Education / Course Details
AI Governance & Risk Management
Master the principles of responsible AI governance and risk management to safeguard your organisation in a rapidly evolving digital landscape
About this course
Artificial intelligence holds extraordinary potential to transform how organizations operate and deliver value to stakeholders—but only if it is governed and managed effectively. Whether you are a risk professional integrating AI into enterprise frameworks or a technology leader responsible for AI initiatives, this course equips you with the structures, processes, and tools to harness innovation safely and confidently.
Course specifics
Audience: Chief Risk Officers, Technology Based Risk Professionals, AI Governance or Ethics Lead, Data Governance or Privacy Officers
Cost: $770.00 (members), $990.00 (non-members)
Facilitator: The Protecht Group
Format: On-Demand
Time: 5.5 hours of video content
Approximately 6.5 hours for the whole course
CPD Points: 6
Course Facilitator:
The Protecht Group
Course details
Through relatable stories, real-world examples and case studies, you’ll learn how to design and implement AI governance, integrate AI risk into your enterprise risk management processes, and apply controls that protect your organization while enabling opportunity. We cover the full AI lifecycle—from strategy and design, to deployment, monitoring, and continual improvement—ensuring you can provide assurance to both internal and external stakeholders that AI is used responsibly.
Our trainers David Tattam – Chief Research & Content Officer, Michael Howell – Head of Risk Research & Knowledge provide you with a complete, ready-to-use toolkit to embed robust AI governance and risk management in your organisation, aligned with emerging regulations, industry standards, and best practice.
Key topics covered:
1. The Need for AI Governance and Risk Management
Introductory definitions
How governance and risk management work together
Effect of poor governance
Overview of the global regulatory landscape
Speed of change
2. Defining AI
A brief history of artificial intelligence
The broad types of AI
A focus on Large Language Models and agentic AI
3. Defining AI Risks
Definitions of risk, AI risk, and AI risk management
How Ai relates to organizational objectives
Differentiating AI-related strategic risk and operational risk
Breaking risk into its key components using risk bow tie analysis
Exploring AI-specific risks
How AI fits into a risk taxonomy
4. Defining AI Controls
Definition of controls
7 treatment methods to manage AI risk
How to map controls to components of risk
The use of AI-related control frameworks and standards
Contrasting compliance and risk, and handling controls that aren’t control
5. AI Governance and Risk Management Frameworks & Processes
Applying ISO 31000 steps to AI risk management
Applying an Enterprise Risk Management Framework to AI
Aligning AI-specific frameworks to Enterprise Risk Management frameworks
Common risk management processes applied to AI
6. AI Risk Appetite
Setting appetite for objectives and risks
Setting risk appetite for AI
Qualitative and quantitative risk appetite
How to use risk appetite
7. AI Governance & AI Policy
Why you need an AI policy
Key elements to consider in your AI policy
An AI policy toolkit
Tailoring to your organization
8. AI Risk Assessment
Stages of a risk assessment
An overview of risk assessment techniques
Impact assessment versus risk assessment
· The difference between impact assessment and risk assessment
· Key considerations for an impact assessment
· Integrating impact assessment into risk assessment
Scoping the risk assessment
Analysing risk
· Understanding risk and control using bow ties
· Assessing level of risk using qualitative, semi-quantitative or quantitative approaches
Considering inherent risk, residual risk, and the effect of controls
Evaluating risk assessment against risk appetite
Considering alignment with NIST AI RMF
9. AI Risk Metrics
The purpose of risk metrics
The types of risk metrics
Characteristics of good metrics and pitfalls to avoid
Defining zones and thresholds
A practical risk metrics process to collect and collate risk information
How to use metrics for escalation, reporting and response
An AI risk metrics library
10. AI Controls Management
The need for controls assurance
Difference between governance controls and technical controls
Documenting controls information
Mapping control frameworks
· Mapping controls you apply to external frameworks and standards
· Challenges and approaches to mapping multiple frameworks
Control testing versus controls assessment
A control testing process
· Importance of Control objectives
· Assessing design effectiveness
· Assessing operating effectiveness
Controls assessment over a group of controls
Considering automated controls
Applying outcomes of controls management activities
A Control library and testing template
11. AI Governance & Risk Management Reporting
The purpose of reporting
Main types of reports
What to report
Considering stakeholders
Collecting data for reporting
Report examples
12. Integrating with Enterprise Risk Management
Benefits of integration
Integrating AI risk processes within the ERMF ‘House’
Managing Risk In Change related to AI initiatives
AI Compliance Management
Integrating AI into an Operational Resilience framework
Third Party Risk Management & AI
Alignment with Model Risk Management
13. Responsibility for AI Governance & Risk Management
Governance structures
Everyone as a risk manager
The Three Lines Model
Enabling your frontline through AI Literacy
Key behaviors that support strong risk culture
Learning outcomes:
Design and implement AI governance structures and policies that align with enterprise risk frameworks, ensuring responsible oversight across strategy, deployment, monitoring, and continuous improvement.
Identify, assess, and manage AI-specific risks, including strategic and operational risks, using methodologies like bow‑tie analysis, distinguishing between inherent and residual risks, and setting risk appetite thresholds.
Apply appropriate risk controls and assurance methods, mapping technical and governance controls to risk components, leveraging control frameworks and testing for design and operational effectiveness.
Develop and use AI risk metrics and reporting mechanisms, defining meaningful metrics, thresholds, and escalation channels to monitor risk and provide assurance to stakeholders.
Embed AI risk management within broader enterprise frameworks, including compliance, operational resilience, third-party/vendor risk, model risk, and the three‑lines‑of‑defence, while fostering an AI-literate risk culture.