Overview
This unit introduces you to enterprise analysis and modelling from the perspective of governance, risk and compliance to ensure the enterprise structure, organisation and processes are aligned with the relevant industry standards and regulations. You will be exposed to major governance, risk and compliance standards, and use modern tools to analyse the regulatory status of an enterprise.
Details
Pre-requisites or Co-requisites
Prerequisite: COIS12073 and COIT12203
Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).
Offerings For Term 1 - 2026
Attendance Requirements
All on-campus students are expected to attend scheduled classes - in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
Recommended Student Time Commitment
Each 6-credit Undergraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.
Class Timetable
Assessment Overview
Assessment Grading
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of 'pass' in order to pass the unit. If any 'pass/fail' tasks are shown in the table above they must also be completed successfully ('pass' grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the 'assessment task' section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University's Grades and Results Policy for more details of interim results and final grades.
All University policies are available on the CQUniversity Policy site.
You may wish to view these policies:
- Grades and Results Policy
- Assessment Policy and Procedure (Higher Education Coursework)
- Review of Grade Procedure
- Student Academic Integrity Policy and Procedure
- Monitoring Academic Progress (MAP) Policy and Procedure - Domestic Students
- Monitoring Academic Progress (MAP) Policy and Procedure - International Students
- Student Refund and Credit Balance Policy and Procedure
- Student Feedback - Compliments and Complaints Policy and Procedure
- Information and Communications Technology Acceptable Use Policy and Procedure
This list is not an exhaustive list of all University policies. The full list of University policies are available on the CQUniversity Policy site.
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.
Feedback from Student Unit and Teaching Evaluations
The clear and knowledgeable explanation of enterprise analysis and modelling techniques (e.g., business process modelling, stakeholder analysis, and capability mapping) was helpful to students in understanding complex concepts and their practical application.
Incorporate more industry-based examples or case studies to illustrate how enterprise modelling techniques are applied in real business contexts. This will help students better understand their practical value.
Feedback from Student Unit and Teaching Evaluations
The unit content and teaching approach challenged me to think critically and ask deeper questions about enterprise analysis and modelling.
Use real-world business scenarios each week to get students thinking. Ask open-ended questions to guide their exploration and problem-solving. Let them create models or analyse situations using standard tools, then reflect on their choices. Encourage students to share and discuss their work with classmates.
- Identify critical situations and analyse the business needs of an organisation to develop appropriate computing governance strategies to address regulatory risks and compliance situations
- Compare and contrast general and conflicting organisation-specific technical issues in enterprise governance and organisational change
- Evaluate alternative approaches to implement effective governance, risk and compliance assessment practices in the context of an organisation
- Develop innovative approaches for the implementation of enterprise governance based on contemporary practices
- Apply enterprise analysis skills to identify and analyse the root causes of a given enterprise governance problem and develop recommendations
- Work collaboratively and communicate effectively to report on enterprise governance, analyse (regulatory) risks, and compliance issues.
Australian Computer Society (ACS) recognises the Skills Framework for the Information Age (SFIA). SFIA is adopted by organisations, governments and individuals in many countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles.
ACS members can use the tool MySFIA to build a skills profile at https://www.acs.org.au/professionalrecognition/mysfia-b2c.html
This unit contributes to the following workplace skills as defined by SFIA 9 (the SFIA code is included):
- Artificial intelligence (AI) and data ethics (AIDE)
- Audit (AUDT)
- Business intelligence (BINT)
- Business modelling (BSMO)
- Business process improvement (BPRE)
- Business situation analysis (BUSA)
- Data science (DATS)
- Risk management (BURM)
AIDE is mainly treated in Week 11, when Ethical and regulatory frameworks for AI systems will be discussed.
AUDT is a key component of the compliance lifecycle, and auditing and auditing techniques are presented in week 7.
BINT is essentially covered by all component of the unit.
BSMO and BPRE are explicitly covered by the topics of the weeks on Business Process Modelling and Process Mining.
BUSA the student learns how to address business situation analysis from the lens of enterprise ICT governance.
DATS process mining will examine how to use clean and manipulate (process) data based on specialised programs and algorithms to extract the structure of a process. Similarly, typical auditing is based on data sampling techniques. Compliance-by-design is based on processing (enterprise) data and rule-based approaches (using the data as input).
BURM one week of the unit is dedicated to Risk topics.
Alignment of Assessment Tasks to Learning Outcomes
| Assessment Tasks | Learning Outcomes | |||||
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 1 - Practical Assessment - 35% | ||||||
| 2 - Written Assessment - 45% | ||||||
| 3 - Presentation - 20% | ||||||
Alignment of Graduate Attributes to Learning Outcomes
| Graduate Attributes | Learning Outcomes | |||||
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 1 - Communication | ||||||
| 2 - Problem Solving | ||||||
| 3 - Critical Thinking | ||||||
| 4 - Information Literacy | ||||||
| 5 - Team Work | ||||||
| 6 - Information Technology Competence | ||||||
| 7 - Cross Cultural Competence | ||||||
| 8 - Ethical practice | ||||||
| 9 - Social Innovation | ||||||
| 10 - First Nations Knowledges | ||||||
| 11 - Aboriginal and Torres Strait Islander Cultures | ||||||
Textbooks
There are no required textbooks.
