
• Professionals, whether internal or external to an organisation, with building or expanding their knowledge and skills in the TechRisk governance and management discipline
• Consulting or professional services firms to identify new value-added service opportunities for their ISO management system certification clients

Our trainers have extensive experience in developing and delivering TechRisk Management capabilities with organisations of all sizes. They will facilitate interactive sessions during this training where participants are encouraged to discuss and explore their TechRisk management challenges and build potential solutions.

The course includes a Lead Implementer Certification exam.

Learning outcomes

• Understanding the key concepts and principles in TechRisk Management
• Articulating drivers and benefits for implementing TechRisk Governance and Management capabilities
• Preparing the business case for implementing TechRisk Management Framework
• Learning about design and implementation factors that impact a TechRisk Management Framework and TechRisk Management Operating Model
• Learning the concepts, approaches, methods, and techniques used for the implementation and effective management of a TechRisk Management Framework
• Acquiring the necessary expertise to support implementation of an integrated and end-to-end TechRisk Management Framework for an organisation
• Acquiring the necessary knowledge and skills required to advise organisations on best practices in the management of TechRisks.

Who should attend

This course will be beneficial to anyone who wants to play a pivotal role in ensuring that an organisation can implement, maintain, and continually improve their TechRisk Management Capabilities, either as a specialised domain / discipline or as a holistic TechRisk Management Framework. This includes:

• Enterprise and IT Risk professionals responsible for managing TechRisk for their organisations

• Internal champions and advisors involved in IT and TechRisk management

• IT Governance and Assurance professionals
• IT executives and leaders

• Professional services consultants and advisors seeking to assist their clients with the implementation of a TechRisk Management Framework

• Anyone intending to pursue a career in TechRisk Management

Prerequisites:

• You should have previously attended our TechRisk Management Foundation course
• Alternatively, you should hold a Certification in IT Risk Management (e.g. CRISC)
• You should have a basic knowledge of Enterprise Risk Management principles and terminology
• Familiarity with IT governance frameworks (such as COBIT, ITIL) as well as TechRisk related ISO standards (such as ISO27001, ISO2000, and ISO22301) is highly recommended

Course contents

1. The Role of a Technology Risk Management

• Fundamental principles of TechRisk Management
• TechRisk Management as an outcome
• TechRisk Management as a role, function, or organisational department
• TechRisk Management as a set of activities
• TechRisk Management as a business enabler
• Popular best practices and frameworks for TechRisk Management

2. Defining the Tech Risk Approach

• Understanding the organisation and its context for TechRisk Management
• Articulating drivers and benefits of a TechRisk Management Framework (TRMF) implementation
• Understanding the difference between TechRisk Management processes and TechRisk Management Function
• Initiating a TRMF project (based on a capability assessment / gap analysis)
• Developing the business case, including definition of the scope and coverage for the TRMF implementation
• Designing and implementing TechRisk Management Framework (TRMF) using a lifecycle-based approach
  • Defining TechRisk governance, including leadership and commitment
  • Determining responsibility for TechRisk management roles and activities
  • Defining and socialising TechRisk Appetite
  • Defining the approach and methodology for TechRisk Assessment and Treatment
• Do’s and Don’ts of a TRMF implementation and maintenance

3. Understanding the organisation and its technology related risks, opportunities, and associated business objectives

• Identifying TechRisks using Top-Down and PARI One-pagers ™ methodologies
• Alignment with the Enterprise Risk Management approach and practices
• Explore automation possibilities for TechRisk recording and reporting
• Creating an inventory of TechRisk Classification and Categories
• Defining and building the appropriate risk culture

4. Understand technology and information management related controls and the operational environment

• Understanding Technology Capability Framework / IT Operating Models
• Leveraging Technology or IT capabilities for effectively managing TechRisks, including:
  • Strategy and Enterprise Architecture
  • Data Governance / Information Lifecycle Management
  • Innovation and Emerging Technology Enhancements
  • IT Operations and Service Management
  • Project Management
• Determining and addressing potential dependencies and integration with broader technology governance, compliance, and assurance requirements including Cyber Security, Privacy, Business Continuity, Vendor Governance / Assurance, Due diligence

5. Continual Improvement using TRMF

• Monitoring and communicating risk profile through performance evaluation, KPI’s and KRI’s
• Build-Your-Own Capability maturity model for TRMF improvement
• Risk process improvement

6. TechRisk Management Lead Implementer Exam

Course fees

Prerequisites:

• You should have previously attended our TechRisk Management Foundation course
• Alternatively, you should hold a Certification in IT Risk Management (e.g. CRISC)
• You should have a basic knowledge of Enterprise Risk Management principles and terminology
• Familiarity with IT governance frameworks (such as COBIT, ITIL) as well as TechRisk related ISO standards (such as ISO27001, ISO2000, and ISO22301) is highly recommended