Applying Risk Framework in PracticeRisk Management / ChatGPT

Introduction

Organisations rarely fail due to the absence of risk frameworks; more often, failure arises when frameworks are misread, over-formalised, or under-used in management decision-making. Although risk registers, internal controls, and assurance reports may exist, they frequently do not translate into timely risk insight or effective action. This programme focuses on how recognised frameworks such as COSO ERM and COSO Internal Control are interpreted and applied in practice, helping participants exercise judgement, prioritise risk information, and use risk and assurance outputs to support real management and governance decisions beyond procedural compliance.

Key Takeaways

• Read and interpret risk and control frameworks intelligently in practical contexts
• Recognise common misapplications and over-formalisation of frameworks
• Exercise judgement when risk, control, and assurance information is incomplete or ambiguous
• Use framework-based insights to support management and governance decisions

Who Should Attend

This programme is designed for executives, managers, and professionals who are already exposed to risk management or internal control frameworks and are responsible for using them in decision-making, oversight, or assurance roles, and who wish to move beyond procedural compliance towards more informed and effective application.

Programme Outline

Day 1: Interpreting Risk Frameworks in Real Organisations

1. Why Frameworks Are Often Misused

• Frameworks as language, not instructions
• How good frameworks become compliance artefacts
• Over-formalisation and “false comfort”
• Signals that frameworks are not being used well

2. Interpreting Risk Information

• What risk registers really tell management—and what they don’t
• Risk severity, uncertainty, and blind spots
• When risk information deserves management attention
• Judgement in risk escalation

3. COSO ERM as a Decision Lens

• Re-reading COSO ERM through a management lens
• Strategy, objectives, and risk trade-offs
• Using ERM concepts to frame difficult decisions
• Common misinterpretations of ERM principles

4. Case Discussion: Reading Between the Lines

• Interpreting risk information from an imperfect case scenario
• Distinguishing substance from form
• Identifying where judgement, not process, matters

Day 2: Controls, Assurance & Management Use

1. Internal Controls in Practice

• What internal controls can reasonably achieve
• Control design vs control reliance
• Preventive and detective controls in context
• Control effectiveness versus control comfort

2. 2. Assurance Without Illusion

• Why assurance often fails to change behaviour
• Management responsibility versus assurance roles
• Evidence, confidence, and decision-use
• When assurance adds value—and when it does not

3. 3. Connecting Risk, Control & Assurance

• How risk thinking should inform control choices
• Avoiding duplication and RM fatigue
• Interpreting control and assurance outputs holistically
• Aligning assurance with management needs

4. 4. Using Frameworks to Make Better Decisions

• Applying risk thinking to budgeting, investments, and change
• Asking better risk and governance questions
• Recognising early warning signals
• Practical next steps for participants

Methodologies

This programme adopts a facilitated, case-based discussion approach, using calibrated composite scenarios that reflect realistic organisational challenges rather than exact historical events. Short conceptual inputs are used to frame discussion, while guided questioning encourages participants to interpret risk, control, and assurance information, exercise judgement, and translate insights into practical management and governance decisions beyond procedural compliance.

Programme Trainer

Lawrence Poh, CA (Singapore), ATP (Income Tax & GST), FCCA, ACTA

Member: SAAL, IIA, SID

BA (NUS), MA (Applied Linguistics, NTU)

Lawrence Poh draws on his background in communication, finance, and adult learning to help professionals present ideas with clarity and confidence. With over 30 years of corporate and international training experience, he has conducted programmes on presentation, communication, and executive writing for clients including the Brunei Investment Agency, Kenya Institute of Management, Erdenet Mining, Civil Authority of Mongolia, and Maldives International Airport. Known for his clear, warm, and practical style, Lawrence encourages participants to discover their authentic voice and deliver messages that connect with both intellect and emotion.