Skip to content

Risk and Compliance

Key subject details

Subject Risk and Compliance
Description This subject allows students to develop and extend understanding of the concepts of management of risk and compliance in the context of good governance.
Year of delivery 2024
Award Graduate Certificate and Graduate Diploma of Applied Corporate Governance and Risk Management
Chartered Governance Institute Qualifying Program Chartered Secretary and Chartered Governance Professional
Core/Elective Core
Australian Qualification Framework (AQF) level 8
Subject credit points 10
Total course credit points 40 (Graduate Certificate)
60 (Graduate Diploma)
Pre-requisites None
Assumed knowledge None
Mode of study Online
Part-time/Full-time Part-time over one semester
Teaching weeks 12
Student workload 164 hours comprising:

  • two (2) time-tabled hours per taught week
  • ten (10) personal study hours per taught week
  • twenty (20) personal study hours for exam preparation
Assessment task (Weighting) Presentation (20%)
Assignment (30%)
Examination (50%)
Key contacts Further information to assist you in your studies at Governance Institute can be requested from:

Subject aims

This subject has been designed to:

  • examine the concept, objectives and processes involved in establishing an enterprise-wide risk management framework
  • recognise the importance of establishing a risk culture for achieving business objectives and compliance
  • appreciate the methodologies and systems for monitoring and reporting on compliance
  • gain an understanding of risk management and compliance in areas such as information and cyber, privacy and competition and consumer law, employment and work health and safety, and in specific applications or contexts, such as project governance, environment and reputation
  • understand risk management and compliance responsibilities of the board and management

The practice of risk management and compliance requires the following:

  • identifying the key risk management and compliance principles and frameworks
  • applying these principles and frameworks in order to foster an enterprise-wide risk culture.

The aim of this subject is to assist you in identifying, understanding and applying the crucial elements involved in organisational risk management and compliance.

Subject learning outcomes

  1. Recognise, analyse and evaluate situations in the context of risk and compliance frameworks
  2. Compare and evaluate different approaches to risk and compliance management under different situations
  3. Evaluate and critically assess the standard of risk and compliance in a given situation and provide appropriate advice on risk management and compliance policies and procedures to those responsible for governance
  4. Analyse and advise on the impact of different legislative, policy and social changes within the business environment on risk and compliance standards and management
  5. Evaluate the impact of corporate conduct, behaviours and culture on risk and compliance management practices

Indicative content

The subject is divided into the following 12 modules:

Module 1 — Risk management — Theory

  • Overview
  • Risk and risk management
  • The risk landscape
  • Standards and guidelines
  • Risk culture
  • Risk governance
  • Risk maturity of an organisation
  • Risk documentation
  • Risk appetite
  • Integrating risk management into the governance framework

Module 2 — Risk management — Application

  • Overview
  • The risk management process
  • Communication and consultation
  • Establish the scope, context and criteria
  • Risk assessment
  • Risk treatment
  • Monitoring and review
  • Recording and reporting

Module 3 — Compliance management — Theory

  • What is compliance?
  • Regulatory requirements and bodies
  • Why is compliance important?
  • Linking compliance, governance and risk management
  • Standards and guidelines
  • An overview of AS ISO 37301:2023
  • Elements of a strong compliance program
  • The compliance framework

Module 4 — Compliance management — Application

  • The compliance framework
  • Conducting a compliance risk assessment
  • Obligations register
  • Managing compliance breaches
  • Compliance maturity
  • Tools and techniques
  • Monitoring techniques

Module 5 — Business continuity management

  • What is business continuity management?
  • Developing a business continuity plan
  • Business continuity plan reporting
  • Managing business interruption
  • Standards and guidelines
  • Insurance and business continuity management

Module 6 — Information and cyber risk

  • Why is information risk management and compliance important?
  • Data and information
  • Information risk management
  • Information security — The operational nuts and bolts
  • Information compliance
  • Managing data breaches in Australia
  • Case studies
  • Trends in the cyber risk space

Module 7 — Privacy compliance

  • Privacy in Australia
  • Australian Privacy Principles
  • Privacy compliance
  • Australian Information Commissioner

Module 8 — Competition and consumer law compliance

  • Competition and consumer compliance management
  • Anti-competitive conduct — Business to business activity
  • The Competition and Consumer Act 2010
  • Consumer protection
  • ACCC’s investigatory and enforcement powers

Module 9 — Project risk

  • Key project concepts
  • The strategic role of projects
  • Implementing project governance

Module 10 — Environmental risk

  • Environmental risk
  • Environmental risk management
  • Principles of environmental risk management
  • Regulation
  • Environmental risk and governance
  • Environmental risk assessment
  • Environmental performance reporting
  • Environmental developments

Module 11 — People risk

  • Context
  • Recruitment and termination of employment
  • Protecting confidential information
  • Discrimination, harassment and bullying
  • Regulation and entitlement compliance
  • Work, health and safety (WHS)
  • Superannuation obligations

Module 12 — Reputational risk

  • Reputation — Source or outcome?
  • Why is reputation important?
  • Key drivers of reputational risk
  • Case studies
  • Managing reputational risk

Required resource

Students are required to access a full copy of the Australian Standard AS ISO 31000:2018 Risk management — Guidelines.