Phase 1 · ERM Foundations
Phase 2 · Cyber Risk Deep Dive
Phase 3 · Internal Controls & Governance
Phase 4 · Business Continuity & Ops Risk
Capstone · Final Review
Phase 1
Foundation Phase: ERM & the Foundations of Risk
1
Understanding Advanced ERM Foundations
Understanding definitions before definitions — building the bedrock ERM vocabulary.
ERM Fundamentals
→
2
Risk Treatment Strategies
Identifying raw danger manger before controls.
Treatment
→
3
Risk Identification & Inherent Risk
Identifying raw danger before controls are applied.
Risk ID
↓ progresses into ↓
Phase 2
The Cyber Risk Deep Dive
4
Ransomware Risk Model
Anatomy of ransomware threats and sector-specific modeling.
Threat Modeling
→
5
Quantifying the "Unquantifiable"
Frameworks for putting dollar values on intangible cyber exposures.
Quantification
→
6
Cyber Insurance Underwriting
How insurers assess public-sector cyber risk and price coverage.
Insurance
→
7
Limits, Sublimits & Exclusions
Navigating policy language traps and coverage gaps.
Policy Logic
→
8
Remedial vs. Preventative
Balancing after-the-fact remediation with proactive prevention investment.
Strategy
Cyber Risk Savvy_R1.pdf
⟳ Convergence Point — Policy Logic (M8) feeds both Phase 3 & Phase 4
Phase 3
Internal Controls & Governance
9
Internal Control Framework
COSO / INTOSAI frameworks applied to public finance environments.
Frameworks
→
10
Fraud Prevention & Detection
Red flags, segregation of duties, and detection analytics.
Fraud
→
11
Ethics & Transparency
Building an ethical culture and transparent reporting standards.
Governance
→
12
Service Delivery Alternatives
Shared services, outsourcing, and risk transfer models in government.
Service Models
↕ parallel track ↕
Phase 4
Business Continuity & Operational Risk
11
Ethics & Transparency (Shared)
Feeds both governance and business-continuity planning perspectives.
Shared Module
→
13
Disaster Preparedness & Resiliency
Pre-event planning: continuity plans, tabletop exercises, resource staging.
Preparedness
→
14
Capidil Responsy / Disaster Response & Recovery
Activating BCP, incident command, FEMA coordination, and recovery accounting.
Response
all paths converge
15
The Final Review & Simulation
Full-scope Risk Assessment Mastery exam simulation
Structural Flow Diagram
graph TD
subgraph P1["🟢 Phase 1 · ERM & Foundations"]
M1["① Understanding Advanced ERM Foundations"]:::p1
M2["② Risk Treatment Strategies"]:::p1
M3["③ Risk Identification & Inherent Risk"]:::p1
M1 --> M2 --> M3
end
subgraph P2["🔵 Phase 2 · Cyber Risk Deep Dive"]
M4["④ Ransomware Risk Model"]:::p2
M5["⑤ Quantifying the 'Unquantifiable'"]:::p2
M6["⑥ Cyber Insurance Underwriting"]:::p2
M7["⑦ Limits, Sublimits & Exclusions"]:::p2
M8["⑧ Remedial vs. Preventative · Policy Logic"]:::p2
M4 --> M5 --> M6 --> M7 --> M8
end
subgraph P3["🟠 Phase 3 · Internal Controls & Governance"]
M9["⑨ Internal Control Framework"]:::p3
M10["⑩ Fraud Prevention & Detection"]:::p3
M11["⑪ Ethics & Transparency"]:::p3
M12["⑫ Service Delivery Alternatives"]:::p3
M9 --> M10 --> M11 --> M12
end
subgraph P4["🟣 Phase 4 · Business Continuity & Ops Risk"]
M13["⑬ Disaster Preparedness & Resiliency"]:::p4
M14["⑭ Disaster Response & Recovery / Capidil Responsy"]:::p4
M13 --> M14
end
M15["⑮ THE FINAL REVIEW & SIMULATION"]:::final
M3 --> M4
M3 --> M9
M8 --> M9
M11 --> M13
M12 --> M15
M14 --> M15
classDef p1 fill:#c8e6c9,stroke:#2e7d32,stroke-width:2px,color:#1b5e20
classDef p2 fill:#bbdefb,stroke:#0d47a1,stroke-width:2px,color:#0d47a1
classDef p3 fill:#ffe0b2,stroke:#e65100,stroke-width:2px,color:#bf360c
classDef p4 fill:#e1bee7,stroke:#6a1b9a,stroke-width:2px,color:#4a148c
classDef final fill:#b71c1c,stroke:#7f0000,stroke-width:3px,color:#fff
M. Mastery Pipeline · Risk Assessment Curriculum