AI Governance & Risk Management

Through relatable stories, real-world examples and case studies, you’ll learn how to design and implement AI governance, integrate AI risk into your enterprise risk management processes, and apply controls that protect your organization while enabling opportunity. We cover the full AI lifecycle—from strategy and design, to deployment, monitoring, and continual improvement—ensuring you can provide assurance to both internal and external stakeholders that AI is used responsibly.

Our trainers David Tattam – Chief Research & Content Officer, Michael Howell – Head of Risk Research & Knowledge provide you with a complete, ready-to-use toolkit to embed robust AI governance and risk management in your organisation, aligned with emerging regulations, industry standards, and best practice.

Key topics covered:

1.  The Need for AI Governance and Risk Management

• Introductory definitions

• How governance and risk management work together

• Effect of poor governance

• Overview of the global regulatory landscape

• Speed of change

2. Defining AI

• A brief history of artificial intelligence

• The broad types of AI

• A focus on Large Language Models and agentic AI

3. Defining AI Risks

• Definitions of risk, AI risk, and AI risk management

• How Ai relates to organizational objectives

• Differentiating AI-related strategic risk and operational risk

• Breaking risk into its key components using risk bow tie analysis

• Exploring AI-specific risks

• How AI fits into a risk taxonomy

4.  Defining AI Controls

• Definition of controls

• 7 treatment methods to manage AI risk

• How to map controls to components of risk

• The use of AI-related control frameworks and standards

• Contrasting compliance and risk, and handling controls that aren’t control

5.  AI Governance and Risk Management Frameworks & Processes

• Applying ISO 31000 steps to AI risk management

• Applying an Enterprise Risk Management Framework to AI

• Aligning AI-specific frameworks to Enterprise Risk Management frameworks

• Common risk management processes applied to AI

6.  AI Risk Appetite

• Setting appetite for objectives and risks

• Setting risk appetite for AI

• Qualitative and quantitative risk appetite

• How to use risk appetite

7.  AI Governance & AI Policy

• Why you need an AI policy

• Key elements to consider in your AI policy

• An AI policy toolkit

• Tailoring to your organization

8.  AI Risk Assessment

• Stages of a risk assessment

• An overview of risk assessment techniques

• Impact assessment versus risk assessment

·     The difference between impact assessment and risk assessment

·     Key considerations for an impact assessment

·     Integrating impact assessment into risk assessment

• Scoping the risk assessment

• Analysing risk

·    Understanding risk and control using bow ties

·    Assessing level of risk using qualitative, semi-quantitative or quantitative approaches

• Considering inherent risk, residual risk, and the effect of controls

• Evaluating risk assessment against risk appetite

• Considering alignment with NIST AI RMF

9.  AI Risk Metrics

• The purpose of risk metrics

• The types of risk metrics

• Characteristics of good metrics and pitfalls to avoid

• Defining zones and thresholds

• A practical risk metrics process to collect and collate risk information

• How to use metrics for escalation, reporting and response

• An AI risk metrics library

10.  AI Controls Management

• The need for controls assurance

• Difference between governance controls and technical controls

• Documenting controls information

• Mapping control frameworks

·     Mapping controls you apply to external frameworks and standards

·     Challenges and approaches to mapping multiple frameworks

• Control testing versus controls assessment

• A control testing process

·    Importance of Control objectives

·    Assessing design effectiveness

·     Assessing operating effectiveness

• Controls assessment over a group of controls

• Considering automated controls

• Applying outcomes of controls management activities

• A Control library and testing template

11.  AI Governance & Risk Management Reporting

• The purpose of reporting

• Main types of reports

• What to report

• Considering stakeholders

• Collecting data for reporting

• Report examples

12. Integrating with Enterprise Risk Management

• Benefits of integration

• Integrating AI risk processes within the ERMF ‘House’

• Managing Risk In Change related to AI initiatives

• AI Compliance Management

• Integrating AI into an Operational Resilience framework

• Third Party Risk Management & AI

• Alignment with Model Risk Management

13. Responsibility for AI Governance & Risk Management

• Governance structures

• Everyone as a risk manager

• The Three Lines Model

• Enabling your frontline through AI Literacy

• Key behaviors that support strong risk culture