Module RM 01 - GRC (Governance, Risk & Compliance)

Risk Management

To Get the complete presentation in PDF go to contact us and send us a message

See as well  Documentation Templates: Risk Assessment template

“Great deeds are usually wrought with great risks.” – Herodotus, 484 BC.

  • Risks are inherent to the Entity’s activity (See Strategy & organization)

  • They are the consequences of objectives defined by the Entity’s Strategy.

  • As there is no Zero risk, Entity has to handle them, which means  that risks have to be identified, evaluated, mitigated (when it’s possible) and permanently reviewed.

  • Obviously risk increases as objectives increasingly differ from past performance,

  • In addition (See Cybersecurity Module – The Stakes) the volume of information that is collected, processed and retained by organizations has been multiplied dramatically.

  • Nevertheless, most part of Companies hold the information in their systems without using it to its full advantage and be considered as unexploited opportunities.

  • In addition, it’s important to point out that often when trying to capitalize on big data’s potential, these large unexploited opportunities, could also pose large unrecognized risks.

  • But if a greater amount of data, brings a greater amount of risks, it will bring as well a greater amount of opportunities to mitigate  risk as well.

In short terms

  • A Risk Management  Process is an important step in protecting your business,

  • as well as complying with the law.

  • It helps you focus on the risks that really matter in your workplace, the ones with the potential to cause real harm.


  1. Introduction – Stakes and Definitions

  2. GRC Principles

  3. Risk Management Methodology

  4. RM Modules

  5. Appendices


GRC Definition according to Michael Rasmussen¹

  • The reliable achievement of objectives is  GOVERNANCE

  • Understanding and addressing uncertainty in the context of business achieving objectives is RISK MANAGEMENT

  • and acting with integrity is COMPLIANCE

¹Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC). With more than 20 years of experience, Michael helps organizations improve GRC processes and choose technologies that are effective, efficient, and agile.

He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in 2002 while at Forrester.

Risk Management as described in the above presentation is a whole.

Nevertheless we can perform one of those 4 modules according to your needs or to do them one after the other:

  • For each phase, the Risk Management Methodology to put in place or to improve will depend of few elements:

    •  One of the most crucial one will be the existence of a Business Process Framework  (update recently).

    • BPM tool in place will facilitate the associations between various objects like process, role, control and risk.

    • It will ease the reporting and the risk  evaluation.

    • Some BPM tool also allow the risk monitoring 

  • The Risk Management Methodology Should be performed on a regular basis, as market and objectives may vary.

We can also participate to the implementation of BPM/Risk Management tool 


For the full presentation go to contact

Presentation costs (PDF/PPT) (30€/200€ + VAT)

Copyright ICSE