Training Module
Training Module
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
Understand
Implement
Manage
Audit
Training module overview
Most organisations already have “some kind” of risk management, but it is often fragmented: different standards and teams use different scales, registers drift out of date, and treatment actions lose ownership. The result is inconsistent prioritisation and weak linkage between risks, controls, and improvement work.
This full-day foundation module shows how to build a simple, coherent risk and opportunity process that works across management systems. Participants learn practical criteria, a consistent register structure, and treatment planning that is reviewed and maintained over time. The module assumes that context, stakeholder expectations, and scope are defined elsewhere and used as inputs rather than re-taught here.
Most organisations already have “some kind” of risk management, but it is often fragmented: different standards and teams use different scales, registers drift out of date, and treatment actions lose ownership. The result is inconsistent prioritisation and weak linkage between risks, controls, and improvement work.
This full-day foundation module shows how to build a simple, coherent risk and opportunity process that works across management systems. Participants learn practical criteria, a consistent register structure, and treatment planning that is reviewed and maintained over time. The module assumes that context, stakeholder expectations, and scope are defined elsewhere and used as inputs rather than re-taught here.
Target audience
Management system implementers and coordinators
Quality, information security, environmental, HSE, continuity, and AI management roles
Risk and compliance professionals aligning risk practices with management system planning and control
Internal auditors assessing whether the organisation’s risk process is coherent and maintained (without audit technique training)
Management system implementers and coordinators
Quality, information security, environmental, HSE, continuity, and AI management roles
Risk and compliance professionals aligning risk practices with management system planning and control
Internal auditors assessing whether the organisation’s risk process is coherent and maintained (without audit technique training)
Agenda
What “risk and opportunity” means in management systems
Risk-based thinking as planning and prioritisation logic across standards
Common misunderstandings and “heatmap theatre” failure modes
Risk inputs and boundaries
Using existing context, stakeholder needs, obligations, and objectives as risk inputs
Practical categorisation of risks (strategic, operational, compliance) for clarity and ownership
A consistent risk process
Identify → analyse → evaluate → treat → monitor as a repeatable cycle
Defining roles, ownership, and minimal governance to keep the process usable
Risk criteria and comparability
Defining impact and likelihood so different teams apply them consistently
Thresholds and decision rules (including appetite) without complex modelling
Designing a useful risk register
Minimum fields for traceability: source, description, owner, cause, consequence, controls, rating, actions
Avoiding duplicates, “laundry lists”, and registers without decision linkage
Opportunities in practice
Treating opportunities as part of the same logic (not parallel paperwork)
When opportunity handling needs explicit ownership and follow-through
Risk treatment and action planning
Treatment options and when each makes sense (avoid, reduce, share, accept; exploit where relevant)
Turning treatments into actions: responsibilities, due dates, verification, and control linkage
Monitoring, review, and keeping it alive
Review cadence, triggers, escalation, and when to re-assess
Using risk information in routine planning and management review inputs
Digital and AI support (optional segment)
Tool support for registers, aggregation, and review preparation
AI-assisted summarisation and clustering as support to judgement (limits and safeguards)
. Workshop
Apply templates to a selected part of the participant’s environment
Identify pragmatic improvements to an existing risk practice
What “risk and opportunity” means in management systems
Risk-based thinking as planning and prioritisation logic across standards
Common misunderstandings and “heatmap theatre” failure modes
Risk inputs and boundaries
Using existing context, stakeholder needs, obligations, and objectives as risk inputs
Practical categorisation of risks (strategic, operational, compliance) for clarity and ownership
A consistent risk process
Identify → analyse → evaluate → treat → monitor as a repeatable cycle
Defining roles, ownership, and minimal governance to keep the process usable
Risk criteria and comparability
Defining impact and likelihood so different teams apply them consistently
Thresholds and decision rules (including appetite) without complex modelling
Designing a useful risk register
Minimum fields for traceability: source, description, owner, cause, consequence, controls, rating, actions
Avoiding duplicates, “laundry lists”, and registers without decision linkage
Opportunities in practice
Treating opportunities as part of the same logic (not parallel paperwork)
When opportunity handling needs explicit ownership and follow-through
Risk treatment and action planning
Treatment options and when each makes sense (avoid, reduce, share, accept; exploit where relevant)
Turning treatments into actions: responsibilities, due dates, verification, and control linkage
Monitoring, review, and keeping it alive
Review cadence, triggers, escalation, and when to re-assess
Using risk information in routine planning and management review inputs
Digital and AI support (optional segment)
Tool support for registers, aggregation, and review preparation
AI-assisted summarisation and clustering as support to judgement (limits and safeguards)
. Workshop
Apply templates to a selected part of the participant’s environment
Identify pragmatic improvements to an existing risk practice
Course ID:
HAM-RMF-1
Audience:
Auditor
Manager
Domain:
Agnostic
Available in:
English
Duration:
7 h
List price:
CHF 550
Excl. VAT. VAT may apply depending on customer location and status.
