Duration 2 days – 14 hrs
Overview
This onsite training course provides a comprehensive understanding of enterprise risk management (ERM), internal controls, and compliance practices tailored to organizations in the Philippines. It covers risk identification, assessment, mitigation, monitoring, and reporting aligned with local regulatory expectations (e.g., BSP, SEC, COA, NPC, ISO standards, and governance frameworks). Participants gain hands-on tools to build strong risk management frameworks, design effective controls, and ensure operational resilience within their departments.
Objectives
- Understand key principles and frameworks of Enterprise Risk Management (ERM)
- Identify, assess, and prioritize risks using qualitative and quantitative tools
- Develop and implement effective risk mitigation strategies and internal controls
- Apply BSP, SEC, NPC/Data Privacy, and PH risk regulatory requirements
- Conduct risk monitoring, incident management, and control testing
- Build risk registers, RCSA (Risk & Control Self-Assessment), and control matrices
- Strengthen organizational resilience and improve governance
Audience
- Risk Management Officers / Analysts
- Internal Auditors
- Compliance Officers
- Operations & Process Managers
- IT/IS Governance & Security Teams
- Project Managers and Business Analysts
- Supervisors and Team Leaders
- Professionals involved in controls and governance
Pre- requisites
- Basic understanding of organizational workflows
- No prior risk management experience required
Course Content
Foundations of Risk Management & Controls
Introduction to Risk Management
- Definition of risk, issue, incident
- Risk categories in PH organizations
- Comparison of ERM frameworks: COSO ERM & ISO 31000
- Regulatory bodies influencing PH risk landscape: BSP, SEC, NPC, COA
Risk Governance in the Philippines
- Governance structure, roles & responsibilities
- Three Lines of Defense Model
- Embedding risk culture
- PH case studies: banks, fintech, government agencies
Risk Identification Techniques
- Process mapping, SWOT, interviews, KRIs
- Writing clear risk statements
- Identifying operational, financial, IT, compliance risks
- Workshop: Real-world PH scenarios (e.g., system outages, fraud, vendor issues)
Risk Assessment & Prioritization
- Likelihood and impact scoring
- Designing risk heat maps
- Risk appetite, risk tolerance
- Workshop: Build a team risk matrix
Controls, Monitoring, and Regulatory Compliance
Risk Treatment & Mitigation Strategies
- Avoid, reduce, transfer, accept
- Control categories: preventive, detective, corrective
- Designing effective controls
- Workshop: Control mapping activity
Internal Controls Framework (COSO)
- Control environment, control activities
- RCSA – Risk & Control Self-Assessment
- Documentation tools: risk registers, control matrix
- Common PH internal control findings and how to correct them
Compliance Requirements (PH Focus)
- BSP risk guidelines (Operational Risk, IT Risk, Cybersecurity)
- SEC Corporate Governance Code
- NPC Data Privacy and breach controls
- COA controls for government and LGU units
- AML/CFT brief (for PH financial entities)
Risk Monitoring & Reporting
- KRIs, control testing, monitoring templates
- Incident management and escalation procedures
- Internal audit findings tracking
- Building simple risk dashboards (Excel/Power BI samples)
Business Continuity, Disaster Preparedness & Resilience
- BCP essentials for PH companies
- Disaster risks (typhoons, earthquakes, power interruptions)
- Vendor and third-party risk management
- Crisis communication
Final Activity & Training Wrap-Up
- Group mini risk assessment presentation
- Review of best practices
- Q&A
