Managing Critical Controls - From 'Ticking the Box' to Effective Risk Management

An RMIA Virtual Course in partnership with Noetic Group

Are you tired of risk management that doesn’t add value?

Risk management is critical to effectively managing your organisation but takes time and commitment to get it right. We’ve all seen risk management practices that create a significant amount of documentation that doesn’t help decision-making. 

A lengthy and complex risk register can even give the false impression that risks are being managed effectively, when that is not always the case.

Are you worried that you don’t know the true effectiveness of you organisation’s controls? 

There can be a tendency for optimism bias when trying to assess the level of risk and the effectiveness of controls. It can be tempting to believe that a control is effective, despite having no evidence. Even as we have been dealing with COVID-19, we are still seeing examples of a ‘it won’t happen to me’ mentality.

Do you want to move away from lengthy risk plans and excel spreadsheets? 

You’re encouraged to come along to our course on the critical controls approach, which is fully aligned with the international ISO 31000 risk standard. 

This approach focuses on those risk controls considered critical to preventing unwanted risk events and mitigating their consequences if they do occur. These controls must be effective for the risk to be managed well and there must be evidence of their effectiveness. 
A traditional risk assessment might list 20 controls for a risk, but a closer inspection might show that 18 of those controls do very little to detect and prevent a risk event or mitigate its consequences.

Join us to explore an approach that helps ensure your leaders have the right risk information they need to make good decisions.

What the course will cover:

  • Challenges with Risk Management
  • The Critical Controls approach
  • Benefits of focusing on critical controls
  • Tools and techniques
  • Case studies
  • How this can be applied to different types of risks - Strategic, project and operational
  • Scenario discussions
  • Engaging with senior leaders on improving organisational decision making

Learning Objectives

  • Understand the critical control approach and how to apply it
  • Understand how to effectively use key tools, such as a risk bowtie
  • Understand how to apply the critical control approach to different types of risk
  • Learn techniques for engaging with senior leaders on improving risk management

Who should attend this course? 

  • Enterprise risk teams
  • Specialist risk teams
  • Everyone interested in managing risks more simply and effectively

Benefits of attending this course

  • It will help you describe risks to your senior executive, enabling them to focus their attention on what really matters
  • It will help you to reduce the number of unnecessary and unused risk documents and artifacts
  • It will help you be more successful by focussing your effort on ensuring that the critical risk controls are effective

Format of The Course

  • Pre-course
    • You will be sent some pre-course materials including a short video on the critical control approach and some factsheets one week prior to the first session. You will also be asked to fill out a short questionnaire about yourself, which will be shared with other participants. This will assist with networking in a virtual environment.
  • During the course
    • This course will be held via Zoom through two half-days (3.5 hours each). This will include use of the breakout room functions to simulate table group discussions.
  • After the course
    • You will be provided with additional templates and tools to assist you in applying the critical control approach.

About Noetic Group

Noetic is a professional services consulting firm with a head office in Canberra, and offices in Sydney and Washington DC. Noetic has provided risk management services to multiple clients over the years, including in federal and state government agencies in Australia as well as for oil, gas and mining sectors globally. For more information, visit their website.

This risk course will be facilitated by two of the following Directors or Consultants in the Noetic Group:

Peter Murphy, Matthew Tuohy and Brittany Corsini

Peter Murphy BA(Hons), MSc, MBA, Director and Co-founder, Noetic Group: Peter is former Australian Army Officer who co-founded the Noetic Group in 2001. He has worked with governments to establish regulatory authorities for offshore oil and gas in Australia, Timor Leste and Guyana.  In the aftermath of the Montara blowout (Australia’s worst oil spill) he led a team that oversaw implementation of the findings of the Commission of Inquiry. He subsequently led a group of specialists on behalf of the Federal and Territory governments that provided two years of oversight of the Ranger Uranium Mine after a significant spill inside one of Australia’s largest national parks. Peter has delivered training for regulators of major hazard facilities, mines, maritime safety, and offshore oil and gas. In addition to regulatory work, he has assisted on critical control management, safety strategy and its implementation for mining, and oil and gas companies in Australia, China and North America. This includes undertaking an audit on behalf of the Board of a global mining major on its process safety risks and the implementation of critical control management. Peter is currently working with two major Commonwealth Departments and a statutory agency to implement critical control management for enterprise and operational risks.

Matthew Tuohy, Senior Consultant: Matt has worked extensively with businesses to understand their risks and how they manage them. His background in the mining industry provides a strong understanding of business operate in high risk industries and with variable market conditions. In his time at Noetic, Matt has worked with companies, regulators and public sector agencies to clarify their risk management arrangement. He is effective at helping clients to develop systems that provide clear focus on how well risk is managed, to manage the change required to implement these systems and to build capability of senior leaders to sustain them.

Brittany Corsini, Consultant: Brittany has had a strong involvement in the communication and implementation of the Critical Control Approach throughout her time at Noetic. She has demonstrated her ability to provide guidance and advice regarding effective risk management practices through her project work with various government clients. Brittany has specific experience working with organisations to assess the risks associated with service delivery and business continuity. Her focus is on identify what controls are critical to successfully managing risk and providing fit-for-purpose, implementable solutions to complex enterprise challenges. 

Pricing (GST Inclusive)

RMIA Members: $1,287.00 Incl.GST

Non-Members: $1,430.00 Incl.GST

Group Bookings: For Group Bookings, please contact us via email on or by phone on 02 9095 2500.

Noetic Group Contact: If you have any questions, please email

Find the next MCC Event and REGISTER NOW!


"The Managing Critical Controls course was an enjoyable and concise course which provided the fundamentals for identifying and understanding critical controls, as well as providing guidance on how to structure assurance activities. Dannya and Liana were very knowledgeable presenters, who executed the material as well as being very accommodating to ensure they answered all questions.”

– Attendee from the Resources Sector