Protecht Controls

Controls Design and Controls Assurance

An RMIA Virtual Course in partnership with The Protecht Group.


Your internal control framework and individual controls are the front line in managing your risks, yet they are often misunderstood, neglected and operating inefficiently and ineffectively.

This workshop is focussed on providing a deep understanding of controls to enable optimally designed controls to be implemented to achieve maximum effect for minimum cost.

Once we are comfortable that we have a well-designed controls framework, we need to gain assurance that our key controls are working effectively. Having a robust controls assurance function is key. The workshop will take you through best practice in controls assurance to allow you to benchmark your existing process or assist in building an effective and efficient function.

Course Overview

1.     WHY? Operational Risk Management and Controls as Enablers

  • The Why? of Risk Management and controls – what are the value adds?
  • The key objectives – Protection, Enabling the pursuit of opportunity, supporting decision making, Compliance and a licence to operate.
  • Risk management to Outcome management, Controls to Enablers? 

2.     WHAT? Understanding Risk and Risk Treatments

  • The starting point – Objectives and Critical Processes
  • Components of Risk: Root Causes, Risk Events, Failed Critical Processes, Impacts.
  • Risk Bow Tie Analysis
  • Case Study: Developing a Risk Bow Tie
  • Measuring risk: Likelihood and Impact
  • Inherent and Residual Risk

3.     WHAT? Understanding Risk Treatment and Controls

  • Risk treatment types (Accept, Transform, Improve Controls, Transfer, Avoid, Reduce Controls)
  • Defining controls
  • What are and what are not controls? Part of the furniture vs. Controls.
  • Critical, Key and Non-key controls

4.     WHAT? Types of Control

  • Types of control and how each work
  •      Preventive
  •      Detective
  •      Reactive / Corrective
  •      Directive
  • Case Study: Adding controls to the risk bow tie.
  • Defining a control type categorisation framework
  • Controls Taxonomy

5.     HOW? How Controls Modify Risk

  • How controls modify the likelihood and impact of a risk
  • The unintended side effects of controls – additional risk created by the control.
  • Viewing a single control
  • Viewing a control cluster – all controls over a risk
  • Effectiveness of multiple controls and how they work together
  • Dependent controls – those that are dependent on other controls

6.     HOW? Designing Effective Controls

  • What makes an effective control?
  • Features that should be considered in building a strong control.
  • Splitting the features into Design features and Operating features
  • Control objectives – articulating plain English objectives
  • Identifying the control key design features
  • Assessing the balance between cost and benefit
  • What is the “cost” of a control? ($, Time, Impact on Objective, Additional Risk)
  • Identifying Characteristics to consider in assessing operating effectiveness
  • Implications for manual and automated controls

7.     HOW? Controls Monitoring and Controls Assurance

  • Components of controls assurance
  •      Control Objectives
  •      Design Effectiveness
  •      Operating Effectiveness
  •      Overall Effectiveness
  • Designing a test plan
  • Conducting controls testing: Sampling, Acceptable Results

8.     HOW?  Reporting

  • Reporting for controls
  • Providing controls assurance through reporting
  • Escalation, Response and Issues and Action Management

9.     WHO? Control Ownership, Responsibilities and Accountabilities

  • Reinforcing the three lines of defence
  • Ownership, Accountability and Responsibility for Controls
  • Building a strong control culture

10.   Takeaways and Follow-Ups

  • Q&A
  • Takeaways

Format of the Course

This course is delivered in an entirely online COVID-Safe format. The course is a total of six (6) hours delivered in four 90-minute sessions.

TRAINERDavid Tattam from The Protecht Group

Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. David is the founder and current Director Research and Training for the Protecht Group, an Australian firm specialising in risk management software, consulting, advisory and training to a wide range of clients both locally and overseas. His career includes many years working with PwC, as well as two international banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB). David’s passion is risk training, having developed numerous risk courses and trained many thousands over the past 2 decades. Protecht celebrated its 21st year in 2020.

PRICE: $715.00 incl.GST for Members

$858.00 incl. GST for Non-Members

CPD: 12 points

For Group Bookings please email or call 0430 157 508.

To register for this event go to Upcoming Events for current courses available.