TechRisk Management - Foundation

Interactive risk training and certification for all experience levels

In this “information Age” organisations are dependent on Information Technology (IT). Advances in IT have enabled traditional businesses to deliver services in new ways, and completely new types of businesses to appear. So, while IT is a fundamental enabler of business in the 21st century, the accompanying opportunities and risks require managing.

This online course will equip you with an understanding of both IT-enabled opportunity and risk, and help you guide your organisation toward optimising IT risks.

Who should attend?

Vital Advisory’s 3-day TechRisk Management Foundation training (delivered online20 & 21 March, 2023) allows you to learn about key IT risk management concepts in a simple and pragmatic way. Although aimed at Foundational level, the course includes methods and insights which will reward experienced risk, assurance, and compliance professionals as well.

The course includes a Foundation Certificate exam.

The first of its kind, Vital Advisory’s TechRisk Management Foundation training is designed to assist:

+ Business leaders and executives
+ IT executives and leaders
+ Enterprise Risk professionals
+ Internal Audit and compliance professionals
+ InfoSec professional interested in expanding TechRisk knowledge (i.e., beyond cyber risks)
+ Founders or Senior Leadership team of Technology Companies who are interested in growing their revenue and building brand reputation
+ Anyone intending to pursue a career in TechRisk Management

Learning outcomes

+ Understanding the key concepts in TechRisk Management
+ Introduction to opportunity and risk
+ Understanding capabilities and processes needed to manage TechRisks effectively
+ Preparing for the next level of TechRisk implementation or audit training

Course Content

Course Schedule
+ Online
+ 20 & 21 March, 2023
+ 9am – 5pm

  • + Key concepts and Principles of TechRisk Management
    + How TechRisks differ from other types of Enterprise Risks, especially Cybersecurity Risks
    + Risk management and TechRisk management frameworks and approaches (including ISO 31000, COSO ERM, COBIT 2019, COBIT 5 for Risk, and ISO27001)
    + Introduction to risk culture and understanding it’s importance whilst managing TechRisks
    + Changing the narrative about and approach towards TechRisk Management

  • + Challenges with TechRisk Management
    + Drivers and benefits of managing TechRisk Management effectively
    + Understanding the business and its objectives in the context of TechRisk Management
    + TechRisk Myth Busters:

    1. Not just about technology
    2. Management vs. Mitigation
    3. Processes vs. Function
    4. Risk or Compliance team’s job
    5. Cybersecurity team’s job
    6. Positive vs negative risk management

  • + The Role of a TechRisk Management in an organisation
    + Expressing TechRisk assessment and acceptance criteria in business terms
    + Establishing effective risk governance – roles, responsibilities, and authorities (incl 3LOD)
    + Skills, knowledge, and competence requirements for TechRisk Management
    + Introduction to risk management processes
    + Using a TechRisk Management Framework (TRMF) to manage TechRisk Capabilities and Processes
    + Establishing effective risk governance – roles, responsibilities, and authorities (incl 3LOD)
    + Assigning risk and control ownership
    + The role and composition of a TechRisk Function
    + Integration of TechRisk Management with Enterprise Risk Management as well as Cybersecurity Risk Management

  • + Identifying ‘key’ risk scenarios
    • Understanding the business and its systems and processes
    • Aligning ‘key’ risk scenarios with business objectives (e.g., using the Top-down and Bottom-up approach and Bow-tie model)

    + Assessing risks
    • Understanding inherent, current, and residual risk states
    • Controls assessment techniques
    • Quantitative and qualitative risk assessment

    + Evaluating and treating risks
    • Evaluating risks for acceptance or treatment
    • Identifying and selecting risk response options
    • Assigning risk and control ownership
    • Using a capabilities framework
    • Risk treatment prioritisation

    + Risk reporting and monitoring
    • Monitoring risks with KRIs
    • Risk reporting techniques and pitfalls (including risk aggregation, heat maps)

  • + 50-minute duration
    + 50 multiple choice questions (MCQ)
    + 60%+ score to pass (i.e., 30 or more correct answers required to pass from 50 available MCQ)
    + Paper-based closed book exam

For bookings or further information, call our Registration Desk on +61 410 379 407.

Training backed by experience

Our trainers have extensive experience in developing and delivering TechRisk Management capabilities with organisations of all sizes. They will facilitate interactive sessions during this training where participants are encouraged to discuss and explore their TechRisk management challenges and build potential solutions.

Our Trainers:


If you’d like to discuss our TechRisk Management Foundation training, please contact Paras Shah on +61 420 978 258. For bookings, please contact our registration desk on +61 410 379 407‬.