Skip to content Skip to navigation

SMU Professional Certificate in Governance, IT Risk Management and Compliance (IBF Level 2)

As organizations embrace digitalization to transform business and operations, it is critical to develop policies, procedures and controls to manage technology related risks. The frequency and scale of cyber attacks and breaches have escalated. The disruptions to systems and operations can greatly damage an organization’s reputation, public trusts and bottom line.

It is imperative for professionals in technology & operations (T&O) to be able to develop and implement effective controls to manage operational risk, activate technology disaster plans to ensure business continuity. 

This 3-day certification program adopts an experiential learning approach. Participants works on an extended case study to implement risk management controls to comply with regulatory requirements and industry best practices. 


Programme Length

3 Days
Weekday 09:00 - 17:00

Areas of Study
  • Determine and justify risk tolerance & appetite
  • Assess risk and select risk treatment option
  • Develop and test business continuity plan & remedial actions
  • Design risk reporting process & tools
  • Apply data protection principles to device policies & processes
  • Use the Six Sigma approach to manage compliance risk
  • Enhance professional excellence with small group coaching
  • Expand perspectives through peer interactions & review  
Schedule 11 - 13 Apr 2018

Risk Identification & Assessment

  • Determine risk appetite & tolerance
  • Identify risk factors & scenarios
  • Assess risk using risk models
  • Case study activities
    1.Identify business & technology Issues
    2.Determine & justify risk appetite
    3.Identify & list key risk exposures & scenarios
    4.Develop risk matrix and heatmap

Risk Response Options & Action Plan

  • Weigh risk response options
  • Prioritize based on quick wins & business case
  • Develop & execute risk action plan
  • Define monitoring metric & threshold
  • Define key risk indicators & triggers
  • Case study activities
    5.Select risk treatment & prioritize action plan
    6.Determine frequency, data source & metrics

Reporting, Escalation & Risk Ownership

  • Assign risk ownership
  • Escalate risk along the three lines of defense
  • Design risk tools
  • Develop business continuity plan
  • Manage crisis & response to breaches
  • Case study activities
    7.Design reporting process & tools
    8.Create risk register & identify tools

Compliance Risk Management

  • Know the regulatory requirements & landscape
  • Case study activities
    9.Apply Six Sigma approach to manage compliance risk
    10.Derive polices & procedures using data protection principles
    11.Determine compliance rating with reference to MAS Technology Risk Management Guidelines

S$3,000 (excl. GST)

Net fee payable upfront for eligible self-sponsored applicants:

Singaporeans and PRs
S$900 (excl. GST)

Singaporeans aged 40 years and above
S$300 (excl. GST)

Terms & conditions apply.

Who Should Attend
  • Professionals with minimum 3 years relevant experience in IT risk management & security related function (e.g. security engineer, senior information security officer, senior risk officer, senior compliance or control officer, security administrator)
  • Participants who have completed IBF Standards Technology Level 1 program or show proof of competency at Level 1

Last updated on 26 Dec 2017.



SMU Academy - Financial Services
Singapore Management University

Phone: +65 6828 0563
Fax:+65 6828 0429