Effective risk management is no longer optional — it is the foundation of strong organizational governance and the difference between companies that thrive in uncertainty and those that fail under it. This course provides a practical, accessible introduction to enterprise risk management, designed for internal auditors, risk professionals, managers, and anyone seeking to understand how risk is identified, evaluated, and managed across an organization.

Drawing on real-world lessons — including a detailed look at the Silicon Valley Bank failure and what happens when risk management governance is neglected — this course examines why risk management matters, how it should be embedded into an organization's culture and strategy, and how the three lines model defines the responsibilities of management, risk and compliance functions, internal audit, and the governing body. You will learn what internal audit can and cannot do in supporting risk management, the safeguards required when internal audit takes on additional risk activities, and how to recognize the warning signs of a weak risk culture.

The course also introduces the language of risk management — risk appetite, risk tolerance, risk capacity, risk preference, and risk culture — and walks through the five stages of the risk maturity model so you can assess where your own organization stands today and where it needs to go. You will be introduced to the major risk management frameworks, including COSO, ISO, COBIT, and NIST, along with the six main risk categories used when conducting risk assessments at both the enterprise and entity levels.

This is the first in a three-part series on risk management. It establishes the foundational concepts that will be applied in the two subsequent courses on risk-level risk assessments and enterprise-level risk assessments. By the end of this course, you will have a clear understanding of why risk management is essential, who is responsible for what, and how to begin building or strengthening a risk management program in your own organization — using tools you already have.

Topics Covered

• The importance of risk management and the consequences of risk management failures, illustrated through the Silicon Valley Bank case study
• The definition and goals of risk management and enterprise risk management
• Benefits of an effective enterprise risk management program
• The three lines model and the responsibilities of the governing body, first line, second line, and third line
• Internal audit's role in risk management, including primary and secondary responsibilities, required safeguards, and activities internal audit should not perform
• Common enterprise risk management mistakes and best practices for building a strong program
• Key risk management terminology, including risk appetite, risk tolerance, risk capacity, and risk preference
• Risk culture and its core components, including awareness, communication, accountability, and the importance of normalizing failure
• The five stages of the risk maturity model and internal audit's evolving role across each stage
• Major risk management frameworks (COSO, ISO, COBIT, and NIST) and the six main risk categories used in risk assessments