Cambridge
Academy
In London

Introduction

Risk Management helps organizations identify uncertainties, reduce threats, and support better decision-making. This practical program introduces core risk frameworks and simple tools to define risk appetite, assess and prioritize risks, design controls, and report risk information clearly to stakeholders. 

Course Objectives

By the end of this course, participants will be able to:

·        Explain key risk management concepts and common frameworks (high level)

·        Define risk appetite, tolerance, and simple risk criteria

·        Identify, assess, and prioritize risks using practical tools

·        Design basic controls and treatment plans to reduce risk exposure

·        Build simple risk reporting and monitoring routines

Target Audience

This course is designed for:

·        Risk and compliance specialists and analysts

·        Operational managers and team leads

·        Internal control owners and process owners

·        Audit, governance, and assurance staff

·        Anyone supporting risk assessments and reporting

Course Outlines

Day 1: Risk Management Foundations and Frameworks

·        What risk management is and why it matters

·        Common frameworks overview (ISO 31000, COSO ERM) in simple terms

·        Risk language: threat, opportunity, impact, likelihood, inherent vs residual

·        Risk governance: three lines model, roles, and accountability

·        Activity: Identify your top objectives and key risk themes

Day 2: Risk Appetite, Criteria, and Risk Identification

·        Risk appetite vs tolerance (clear differences)

·        Setting simple risk criteria (scales, thresholds, heatmap rules)

·        Risk identification methods: interviews, workshops, process mapping, incidents

·        Writing good risk statements (cause–event–impact format)

·        Workshop: Draft 8–10 risk statements for one business process

Day 3: Risk Assessment and Prioritisation Tools

·        Scoring likelihood and impact with simple definitions

·        Using risk matrices and heatmaps (limits and good practice)

·        Control effectiveness ratings (design vs operating effectiveness basics)

·        Risk prioritisation: top risks, risk drivers, and risk concentrations

·        Activity: Score risks and produce a basic risk register + heatma 

Day 4: Risk Treatment, Controls, and Action Planning

·        Treatment options: avoid, reduce, transfer, accept

·        Controls basics: preventive, detective, corrective; manual vs automated

·        Control design principles and common control failures

·        Action plans: owners, milestones, evidence, and closure criteria

·        Case study: Design controls and a treatment plan for 3 priority risks 

Day 5: Monitoring, Reporting, and Continuous Improvement

·        Key risk indicators (KRIs) and simple thresholds

·        Risk events and lessons learned: capturing incidents and near misses

·        Risk reporting: dashboards, top risk summaries, and escalation triggers

·        Review cadence: monthly checks, quarterly updates, annual refresh

·        Activity: Build a one-page risk report and a practical improvement plan