Compliance and Compliance Risk Management

An RMIA Virtual Course in partnership with The Protecht Group.


This course covers both Compliance Management and Compliance Risk Management. The focus is on the development of an efficient risk-based approach to compliance management and what that means in practice from recording compliance obligations to setting up a risk-based approach to monitoring compliance. The management of compliance risk is also covered using an ERM framework.

The course also covers the ISO 19600 standard and aligns the concepts to this standard.

Course Overview

1.  Defining Compliance, Compliance Management and Compliance Risk Management

  • Defining compliance risk
  • Using Bow Tie analysis
  • Cause, Event, Impact for compliance risk
  • Compliance controls: Preventive, Detective, Reactive Controls
  • The relationship with operational risk.

2.  Compliance Management

  • Regulatory, contractual, internal compliance sources.
  • Creating plain English compliance obligations from compliance mandates
  • Managing a mandates and obligations library
  • Risk assessing obligations
  • Preparing the business to meet obligations: Process, People, Systems, Products

3.  Compliance Risk Management

  • The ISO 19600 standard.
  • A risk-based approach to compliance.
  • Developing a compliance risk management framework
  • Ensuring ongoing compliance with obligations -  The tools.
  • Compliance risk management tools including Risk Assessment, Stress Testing, Key Risk Indicators, Controls Assurance, Breach management and Change Management
  • Roles and Responsibilities.

4.  Risk Appetite for Compliance

  • What is risk appetite for compliance risk?
  • Setting an appetite for compliance risk
  • What does “zero-appetite / tolerance” mean?

5.  Risk and controls self assessment

  • Incorporating compliance risk into the self-assessment process
  • Example of a compliance risk self assessment
  • Carrying out compliance risk stress testing

6.  “Change” -  Delivered risk management

  • Internal and External changes
  • Risk Managing external regulatory change
  • Risk Managing internal systems, process, people, product changes

7.  Key Risk Indicators (KRIs)

  • Identifying KRIs for compliance risk
  • Determining thresholds for compliance KRIs
  • The KRI process

8.  Controls Assurance

  • Identifying key controls for compliance risk
  • Obtaining assurance over key controls.
  • Controls testing and developing a test plan

9.  Compliance breach management

  • Defining a compliance breach
  • Identifying a compliance breach
  • Developing a process for breach management
  • Meeting external requirements
  • Setting up and managing a breach register

10.  Reporting for compliance management

  • External vs. Internal reporting
  • Reporting using Business Intelligence tools
  • Defining your reports
  • The reporting process

11.  Where to next?

  • The future of compliance risk management
  • RegTech and how can you use it?
  • Continuous monitoring and data analytics

Learning Objectives

  • An in-depth understanding of the objectives and scope of compliance management and compliance risk management
  • A deep understanding of compliance risk using bow tie analysis
  • The knowledge and skills to develop and manage a compliance obligations library
  • An appreciation of the process to prepare the business’s process, people, systems and products to ensure compliance readiness
  • An understanding of the ISO 19600 standard on Compliance Management Systems
  • An in-depth understanding of what a risk-based approach to compliance means
  • An understanding of the various tools available for compliance risk management
  • The ability to understand and develop a risk appetite for compliance risk
  • An appreciation of the benefits of aligning compliance risk management with operational risk management
  • An in-depth knowledge of how to apply risk assessments, key risk indicators, controls assurance and change risk management to compliance risk
  • The ability to produce quality and meaningful compliance risk report.

Format of the Course

This course is delivered in an entirely online COVID-Safe format. The course is a total of six (6) hours delivered in four 90-minute sessions via Zoom.

TRAINERDavid Tattam from The Protecht Group

Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. David is the founder and current Director Research and Training for the Protecht Group, an Australian firm specialising in risk management software, consulting, advisory and training to a wide range of clients both locally and overseas. His career includes many years working with PwC, as well as two international banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB). David’s passion is risk training, having developed numerous risk courses and trained many thousands over the past 2 decades. Protecht celebrated its 21st year in 2020.

INVESTMENT: $715.00 incl.GST for Members

$858.00 incl. GST for Non-Members

CPD: 12 points

For Group Bookings please email or call 0430 157 508.

To register for this event go to Upcoming Events for current courses available.