Cyber Security

SABSA® Advanced A1: Risk, Assurance & Governance

Take your SABSA skills to Practitioner level.

Upcoming Course Dates

View all course dates
Location Date Time  
Melbourne, Face-to-Face 17 - 21 February 2025 09:00 am - 05:00 pm


SABSA® Advanced A1: Risk, Assurance & Governance

Module A1 – Advanced SABSA Risk Assurance & Governance

The SABSA® Institute of Professional Competency Framework is created from Bloom’s Taxonomy of Cognitive Levels. Advanced modules are not about mere knowledge – knowledge about SABSA has already been developed and tested at Foundation Level (SCF certification) – they are about the development and demonstration of competence to apply SABSA and achieve valuable results for the benefit of the organisation and the individual.

It provides employers and peers with confidence and assurance that a successful candidate has demonstrated in practical terms the real competence and ability to:

  • Analyse and assess business problems and business-driven requirements;
  • Apply, modify and customise the SABSA method to strategise and innovate specific solutions to meet the unique requirements of their organisation, culture and sector;
  • Design and create the work-product required to establish and operationalise SABSA for the solution strategies in their unique environment;
  • Assess, evaluate and test concepts and theories by populating the work-product they design for real-world application;
  • Apply and measurably demonstrate their skills under the pressure of examinations.

Our Trainers Make the Difference

When you attend a training course there are actually two costs – the course fee, and the value of your time. You can see the fee. But whether you get value for your time and money depends totally on the quality of the course.

Lots of things go into making a great course, but the single most important is always the trainer: their knowledge of the subject, their real world experience that they can draw upon in the class, their ability to answer questions, their communication skills. This is what makes the difference

  • David Lynas

    David Lynas is co-author and developer of the SABSA framework and is the world leading authority on the use and application of SABSA.

    Read full bio

Learning Outcomes

  • Experience in applying the SABSA Risk Management Process, Assurance Framework & Governance Model to their specific organisation, sector and culture;
  • The skills and competence to plan, design, implement and manage a SABSA Risk Management Architecture through-life;
  • The skills and competence to plan, design, implement and manage the SABSA Assurance & Governance Frameworks;
  • Customised strategies and detailed work-products to apply the SABSA Risk Management Process, Assurance Framework and Governance Models, on Domain and Enterprise basis, and throughout the business lifecycle.

Who Should Attend

  • SABSA Chartered Practitioner Candidates
  • SABSA   Chartered   Master   Architect   (SCM) Candidates
  • Any professional seeking to develop practical advanced   competency   to   architect Business Risk, Assurance and Governance structures and processes.


The SABSA Foundation Certificate is a pre-requisite for the SABSA Advanced modules.

Course Contents

1.   Risk, Assurance & Governance in the SABSA Framework

  • The role of Risk & Risk Management
  • SABSA Risk & Opportunity Model
  • Business-driven architectural decomposition in Risk, Governance & Assurance
  • The SABSA Risk Management Process (RMP) Overview & Meta-model

2.   Strategy & Planning – Establishing Risk Context

  • Domain-based Risk Context
  • Identifying Stakeholders & Risk Owners in a SABSA Governance Framework
  • The SABSA-Extended RACI Model
  • External Context Analysis Taxonomies & PESTELIM Analysis
  • Internal Context Analysis Taxonomies & SABSA-based SWOT Analysis
  • Through-life Risk Perspectives

3.   Strategy & Planning – Risk Identification

  • Threat & Opportunity Event Identification Taxonomies
  • Vulnerability & Strength Identification Taxonomies
  • Using Attribute Taxonomies for Identifying Risk Consequences

4.   Strategy & Planning – Risk Analysis & Assessment

  • SABSA Approach to Risk Assessment
  • Applying the SABSA Performance Measurement Framework to Assess Assets at Risk
  • Assessing Threat & Opportunity Event Probability
  • Assessing Risk Likelihood
  • SABSA Approach to Risk Appetite Thresholds
  • SABSA Approach to Assessing Risk Consequences
  • SABSA Application of Risk Levels to Provide Early Warning Capability

5.   Strategy & Planning – Risk Evaluation

  • Risk Evaluation Criteria
  • Risk-Architecting Complex Enterprise Environments
  • Business process decomposition
  • Hierarchical systemic domain impact / benefit
  • Hierarchical systemic domain conflict
  • Systemic risk interactions between peer domains
  • Compound risk interactions
  • Domain & enterprise aggregation
  • The SABSA Enterprise Impact Framework

6.   Strategy & Planning – Risk Treatment Strategy

  • Objectives for Enablement & Control
  • Risk Treatment Dependency Modelling
  • Risk Treatment Traceability
  • Risk Finance Strategy
  • Role of Pure & Residual Risk
  • SABSA Risk Treatment Lifecycle
  • Risk Ecosystem Lifecycle & Panarchy

7.   Design & Implement – Risk Treatment

  • Risk Policy & Management Architecture
  • SABSA Multi-tiered Control Strategy
  • Balanced Risk Treatment Decisions

8.   Manage & Measure – Risk Management

  • The Control System in a Control Feedback Loop
  • Through-life Vitality
  • Treatment Inheritance & Re-use
  • The Role of Key Risk Indicators & Analysing Change
  • Considerations & Implications for Risk Systems & Dashboards

9.   Through-life Governance

  • SABSA Governance Model Revisited
  • Lifecycle Perspectives
  • Risk Communications Architecture

10.  Through-life Assurance

  • SABSA Assurance Framework & Model
  • Assurance Levels & Correlation with Risk Levels
  • Defining & Populating Assurance Matrices
  • Asset, Information & Systems Assurance
  • Risk Assurance & the SABSA RMP
  • Process Assurance & the SABSA Capability Maturity Model
  • People Assurance
  • Location Assurance
  • Time & Performance Assurance
  • Lifecycle Assurance Views
  • Peter does a great job of keeping the course interesting and explains the concepts well to make it easy to understand.

    Live Virtual Training | 2022


SABSA Foundation

read more


SABSA® Advanced A1 Risk, Assurance & Governance Course

  • Face-to-Face Training: $5,450 + GST

Fees Include:

  • Comprehensive printed workbook
  • Examination
  • F2F training also includes catering at the venue

Requirement for Personal Computers

Due to the nature of Advanced course modules and examination, it is required that participants bring personal computing devices in order to create, discuss, share, populate and store personal work product in portable, editable form, such that it can be applied extensively:

  • In the candidate’s place of work;
  • In the preparation and submission of the candidate’s examination answers.

Candidates are responsible for ensuring the computing devices they use are pre-loaded with all software that may be appropriate to their needs including word processors, spread sheets, databases, and diagramming tools.


The SABSA Foundation Certificate is a pre-requisite for the SABSA Advanced modules.


The examination approach for a SABSA Advanced Course is totally different from that used at Foundation Level. Candidates are required to demonstrate advanced competencies to use the SABSA method and framework.

The examination is therefore entirely “open book” and project-based. Examination papers contain 5 questions from which candidates must choose 2 to answer. Using examples from real working environments, or by creating a case study, or a combination of both, candidates are required to assess issues, evaluate solution approaches, and customise and apply the SABSA method and framework to create and populate appropriate SABSA work-products (techniques, tools, templates, models, frameworks, etc.).
Examination answers must be provided within 4 weeks of the examination date.

Please understand that this more flexible format means your results will take longer than for Foundation – marking will only begin when the last delegate’s exam is submitted which means it could take 10 to 12 weeks for notification if several delegates take the full four weeks to submit their exams.