Governance, Risk and Compliance

Training Workshop Date

20th Aug to 22nd Aug, 2017


Hotel Towers Rotana, Dubai, UAE.

Training Objectives

Help participants understand: the true meaning of GRC; risk and its effective management; issues to consider that affect the governance of the organization; how to identify the risks that matter to the enterprise and its leaders; techniques for building an agile audit plan with engagements that matter;auditing governance processes; why the culture of the organization is critical and how it can affect success; and the relationship between risk and compliance.

Apply Now

Trainer(s) of this Training

Norman D.Marks


Author, Evangelist and Mentor for Better Run Business
OCEG Fellow, Honorary Fellow of the Institute of Risk Management .

More Detail
Download Brochure

Limited Time Offer

Register now and get free accommodation and airfare*

Special Offer

The first three registered organizations will have an option to avail of an exclusive opportunity of half an hour complimentary CONSULTANCY from NORMAN D. MARKS.

You will learn:

  • What GRC stands for and why it is more than the sum of governance, risk, and compliance
  • How to integrate the management of risk into daily decisionmaking across the enterprise
  • How the effective management of risk contributes to the success of the organization
  • Significant governance issues to consider
  • Taking a risk-based approach to compliance
  • The importance of organizational culture, not only to risk and ethics but also to performance
  • Enterprise risk-based auditing that delivers valuable information and assurance that matters
  • How different parts of the organization can work together, avoiding duplication and silos, to deliver performance while staying in compliance
  • Presentation content will be supplemented by Case studies/Group discussion/Exercises
  • Banking
  • Financial Institutions
  • Oil and Gas
  • FMCG
  • Manufacturing
  • Heavy Industries
  • Insurance
  • Healthcare
  • Real Estate
  • Retail
  • Presentations & lectures
  • Group discussions
  • Workshop, exercises & use cases
  • Certifcate of Achievement
  • Course material & handouts
  • USB device
  • Study binder
  • International buffet lunch with coffee/tea breaks
  • Audit executives
  • Risk Offcers
  • Compliance or Ethics Offcers
  • General and senior counsel
  • Executives responsible for Risk, Audit, Compliance, Corporate, Governance, Internal Control, Fraud, etc

Course Fee $3,175/Participant

Individual Discount (With AIrfare & Accommodation)
10% Discount: Book & pay on or before 27th July, 2017 USD 2,855/-
Corporate / Group Discount (With AIrfare & Accommodation)
Extra 5% Discount on minimum of 2 Participants
Book & pay after 27th July. 2017 USD 3,175/- (With Accommodation Only)

* To avail of the discounted seats with airfare & accommodation, payment should reach us 5 days prior to the deadline (27th July, 2017)

Governance, Risk and Compliance - Course Schedule

Day 1 - Sunday 20 August, 2017
Opening Session

Course details
Presentation of attendees

Session One

Understanding Governance, Risk, and Compliance
What is GRC?

  • There are two different defnitions of GRC. What are they and why are there differences?
  • Examining the only defnition that makes sense, from OCEG
  • Group discussion
Tea Break & Networking
Session Two

Digging into Governance

  • Is there a common, generally accepted defnition of governance?
  • What does it mean in practical terms?
  • Where do the more frequent governance failures arise?
  • Leadership by ownership or representatives of the owners: the more common issues
  • The role of a board; executive teamwork; shared objectives
  • Vision, strategy, and objectives
  • Measuring performance
  • Ethics, whistle-blower lines, and investigations
  • Oversight of the external auditor
  • The role of the legal function
  • Who is responsible for the culture of the organization?
  • Group discussion
Lunch Break & Networking
Session Three

Understanding risk management

  • Why do so many executives and board members see little value beyond compliance in risk management
  • The relationship between risk management and decisionmaking
  • How risk management enables success, not just avoiding failure
  • Why do we take risk?
  • How often is risk managed?
  • Who manages risk? What is the ideal role of the risk practitioner?
Tea Break & Networking
Session Four

Understanding risk management

  • The value of a periodic review of risks
  • Why heat maps fail to paint the right picture
  • Risk appetite, tolerance, and taking the right level of the right risks
  • Where does insurance ft?
  • Providing useful information about risk to the executives and the board
  • Group discussion
Day 2 - Monday 21 August, 2017
Session One

