Course Content SABSA Institute
Module A1
SABSA Advanced Risk, Assurance & Governance
The Unique Value of SABSA Institute Advanced Modules
The SABSA Chartered Architect programme is a true Professional Certification
awarded by the SABSA Institute, the global governing body for the SABSA method.
It provides employers and peers with confidence and assurance that a successful
candidate has demonstrated in practical terms the real competence and ability to:
Analyse and assess business problems and business-driven requirements;
Apply, modify and customise the SABSA method to strategise and innovate
specific solutions to meet the unique requirements of their organisation,
culture and sector;
Design and create the work-product required to establish and operationalise
SABSA for the solution strategies in their unique environment;
Assess, evaluate and test concepts and theories by populating the workproduct they design for real-world application;
Apply and measurably demonstrate their skills under the pressure of
examinations.
SABSA Advanced Module Competency Development
The SABSA Institute Professional Competency Framework is created from Blooms
Taxonomy of Cognitive Levels. Advanced modules are not about mere knowledge
knowledge about SABSA has already been developed and tested at Foundation
Level (SCF certification) they are about the development and demonstration of
competence to apply SABSA and achieve valuable results for the benefit of the
organisation and the individual.
Competency Level
Skill Demonstrated
Task Examples
Observation and recall of information
Knowledge of facts
Knowledge of major ideas
Mastery of subject matter
Carry out research to find information
List, define, tell,
describe, identify, show,
label, collect, examine,
tabulate, quote,
name, find, identify
Understand information
Grasp meaning
Translate knowledge into new context
Interpret facts, compare, contrast, order,
Group, infer causes, predict consequences
Summarise, explain,
interpret, contrast, predict,
associate, distinguish,
estimate, differentiate,
discuss, extend
Application
Use information & methods, concepts,
& theories in new situations
Solve problems using skills & knowledge
Apply, demonstrate, calculate,
complete, illustrate, show,
solve, examine, modify,
relate, change, classify,
experiment, discover
Analysis
Seeing patterns
Organisation of parts
Recognition of hidden meanings
Identification of components
Analyse, separate,
order, connect, classify,
arrange, divide,
compare, select, infer
Knowledge
2 Comprehension
Synthesis
Evaluation
Combine, integrate, modify,
rearrange, substitute, plan,
create, build, design, invent,
compose, formulate, prepare,
generalise, rewrite
Compare and discriminate between ideas
Assess, evaluate, decide,
Assess value of theories, presentations
rank, grade, test, measure,
Make choices based on reasoned argument recommend, convince, select,
www.alc-group.com
Verify value of evidence
judge, discriminate,
Recognise subjectivity
support, conclude
Use old ideas to create new ones
Generalise from given facts
Relate knowledge from several areas
Predict, draw conclusions
Test Level
Developed
& Tested
by
Foundation
Module
SCF
Certificate
Developed
& Tested
by
Advanced
Modules
SCP
Certificate
(Practitioner)
&
SCM
Certificate
(Master)
�Course Content SABSA Institute
Pre-Requisites to Participating in this Course Module
There are no mandatory pre-requisites for attending this course or for sitting
the Institutes A1 examination module on completion of the course.
However, Foundation Level knowledge and comprehension of SABSA are
required and assumed this module will not repeat SABSA Foundation
materials in-depth and it is therefore strongly recommended that attendees
should be SCF certified before attempting this module.
The principal audience for this module is candidates seeking a SABSA
Chartered Practitioner Certificate (SCP) or the SABSA Chartered Master
Certificate (SCM) for which the SABSA Chartered Foundation Certificate
(SCF) is a pre-requisite.
Candidates passing an Advanced Module examination without first passing
the Foundation Module examination (statistically extremely few) cannot use
the SCP professional designation until they also pass the Foundation
examinations.
Those who have also gained field experience of using their Foundation Level
training in a work situation will benefit most from attendance at a SABSA
Advanced course.
Advanced Module - Course Delivery Methodology
Advanced modules are heavily practical in nature and the techniques used to
develop and demonstrate Advanced competencies include:
Presentation of advanced issues, concepts, models & approaches
Individual and group research
Q&A based on research
Open forum discussions
Coaching & mentoring
Workshops based on case studies to apply techniques
Group & individual analysis
Group presentations
Candidates may desire to perform additional work outside of course hours.
The Institute requires that your course facilitator is a highly-experienced
SABSA Chartered Master Architect (SCM) and, although group presentations
are included in the course, it is not based on extensive lecturing. The primary
function of the facilitator is to guide, mentor and assess the work of small
syndicate groups or individuals, each of whom may be creating different workproduct applicable to the specific challenges of their organisation, culture or
sector.
www.alc-group.com
�Course Content SABSA Institute
SABSA Institute Advanced Examination Format
The examination approach for a SABSA Advanced Course is totally different
from that used at Foundation Level. Candidates are required to demonstrate
advanced competencies to use the SABSA method and framework.
The examination is therefore entirely open book and project-based.
Examination papers contain 5 questions from which candidates must choose
2 to answer. Using examples from real working environments, or by creating
a case study, or a combination of both, candidates are required to assess
issues, evaluate solution approaches, and customise and apply the SABSA
method and framework to create and populate appropriate SABSA workproducts (techniques, tools, templates, models, frameworks, etc.).
