Skip to content

Featured Search

Protecht Academy

AI governance and risk management.

Learn how to design and implement AI governance, integrate AI risk into your enterprise risk management processes, and apply controls that protect your organisation while enabling opportunity.

Purchase course online

Artificial intelligence holds extraordinary potential to transform how organisations operate and deliver value to stakeholders, but only if it is governed and managed effectively. Whether you are a risk professional integrating AI into enterprise frameworks or a technology leader responsible for AI initiatives, this course equips you with the structures, processes, and tools to harness innovation safely and confidently.

Through relatable stories, real-world examples and case studies, you’ll learn how to design and implement AI governance, integrate AI risk into your enterprise risk management processes, and apply controls that protect your organisation while enabling opportunity. We cover the full AI lifecycle from strategy and design, to deployment, monitoring, and continual improvement, ensuring you can provide assurance to both internal and external stakeholders that AI is used responsibly.

Our trainers David Tattam (Co-Founder and GRC Thought Leader) and Michael Howell (Head of Risk Research and Knowledge) provide you with a complete, ready-to-use toolkit to embed robust AI governance and risk management in your organisation, aligned with emerging regulations, industry standards, and best practice.

 

 

Course description

In this course, you'll learn:

  1. The need for AI governance and risk management
    • Introductory definitions
    • How governance and risk management work together
    • Effect of poor governance
    • Overview of the global regulatory landscape
    • Speed of change

  2. Defining AI
    • A brief history of artificial intelligence
    • The broad types of AI
    • A focus on large language models and agentic AI

  3. Defining AI risks
    • Definitions of risk, AI risk, and AI risk management
    • How AI relates to organisational objectives
    • Differentiating AI-related strategic risk and operational risk
    • Breaking risk into its key components using risk bow tie analysis
    • Exploring AI-specific risks
    • How AI fits into a risk taxonomy

  4. Defining AI controls
    • Definition of controls
    • 7 treatment methods to manage AI risk
    • How to map controls to components of risk
    • The use of AI-related control frameworks and standards
    • Contrasting compliance and risk, and handling controls that aren’t controls


  5. AI governance and risk management frameworks and processes
    • Applying ISO 31000 steps to AI risk management
    • Applying an enterprise risk management framework to AI
    • Aligning AI-specific frameworks to enterprise risk management frameworks
    • Common risk management processes applied to AI


  6. AI risk appetite
    • Setting appetite for objectives and risks
    • Setting risk appetite for AI
    • Qualitative and quantitative risk appetite
    • How to use risk appetite


  7. AI governance and AI policy
    • Why you need an AI policy
    • Key elements to consider in your AI policy
    • An AI policy toolkit
    • Tailoring to your organisation


  8. AI risk assessment
    • Stages of a risk assessment
    • An overview of risk assessment techniques
    • Impact assessment versus risk assessment
      • The difference between impact assessment and risk assessment
      • Key considerations for an impact assessment
    • Integrating impact assessment into risk assessment
    • Scoping the risk assessment
    • Analysing risk
      • Understanding risk and control using bow ties
      • Assessing level of risk using qualitative, semi-quantitative or quantitative approaches
    • Considering inherent risk, residual risk, and the effect of controls
    • Evaluating risk assessment against risk appetite
    • Considering alignment with NIST AI RMF


  9. AI risk metrics
    • The purpose of risk metrics
    • The types of risk metrics
    • Characteristics of good metrics and pitfalls to avoid
    • Defining sones and thresholds
    • A practical risk metrics process to collect and collate risk information
    • How to use metrics for escalation, reporting and response
    • An AI risk metrics library


  10. AI controls management
    • The need for controls assurance
    • Difference between governance controls and technical controls
    • Documenting controls information
    • Mapping control frameworks
      • Mapping controls you apply to external frameworks and standards
      • Challenges and approaches to mapping multiple frameworks
    • Control testing versus controls assessment
    • A control testing process
      • Importance of control objectives
      • Assessing design effectiveness
      • Assessing operating effectiveness
    • Controls assessment over a group of controls
    • Considering automated controls
    • Applying outcomes of controls management activities
    • A control library and testing template

  11. AI governance and risk management reporting
    • The purpose of reporting
    • Main types of reports
    • What to report
    • Considering stakeholders
    • Collecting data for reporting
    • Report examples

  12. Integrating with enterprise risk management
    • Benefits of integration
    • Integrating AI risk processes within the ERMF ‘house’
    • Managing risk in change related to AI initiatives
    • AI compliance management
    • Integrating AI into an operational resilience framework
    • Third party risk management and AI
    • Alignment with model risk management

  13. Responsibility for AI governance and risk management
    • Governance structures
    • Everyone as a risk manager
    • The three lines model
    • Enabling your frontline through AI literacy
    • Key behaviours that support strong risk culture

 

Course expectations

      • Watch 14 videos
      • Answer 10 knowledge tests
      • 4 interactive examples
      • Access 14 downloadable materials
      • Answer 10 quiz questions

 

Timings

      • 5.5 hours of video content
      • Approximately 6.5 hours for the whole course

 

Cost

      • US$600 payable by credit card on registration

 

Next steps

You can purchase and access this course on-demand via Protecht Academy by credit card.

Please contact Protecht directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available and packages can be invoiced in your local currency.

Purchase course online Contact us

Our trainers

David Tattam

GRC Thought Leader

David Tattam is GRC Thought Leader and Co-Founder of Protecht. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.

David is an Associate of the Institute of Chartered Accountants in Australia and New Zealand and a Senior Fellow of the Financial Services Institute of Australia.

Read More

Michael Howell

Head of Risk Research & Knowledge

Michael Howell is Protecht's Head of Risk Research & Knowledge. He is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach.

Michael is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.

 

Read More