What you get
Learning outcomes
Explain how management system standards use risk and opportunity thinking in planning, operation, and improvement
Apply a repeatable risk process (identify, analyse, evaluate, treat, monitor) across multiple management systems
Define practical risk criteria (impact, likelihood, thresholds) that improve comparability across teams
Structure a risk register that keeps risks traceable to inputs, existing controls, owners, and actions
Integrate opportunities into the same working logic without creating unused parallel lists
Build risk treatment plans that translate into owned actions and are reviewed to completion
Recognise common failure modes and implement lightweight routines that keep risk information current
Explain how management system standards use risk and opportunity thinking in planning, operation, and improvement
Apply a repeatable risk process (identify, analyse, evaluate, treat, monitor) across multiple management systems
Define practical risk criteria (impact, likelihood, thresholds) that improve comparability across teams
Structure a risk register that keeps risks traceable to inputs, existing controls, owners, and actions
Integrate opportunities into the same working logic without creating unused parallel lists
Build risk treatment plans that translate into owned actions and are reviewed to completion
Recognise common failure modes and implement lightweight routines that keep risk information current
Learning materials
Slide deck
Participant workbook
Certificate of completion
One-page cross-standard risk process overview
Slide deck
Participant workbook
Certificate of completion
One-page cross-standard risk process overview
Templates & tools
Risk register template (traceability fields aligned to planning and review use)
Risk criteria and scoring guideline (impact/likelihood definitions, thresholds)
Risk and opportunity identification checklist (input sources and prompts)
Risk treatment and action plan template (owners, due dates, verification)
Risk review agenda and checklist (cadence, triggers, re-assessment prompts)
Optional AI prompt set for risk idea generation and clustering (supporting, not replacing judgement)
Risk register template (traceability fields aligned to planning and review use)
Risk criteria and scoring guideline (impact/likelihood definitions, thresholds)
Risk and opportunity identification checklist (input sources and prompts)
Risk treatment and action plan template (owners, due dates, verification)
Risk review agenda and checklist (cadence, triggers, re-assessment prompts)
Optional AI prompt set for risk idea generation and clustering (supporting, not replacing judgement)
Prerequisites
No formal prerequisites. This module assumes general familiarity with management system concepts and organisational processes.
Helpful background includes:
Basic understanding of how management systems are structured and maintained
Familiarity with roles, responsibilities, and operational decision-making
No formal prerequisites. This module assumes general familiarity with management system concepts and organisational processes.
Helpful background includes:
Basic understanding of how management systems are structured and maintained
Familiarity with roles, responsibilities, and operational decision-making
Strongly recommended preparatory modules
System Foundations: Context, Stakeholders, and System Boundaries
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations: Context, Stakeholders, and System Boundaries
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations: Context, Stakeholders, and System Boundaries
Understand organisational context, stakeholders, and system boundaries
7 h
Continuous learning
Follow-up modules
Follow-up modules
After completion of this module, the following modules are ideal to further deepen the participant's competence.
After completion of this module, the following modules are ideal to further deepen the participant's competence.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.