Cambridge
Academy
In London

Introduction

Risk Management helps organizations identify uncertainties, reduce threats, and support better decision-making. This practical program introduces core risk frameworks and simple tools to define risk appetite, assess and prioritize risks, design controls, and report risk information clearly to stakeholders.

Course Objectives

• Explain key risk management concepts and common frameworks (high level)

• Define risk appetite, tolerance, and simple risk criteria

• Identify, assess, and prioritize risks using practical tools

• Design basic controls and treatment plans to reduce risk exposure

• Build simple risk reporting and monitoring routines

Target Audience

• Risk and compliance specialists and analysts

• Operational managers and team leads

• Internal control owners and process owners

• Audit, governance, and assurance staff

• Anyone supporting risk assessments and reporting

Course Outlines

Day 1: Risk Management Foundations and Frameworks

• What risk management is and why it matters

• Common frameworks overview (ISO 31000, COSO ERM) in simple terms

• Risk language: threat, opportunity, impact, likelihood, inherent vs residual

• Risk governance: three lines model, roles, and accountability

• Activity: Identify your top objectives and key risk themes

Day 2: Risk Appetite, Criteria, and Risk Identification

• Risk appetite vs tolerance (clear differences)

• Setting simple risk criteria (scales, thresholds, heatmap rules)

• Risk identification methods: interviews, workshops, process mapping, incidents

• Writing good risk statements (cause–event–impact format)

• Workshop: Draft 8–10 risk statements for one business process

Day 3: Risk Assessment and Prioritisation Tools

• Scoring likelihood and impact with simple definitions

• Using risk matrices and heatmaps (limits and good practice)

• Control effectiveness ratings (design vs operating effectiveness basics)

• Risk prioritisation: top risks, risk drivers, and risk concentrations

• Activity: Score risks and produce a basic risk register + heatmap

Day 4: Risk Treatment, Controls, and Action Planning

• Treatment options: avoid, reduce, transfer, accept

• Controls basics: preventive, detective, corrective; manual vs automated

• Control design principles and common control failures

• Action plans: owners, milestones, evidence, and closure criteria

• Case study: Design controls and a treatment plan for 3 priority risks

Day 5: Monitoring, Reporting, and Continuous Improvement

• Key risk indicators (KRIs) and simple thresholds

• Risk events and lessons learned: capturing incidents and near misses

• Risk reporting: dashboards, top risk summaries, and escalation triggers

• Review cadence: monthly checks, quarterly updates, annual refresh

• Activity: Build a one-page risk report and a practical improvement plan