Training Module
Risk Management
Build the capability to surface, structure and act on risk while action is still possible
Overview
In many organisations, the most important risks are not invisible. They are already present in audit findings, operational workarounds, customer pressure, supplier dependencies, unresolved actions, and management review discussions. The problem is that they are often fragmented, tolerated, poorly structured, or escalated too late.
This module develops the practical judgement needed to make risk management useful in real management-system work. Participants learn how to turn messy inputs into clear risk structures, calibrate granularity, challenge weak scoring, distinguish treatment from acceptance, and prepare risk information that supports proportionate action, monitoring, escalation and governance decisions.
The module uses a realistic organisational case to let participants practise these judgements in context, without reducing risk management to templates, scoring exercises or compliance paperwork.
Applicable environments
This module is applicable across a wide range of management systems and organisational contexts. The concepts are not tied to a specific ISO standard and are used wherever organisations need clear, workable processes, defined ownership, and embedded controls.
It is commonly applied in quality, information security, environmental, and other ISO-based management systems, as well as in non-certified environments that require structured, auditable operations.
Target audience
Management system implementers and coordinators
Executives and department heads accountable for management system performance
Those responsible for processes, policies, assets, risks, and controls related to a management system
Auditors seeking insights into management-side best practice (not audit technique)
Management consultants working with management system design, governance, or improvement
Decision support
Is this module for you?
Agenda
Risk as Governance Work
Risk Inputs and Structuring
Process Reality, Ownership and Escalation
Granularity, Aggregation and Prioritisation
Criteria, Comparability and Uncertainty
Treatment, Controls and Acceptance
Reporting, Monitoring and Improvement
Show detailed agenda...
Learning outcomes
Key outcomes
Structure risk information from context, objectives, obligations, incidents, findings and operational signals
Analyse and prioritise risks using criteria, evidence confidence, uncertainty and proportionality
Translate risk analysis into treatment, monitoring, escalation or explicit acceptance decisions
Additional capabilities
Recognise when visible risks are fragmented, tolerated or escalated too late
Calibrate risk granularity for team, management and executive decision levels
Challenge vague risk statements, false precision and inconsistent scoring
Link risk treatment to controls, ownership, verification and residual exposure
Evaluate whether a documented risk process is working in practice and producing useful governance evidence
Materials
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Risk governance process, role model and register templates
Risk input, statement quality and criteria guides
Monte Carlo workbook for uncertainty and tail exposure
Treatment, verification and residual-risk decision templates
Executive risk picture, review checklist and AI-assisted prompts
Confirmation
Certificate of completion
Module ID
HAM-AG-C-07
Discipline
ISO standard
Standard clause
6: Planning
Open delivery
No dates currently scheduled
Dedicated delivery
Available on request
Duration
16 h
List price
Based on delivery format
Delivery & dates
Live virtual delivery
This module is delivered live online and combines conceptual framing, discussion, case work and direct interaction with the instructor.
A public cohort is currently not scheduled. If you register your interest, we will notify you when a new public cohort is scheduled or suitable delivery options become available.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
For an optimal learning experience
Prerequisites & preparation
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
No formal prerequisites. The module is designed to work as a standalone entry point into practical risk governance for management systems.
Helpful background includes general familiarity with organisational processes, roles, responsibilities and operational decision-making.
