Certified Enterprise Risk Officer (CERO)The Next Level in Enterprise Risk Management

Covid-19 had created massive disruption to global supply chain globally impacting all businesses in the world as their transportation for land, air and sea came to a complete halt since March/April 2020. This phenomenon had clearly revealed the inadequacy in risk management in many global organisations for not adopting holistic approach in managing risks. COSO ERM June 2017 stated that many corporations attempt to implement ERM were often not enterprise-wide in scope, and applications of ERM were rarely integrated with strategy-setting. ISO31000 February 2018 reiterated the effectiveness of risk management will depend on its integration into the governance of the organization, including decision-making. This requires support from stakeholders, particularly top management.

This 5-day program will adopt best practices of enterprise risk management (ERM) principles, frameworks and policies from latest ISO31000 February 2018 Risk Management and latest COSO ERM June 2017. Participants will learn how to develop and implement processes that identify, measure, monitor, control and mitigate risks across the enterprise with best practice on risk assessment techniques derived from IEC/ISO31010 and COSO ERM 2017 standards. Participants will learn to build the enterprise risk management framework that encompasses integrating, designing, implementing, evaluating and improving risk management across the organization.

By the end of this training program, each participant will be able to:

  • Able to identify, measure, monitor, control and mitigate risk from unexpected and uncontrollable events adopting best principles, frameworks from ISO3100 and COSO ERM 2017 standards
  • Establish early warning detection on any unusual patterns for effective risk control
  • Align ERM strategy and framework to your corporate strategy for effective strategic planning adopting COSO ERM 2017 standard
  • Implement a holistic ERM framework for effective risk monitoring and control

Training methodology

This 5-day program is entirely interactive and every participant will be fully participative in group discussion, exercises and case studies. A step-by-step guidance in how to develop, establish and implement an enterprise risk framework will be taught to each participant. Trainer will coach each participant and ensure that each participant is able to execute the ERM framework.

Who should attend

Anyone who is currently working in the risk management department, compliance department and internal audit are welcome to join this certification program.

Course requirements

Participant should have at least 3 years of practical experience in risk and/or audit related experiences. He/she needs to have pre-requisite knowledge in finance and capital markets.

Day 1

 What is ERM? Scope and Definition per ISO31000: 2018 and COSO ERM 2017 standards

  • What is ERM per ISO3100: 2018 and COSO ERM 2017
  • Why it is not fully understood
  • The current VUCA event related crisis and how ERM can provide a lifeline
  • The role and responsibilities of directors and senior management with respect to ERM
  • The key link between governance and risk at strategic level

What is Risk? Importance Risk appetite and Risk Capacity

  • What is risk
  • Importance of root causes to risk
  • Scope of risk capacity and risk appetite of each organisation
  • Strategic, financial and operational risk

Understanding Risks from Behavioural Finance

  • The importance of behavioural finance and how it works
  • What can we learn from “market history” on risk
  • Identifying patterns of irrationality of the financial markets
  • Relationship between Risk and Behavioural Finance
  • Behavioural finance influencing economic decision markers’ decision making


Participants will learn to apply behavioural finance techniques on real-world case and identify its impact on strategy selection and other investment decision making. Participants will draw concrete lessons learnt resulting in ability to balance impacts from rational and emotional behaviours.

Global ERM Standards – Basel, ISO31000 and COSO ERM and its impact on ERM

  • What causes these high profile corporate failures and the lessons learnt
  • Explanation of ISO 31000 February 2018 international risk standard
  • Key highlights to COSO ERM June 2017
  • Comparison of ISO31000: 2018 to COSO ERM 2017 and Basel III
  • The regulatory impact on ERM implementation

Importance of Aligning ERM to Strategic Planning per ISO31000: 2018 and COSO ERM 2017

  • Understand the organisation’s strategic objectives
  • Why Align ERM to Strategic Planning at corporate level
  • Identify risk appetite and balance with risk capacity
  • Institute key risk areas at strategic level
  • Establishing an enterprise risk management framework per ISO3100: 2018 standards


Participants will study a classical case study on how the enterprise risk management was misaligned to corporate strategy during the strategic planning process. They will identify key lessons learnt while drawing references to current global financial and VUCA situation leading to best practices being formed and adopted.

