Skip to main content
NITA AccreditedAdvancedPhysical + Virtual10 daysTOGR863

Training on Governance, Risk & Compliance (GRC) Masterclass

Master Governance, Risk & Compliance (GRC) with practical tools and strategies for stronger accountability, risk control, and compliance.

Next intake

20 Jul 2026 · Nakuru

View all dates

Duration

10 days

Live instruction

Delivery

Physical + Virtual

Cohort based

Level

Advanced

Working professionals

Certification

NITA reimbursable

For Kenyan cohorts

Language

English

All materials

Overview

About this programme

This masterclass provides participants with a deep understanding of Governance, Risk, and Compliance (GRC) frameworks and practices. The course explores how organizations can integrate governance principles, manage risks effectively, and ensure compliance with regulations to achieve strategic objectives. It blends theory, practical tools, and case studies to equip learners with actionable GRC skills for organizational resilience and accountability.

Duration

10 Days

Who Should Attend

  • Compliance officers and managers.

  • Risk management professionals.

  • Corporate governance practitioners.

  • Internal auditors and legal advisors.

  • Executives and board members.

  • NGO and public sector administrators.

Learning outcomes

What you'll walk away with

By the end of the course, participants will be able to:

  • Explain the principles of GRC and its role in modern organizations.

  • Apply tools for effective governance and ethical leadership.

  • Conduct risk identification, assessment, and mitigation planning.

  • Design compliance programs that align with regulatory standards.

  • Integrate GRC into strategic decision-making processes.

Course modules

What we cover, module by module

Module 1: Foundations of GRC

  • Core principles of governance, risk, and compliance

  • The role of GRC in organizational strategy

  • Key frameworks: COSO, ISO 31000, OCEG

  • Case study: Enron Corporate governance failures and lessons learned

Module 2: Corporate Governance & Board Responsibilities

  • Roles of board of directors, audit committee, and executive management

  • Ethical culture, code of conduct, and tone from the top

  • Stakeholder theory vs. shareholder primacy

  • Case study: Wells Fargo fake accounts scandal Board oversight failure

Module 3: Enterprise Risk Management (ERM)

  • Risk identification, assessment, and mitigation strategies

  • Risk appetite, tolerance, and capacity

  • Heat maps, risk registers, and bow-tie analysis

  • Case study: Barings Bank Operational risk and lack of segregation of duties

Module 4: Compliance Program Design & Management

  • Elements of an effective compliance program (USSC guidelines)

  • Regulatory mapping, horizon scanning, and obligations management

  • Policies, procedures, and training

  • Case study: Siemens bribery scandal Compliance breakdown and remediation

Module 5: Internal Controls & Testing

  • COSO internal control framework (5 components)

  • Preventive, detective, and corrective controls

  • Control testing: Design effectiveness vs. operating effectiveness

  • Case study: Toshiba accounting scandal Control override and management pressure

Module 6: IT GRC & Cybersecurity Risk

  • IT governance frameworks: COBIT, NIST CSF, ISO 27001

  • Cybersecurity risk assessments and threat landscapes

  • Data privacy: GDPR, CCPA, and cross-border transfers

  • Case study: Equifax data breach IT control failures and patch management

Module 7: Third-Party Risk Management (TPRM)

  • Vendor onboarding, due diligence, and tiering

  • Contractual risk allocation (indemnification, audit rights)

  • Continuous monitoring and offboarding

  • Case study: Target data breach HVAC vendor access leading to compromise

Module 8: Whistleblowing, Incident Management & Investigations

  • Whistleblower protection laws (Dodd-Frank, EU Whistleblowing Directive)

  • Incident response plans: Detect, respond, recover

  • Root cause analysis and corrective action plans (CAPs)

  • Case study: Theranos Whistleblower role and internal investigation failures

Module 9: GRC Metrics, Reporting & Assurance

  • Key Risk Indicators (KRIs) vs. Key Performance Indicators (KPIs)

  • Board-level GRC dashboards and heat maps

  • The Three Lines of Defense model (internal audit's role)

  • Case study: 2008 Financial Crisis Risk reporting failures at Lehman Brothers

Module 10: GRC Maturity, Culture & Continuous Improvement

  • GRC maturity models (Ad-hoc → Optimized)

  • Building a speak-up culture and psychological safety

  • Integrating GRC with strategy and ESG (environmental, social, governance)

  • Case study: BP Deepwater Horizon Safety culture, governance, and risk communication failures

Impact

Where the change lands

Organizational Impact

  • Strengthened governance and accountability structures.

  • Proactive risk management and mitigation.

  • Enhanced regulatory compliance and reduced penalties.

  • Improved stakeholder confidence and reputation.

Individual Impact

  • Practical skills in risk assessment and compliance monitoring.

  • Broader understanding of governance frameworks.

  • Enhanced ability to align compliance with business strategy.

  • Career growth in governance, compliance, and risk fields.

Dates and locations

Upcoming intakes

Every intake is limited to a small cohort. Booking closes when a date fills or three weeks before the start, whichever comes first.

Full calendar
FAQs

Common questions.

Still not sure? Send us a note and a facilitator will get back to you within a business day.

All sectors—corporate, financial, nonprofit, and government—can apply GRC principles.

Course finder

Find the right course for you

Prefer to talk it through? Send us an enquiry and a facilitator will scope a fit within a business day.

For corporate teams

Training 10+ professionals?

We deliver Training on Governance, Risk & Compliance (GRC) Masterclass in-house at your offices, at a venue we arrange, or fully virtual. Customise the curriculum against your KPIs, and get a bespoke price for the cohort size you need.