Examination answers must be provided within 4 weeks of the examination
date.
Requirement for Personal Computers
Due to the nature of Advanced course modules and examinations it required
that participants bring personal computing devices in order to create, discuss,
share, populate and store personal work product in portable, editable form,
such that it can be applied extensively:
In the candidates place of work;
In the preparation and submission of the candidates examination
answers.
Candidates are responsible for ensuring the computing devices they use are
pre-loaded with all software that may be appropriate to their needs including
word processors, spreadsheets, databases, and diagramming tools.
Outline Module A1 SABSA Advanced Risk, Assurance &
Governance
All Advanced modules follow the SABSA method sequentially as it relates to a
specialist professional area. Module A1 applies SABSA to the areas of Risk,
Assurance & Governance.
Section 1 Risk, Assurance & Governance in the SABSA Framework
o The role of Risk & Risk Management
o SABSA Risk & Opportunity Model
o Business-driven architectural decomposition in Risk,
Governance & Assurance
o The SABSA Risk Management Process (RMP) Overview &
Meta-model
Section 2 Strategy & Planning - Establishing Risk Context
o Domain-based Risk Context
o Identifying Stakeholders & Risk Owners in a SABSA
Governance Framework
www.alc-group.com
�Course Content SABSA Institute
o The SABSA-Extended RACI Model
o External Context Analysis Taxonomies & PESTELIM Analysis
o Internal Context Analysis Taxonomies & SABSA-based SWOT
Analysis
o Through-life Risk Perspectives
Section 3 Strategy & Planning - Risk Identification
o Threat & Opportunity Event Identification Taxonomies
o Vulnerability & Strength Identification Taxonomies
o Using Attribute Taxonomies for Identifying Risk Consequences
Section 4 Strategy & Planning - Risk Analysis & Assessment
o SABSA Approach to Risk Assessment
o Applying the SABSA Performance Measurement Framework to
Assess Assets at Risk
o Assessing Threat & Opportunity Event Probability
o Assessing Risk Likelihood
o SABSA Approach to Risk Appetite Thresholds
o SABSA Approach to Assessing Risk Consequences
o SABSA Application of Risk Levels to Provide Early Warning
Capability
Section 5 Strategy & Planning - Risk Evaluation
o Risk Evaluation Criteria
o Risk-Architecting Complex Enterprise Environments
Business process decomposition
Hierarchical systemic domain impact / benefit
Hierarchical systemic domain conflict
Systemic risk interactions between peer domains
Compound risk interactions
Domain & enterprise aggregation
The SABSA Enterprise Impact Framework
Section 6 Strategy & Planning Risk Treatment Strategy
o Objectives for Enablement & Control
o Risk Treatment Dependency Modelling
o Risk Treatment Traceability
o Risk Finance Strategy
o Role of Pure & Residual Risk
o SABSA Risk Treatment Lifecycle
www.alc-group.com
�Course Content SABSA Institute
o Risk Ecosystem Lifecycle & Panarchy
Section 7 Design & Implement Risk Treatment
o Risk Policy & Management Architecture
o SABSA Multi-tiered Control Strategy
o Balanced Risk Treatment Decisions
Section 8 Manage & Measure Risk Management
o The Control System in a Control Feedback Loop
o Through-life Vitality
o Treatment Inheritance & Re-use
o The Role of Key Risk Indicators & Analysing Change
o Considerations & Implications for Risk Systems & Dashboards
Section 9 Through-life Governance
o SABSA Governance Model Revisited
o Lifecycle Perspectives
o Risk Communications Architecture
Section 10 Through-life Assurance
o SABSA Assurance Framework & Model
o Assurance Levels & Correlation with Risk Levels
o Defining & Populating Assurance Matrices
Asset, Information & Systems Assurance
Risk Assurance & the SABSA RMP
Process Assurance & the SABSA Capability Maturity
Model
People Assurance
Location Assurance
Time & Performance Assurance
Lifecycle Assurance Views
What a Course Attendee will take away
Experience in applying the SABSA Risk Management Process,
Assurance Framework & Governance Model to their specific
organisation, sector and culture;
The skills and competence to plan, design, implement and manage a
SABSA Risk Management Architecture through-life;
The skills and competence to plan, design, implement and manage the
SABSA Assurance & Governance Frameworks;
www.alc-group.com
�Course Content SABSA Institute
Customised strategies and detailed work-products to apply the SABSA
Risk Management Process, Assurance Framework and Governance
Models, on Domain and Enterprise basis, and throughout the business
lifecycle.
Who Should Attend
Any SABSA Chartered Practitioner Architect (SCP) Candidate, SABSA
Chartered Master Architect (SCM) Candidate, and any professional seeking to
develop practical advanced competency to architect Business Risk,
Assurance and Governance structures and processes, including:
CIO / CISO / CTO / CIRO
Risk & Security Professionals
Quality Assurance Professionals
Audit & Compliance Professionals
Business & IT Strategists and Planners
Business, IT & Risk Management Architects
Managers of Risk Disciplines including
o Enterprise Risk Managers
o Programme & Project Risk Managers
o Operational Risk Managers
IT Risk Specialists
Security Risk Specialists
Service Managers
www.alc-group.com