Day 2

Establishing an Embedded Risk Management Process per ISO31000: 2018 and COSO ERM 2017

  • Differences between Surprises and risk
  • Why financial risks are only the tip of the iceberg
  • Challenges due to regulatory and compliance
  • Developing a enterprise risk strategy for your organisation
  • Selling the benefits to management

Risk identification, analysis and evaluation methods per ISO31000: 2018 and COSO ERM 2017

  • Identify the root causes to risks in your organisation
  • Differences between root cause of risk and outcome of risks
  • How to identify, sift and group the risks
  • Evaluate hazards exposure, severity and mishap probability using inductive reasoning
  • Approaches and techniques on Business, Market, Credit, Liquidity and Operational risks
  • The use of diagnostic questions and thought provokers
  • The pros and cons of using data capture technology


Participants will be given a real world case study and deploy the various risk evaluation techniques to identify the types of risks, especially root cause, in the given case study. They will learn the different risk identification techniques applied and challenges involved in the process of risk analysis.

Assessment of Risk Treatment according to ISO31000: 2018 and COSO ERM 2017

  • Identify risk exposures – what risk is acceptable within risk appetite
  • Decide residual risk levels within risk capacity
  • How to balance risk appetite with risk capacity
  • Recording of risks – risk registers or risk maps
  • Risk registers – do’s and don’ts
  • Establishment of risk action plans
  • Allocation of responsibilities to risk owners

Assessment of Risk Mitigation according to ISO31000: 2018 and COSO ERM 2017

  • Controls or mitigation
  • How to assess risk mitigation
  • Develop hedging policy and options viability
  • The need for diligence and challenge
  • Risk mitigation and dealing with the exposures in best practice


A real-world case will be given to participants to firstly identify the types of risks and discuss the various possible risk mitigation strategies. They will learn the different approaches and challenges involved in the process of risk mitigation and control.

Day 3

Align Business Risks to Business Planning per ISO31000: 2018 and COSO ERM 2017

  • Purpose of aligning business risks to business planning
  • Cascade risks identified at corporate level to business unit/division levels
  • Empower risk owners – how to determine such personnel and enforce ownership
  • Using the risk register as a decision mechanism
  • Establish risk management committee charter reporting to BOD
  • Evaluate key business risks every half yearly

Establish Key risk indicators at business level according to ISO31000: 2018 /COSO ERM 2017

  • Learn how to build effective key risk indicators (KRIs)
  • Align KRIs to corporate strategy and key risk areas identified
  • Develop holistic ERM policy using KRIs as key component

Setup Monitoring and Review control according to ISO31000: 2018 and COSO ERM 2017

  • Measure KRAs and KRIs
  • Establish risk benchmarking framework and policy for KRAs and KRIs
  • Track risk management performance against KRAs and KRIs
  • Develop scenario and sensitivity analysis for early warning of risks to BOD
  • Report and escalate variance and unusual patterns to top management and BOD


Participants will be given a real world case study to identify the misalignment of business planning to business risks resulting in financial losses. They will also discuss on the various methods to set proper KRAs and KRIs for alignment to corporate strategy, establish early warning indicators and establish effective monitoring and control mechanism with trainer sharing best practice.

