Best Practice
Consultancy & Training
Effective Governance, Risk, and Compliance (GRC) related programmes
Comprehensive portfolio of public and in-house training programmes

Governance, Risk and Compliance Training Course

Training Topic: 
Anti-Bribery and Corruption
Training Framework/Standard: 

This comprehensive 2 day Course provides an overview and analysis of a range of public and commercially-oriented models, frameworks and methodologies in the Governance, Risk Management, Compliance and Information Security arenas. It furthermore investigates the legislative compliance imperatives applicable to South African organisations alternatively companies trading in South Africa.

Course Description

There are a range of models, frameworks, and methodologies available to both private and public organisations to help address enterprise risk management and compliance with legislative requirements. Despite the abundance of information at hand, there is still confusion amongst many professionals as to which model is best suited for their organisation or particular industry and which is not. 

There is furthermore a shortage of time or resources to research all these models, frameworks and methodologies and often a difficulty in grasping the key concepts that each has to offer. This workshop aims to empower the relevant employees in each organisation with an accurate summary of the major international standards and frameworks and expands on aspects of critical legislative compliance that impact an organisation’s methodologies to achieve comprehensive governance and risk management.

Key topics such as “records management,” “interception of communications,” “data privacy” and “electronic evidence procedures” will be discussed. The course further addresses the challenges of translating legislation into action steps by suggesting best practice and integration of legal compliance within new or existing risk and governance frameworks.

Course Agenda

Introduction to Governance Risk and Compliance

  • Introduction
  • Governance
  • Risk Management
  • Compliance Management
  • GRC Market Segmentation
  • Common GRC Focus Areas
  • IT GRC
  • Standards /Framework Landscape


Corporate Governance

  • Governance
  • Corporate Governance
  • The need for Governance
  • Link between Governance Principles and Law


Overview of Governance Guidelines, Frameworks and Standards

  • KING IV - Principles, Requirements
  • KING IV - IT Governance Framework 
  • KING IV -  Business Application
  • Ethical Leadership and Corporate Citizenship
  • Boards and Directors
  • Audit Committees
  • Governance of Risk
  • Governance of Information Technology
  • Compliance with Laws, Rules, Codes and Standards
  • Internal Audit
  • Governing Stakeholder Relationships
  • Integrated Reporting and Disclosure
  • Corporate Governance vs. IT Governance
  • COSO Internal Control Framework
  • ISO 38500
  • COBIT® 5
  • IT Service Level Management and ITIL® 2011
  • IT Service Level Management and ISO 20000
  • SAS 70
  • Business Continuity and ISO 22301
  • IT Continuity and ISO 27031
  • Information Security and ISO 27001/2
  • ISO 27000 Series
  • ISO 18043 – Selecting and operating an IDS
  • ISO 18028 – Security Techniques
  • Records Management and ISO 15489


Risk Management

  • Introduction to Risk
  • Risk Scenario Components
  • Risk Assessment, Risk Treatment,
  • Risk Management Process
  • Enterprise Risk Management
  • Risk Management Challenges

Overview of Risk Management Guidelines, Frameworks and Standards

  • Risk Management - ISO 31000
  • Enterprise Risk Management Components
  • Goals of an ERM Program
  • Common Challenges in ERM Implementation
  • IT Risk is the Risk Hierarchy
  • IT Risk Categories
  • New and Emerging Technology


Compliance Management

  • The Compliance Challenge
  • What is Compliance
  • Conformity Assessment
  • The South African Regulatory Landscape
  • Frameworks and Standards Landscape
  • Compliance Framework
  • Australian Compliance Standard – AS 3806
  • Compliance Elements
  • Identifying Compliance Requirements
  • Developing Common Control
  • Mapping Controls
  • Compliance Implementation Approach


Overview of Relevant Legislation to be Complied With

  • Companies Act 71 of 2008
    • New Features
    • Old vs. New Companies Act
    • Different Forms of Companies
      • Non-Profit
      • Profit
    • Transparency and Accountability
    • Conduct of Directors
    • Duties of Directors
  • Electronic Communications and Transactions Act 25 of  2002
    • Content
    • Implications
  • Legal Requirements for Data Messages
  • Protection of Personal Information Bill
  • Promotion of Access to Information Act (PAIA)
  • The Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (RICA)
  • Consumer Protection Act
  • Sarbanes-Oxley Act (SOX)

On completion of the course, delegates will be able to:

  • Understand the main drivers forcing companies to look into Governance, Risk management, Compliance and Information Security solutions
  • Differentiate between a Framework, Methodology and Standard
  • Gain an understanding of over 20 international frameworks and standards
  • Appreciate the key benefits and differences of each and determine which are relevant for their particular organisation or industry
  • Appreciate current and imminent legislation pertinent to ICT governance, risk management and compliance;
  • Appreciate critical internal compliance duties relevant to organisations
  • Draw from the policies and procedures discussed to compile an action plan for organisational compliance
  • Directors
  • CIO’s / IT Directors / IT Managers
  • Information Security Professionals
  • Compliance Management and Staff
  • Legal Management and Staff
  • Risk Management and Staff
  • IT & Information Security Auditors
  • Business continuity / Disaster Recovery staff members
  • Sales executives / Consultants

No examination available for this course.