ICT Governance, Risk, and Compliance
This course is designed to provide a comprehensive understanding of ICT Governance, Risk, and Compliance (GRC) frameworks, roles, and implementation strategies. Participants will explore the integration of COBIT, King IV, COSO, and other relevant frameworks, while also understanding the roles and responsibilities within the ICT GRC ecosystem, including the Three Lines Model.
Course outcomes:
- To understand the key principles and objectives of ICT Governance, Risk, and Compliance.
- To explore leading frameworks including COBIT, King IV, and COSO, and their application to ICT GRC.
- To differentiate between the roles and responsibilities of key stakeholders in ICT GRC.
- To analyze the Three Lines Model and its application to ICT governance.
- To equip participants with tools and techniques for implementing robust ICT GRC practices.
What will you Benefit?
- Deep understanding of ICT GRC concepts and frameworks.
- Practical insights into the integration of multiple governance frameworks.
- Clear differentiation of roles and responsibilities within ICT GRC.
- Enhanced ability to implement the Three Lines Model effectively.
- Access to case studies and practical tools for ICT GRC implementation.
Day 1: Foundations of ICT Governance, Risk, and Compliance
Session 1: Introduction to ICT GRC
- Definition and significance of ICT GRC.
- Key challenges and opportunities in ICT governance.
- Overview of the ICT GRC landscape.
Session 2: Frameworks in ICT GRC
- Introduction to COBIT: Principles and objectives.
- King IV: ICT governance and leadership.
- COSO Framework: Enterprise risk management and ICT.
Session 3: Integrating Frameworks for ICT GRC
- Synergies between COBIT, King IV, COSO, and ISO/IEC 27001.
- Practical examples of integrated governance models.
- Workshop: Mapping ICT governance goals to framework elements.
Session 4: Roles and Responsibilities in ICT GRC
- Differentiating the roles of the board, management, and ICT teams.
- The Three Lines Model: First, second, and third lines of defense.
- Case study: Successful role alignment in an ICT governance structure.
Session 5: Interactive Workshop
- Group activity: Identifying and aligning key stakeholders in ICT GRC for a case study organization.
- Peer reviews and expert insights.
Day 2: Advanced ICT GRC Practices and Implementation
Session 1: Risk Management in ICT Governance
- Identifying and assessing ICT risks.
- Mitigating risks through policy, process, and technology.
- Practical exercise: ICT risk assessment and prioritization.
Session 2: Compliance and Regulatory Requirements
- Overview of ICT-related compliance requirements (e.g., GDPR, POPIA).
- Ensuring compliance through effective governance structures.
- Reporting on compliance: Tools and techniques.
Session 3: The Three Lines Model in Action
- Applying the Three Lines Model to ICT GRC.
- Enhancing collaboration between lines for better governance.
- Real-world examples of successful implementation.
Session 4: Emerging Trends and Challenges in ICT GRC
- Role of AI and machine learning in ICT governance.
- Addressing cybersecurity threats through robust GRC practices.
- The future of ICT governance in a rapidly evolving digital landscape.
Who should Attend?
- Executive and non-executive directors
- Chief Risk Officers and Risk Managers
- Heads of IT, Security, and Compliance
- Legal, Audit, and Governance professional
- Internal Auditors
Subscription price – R2 880 per person.
Normal price – R3 880 per person.
Group discounts apply for 3+ people from the same organization.
This course only R1750 per person.
Subscription price – R1000 per person – Unlimited access to our online courses.
Format: – Zoom, Teams, Google meet
Subscription fee of R1 000 gives access to all online learning in a calendar year and access to our Shaping Future Leaders sessions (minimum of 60 hours of online training) and minimum 10 Shaping Future Leaders sessions.
All sessions are hosted by professional specialists with at least 30 years’ experience in the GRC, ESG and AI space.
Unlimited access to the Centre of Excellence.
Delegates should review the content and levels of the course they are registering for to ensure suitability and that they are registering for the correct course. Payment: Full payment must be received 7 working days prior to the course.
Cancellations must be submitted in writing to admin@nsa.edu.za no later than 7 working days before the start of the training.
- A cancellation fee of R700.00 will apply for any cancellations received after this period.
- If a cancellation is received 3 working days or less before the training, the full invoice amount will be payable.
- Proof of payment must be emailed to admin@nsa.edu.za.za before the training date.
- Substitutions may be made at no additional cost.
Delegates will be personally liable for the payment of the full registration fee in the event of non-attendance or failure to cancel in writing prior to the deadline of 7 working days. Unless the registration was completed after the stated timeframe, the delegate must make prior arrangements with NSA.
NSA reserves the right to postpone, reschedule, or cancel any service due to insufficient enrolments or unforeseen circumstances. In such cases, a full refund or option to reschedule will be offered. NSA endeavours to host the specified training on the date as advertised. However, if unforeseen circumstances arise or due to extenuating circumstances out of our control, NSA reserves the right to cancel the training. NSA does not store credit card details, nor do we share customer details with any 3rd parties. NSA reserves the right to make changes to the training program and to refuse any booking.
No delegate will be permitted to attend the training without the following:
- A signed and approved Purchase Order,
- Proof of payment, or
- A Commitment Letter on the company’s official letterhead, acknowledging the invoice and confirming the payment date. This letter must be signed by a Finance, Procurement, or authorised official responsible for final payment approvals.
All payments must be received before the training starts and no later than 7 working days prior to commencement. In the case of late registrations, special arrangements must be made with the relevant NSA representatives.
Dietary Requirements: (This only applicable to In-Person Attendance) – Dietary requirements received 3 days prior to the commencement of training can be accommodated.