Controls Design and Controls Assurance
Controls Design and Controls Assurance
Your internal control framework and individual controls are the front line in managing your risks, yet they are often misunderstood, neglected and operating inefficiently and ineffectively.
This workshop is focussed on providing a deep understanding of controls to enable optimally designed controls to be implemented to achieve maximum effect for minimum cost.
Once we are comfortable that we have a well-designed controls framework, we need to gain assurance that our key controls are working effectively. Having a robust controls assurance function is key. The workshop will take you through best practice in controls assurance to allow you to benchmark your existing process or assist in building an effective and efficient function.
1. WHY? Operational Risk Management and Controls as Enablers
- The Why? of Risk Management and controls – what are the value adds?
- The key objectives – Protection, Enabling the pursuit of opportunity, supporting decision making, Compliance and a licence to operate.
- Risk management to Outcome management, Controls to Enablers?
2. WHAT? Understanding Risk and Risk Treatments
- The starting point – Objectives and Critical Processes
- Components of Risk: Root Causes, Risk Events, Failed Critical Processes, Impacts.
- Risk Bow Tie Analysis
- Case Study: Developing a Risk Bow Tie
- Measuring risk: Likelihood and Impact
- Inherent and Residual Risk
3. WHAT? Understanding Risk Treatment and Controls
- Risk treatment types (Accept, Transform, Improve Controls, Transfer, Avoid, Reduce Controls)
- Defining controls
- What are and what are not controls? Part of the furniture vs. Controls.
- Critical, Key and Non-key controls
4. WHAT? Types of Control
- Types of control and how each work
- Reactive / Corrective
- Case Study: Adding controls to the risk bow tie.
- Defining a control type categorisation framework
- Controls Taxonomy
5. HOW? How Controls Modify Risk
- How controls modify the likelihood and impact of a risk
- The unintended side effects of controls – additional risk created by the control.
- Viewing a single control
- Viewing a control cluster – all controls over a risk
- Effectiveness of multiple controls and how they work together
- Dependent controls – those that are dependent on other controls
6. HOW? Designing Effective Controls
- What makes an effective control?
- Features that should be considered in building a strong control.
- Splitting the features into Design features and Operating features
- Control objectives – articulating plain English objectives
- Identifying the control key design features
- Assessing the balance between cost and benefit
- What is the “cost” of a control? ($, Time, Impact on Objective, Additional Risk)
- Identifying Characteristics to consider in assessing operating effectiveness
- Implications for manual and automated controls
7. HOW? Controls Monitoring and Controls Assurance
- Components of controls assurance
- Control Objectives
- Design Effectiveness
- Operating Effectiveness
- Overall Effectiveness
- Designing a test plan
- Conducting controls testing: Sampling, Acceptable Results
8. HOW? Reporting
- Reporting for controls
- Providing controls assurance through reporting
- Escalation, Response and Issues and Action Management
9. WHO? Control Ownership, Responsibilities and Accountabilities
- Reinforcing the three lines of defence
- Ownership, Accountability and Responsibility for Controls
- Building a strong control culture
10. Takeaways and Follow-Ups
Format of the Course
This course is delivered in an entirely online COVID-Safe format. The course is a total of six (6) hours delivered in four 90-minute sessions.
TRAINER: David Tattam from The Protecht Group
Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. David is the founder and current Director Research and Training for the Protecht Group, an Australian firm specialising in risk management software, consulting, advisory and training to a wide range of clients both locally and overseas. His career includes many years working with PwC, as well as two international banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB). David’s passion is risk training, having developed numerous risk courses and trained many thousands over the past 2 decades. Protecht celebrated its 21st year in 2020.
DATES & TIMES - THE SESSIONS:
Session 1 12:30pm - 2:00pm AEST - Tuesday, 24th May 2022
Session 2 12:30pm - 2:00pm AEST - Wednesday, 25th May 2022
Session 3 12:30pm - 2:00pm AEST - Tuesday, 31st May 2022
Session 4 12:30pm - 2:00pm AEST - Wednesday, 1st June 2022
AEST = UTC +10:00
INVESTMENT: $715.00 incl.GST for Members
$858.00 incl. GST for Non-Members
CPD: 12 points
When you register for this course you agree to the RMIA passing your registration details onto our Training Partner, The Protecht Group.
For Group Bookings please email email@example.com or call 0430 157 508.
The time on your ticket when issued is the RMIA server timezone and may differ to the time of the event in your timezone. Please check this registration page for correct TIMEZONE and ACTUAL SESSION TIMES.
Registration for each session will close 24 hours prior to the event when final Zoom invitation details will be sent, we cannot guarantee receipt of the Zoom invitation details after this time.