Risk Management and Risk-Based Auditing under the SOCI Act

Course Overview

This two-day in-person training program is designed to strengthen the capability of personnel responsible for compliance, audit, and oversight of obligations under the Security of Critical Infrastructure Act 2018 (Cth). The course addresses the end-to-end audit and risk assessment process, including identification of threat vectors, application of relevant ISO and AI-related frameworks, and execution of structured, defensible audits in accordance with SOCI requirements.

The program integrates good practice risk methodologies and national security expectations for Regulated Entities, empowering participants to evaluate the design and effectiveness of Critical Infrastructure Risk Management Programs (CIRMPs) and report on compliance using recognised tools and frameworks.

Tools and Artefacts Integrated

Participants will be provided with the following generic templates and toolsthat can be adapted for use within their own organisational context:

• CIRMP Evaluation Checklist
• Risk-Based Audit Planning Template
• Threat Vector Risk Register Templates
• Capability Maturity Rating Matrix

Who Should Participate

Compliance, risk, governance, assurance and operational personnel working in or supporting Regulated Entities under the SOCI Act.

Key Benefits

• Interpret the SOCI Act and Critical Infrastructure Risk ManagementProgram (CIRMP) obligations in the context of regulated organisation responsibilities.
• Apply ISO 31000 risk management principles and integrate relevantinternational standards.
• Identify and assess threats across the four SOCI-defined threat vectors.
• Evaluate the adequacy and maturity of controls using the hierarchy ofcontrols and recognised capability maturity models.
• Conduct structured, risk-based audits using standardised audit planning templates, risk registers, and evidence collection protocols.

Pre-Training Engagement (Optional)

• Pre-reading pack (SOCI Act overview, ISO summaries, audit methodology brief)
• Risk and audit self-assessment survey
• Optional 30-minute orientation session (virtual or in-person)

Inclusions

• Participant workbook and reusable audit templates
• ISO and SOCI-aligned reference guides
• Scenario documentation and simulation materials
• Certificate of Completion
• Post-training support resources

Post-Training Support (Optional)

• Access to digital templates and case materials
• Follow-up Q&A session (2 weeks post-training)
• “First Audit Action Guide” for immediate workplace application

This program provides a comprehensive and practical foundation for organisations subject to the SOCI Act to strengthen their internal assurance and audit capabilities. It is designed to be scalable, standards-aligned, and adaptable to specific sector needs.

Delivered by Adam P. Henry

Adam P. Henry is a cyber security, digital and AI thought leader, published author, international speaker and executive. He has developed research and programs focused on fixing the education, skills and workforce gaps, cyber disaster response/resilience and cyber warfare. His research and initiatives have focused on developing strategies and effective responses to these key issues. He is a Partner at the Social Cyber Group, Cyber/Digital Education, Skills and Workforce Development SME at Canberra Cyber Hub and Facilitator of Post Graduate Cyber, Digital and AI courses for RMITO/Curio.

Run this course in-house

Informa Connect Academy’s customised training solutions have helped organisations deliver tailored learning in different languages to suit every requirement.