Training Module
Auditing Risk & Opportunity Management
Assess traceability and consistency between context, risks, controls, objectives, and risk-based decisions
Training Module
Auditing Risk & Opportunity Management
Assess traceability and consistency between context, risks, controls, objectives, and risk-based decisions
Training Module
Auditing Risk & Opportunity Management
Assess traceability and consistency between context, risks, controls, objectives, and risk-based decisions
Move from checking a risk register to judging the quality of risk-based decisions
In many organisations, “risk-based thinking” is documented but not operational. This module equips auditors to follow the audit trail from context to decisions and to judge whether risk and opportunity management actually steers priorities and controls.
Move from checking a risk register to judging the quality of risk-based decisions
In many organisations, “risk-based thinking” is documented but not operational. This module equips auditors to follow the audit trail from context to decisions and to judge whether risk and opportunity management actually steers priorities and controls.
Move from checking a risk register to judging the quality of risk-based decisions
In many organisations, “risk-based thinking” is documented but not operational. This module equips auditors to follow the audit trail from context to decisions and to judge whether risk and opportunity management actually steers priorities and controls.
Training module overview
Training module overview
Training module overview
Risk and opportunity management is often treated as a compliance artefact: a register exists, terminology looks correct, and periodic updates are logged. Yet links between context, risks, controls, objectives, and real operational decisions are frequently weak. Audits then drift into form checks, missing the core question: does risk and opportunity management meaningfully influence decisions and resource allocation?
This cross-standard audit add-on strengthens auditor judgement for assessing completeness, traceability, and consistency across the system. It is strictly an audit lens: it does not teach risk management methods and it does not re-teach audit craft as these topics are covered by other modules.
Risk and opportunity management is often treated as a compliance artefact: a register exists, terminology looks correct, and periodic updates are logged. Yet links between context, risks, controls, objectives, and real operational decisions are frequently weak. Audits then drift into form checks, missing the core question: does risk and opportunity management meaningfully influence decisions and resource allocation?
This cross-standard audit add-on strengthens auditor judgement for assessing completeness, traceability, and consistency across the system. It is strictly an audit lens: it does not teach risk management methods and it does not re-teach audit craft as these topics are covered by other modules.
Applicable environments
This module is intended for auditors working with organisations operating a management system based on an ISO standard following the high-level structure such as ISO 9001, ISO 14001, ISO 22301, ISO/IEC 27001, ISO/IEC 27701 or ISO/IEC 42001. It focuses on requirements shared by these ISO standards.
Target audience
Target audience
Target audience
Aspiring auditors who want to audit management systems following best practices
Practising management system auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Aspiring auditors who want to audit management systems following best practices
Practising management system auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Decision support
Is this module for you?
It is a good fit if you…
audit whether risks and opportunities drive real decisions.
need to trace links from context to controls and objectives.
want to assess consistency across registers, actions, and outcomes.
aspire to judge decision quality, not register completeness.
audit risk-based thinking across different ISO standards.
audit whether risks and opportunities drive real decisions.
need to trace links from context to controls and objectives.
want to assess consistency across registers, actions, and outcomes.
aspire to judge decision quality, not register completeness.
audit risk-based thinking across different ISO standards.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
want to learn risk assessment methods or models.
focus on implementing risk management processes.
expect clause-by-clause compliance checklists.
already audit risk-based decision-making at a high maturity.
want to learn risk assessment methods or models.
focus on implementing risk management processes.
expect clause-by-clause compliance checklists.
already audit risk-based decision-making at a high maturity.
Agenda
Agenda
Agenda
What “good auditing” of risks and opportunities looks like
Risk identification completeness and coverage logic
Traceability: building and testing the audit trail
Consistency checks across the system
Judging decision quality (not risk theory)
Case-based audit simulation
Show detailed agenda...
What “good auditing” of risks and opportunities looks like
Risk identification completeness and coverage logic
Traceability: building and testing the audit trail
Consistency checks across the system
Judging decision quality (not risk theory)
Case-based audit simulation
Show detailed agenda...
What “good auditing” of risks and opportunities looks like
Risk identification completeness and coverage logic
Traceability: building and testing the audit trail
Consistency checks across the system
Judging decision quality (not risk theory)
Case-based audit simulation
Show detailed agenda...
