Certified Governance Risk and Compliance Officer Program

The most recent pandemic crisis, Covid-19, had clearly revealed the inadequacy in enterprise risk management (ERM) in many organisations globally. COSO ERM June 2017 stated that many corporations attempt to implement ERM were often not enterprise-wide in scope, and applications of ERM were rarely integrated with strategy-setting. Risk is an aspect of many, if not all, discussions on compensation, corporate strategy, identification of KRAs, KRIs and KPIs at Board of Directors’ (BOD) level. This oversight of risk is part of the BOD’s responsibility, instilling governance, for supervising the activities executed by the C-suite executives and establishing boundaries within which the corporation must implement those strategic objectives, approved by BoDs, into process, whilst managing and protecting themselves with enterprise-wide risk management, from the dire consequences of uncertain and unexpected events. This is to ensure compliance to both internal and external policies and regulations with effective internal controls/procedures incorporating the latest COSO ERM June 2017 and ISO31000 February 2018 standards.

This 5-day program participants will learn how to develop and implement processes that identify, measure, monitor, control and mitigate risks across the enterprise, ranging from failures in governance, risk management and compliance of risks emanating from the strategy setting at BOD level, all the way through the risks caused by external and non-controllable events. The workshop will also cover the formation of GRC framework that integrates your risk management processes, compliance policies and regulation as well as governance with effective strategy execution so that your company can continue to follow highly innovative strategies, while simultaneously anticipating and mitigating the inherent risks.

By the end of this training program, each participant will be able to:

  • Assess organisational risk maturity level to aid formation of GRC Framework
  • Identify, manage and mitigate GRC risks from unexpected and uncontrollable events
  • Establish early warning GRC section to monitor the unusual trading/investment patterns for effective GRC management
  • Align GRC management to your corporate strategy for holistic strategic planning
  • Build a GRC framework for effective risk monitoring and control

Training methodology

This 5-day program is entirely interactive and every participant will be fully participative in group discussion, exercises and case studies. A step-by-step guidance in how to develop, establish and implement an GRC framework will be taught to each participant. Trainer will coach each participant and ensure that each participant is able to execute the GRC framework.

Who should attend

Anyone who is currently working in the risk management department, governance/ethics related, compliance department and internal audit are welcome to join this certification program.

Course requirements

Participant should have at least 3 years of practical experience in risk and/or audit related experiences. He/she needs to have pre-requisite knowledge in finance and capital markets.

Day 1

What is Governance, Risk and Compliance (GRC)?

  • Why GRC? What does it comprised of?
  • Recognise the inter-relationship of Governance to Risk and to Compliance
  • High profile corporate failures due to mismanagement of GRC
  • GRC Continuum

What is Risk, Risk appetite, Risk Capacity, Risk Culture and Capital per ISO31000: 2018 & COSO ERM 2017

  • Definition of Risk per ISO31000 February 2018 and COSO ERM June 2017
  • Scope of risk capacity and risk appetite of each organisation
  • Strategic, financial and operational risk
  • Impact of GRC to Capital Adequacy
  • Instil GRC to form Risk Culture

Behavioural Finance and its impact on GRC

  • Top Management behaviour towards investment decision making
  • Relationship between Risk and Behavioural Finance
  • The importance of behavioural finance and how it works
  • Behavioural finance influencing top managements’ choices and decision making


Participants will learn to apply behavioural finance techniques on case scenarios and understanding its impact on top management’s strategy selection and other investment decision making. Participants will be able to drawn concrete lessons learnt resulting in ability to balance impacts from rational and emotional behaviours of top management.

The GRC Framework and BOD Oversight per COSO ERM 2017 and ISO3100: 2018

  • Risk Oversight by BOD per COSO ERM 2017 and ISO3100: 2018
  • Risk Oversight Perspective – Top Down, Bottom Up and Middle Approaches
  • Roles and Responsibilities of BOD, CEO and Exco
  • Holistic GRC Framework

Align GRC to Strategic Planning

  • Identify the organisation’s strategic objectives
  • Align GRC to Strategic Planning at corporate level
  • Balance risk appetite with risk capacity at strategic planning level
  • Categories the various risks at strategic or BOD level
  • Establishing an Holistic GRC framework at strategic/BOD level


Participants will study a classical case study on how the GRC was misaligned to corporate strategy during the strategic planning process. They will identify key lessons learnt while drawing references to current global financial situation leading to best practices being formed and adopted.

Day 2

Establishing an Embedded GRC Process

  • Known vs Unknown, Risk vs Uncertainty impacting GRC Process
  • Why financial risks are only the tip of the iceberg
  • Challenges due to recent global crisis, regulatory and compliance
  • Risks pertaining to Market, Credit, Liquidity, Operational, Strategic, Reputational, Legal, Model, Supplier, Resources and Compliance
  • Developing a GRC strategy for your organisation
  • Establishing the business case
  • Selling the benefits to management
  • The need for risk champions
  • Risk and competitive advantage

Risk identification and evaluation for GRC Compliance incorporate ISO3100: 2018 and COSO ERM 2017

  • Approaches and techniques to Identify Risks pertaining to Market, Credit, Liquidity, Operational, Strategic, Reputational, Legal, Model, Supplier, Resources and Compliance
  • Establish a GRC process
  • The use of diagnostic questions and thought provokers
  • The pros and cons of using data capture technology
  • How to identify, sift and group those GRC risks


Participants will be given a case study and deploy the various evaluation techniques to identify the types of GRC risks in the given case study. They will learn the different approaches and challenges involved in the process of risk identification, and management.