People, Process, Cyber-Threats and Outsourcing Risks per ISO31000: 2018 and COSO ERM 2017

  • Failure of external partners or inability to establish effective risk control
  • Loss of key personnel, low morale/stress
  • Hacking/breach of system security due to cyber attack
  • Failure to innovate
  • Poor prioritisation of systems development
  • Too much data – insufficient information
  • Latest E-Commerce and IT security risks development

Launch Risk Communication to Instil Effective Risk Culture

  • Create strategic awareness of risk communication to external and internal stakeholders
  • Promote benefits of adhering to ERM policies, regulations and governance
  • Instil risk culture through implementing ERM processes


A real world case study given to participants to identify the causes of risks resulting from people or process. They will also discuss on the various ways to mitigate such risks and design proper communication channels to various stakeholders as well as effective risk control mechanism.

Day 4

Importance of Governance to ERM according to ISO31000: 2018 and COSO ERM 2017

  • The increasing importance of governance
  • Latest governance trends on Conduct Risk
  • Code of conduct, ethical values for BOD and top management
  • Establish KPIs on governance for all levels of staff including BOD and CEO
  • Put in place business continuity and crisis management strategy
  • Be responsible to environment sources / treatments
  • Establish KPIs in handling customer service and management of complaints
  • Ensure effective communication – internally and externally

Cascading the ERM Process from Business Levels to Individual per ISO31000: 2018 and COSO ERM 2017

  • Stakeholders interest in risk & measuring the benefits
  • Risk awareness for staff
  • Breaking down Key Risk indicators (KRI’s) at corporate/business level into Key Performance Indicators (KPIs) for individuals/teams
  • How to identify and reduce excessive controls
  • Monitoring and control residual risks
  • Manage stakeholder expectations
  • How to use the programme to change the culture in a positive way Big ideas that can make


Participants will be given a real world case study requiring them to establish the corporate KRIs and subsequently breaking them down into individual KPIs. They will discuss and challenged each other on its viability and functionality leading to drawing lessons learnt.

ERM – Lessons Learnt

  • Clarifying Strategies and Objectives
  • Lessons from integrating ERM with ongoing
  • Management initiatives
  • Strategic planning and ERM
  • The enterprise balanced scorecard and ERM
  • Business continuity planning, crisis preparedness and ERM
  • Corporate governance and ERM
  • Key value lessons from ERM


A real world case study will be given to participants requiring them to identify the ERM process, identification of corporate risks, use enterprise balanced scorecard (EBS) to measure the corporate risks and results as well as establishing the individual KPIs and corporate KRIs.

Day 5

Importance of Business continuity management (BCM) and Crisis Management

  • Identification and prioritisation of key risk factors
  • Prioritising of enterprise risk drivers
  • Establishing a risk hierarchy
  • Event magnitude and frequency measurements

Emergence of Information Security Risk

  • How to handle data breaches and headline news?
  • Determine the information breaches and its impact on firm’s financial losses
  • Best practices from international Information Security Standards
  • Identify the types of information security incidents – what is key to the firm?
  • Establish the key information security risks
  • Determine the level of confidentiality of the identify key information security risks
  • Types of Assessments – Surveys, stress test, sensitive analysis and scenario analysis
  • Types of Controls – issues of behavioural bias, KRIs and early warning indicators


Participants will get to practice using the ERM framework and apply onto this final case study using all the ERM processes and techniques to identify, measure, monitor and control enterprise risks arises from this case study.

Every participants will either use their own organization or an approved case study and attempt to apply all the knowledge that they had acquired over the 5-days. This includes setting up the ERM Framework, KRIs, identify the root causes to different types of key risks covering market, credit, operational, liquidity, compliance and cyber, setup enterprise risks measurements, monitoring and controls plus reporting structure. This project will be then assessed by a panel of international experts in the 2 accrediting bodies in addition to the trainer.

Dr. Christopher Goh

Dr. Christopher is a professional, with some 25 years with extensive experience in, risk management, design thinking, compliance, anti-money laundering, strategic planning, exotic options, behavioural finance, and structuring products using derivatives and in particular to enterprise risk management where he spent some 15 years in this area, where he was the pioneer in risk management, since 1989.

