TARGET AUDIENCE: The course will be of direct benefit to anyone whose job involves designing or specifying business systems, processes, business rules and procedures, or managing information systems effort in the organisation. Typical delegates include business analysts, project managers, users, steering committee members, process modelers, managers and analysts, quality and risk managers, auditors and knowledge managers. The course is not sufficient for delegates whose core function is risk management, such as auditors or specialist risk managers, although it will serve as an introduction to those topics. Instead it is best suited for delegate for whom an understanding of risk will add value to the quality of the work that they deliver.
COURSE CATEGORY: Business and Systems Analysis
COMMENTS FROM PAST DELEGATES
Great interaction between participants and very realistic case studies
I now have a process which I can apply as a tool to assist me
The course covered advanced concepts with advanced candidates
The content was excellent and pitched at the correct target audience
Very useful well presented
Practical advice and good procedures to follow to identify, document risk and record mitigating actions
Challenging and thought provoking
Information Systems Risk Management
Develop vital risk management skills that will help you reduce the negative business impacts caused by weaknesses in your organisation’s information systems and processes
With the modern worlds increasing dependence on technology-based information systems, the implications of system failure can be profound. Revenue loss, inconvenience, damage to company image, a decline in productivity and complete closures are only some of the possible consequences which can result.
Often companies focus major effort in reducing risks such as fraud or network security breaches but fail to adequately consider the more common risks such as processing errors, information integrity loss and performance issues. Companies also need to encourage an enterprise-wide risk culture
This course focuses on those risks related to the use of information systems in the enterprise and emphasizes that intrinsic controls and risk prevention measures can be designed into systems and processes from the outset.
- Understand and articulate the risks to business from the deployment of information systems
- Be able to describe the risk management landscape
- Describe the importance of identifying and managing IS-related risk and security issues in organisations
- Develop strategies for IS risk management,
- Recognise the relevance of both human and organisational factors to IS risk
- Be able to conduct a systems risk assessment and identify controls and measures for risk mitigation and management
The course comprises instructor-led training, supplemented by readings, exercises and practical group work.
There are no formal assessments (exams, tests, presentations etc.) for this course. However, to earn a certificate of attendance, delegates will be required to:
- attend both course days,
- actively participate in exercises and discussion workshops.
Risk Management Concepts.
Components of risk and related constructs, The typical risk management process
Risk Management in the enterprise
Why it is important for organisations to consider risk; Impact of human and organisational factors on risk identification and management; The implications of empowerment, autonomy, decentralisation and organisational culture
Risk Mitigation Measures/ Controls design
The concept of layered control strategies, including the concepts of physical, procedural and embedded control; Business Continuity Management (BCM)
Focus on Information Systems Risks
Taxonomies of IS Risk; Identifying and managing common IS risks, Conducting a Risk assessment; Identify prevention methods; Key types of IS controls including batching, access control, validation, etc
Focus on Fraud and economic crimes
Risks that flow from information abuse, including identity theft, phishing, disclosure, spam, etc. Key controls for preventing economic fraud.
Past candidates have been drawn from a wide variety of backgrounds. However, the more practical work experience a delegate has, and the more involved they are in the implementation of information systems projects, the more benefit they will derive from the course.
Faculty Training Institute holds the following institutional accreditations
- Provisionally accredited as an Education and Training Provider with the MICT Seta (ACC/2010/00/601)
- A Registered Education Provider (REP 2841) with the Project Management Institute (PMI ).
- A Member of the Information Technology Association of South Africa