Assessment of Risk Mitigation for GRC Compliance per ISO 31000: 2018 and COSO ERM 2017

  • Deal with the risk exposures
  • Recording the risks – risk registers or risk maps
  • Risk registers – do’s and don’ts
  • Establishment of action plans
  • Allocation of risk owners
  • Ensure GRC risks are controlled and mitigated effectively
  • How to assess risk mitigation effectiveness
  • The need for diligence, detailed scrutiny and challenge
  • Risk mitigation and dealing with the exposures in practice


A case study will be given to participants to firstly identify the types of GRC risks and discuss the various possible risk mitigation strategies. They will learn the different approaches and challenges involved in the process of risk mitigation and control.

Day 3

Align Business Risks to Business Planning for GRC Compliance per ISO31000: 2018 & COSO ERM 2017

  • Align business risks to business planning at business unit levels
  • Empower risk owners – how to determine such personnel and enforce ownership
  • Developing risk tracking capability
  • Using the risk register as a decision mechanism
  • Establish risk management committee reporting
  • Evaluate key business risks every half yearly

Establishing Key Risk Areas and Key risk indicators

  • Learn how to build effective key risk areas (KRAs) and key risk indicators (KRIs).
  • Align KRIs to KRAs
  • Ensure KRAs link to Corporate Objectives at Strategic/BOD level


Participants will be given a case study to identify the misalignment of business planning to business risks resulting in financial losses. They will also discuss on the various ways to mitigate such GRC risks and design proper communication channels as well as effective risk control mechanism.

Emergence of Information Security Risk and impact on GRC

  • How to handle data breaches and headline news?
  • Determine the information breaches and its impact on firm’s financial losses
  • Best practices from international Information Security Standards
  • Identify the types of information security incidents – what is key to the firm?
  • Establish the key information security risks
  • Determine the level of confidentiality of the identify key information security risks
  • Types of Assessments – Surveys, RCSA, stress tests and scenario analysis
  • Types of Controls – issues of behavioural bias, KRIs and early warning indicators


Participants will be given a case study to identify the causes to information security risks. They will draw lessons learnt with possible risk mitigation on people and process resulting in a viable and implementable risk solution.

Day 4

Governance in GRC Framework per COSO ERM 2017 and ISO3100: 2018

  • Take ownership of Risks by BOD, CEO and Exco
  • Responsibility to stakeholders by BOD and CEO
  • The increasing importance of corporate governance
  • Record of accountability
  • Protect the financial position and capital
  • Put in place business continuity and crisis management strategy
  • Be responsible to environment sources / treatments
  • Ensure effective communication – internally and externally to stakeholders

Cascading the GRC Process from Top Management/BOD levels per COSO ERM 2017 and ISO3100: 2018

  • Stakeholders interest in risk & measuring the benefits
  • Risk awareness for all staff
  • Evaluate risks within these relationships
  • Breaking down Key Risk indicators (KRI’s) at corporate/business level into Key Performance Indicators (KPIs) for individuals
  • How to identify and reduce excessive controls
  • Escalate key risks up the BOD level for their action
  • Co-ordinate the whole process
  • Manage stakeholder expectations
  • Manage and Instil Risk Culture for competitive advantage


Participants will be given a case study requiring them to establish the corporate KRIs and subsequently breaking them down into individual KPIs for GRC compliance. They will discuss and challenged each other on its viability and functionality leading to drawing lessons learnt.

Managing the Governance Risk on Financial Crime

  • Anti-bribery and corruption requirements
  • Managing the risk of money laundering and Counter terrorist financing
  • The role of the Money Laundering Reporting Officer
  • International dimensions in AML and FATF
  • Managing the risk of market abuse and market manipulation
  • Market misconduct Insider dealing
  • Managing the risk of fraud
  • Tax evasion and tax avoidance


A case study will be given to participants requiring them to identify situation of potential financial crime, understand causes to such risks and subsequently mitigate such risks for GRC compliance. They will discuss and challenged each other on its viability and functionality leading to drawing lessons learnt.

Day 5

Establishing GRC Systems in Emerging Countries

  • GRC and its benefits in emerging markets
  • Evolution of GRC in emerging markets
  • Rationale for effective GRC in emerging markets
  • Responsibility of the Board in GRC and extensions to emerging markets
  • Risk, Reward, and Risk Appetite in emerging markets
  • GRC Practice in emerging markets

The Rise and Evolution of Chief GRC Officer

  • Role and responsibility of governance, risk and compliance function
  • Providing assurance
  • Importance of relationship management
  • Conduct of business governance, risk and compliance
  • Instil prudential governance, risk and compliance
  • Best practice


Participants will be given a case study from emerging countries where they identify the external and internal environmental challenges in establishing GRC framework and systems. This will lead to an implementable framework for participants to take home for further deliberation and implementation.