Compliance and audit fundamentals
The compliance function

  • An effective compliance function starts with knowing with what you have to comply
  • How can you ensure 100% compliance?
  • How much compliance risk should you take?
  • Policies, training, testing, and certifcation
  • Monitoring compliance risk
  • Fraud risk
  • Who is responsible for compliance?
  • Where does internal audit ft?
  • Reporting non-compliance
  • Group discussion
Tea Break & Networking
Session Two

Internal audit fundamentals

  • What is the role of internal audit? What is its purpose, its mission?
  • Examining the defnition and principles for effective internal auditing
  • Where should internal audit report?
  • Independence and objectivity
  • Group discussion
Lunch Break & Networking  
Session Three

Moving to auditing the risks that matter and helping the organization succeed

  • Is our job to help the organization succeed or to point out defciencies?
  • What are the risks that matter? Are they the risks that internal audit traditionally audits?
  • What is enterprise risk-based auditing? What are we trying to assess?
  • How do we know what matters? What are techniques for fnding out?
  • Can internal audit assess non-traditional areas of risk?
  • Case studies/Group discussion/Exercises

The dynamic internal audit plan

  • How often should the audit plan be updated? What is meant by an agile or dynamic audit plan?
  • The concept of a rolling audit plan
  • Explaining agile auditing to the audit committee or owners
  • Who is responsible for the audit plan?
  • Group discussion
Tea Break & Networking  
Session Four

Defning audit engagements that matter

  • Reliance on ERM
  • When to perform an assurance and when to perform a consulting/advisory engagement
  • When does should internal audit not perform an audit?
  • How many audits does it take to assess an area of risk?
  • Understanding the relationship of IT general controls to business risk
  • What if you don’t have the resources you need?
  • Case studies/Group discussion/Exercises
Day 3 - Tuesday 22 August, 2017
Session One

Internal audit and GRC
Communicating audit results

  • What is the purpose of an audit report?
  • What needs to be communicated and to whom?
  • The purpose of a closing meeting
  • Selling audit fndings and recommendations – effecting change
  • Attributes of an effective communication
  • Should we move away from traditional audit reporting?
  • Case studies/Group discussion/Exercises

How do you know when internal audit is world-class?

  • What are the distinguishing characteristics of world-class internal auditing?
  • Does passing a Quality Assurance review guarantee suffcient quality and value?
  • What is the value of internal auditing? Who measures it?
  • OK, you are world-class – what is next?
  • Group discussion
Tea Break & Networking
Session Two

Internal audit’s role in fraud and fraud risk assessment

  • Is it internal audit’s role to prevent, detect, or investigate fraud?
  • When does internal audit get involved?
  • How do you assess the risk of fraud?
  • The skills and competency required to address fraud
  • An overview of a fraud investigation
  • Group discussion
Lunch Break & Networking  
Session Three

Auditing governance processes

  • What is organizational governance? Is it limited to the board or owners?
  • Why audit governance processes? Where is the risk?
  • When to perform assurance and when to perform advisory work
  • How to communicate the results of the audit
  • Case studies/Group discussion/Exercises

Auditing risk management

  • Why should internal audit assess the management of risk?
  • Should the audit be against policies, a standard or framework, or something else?
  • How to communicate the results of an audit?
  • Group discussion
Tea Break & Networking  
Session Four


  • Now we understand the pieces, let’s ft them together
  • How is the sum greater than the parts?
  • Silos and fragmentation
  • How failures in GRC inhibit success
  • Coordination among assurance functions
  • GRC projects
  • The value (or not) of software
  • Group discussion
Certifcate Distribution & Workshop Closure

Closing thoughts

  • Other topics of interest
  • Closing discussion
  • Awards and Recognition
Course Program
Time Topic
08:00 to 08:30Registration & Introduction
08:30 to 10:15Session One
10:15 to 10:30Tea Break & Networking
10:30 to 12:15Session Two
12:15 to 13:15Lunch Break & Networking
13:15 to 14:30Session Three
14:30 to 14:45Tea Break & Networking
14:45 to 16:00Session Four
16:00 to 16:30Certifcate Distribution & Workshop Closure