*SMU Professional Certificate in Governance, IT Risk Management and Compliance (IBF Level 2)

It is imperative for professionals in technology & operations (T&O) to be able to develop and implement effective controls to manage operational risk, activate technology disaster plans to ensure business continuity.

This 3-day certification program adopts an experiential learning approach. Participants works on an extended case study to implement risk management controls to comply with regulatory requirements and industry best practices.


Programme Objectives

  • Determine and justify risk tolerance & appetite

  • Assess risk and select risk treatment option

  • Develop and test business continuity plan & remedial actions

  • Design risk reporting process & tools

  • Apply data protection principles to device policies & processes

  • Use the Six Sigma approach to manage compliance risk

  • Enhance professional excellence with small group coaching

  • Expand perspectives through peer interactions & review

Who Should Attend

  • Professionals with minimum 3 years relevant experience in IT risk management & security related function (e.g. security engineer, senior information security officer, senior risk officer, senior compliance or control officer, security administrator)

  • Participants who have completed IBF Standards Technology Level 1 program or show proof of competency at Level 1


Risk Identification & Assessment

  • Determine risk appetite & tolerance

  • Identify risk factors & scenarios

  • Assess risk using risk models

  • Case study activities
    1.Identify business & technology Issues
    2.Determine & justify risk appetite
    3.Identify & list key risk exposures & scenarios
    4.Develop risk matrix and heatmap


Risk Response Options & Action Plan

  • Weigh risk response options

  • Prioritize based on quick wins & business case

  • Develop & execute risk action plan

  • Define monitoring metric & threshold

  • Define key risk indicators & triggers

  • Case study activities
    5.Select risk treatment & prioritize action plan
    6.Determine frequency, data source & metrics


Reporting, Escalation & Risk Ownership

  • Assign risk ownership

  • Escalate risk along the three lines of defense

  • Design risk tools

  • Develop business continuity plan

  • Manage crisis & response to breaches

  • Case study activities
    7.Design reporting process & tools
    8.Create risk register & identify tools


Compliance Risk Management

  • Know the regulatory requirements & landscape

  • Case study activities
    9.Apply Six Sigma approach to manage compliance risk
    10.Derive polices & procedures using data protection principles
    11.Determine compliance rating with reference to MAS Technology Risk Management Guidelines

Assessment & Certification

There will be an assessment towards the end of the course and it comprises two sections – MCQs and case studies where the latter will be in the form of a written assessment and presentation.

Upon successful completion of the course, participants will be awarded the SMU Professional Certificate in Governance, IT Risk Management and Compliance (IBF Level 2).

Type of Course



Finance, Financial IT and Risk Management

Fees & Funding

SGD $3,000 (excl. GST)

Net fee payable upfront for eligible self-sponsored applicants:

Singaporeans and PRs
S$900 (excl. GST)

Singaporeans aged 40 years and above
S$300 (excl. GST)

Terms & conditions apply


IBF-STS Funding
IBF-STS Funding of 70% is available to eligible institutions and qualified individuals subject to a cap of S$7,000 per participant per programme. Singapore Citizens aged 40 years old and above are eligible for 90% co-funding of direct training costs, subject to the existing grant caps. For terms and conditions, please click here: https://www.ibf.org.sg/programmes/Pages/IBF-STS.aspx


SkillsFuture Credit
Singapore Citizens aged 25 and above, and self-funding may use their SkillsFuture Credit (up to S$500) to defray part of the course fee. Please click User Guide on how to submit your claim. SkillsFuture Credit claims may be submitted by logging in via MySkillsFuture.sg.

Union Training Assistance Program (UTAP)
NTUC members are eligible for UTAP funding at 50% of the unfunded course fee capped at $250 every year. For application, terms and conditions, please click here.


Completed IBF Standards Technology Level 1 programme; or show proof of competency at Level 1; or Possess minimum 3 years of relevant experience in IT Risk Management and Security related function

Course Dates

11 - 13 Apr 2018
Wed - Fri 09:00 - 17:00

Contact Us

For enquiries, please contact Chiew Yee at 6828 0971, Jaclyn at 6828 0254 or email fti@smu.edu.sg

Programme Policies

Please click here for the programme policies, terms and conditions. 

Trainer’s Biography

Leonard Ong has over 15 years of information and corporate security experiences gained in telecommunication, enterprise and banking industries. He held various roles within the security profession, with responsibilities in information security, corporate security, project management, consulting and business development. Currently Associate Director at Merck, Leonard also serves on the ISACA Board of Directors.