Designing Effective Controls, Security Safeguards and Governance by a Risk-Based Methodology

This training program will provide a practical and structured methodology for the design of governance, controls and security provisions.

  Enroll in Course


In an imperfect business world, there will be a host of barriers or impediments to achieve the critical business goals and objectives of the enterprise and consequently fail to achieve the corporate mission statement. These barriers are often beyond the direct control of management, technologists, business professionals, and operations personnel. They manifest themselves in the form of threats that are lurking and waiting to happen.

Increasingly, senior management and financial, auditing, security, risk management and operations personnel are compelled to develop governance provisions, internal controls and protection safeguards to substantially minimize the adverse impact of these threats. However, in order to effectively develop cost-effective countermeasures, organizations and practitioners should have standards and a well-thought out methodology to develop, design and implement governance, controls and security safeguards to minimize the potential tangible financial and intangible losses that can derive from the adverse threats materializing.

What You Will Learn

This training program will provide a practical and structured methodology for the design of governance, controls and security provisions. The methodology can be applied to your real work environment immediately. You will also benefit from comparing your present governance and controls design practices with the structured, risk-based methodology presented in the workshop.

Why You Should Attend

In the past, the approach used to conceive and develop governance, audit and security provisions by professionals in all fields of endeavor was empirical, inconsistent and based on feeling and experience. Most importantly, the controls and safeguards were sorely lacking in risk management thinking. As the business environment becomes more complex and new threats appear daily from the use of new technologies and the global environment plus the advent of new laws and regulations that need to be complied with, the traditional and empirical methods for designing and implementing governance, controls and security safeguards is thoroughly inadequate and it must give way to a far more structured and risk-based approach to facilitate the development of cost-effective control and governance safeguards.

This workshop is designed to provide you with a proven and highly structured, risk-based practical methodology for conceiving, designing and implementing sound governance, control and security practices. You will gain a very clear understanding of practical risk analysis methods and how they are applied to governance, controls and security practices design which can also assist them in their risk management duties to reduce company exposure and increase profitability.


  • A review of the empirical ways by which governance and controls practices are developed and implemented in today’s business environment pointing out the deficiencies.
  • A review of risk analysis principles and definition of terms (vulnerabilities, threats, risks, exposure, control and governance objectives, control and security solutions to mitigate the impact of threats and risks).
  • A structured, risk based- methodology for designing and implementing governance, controls and security safeguards.
  • Explanation of the key elements of the methodology with illustrations.
  • Q&A

Who Will Benefit:

  • Audit executives, chief auditors, internal auditors, IT auditors
  • External or independent auditors, CPAs
  • IT executives, CIOs, systems and datacenter professionals
  • Chief security officers (CSOs), chief technology officers (CTOs)
  • Security and control professionals
  • Corporate and IT governance officers, chief compliance officer (CCOs), CFOs, chief risk officers (CROs)
  • System quality assurance and standards development professionals
  • Technology acquisition team leaders and staff
  • Technology assessors
  • Management consultants
  • Any user department manager responsible for risk management and development of safety and security practices and controls
  • Legal officers
  • Procurement and contracting professionals
  • Governance, risk management and compliance (GRC) professionals
  • Any professional interested in or dealing with governance, internal control and security practices

You will get NASBA(1.8) credits by attending this course.

Compliance Online is registered with and adhere to the Statement on Standards for Continuing Professional Education programs of the National Registry of CPE Sponsors. The registration number is 109066. Please check with the governing body of your license and state for specific CPE requirements. Grievances may be forwarded to the company at 650 620 3961. Grievances may also be forwarded to the National Registry of CPE Sponsors-NASBA, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417, 615-880-4200,, e-mail [email protected].

Your Instructor

Javier Kuong
Javier Kuong

Javier F. Kuong is the president and principal consultant of Management Advisory Services & Publications (MASP), an organization that for over 30 years has been devoted solely to consulting, training, publications, research and development in enterprise and IT governance, compliance, auditing, security, service level agreements and business continuity planning.

He is the author of over 40 books and treatises in the above fields of expertise. He is the author of a very recent book entitled: “Service Level Agreements for Cloud Computing – Guidelines for Selecting Cloud Service Providers.”

Frequently Asked Questions

What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.

Get started now!