A tailored course, built for your situation
Sources and specific examples on hand when peers push back
Build unshakable reasoning into your risk and resilience work , grounded in precedent, framework logic, and real-world application
The situation this course is for
Who this is for
Senior risk and resilience practitioner in financial services with operational ownership of governance, incident response, or business continuity frameworks across regions
Who this is not for
Entry-level compliance staff, auditors focused on checklist adherence, or consultants selling one-size-fits-all frameworks
What you walk away with
- Walk through the reasoning behind control selections using specific ISO 22301 and NIST SP 800-171 mappings
- Reference real cross-jurisdictional testing outcomes when debating recovery time objectives
- Show precedent from past incident simulations to justify investment in specific resilience layers
- Explain trade-offs between centralized policy and local execution using documented the firm, aligned examples
- Respond to peer challenges with sourced logic, not just opinion
The 12 modules (with all 144 chapters)
- What happens when you can't defend your call
- Three cases where reasoning won over rank
- How the firm structures risk accountability
- Difference between compliance and justification
- Real-world scenario: APAC incident review challenge
- Key sources used in GFS risk decisions
- Precedent vs policy: knowing when to cite which
- Documenting assumptions before escalation
- Control mapping as evidence trail
- Common pushback patterns in APAC teams
- Turning peer skepticism into validation
- First steps in building your reference bank
- Start with the standard: ISO 22301 clause mapping
- NIST controls relevant to financial resilience
- Translating regulation into technical design
- Internal policy as supporting evidence
- Past incident reports as precedent
- How to cite a control cold
- When to reference APAC regulatory expectations
- Structuring a logic tree visually
- Annotating decisions with versioned sources
- Common gaps in logic chains
- Peer-reviewed logic in practice
- Template: logic tree with citations
- Case: Hong Kong recovery site activation
- Challenge: differing RTO expectations
- How the team justified latency tolerance
- Source: client SLA tiering logic
- Evidence: past simulation results
- Jurisdictional constraint mapping
- Balancing group standards with local needs
- Documentation trail from design to test
- Lessons captured in GFS knowledge base
- How to abstract lessons without exposing data
- Template: cross-border justification memo
- Reusing reasoning across regions
- From control list to reasoning pathway
- Mapping ISO 27001 to resilience objectives
- Linking BCMS to IAM architecture
- Documenting exceptions with justification
- How much detail is enough
- Versioning control mappings over time
- Using internal audit findings as input
- Aligning with group risk taxonomy
- Cross-referencing with vendor assessments
- Template: control justification worksheet
- Presenting mappings to non-technical reviewers
- Updating trails after incidents
- Types of peer pushback in risk roles
- Distinguishing technical from political pushback
- Using data to depersonalize debate
- Citing past the firm decisions appropriately
- When to escalate vs when to absorb
- Phrasing that invites collaboration
- Avoiding defensiveness while being defensive
- Building a library of go-to references
- Email templates for rebutting gently
- How to summarize complex logic in 3 points
- Learning from accepted challenges
- Turning rebuttals into training
- What counts as a critical assumption
- Where assumptions live in GFS workflows
- Template: assumption register
- Versioning assumption changes
- Getting lightweight sign-off early
- Linking assumptions to control design
- Communicating shifts across teams
- How to revisit assumptions post-incident
- Avoiding assumption drift over time
- Using assumptions in onboarding
- Audit-proofing your rationale
- Example: cloud failover assumption log
- Finding precedent in old incident reports
- When to rely on precedent vs innovate
- How much weight precedent should carry
- Archiving decisions for future retrieval
- Creating a searchable precedent database
- Citing past executive decisions correctly
- Distinguishing isolated events from patterns
- Using peer org examples carefully
- Benchmarking without copying
- How the firm handles precedent
- Template: precedent citation card
- Updating precedent libraries quarterly
- The spectrum of standardization vs adaptation
- Mapping trade-offs to client impact
- Financial case for localized resilience
- Risk appetite thresholds by region
- Documenting deviation approval paths
- How to show trade-off analysis
- Balancing cost and coverage
- Example: Singapore vs Sydney RTOs
- Template: trade-off assessment form
- Presenting trade-offs to senior reviewers
- Revisiting decisions after market shifts
- Lessons from past misalignments
- Why trust erodes after incidents
- The role of documentation in recovery
- How to show intent despite failure
- Using design logic in post-mortems
- Acknowledging gaps without undermining
- Linking past decisions to current changes
- Communicating improvements credibly
- Template: incident learning memo
- Presenting updates to regulators
- How the firm closes loops
- Turning breakdowns into benchmarks
- Building resilience reputation over time
- Signs you're seen as owner vs implementer
- Taking credit without overreaching
- Documenting contributions systematically
- How others cite your work
- Being the first call during escalations
- Setting precedent others follow
- Developing team-wide reference materials
- Mentoring through documentation
- Owning the narrative in reviews
- Measuring influence beyond titles
- Case: becoming go-to for M&A resilience
- Long-term value of technical ownership
- Identifying reusable reasoning blocks
- Templatizing common justifications
- Versioning reasoning over time
- How to adapt logic for new clients
- Avoiding copy-paste pitfalls
- Cross-project consistency checks
- Efficiency gains from standardized logic
- Template: reasoning reuse matrix
- Tracking where logic has been applied
- Updating libraries after changes
- Teaching others to reuse your work
- Measuring compounding impact
- What kinds of decisions can you own
- Signs you’re ready for no-review status
- Documenting decisions for audit trail
- When to consult anyway
- Building confidence through consistency
- Example: approving BIA updates
- Case: signing off on test plans
- How peers begin deferring to you
- Maintaining humility while owning
- Template: decision log with sources
- Growing scope without permission
- Becoming the reference point
How this maps to your situation
- When a peer questions your recovery time objective
- Before finalizing a business impact analysis with legal
- During a resilience testing design review
- After an audit finding on control rationale
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 1.5 hours per module, with templates and examples designed for immediate use in current work.
How this compares to the alternatives
Unlike generic risk certifications, this course provides the firm, contextual reasoning patterns, sourced examples, and reusable justification frameworks tailored to APAC GFS practitioners.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.