Cambridge
Academy
In London

Introduction

Compliance assurance depends on understanding where the biggest compliance risks are and whether controls are working as designed. This practical program builds core skills in identifying and assessing compliance risks, mapping controls, planning and executing basic controls testing, documenting evidence, and reporting results using simple templates and repeatable steps.

 

Course Objectives

• Identify and assess compliance risks in key processes

• Build a simple compliance risk and control matrix (RCM)

• Plan controls testing: scope, sampling, and evidence needs

• Perform basic design and operating effectiveness tests

• Report findings clearly and track remediation actions

 

Target Audience

• Compliance assurance and monitoring specialists

• Risk and governance teams supporting compliance programs

• Internal control and quality assurance staff

• Process owners involved in control testing

• Anyone new to compliance risk assessment or controls testing

 

Course Outlines

Day 1: Compliance Risk Assessment Foundations

• Compliance risk basics: sources, obligations, and impact

• Building a compliance inventory (laws, policies, standards)

• Risk identification methods: workshops, interviews, data review

• Simple risk scoring: likelihood x impact

• Activity: Create a risk register for one process

 

Day 2: Controls Mapping and the RCM

• Controls basics: preventive vs detective

• Control types: policy, process, system, and people controls

• Writing good control descriptions (who/what/when/how)

• Building a simple Risk & Control Matrix (RCM)

• Workshop: Map risks to controls for a sample process

 

Day 3: Testing Planning and Sampling Basics

• Test planning: objectives, scope, period, population

• Design effectiveness vs operating effectiveness

• Evidence expectations and documentation standards

• Sampling basics and sample selection (simple)

• Activity: Write a test plan and sampling approach

 

Day 4: Performing Controls Testing and Documenting Results

• Walkthroughs and process understanding

• Test procedures: inquiry, observation, inspection, re-performance

• Recording results: test sheets, exceptions, and root cause notes

• Handling exceptions and discussing with process owners

• Case study: Execute tests for 3 controls and document evidence

 

Day 5: Reporting, Remediation, and Follow-Up

• Writing findings: condition, criteria, risk, impact, recommendation

• Rating issues and agreeing action plans

• Tracking remediation: owners, due dates, validation steps

• Reporting packs: dashboards and summary for leadership