Course Description 

In this course, you'll learn:

1. The need for AI governance and risk management
   
   
• Introductory definitions
• How governance and risk management work together
• Effect of poor governance
• Overview of the global regulatory landscape
• Speed of change
  
  
2. Defining AI
   
   
• A brief history of artificial intelligence
• The broad types of AI
• A focus on large language models and agentic AI
  
  
3. Defining AI risks
   
   
• Definitions of risk, AI risk, and AI risk management
• How AI relates to organizational objectives
• Differentiating AI-related strategic risk and operational risk
• Breaking risk into its key components using risk bow tie analysis
• Exploring AI-specific risks
• How AI fits into a risk taxonomy
  
  
4. Defining AI controls
   
   
• Definition of controls
• 7 treatment methods to manage AI risk
• How to map controls to components of risk
• The use of AI-related control frameworks and standards
• Contrasting compliance and risk, and handling controls that aren’t controls
  
  
  
5. AI governance and risk management frameworks and processes
   
   
• Applying ISO 31000 steps to AI risk management
• Applying an enterprise risk management framework to AI
• Aligning AI-specific frameworks to enterprise risk management frameworks
• Common risk management processes applied to AI
  
  
  
6. AI risk appetite
   
   
• Setting appetite for objectives and risks
• Setting risk appetite for AI
• Qualitative and quantitative risk appetite
• How to use risk appetite
  
  
  
7. AI governance and AI policy
   
   
• Why you need an AI policy
• Key elements to consider in your AI policy
• An AI policy toolkit
• Tailoring to your organization
  
  
  
8. AI risk assessment
   
   
• Stages of a risk assessment
• An overview of risk assessment techniques
• Impact assessment versus risk assessment
• The difference between impact assessment and risk assessment
• Key considerations for an impact assessment
• Integrating impact assessment into risk assessment
• Scoping the risk assessment
• Analyzing risk
• Understanding risk and control using bow ties
• Assessing level of risk using qualitative, semi-quantitative or quantitative approaches
• Considering inherent risk, residual risk, and the effect of controls
• Evaluating risk assessment against risk appetite
• Considering alignment with NIST AI RMF
  
  
  
9. AI risk metrics
   
   
• The purpose of risk metrics
• The types of risk metrics
• Characteristics of good metrics and pitfalls to avoid
• Defining zones and thresholds
• A practical risk metrics process to collect and collate risk information
• How to use metrics for escalation, reporting and response
• An AI risk metrics library
  
  
  
10. AI controls management
    
    
• The need for controls assurance
• Difference between governance controls and technical controls
• Documenting controls information
• Mapping control frameworks
• Mapping controls you apply to external frameworks and standards
• Challenges and approaches to mapping multiple frameworks
• Control testing versus controls assessment
• A control testing process
• Importance of control objectives
• Assessing design effectiveness
• Assessing operating effectiveness
• Controls assessment over a group of controls
• Considering automated controls
• Applying outcomes of controls management activities
• A control library and testing template
  
  
11. AI governance and risk management reporting
    
    
• The purpose of reporting
• Main types of reports
• What to report
• Considering stakeholders
• Collecting data for reporting
• Report examples
  
  
12. Integrating with enterprise risk management
    
    
• Benefits of integration
• Integrating AI risk processes within the ERMF ‘house’
• Managing risk in change related to AI initiatives
• AI compliance management
• Integrating AI into an operational resilience framework
• Third party risk management and AI
• Alignment with model risk management
  
  
13. Responsibility for AI governance and risk management
    
    
• Governance structures
• Everyone as a risk manager
• The three lines model
• Enabling your frontline through AI literacy
• Key behaviors that support strong risk culture

Course expectations

• Watch 14 videos
• Answer 10 knowledge tests
• 4 interactive examples
• Access 14 downloadable materials
• Answer 10 quiz questions

Timings

• 5.5 hours of video content
• Approximately 6.5 hours for the whole course

David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.

Michael Howell is Protecht's Research and Content Lead. He is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach.