Training Module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Overview
ISO management system standards require organisations to consider risks and opportunities when planning and operating their systems. In practice, many organisations maintain risk registers and periodic updates while links to decisions, priorities, and resource allocation remain weak.
This module develops the capability to audit whether risk and opportunity management meaningfully influences organisational decisions. Participants first review the core concepts of risk and opportunity management across management system standards and then learn how auditors test completeness, traceability, and credibility of risk-based decisions using operational evidence.
Applicable environments
This module is intended for auditors working with organisations operating a management system based on an ISO standard following the high-level structure such as ISO 9001, ISO 14001, ISO 22301, ISO/IEC 27001, ISO/IEC 27701 or ISO/IEC 42001. It focuses on requirements shared by these ISO standards.
Target audience
Aspiring auditors who want to audit management systems following best practices
Practising management system auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Decision support
Is this module for you?
Agenda
Foundations of risk and opportunity management in management systems
What effective auditing of risk and opportunity management looks like
Testing completeness of risk and opportunity identification
Building and testing the audit evidence trail
Detecting consistency gaps and false assurance patterns
Judging the credibility of risk-based decisions
Case-based audit simulation
Show detailed agenda...
Learning outcomes
Key outcomes
Assess whether risk and opportunity identification is complete and appropriate for the organisational context and audit scope
Trace risks and opportunities from context inputs to actions, decisions, and operational evidence
Judge whether risk and opportunity management credibly informs organisational priorities and decisions
Additional capabilities
Identify common failure patterns such as “paper risk management”, convenience-driven scoping, and unmanaged risk acceptance
Detect inconsistencies between risk registers, actions, decisions, and operational evidence
Select meaningful sampling targets when auditing risk and opportunity management
Formulate clear audit conclusions on the credibility and decision relevance of risks and opportunities
Materials
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Audit interview planning tool
Documented information checklist
Sampling tool
Audit analysis worksheets
Failure pattern library
Supporting AI prompt set
Confirmation
Certificate of completion
Module ID
HAM-AG-A-03
Discipline
ISO standard
Standard clause
6: Planning
Target audience
Public delivery
Live virtual
Duration
7 h
List price
CHF 550
Excl. VAT. VAT may apply depending on customer location and status.
Delivery
Live virtual delivery
This module is delivered live online and combines conceptual framing, discussion, case work and direct interaction with the instructor.
A public cohort is currently not scheduled. If you register your interest, we will notify you when a new public cohort is scheduled or suitable delivery options become available.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
For an optimal learning experience
Prerequisites & preparation
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes participants can perform basic audit activities and apply evidence-based judgement.
Helpful background includes:
General understanding of management systems and organisational structures
Ability to follow audit trails using documented information and operational evidence
Basic familiarity with how organisations document risks, actions, and decisions
Preparatory modules
Foundational modules (depending on background)
Useful if you are new to the underlying concepts or want a shared baseline before attending this module.
Supporting modules (optional)
Helpful if you want to deepen related skills, but not required to participate effectively.
