What are the types and sources of risks that would prevent organisations from implementing their intended strategy? What is the impact of the risks on the organisation? What techniques are available to evaluate the impact of such risks? How is risk managed in the organisation? How is responsibility for various aspects of risk management distributed in the organisation? How does the organisation align its risk tolerance, appetite and capacity to its decisions and actions? What risk management frameworks are there? How is risk information communicated to the organisation? What are the risks that the strategy of the organisation is wrong? What are the sources of such risks? How does the organisation evolve its strategy in a dynamic environment to keep it relevant? What is reputational risk and why is it an important strategic risk? What are the types and sources of reputational risks and what is their impact on the organisation? How can they be managed? What is the role of the board in risk management? How does governance risk occur? How is this role governed by the various corporate governance codes and principles? What are the roles of internal control systems in managing risks? What are its key features and why? This introduces the COSO framework as a comprehensive way of looking at internal controls in risk management. The objective is to get candidates to understand the key elements and know how to apply them in evaluating internal controls. This part looks at the critical role that the internal audit function can play in risk management. The objective is to create awareness and understanding of the various issues in internal audit and how they link to each other. This part looks at where and how organisations can be vulnerable to cyber threats and the type and sources of such threats. In addition, it looks at the impact such threats can have on organisations. The principal aim here is to enable candidates to understand how to manage cyber threats through cyber security processes. What objectives should organisations set in this area? What controls are available to organisations? This part looks at the tools and techniques available to manage cyber risks. Candidates are expected to have a basic understanding of the techniques and how they can be deployed together. How should cyber risks be reported? What reporting frameworks are available?


A.     Enterprise risk

A.     Enterprise risk

·   Analyse sources and types of risk.

·   Evaluate risk.

·   Discuss ways of managing risks.

B.     Strategic risk

·   Analyse risks associated with formulating strategy

·   Evaluate the sources and impact of reputational risks.

·   Explain governance risks

C.     Internal controls

·   Analyse internal control systems.

·   Recommend internal controls for risk management.

·   Discuss various issues relating to internal audit in organisations.

D.    Cyber risks

·   Analyse cyber threats.

·   Review cyber security processes.

·   Discuss cyber security tools and techniques.

·   Evaluate cyber risk reporting

Higher Secondary Qualified 
Rs. 35399 Rs. 39999

Course Includes

    ·   Analyse sources and types of risk.

    ·   Evaluate the impact of risk

    ·   Role of board and others in the organisation for identifying and managing risks

    ·   Analyse relevance of the assumptions on which strategy is based.

    ·   Discuss potential sources and types of disruptions to strategy.

    ·   Sources of reputational risk

    ·   Explain the role of board and its committees in managing strategic risk

    ·   • Role of risk manager as distinct from internal auditor

    ·   Control systems in functional areas

    ·   Operational features of internal control

    ·   Compliance audit, fraud investigation, value for money audit and management audit

    ·   Discuss the Committee of Sponsoring Organisations of the Treadway Commission (COSO) internal control and risk management framework.

    ·   Recommend internal controls for risk management.

    ·   Identifying and evaluating control weakness and compliance failures

    ·   Preparation and interpretation of internal audit reports

    ·   Description criteria including nature of business and operations, nature of information at risk, risk management programme objectives, cybersecurity risk governance structure etc.

Back to Top