Learning outcomes
Learning outcomes
Learning outcomes
Key outcomes
Test whether risk and opportunity identification is complete and systematically covered for the audit scope
Build and execute a traceability-based evidence trail from context inputs to risks, controls, objectives, and operational reality
Identify and prioritise high-value sampling targets for risk and opportunity management audits
Test whether risk and opportunity identification is complete and systematically covered for the audit scope
Build and execute a traceability-based evidence trail from context inputs to risks, controls, objectives, and operational reality
Identify and prioritise high-value sampling targets for risk and opportunity management audits
Additional capabilities
Detect common failure modes and substantiate them with evidence
Judge whether risk-based decisions are credible, explained, and consistently applied
Distinguish issues that belong in risk and opportunity management vs those better handled through other audit add-ons
Detect common failure modes and substantiate them with evidence
Judge whether risk-based decisions are credible, explained, and consistently applied
Distinguish issues that belong in risk and opportunity management vs those better handled through other audit add-ons
Additional benefits
Additional benefits
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Risk and opportunity audit trail map (context → risks/opportunities → controls/actions → objectives → evidence)
Completeness and coverage checklist (scope-appropriate prompts)
Traceability testing worksheet (claims, links, evidence, judgement notes)
Red-flag pattern library for “paper risk management” and inconsistent system logic
AI prompt set for summarising risk registers and spotting inconsistencies (supports judgement; does not replace it)
Risk and opportunity audit trail map (context → risks/opportunities → controls/actions → objectives → evidence)
Completeness and coverage checklist (scope-appropriate prompts)
Traceability testing worksheet (claims, links, evidence, judgement notes)
Red-flag pattern library for “paper risk management” and inconsistent system logic
AI prompt set for summarising risk registers and spotting inconsistencies (supports judgement; does not replace it)
Confirmation
Certificate of completion
Module ID
HAM-AG-A-02
Domain
Audience
Auditor
Language
English
Delivery
Live virtual
Duration
3 h
List price
CHF 250
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Delivery & learning format
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
Not sure if this module is right for you?
Not sure if this module is right for you?
Not sure if this module is right for you?
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes participants can already audit using evidence and professional judgement and can work with typical management system artefacts. It does not teach generic audit technique or generic risk method.
Helpful background includes:
Ability to plan and perform an audit using evidence logic and sampling
Familiarity with how organisations document and maintain risks, actions, and controls
Basic understanding that ISO management system standards expect risk- and opportunity-based thinking (without clause study)
This module assumes participants can already audit using evidence and professional judgement and can work with typical management system artefacts. It does not teach generic audit technique or generic risk method.
Helpful background includes:
Ability to plan and perform an audit using evidence logic and sampling
Familiarity with how organisations document and maintain risks, actions, and controls
Basic understanding that ISO management system standards expect risk- and opportunity-based thinking (without clause study)
Preparatory modules
Foundational modules (depending on background)
Useful if you are new to the underlying concepts or want a shared baseline before attending this module.
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Supporting modules (optional)
Helpful if you want to deepen related skills, but not required to participate effectively.
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
After completion of this module, the following modules are ideal to further deepen your competence. If you are looking for a structured learning path, modules can also be taken as part of a professional track.
Auditing Privacy Risk & Controls (PIMS)
Audit data subject risk logic, lawful basis and purpose limitation, and rights handling effectiveness under ISO/IEC 27701
Duration
3 h
List price
CHF 300
View module
Auditing Privacy Risk & Controls (PIMS)
Audit data subject risk logic, lawful basis and purpose limitation, and rights handling effectiveness under ISO/IEC 27701
Duration
3 h
List price
CHF 300
View module
Auditing Privacy Risk & Controls (PIMS)
Audit data subject risk logic, lawful basis and purpose limitation, and rights handling effectiveness under ISO/IEC 27701
Duration
3 h
List price
CHF 300
View module
Auditing AI Risk & Impact Management
Understand how to audit harm, impact, and risk reasoning, intended use alignment, and decision documentation in an ISO/IEC 42001 AI management system
Duration
3 h
List price
CHF 250
View module
Auditing AI Risk & Impact Management
Understand how to audit harm, impact, and risk reasoning, intended use alignment, and decision documentation in an ISO/IEC 42001 AI management system
Duration
3 h
List price
CHF 250
View module
Auditing AI Risk & Impact Management
Understand how to audit harm, impact, and risk reasoning, intended use alignment, and decision documentation in an ISO/IEC 42001 AI management system
Duration
3 h
List price
CHF 250
View module
Auditing ISMS Risk Management
Understand how to audit asset–threat–vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
3 h
List price
CHF 250
View module
Auditing ISMS Risk Management
Understand how to audit asset–threat–vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
3 h
List price
CHF 250
View module
Auditing ISMS Risk Management
Understand how to audit asset–threat–vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
3 h
List price
CHF 250
View module
Auditing Environmental Aspects & Impacts
Understand how to audit aspect identification, significance evaluation, and lifecycle perspective in an ISO 14001 environmental management system
Duration
3 h
List price
CHF 250
View module
Auditing Environmental Aspects & Impacts
Understand how to audit aspect identification, significance evaluation, and lifecycle perspective in an ISO 14001 environmental management system
Duration
3 h
List price
CHF 250
View module
Auditing Environmental Aspects & Impacts
Understand how to audit aspect identification, significance evaluation, and lifecycle perspective in an ISO 14001 environmental management system
Duration
3 h
List price
CHF 250
View module
Auditing Business Impact Analysis & Continuity Strategies
Assess BIA prioritisation, recovery objectives credibility, and continuity strategy alignment in ISO 22301 audits
Duration
3 h
List price
CHF 250
View module
Auditing Business Impact Analysis & Continuity Strategies
Assess BIA prioritisation, recovery objectives credibility, and continuity strategy alignment in ISO 22301 audits
Duration
3 h
List price
CHF 250
View module
Auditing Business Impact Analysis & Continuity Strategies
Assess BIA prioritisation, recovery objectives credibility, and continuity strategy alignment in ISO 22301 audits
Duration
3 h
List price
CHF 250
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.