He holds the title of chief risk officer for Asia Pacific having established holistic enterprise risk management and compliance framework, which includes anti-money laundering, sanctions, compliance and governance, spearheaded the implementation enterprise risk management process for some 3 international banks in Asia Pacific.

He had implemented enterprise risk management and compliance framework through practical experience gained through various diverse economic cycles. He had worked for 6 different banks over a period of some 25 years across 6 different cultures, business practices and management styles. This had given him a very deep knowledge in handling clients and managed staff from diverse cultural background.

Dr Christopher had conducted many in-house corporate seminars for the past 15 years training international and central bankers, senior management from government bodies from Asia region like Malaysia, Indonesia, Taiwan, China, Singapore, South Korea, Thailand, Hong Kong, Vietnam, Myanmar, Philippines, and to as far as London, Vienna, Jeddah, Riyadh, Kuwait, Johannesburg, Lagos (Nigeria), Accra (Ghana), Nairobi (Kenya), Dubai, Zimbabwe, Zambia, Lesotho, Moscow and Ulaanbaatar (Mongolia). He had since travelled to some 38 international cities to conduct international workshops and consultancies.

His current seminars and consultancy works are mainly focused on Governance, Risk and Compliance, Design Thinking for Bankers and Non-bankers, Enterprise Risk Management, Setting KPIs with Enterprise Balanced Scorecard, Organisational Development Audit/Assessment, Compliance Risk Management, Operational Risk and Compliance Management, Transforming Strategy into Business Results.

He had published over 20 Risk Management, Strategy and Technopreneurship articles. He had co-authored 2 books published in 2017:

  1. Design Thinking for Management, Leadership and Technopreneurship, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-4217-8, published in December 2017
  2. Technopreneurship: in Industry 4.0, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-3875-1 published in December 2017

Dr Christopher has most recently been appointed as Dean for School of Finance and Banking with Swiss Institute of Management and Innovation based in Zug, Switzerland. He is also an Adjunct Visiting Faculty to some foreign universities namely: Shanghai JiaoTong University, Central University of Finance and Economics (Beijing), Harbin Institute of Technology (Harbin), S.P. Jain (Singapore and Dubai campus) on a yearly basis on banking certification courses and/or EMBA courses.

The Certified Enterprise Risk Officer (CERO) is the unique programs from the Swiss Institute of Management and Innovation (SIMI)’s School of Finance & Banking. This program is also accredited as the other accredited programs from SIMI.

Accreditation & Recognized of the Swiss Institute of Management and Innovation (SIMI)

Zug Canton

Legal License No. CHE-258.08.017
The Swiss Institute of Management and Innovation (SIMI) is a training institution established and licensed in the Canton of Zug in Switzerland, Legal License No. CHE-258.08.017. SIMI cooperates with our university’s or institute’s partners offering professional and career-oriented higher education programs, participating in various research projects in Switzerland and abroad, and providing internship services for learners.

Accreditation for International Schools, Colleges, & Universities, ASIC, UK

ASIC is an independent, government-approved accreditation body specializing in the accreditation of schools, colleges, universities, training organizations, online and distance education providers, both in the UK and overseas. ASIC accreditation is recognized by the UK Visas & Immigration (UKVI), part of the Home Office and a Member of the CHEA International Quality Group in the USA. SIMI is an accredited Institution by ASIC with Premier status.
Contact SIMI

Blegistrasse 7, 6340 Baar, Switzerland

SIMI is the first Higher Education provider in Zug, Switzerland. SIMI is accredited by ASIC and licensed by Canton of Zug, Switzerland in the training and research.

Accredited by ASIC
Fully accredited by ASIC UK, Premier institution status.

Apply for a scholarshipSIMI offers a variety of Scholarships for International Students. The Scholarship is not for full-time learners in Switzerland and is limited.

    SIMI is the first accredited institute of higher education in Zug Switzerland

    The Swiss Information and Management Institute (SIMI Swiss) website uses cookies and only uses your data to enhance your browsing experience.