Every participant will either use their own organization or an approved case study and attempt to apply all the knowledge that they had acquired over the 5-days. This includes setting up the GRC Framework, KRIs, identify the root causes to different types of key risks covering governance, market, credit, operational, liquidity, compliance and cyber, setup GRC risks measurements, monitoring and controls plus reporting structure. This project will be then assessed by a panel of international experts in the 2 accrediting bodies in addition to the trainer.

Dr. Christopher Goh

Dr. Christopher is a professional, with some 25 years with extensive experience in, risk management, design thinking, compliance, anti-money laundering, strategic planning, exotic options, behavioural finance, and structuring products using derivatives and in particular to enterprise risk management where he spent some 15 years in this area, where he was the pioneer in risk management, since 1989.

He holds the title of chief risk officer for Asia Pacific having established holistic enterprise risk management and compliance framework, which includes anti-money laundering, sanctions, compliance and governance, spearheaded the implementation enterprise risk management process for some 3 international banks in Asia Pacific.

He had implemented enterprise risk management and compliance framework through practical experience gained through various diverse economic cycles. He had worked for 6 different banks over a period of some 25 years across 6 different cultures, business practices and management styles. This had given him a very deep knowledge in handling clients and managed staff from diverse cultural background.

Dr Christopher had conducted many in-house corporate seminars for the past 15 years training international and central bankers, senior management from government bodies from Asia region like Malaysia, Indonesia, Taiwan, China, Singapore, South Korea, Thailand, Hong Kong, Vietnam, Myanmar, Philippines, and to as far as London, Vienna, Jeddah, Riyadh, Kuwait, Johannesburg, Lagos (Nigeria), Accra (Ghana), Nairobi (Kenya), Dubai, Zimbabwe, Zambia, Lesotho, Moscow and Ulaanbaatar (Mongolia). He had since travelled to some 38 international cities to conduct international workshops and consultancies.

His current seminars and consultancy works are mainly focused on Governance, Risk and Compliance, Design Thinking for Bankers and Non-bankers, Enterprise Risk Management, Setting KPIs with Enterprise Balanced Scorecard, Organisational Development Audit/Assessment, Compliance Risk Management, Operational Risk and Compliance Management, Transforming Strategy into Business Results.

He had published over 20 Risk Management, Strategy and Technopreneurship articles. He had co-authored 2 books published in 2017:

  1. Design Thinking for Management, Leadership and Technopreneurship, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-4217-8, published in December 2017
  2. Technopreneurship: in Industry 4.0, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-3875-1 published in December 2017

Dr Christopher has most recently been appointed as Dean for School of Finance and Banking with Swiss Institute of Management and Innovation based in Zug, Switzerland. He is also an Adjunct Visiting Faculty to some foreign universities namely: Shanghai JiaoTong University, Central University of Finance and Economics (Beijing), Harbin Institute of Technology (Harbin), S.P. Jain (Singapore and Dubai campus) on a yearly basis on banking certification courses and/or EMBA courses.

Certified GRC Officer is the unique programs from the Swiss Institute of Management and Innovation (SIMI)’s School of Finance & Banking. This program is also accredited as the other accredited programs from SIMI.

Accreditation & Recognized of the Swiss Institute of Management and Innovation (SIMI)

Zug Canton

Legal License No. CHE-258.08.017
The Swiss Institute of Management and Innovation (SIMI) is a training institution established and licensed in the Canton of Zug in Switzerland, Legal License No. CHE-258.08.017. SIMI cooperates with our university’s or institute’s partners offering professional and career-oriented higher education programs, participating in various research projects in Switzerland and abroad, and providing internship services for learners.

Accreditation for International Schools, Colleges, & Universities, ASIC, UK

ASIC is an independent, government-approved accreditation body specializing in the accreditation of schools, colleges, universities, training organizations, online and distance education providers, both in the UK and overseas. ASIC accreditation is recognized by the UK Visas & Immigration (UKVI), part of the Home Office and a Member of the CHEA International Quality Group in the USA. SIMI is an accredited Institution by ASIC with Premier status.
Contact SIMI

Blegistrasse 7, 6340 Baar, Switzerland

SIMI is the first Higher Education provider in Zug, Switzerland. SIMI is accredited by ASIC and licensed by Canton of Zug, Switzerland in the training and research.

Accredited by ASIC
Fully accredited by ASIC UK, Premier institution status.

Apply for a scholarshipSIMI offers a variety of Scholarships for International Students. The Scholarship is not for full-time learners in Switzerland and is limited.

    SIMI is the first accredited institute of higher education in Zug Switzerland

    The Swiss Information and Management Institute (SIMI Swiss) website uses cookies and only uses your data to enhance your browsing experience.