Curriculum, MS in Enterprise Risk Management | Northwestern University School of Professional Studies - Northwestern School of Professional Studies

Establishes the foundations of modern risk management by integrating COSO, ISO 31000, and NIST frameworks. Students examine the 3-Lines-of-Defense model, risk taxonomy, and the intersections of financial, operational, and technology risk with regulatory safety and soundness mandates. Emphasizes OCC, FRB, and FFIEC supervisory expectations for risk governance and consumer protection.

Introduces the mathematical and statistical principles that underlie risk quantification and data-driven decision making. Topics include probability theory, distributions, correlation, and uncertainty modeling. Students apply these tools to evaluate risk exposures, perform scenario analyses, and inform quantitative risk decisions using real-world data.

Explores behavioral risk, cognitive bias, and ethical decision making in enterprise settings. Students learn to diagnose and strengthen risk culture, assess tone-from-the-top, and design controls that embed ethical accountability into decision processes. Examines frameworks from psychology, governance, and regulatory conduct risk cases.

Prepares students to plan and lead risk engagements in consulting or internal audit environments. Covers project scoping, stakeholder management, workstream coordination, deliverable development, and agile methodologies. Emphasizes frameworks used by Big Four and MBB firms to manage large-scale technology and risk transformation programs.

Develops persuasive communication and storytelling skills for translating complex risk findings into executive insights. Students learn to craft board presentations, design risk dashboards, and articulate risk appetite statements for senior stakeholders and regulators. Includes role-play scenarios drawn from financial, technology, and regulatory board settings.

Explores the structure of financial and technology regulation, including U.S. agencies (OCC, FRB, FDIC, SEC, CFPB) and global frameworks (Basel III, PRA, EU DORA, and AI Act). Students learn how consumer protection, prudential supervision, and safety-and-soundness principles are embedded into risk management frameworks across sectors.

Examines how quantitative and qualitative methods—such as Monte Carlo simulations, scenario analysis, and risk appetite modeling—inform executive decision making. Emphasizes structured reasoning, trade-off analysis, and integrating analytics into enterprise decisions under uncertainty. Students practice risk-informed decision frameworks used in Big Four and financial institutions.

Focuses on identifying and mitigating process, people, and systems risk. Students learn operational loss modeling, control testing, third-party oversight, and resilience planning aligned with Basel III, FFIEC, and DORA. The course integrates emerging themes such as third-party dependency, data integrity, and cyber-physical resilience.

Examines frameworks for leading enterprise-wide transformation and embedding risk awareness into corporate culture. Students develop stakeholder engagement and change strategies that promote accountability and governance alignment, preparing them to lead risk and compliance functions through periods of technological and regulatory disruption.

Covers the design of continuity, recovery, and resilience plans for technology and operational disruptions. Students perform tabletop exercises simulating cyber, AI, or climate-related crises and evaluate continuity frameworks aligned with OCC SR 23-4, NIST SP 800-34, and EU DORA requirements.

Provides hands-on data analysis and visualization skills using Python, R, or equivalent tools. Students conduct descriptive and predictive analytics, develop control dashboards, and use statistical modeling to quantify operational and AI-driven risk exposures across business processes.

Explores the structure of financial and technology regulation, including U.S. agencies (OCC, FRB, FDIC, SEC, CFPB) and global frameworks (Basel III, PRA, EU DORA, and AI Act). Students learn how consumer protection, prudential supervision, and safety-and-soundness principles are embedded into risk management frameworks across sectors.

Introduces the fundamentals of AI, machine learning, and automation technologies, emphasizing their risk implications. Covers responsible AI principles—fairness, transparency, bias mitigation, and accountability—and the emerging regulatory expectations under the EU AI Act and NIST AI RMF. Students explore real-world AI risk incidents and their governance lessons.

Examines the design and oversight of enterprise AI governance frameworks. Students learn to evaluate bias, transparency, and accountability within machine learning systems, align AI practices with regulatory mandates, and build governance dashboards. Frameworks include NIST AI RMF, ISO/IEC 23894, EU AI Act, and FTC AI compliance guidance.

Analyzes modern cybersecurity and cloud infrastructure risk. Students learn to assess information security programs, identity and access management, and incident response strategies. Frameworks include NIST CSF, ISO 27001, FedRAMP, FFIEC CAT, and OCC IT risk bulletins. Includes hands-on simulation of breach and remediation scenarios.

Explores operational, compliance, and financial risks of distributed ledger technologies, cryptocurrencies, and tokenized systems. Students assess regulatory guidance (SEC, CFTC, OCC, and BIS) and design governance frameworks for digital asset custody, anti-money-laundering, and smart contract integrity.

Focuses on using AI, NLP, and automation for risk monitoring and control testing. Students build prototypes for automated audit trails, anomaly detection, and regulatory horizon scanning. Emphasizes ethical deployment and validation of AI tools within governance and compliance functions.

The capstone practicum in Enterprise and AI-Technology Risk is a culminating, team-based consulting engagement with real-world problems for which students deliver a final risk assessment or governance framework addressing AI, cloud, or resilience challenges. 

Students deliver a final risk assessment or governance framework addressing AI, cloud, or resilience challenges. The project includes a written report, board-level presentation, and implementation roadmap evaluated by faculty and industry reviewers.