IT Resources
- CQUniversity Student Email
- Internet
- Unit Website (Moodle)
- Software: Apromore (https://apromore.com)
- Software: Python 3 (Anaconda 3, http://anaconda.org)
- Software: CLINGO (https://potassco.org/clingo/)
- Compliance and legal coding software (availalble from the Moodle site)
All submissions for this unit must use the referencing style: Harvard (author-date)
For further information, see the Assessment Tasks.
g.governatori@cqu.edu.au
Module/Topic
- Overview of the unit
- Introduction to (ICT) Governance, Risk and Compliance
Chapter
Events and Submissions/Topic
Module/Topic
- Definition of Risk
- Types of Risk
- Risk Management Processes
- Evaluation of Risk/Threats
- Risk Mitigation Strategies
Chapter
Events and Submissions/Topic
Module/Topic
- Definition of ICT Governance
- Overview of ICT Governance based on
- ISO/IEC 37000: governance of organisations in general
- ISO/IEC 27001: information security management
- ISO/IEC 38505: Data governance
- ISO/IEC 38507: Governance implications of artificial intelligence
Chapter
Events and Submissions/Topic
Module/Topic
- Definition of Business Process Management
- Business Process Management Lifecycle
- Business Process Modelling using BPMN
- Execution Model of Business Processes/workflows
Chapter
Events and Submissions/Topic
Module/Topic
- Definition of Process Mining
- Process Logs
Chapter
Events and Submissions/Topic
Module/Topic
- Process Mining Techniques
- Process Discovery
Chapter
Events and Submissions/Topic
Module/Topic
Chapter
Events and Submissions/Topic
Assessment 1 due on Monday
Process Modelling and Process Mining Due: Vacation Week Monday (20 Apr 2026) 9:00 am AEST
Module/Topic
- Definition of Compliance
- Approaches to Compliance
- Compliance Lifecycle
- Compliance (design)
- Conformance (run-time)
- Auditing (post)
Chapter
Events and Submissions/Topic
Module/Topic
- Introduction to compliance-by-design
- Legal coding (benefits of legal coding)
- IT view of normative systems (regulatory frameworks)
Chapter
Events and Submissions/Topic
Module/Topic
- Legal Coding:
- Languages (logic for legal coding)
- Tools (practical tools for legal coding)
- Methodologies (effective ways to encode legal provisions)
Chapter
Events and Submissions/Topic
Module/Topic
- From legal coding to compliance-by-design
- Annotated business processes
Chapter
Events and Submissions/Topic
Module/Topic
- Overview of AI compliance
- Australian AI Ethics Framework
- EU AI Act
- ISO/IEC 42001: Governance of AI systems
- AI Regulatory Sandboxes
Chapter
Events and Submissions/Topic
Submission of Assessment 2 on Monday
Process Compliance Due: Week 11 Monday (25 May 2026) 9:00 am AEST
Module/Topic
Review of the content presented in the unit
Chapter
Events and Submissions/Topic
Assessment 3: class presentation (during tutorials)
Presentation Due: Week 12 Monday (1 June 2026) 11:45 pm AEST
Unit coordinator: Prof Guido Governatori
g.governatori@cqu.edu.au
1 Practical Assessment
The student will be given a process data set to be analysed using the process modelling and process mining techniques presented in the relevant lectures and tutorials.
Please refer to the unit's Moodle site for a detailed description of the task(s).
Use of generative AI: No AI. You must not use AI at any point during the assessment. You must demonstrate your core skills and knowledge.
Vacation Week Monday (20 Apr 2026) 9:00 am AEST
Week 8 Monday (4 May 2026)
The marking criteria are based on:
- correct application of the process modelling techniques
- correct application of the process mining techniques
Please refer to the unit's Moodle site for a detailed description of the marking criteria.
Use of Generative AI: AI Collaboration: You may use AI to assist with specific tasks such as drafting text, refining
- Identify critical situations and analyse the business needs of an organisation to develop appropriate computing governance strategies to address regulatory risks and compliance situations
- Apply enterprise analysis skills to identify and analyse the root causes of a given enterprise governance problem and develop recommendations
2 Written Assessment
The students will be provided with a business process model and a regulatory framework.
The students have to encode the relevant part of the regulatory documents in the compliance language presented in the lectures, and check the process for compliance against the encoded regulatory framework.
Please refer to the unit's Moodle site for a detailed description of the task(s).
Use of Generative AI: AI Collaboration. You may use AI to assist with specific tasks such as drafting text, refining and evaluating your work. You must critically evaluate and modify any AI-generated content you use.
Week 11 Monday (25 May 2026) 9:00 am AEST
Certification Date
The marking criteria are based on:
- correctness and appropriateness of the encoding
- correctness of the annotation of the model
- correctness of the analysis
Please refer to the unit's Moodle site for a detailed description of the assessment criteria.
- Identify critical situations and analyse the business needs of an organisation to develop appropriate computing governance strategies to address regulatory risks and compliance situations
- Compare and contrast general and conflicting organisation-specific technical issues in enterprise governance and organisational change
- Evaluate alternative approaches to implement effective governance, risk and compliance assessment practices in the context of an organisation
- Develop innovative approaches for the implementation of enterprise governance based on contemporary practices
- Apply enterprise analysis skills to identify and analyse the root causes of a given enterprise governance problem and develop recommendations
- Work collaboratively and communicate effectively to report on enterprise governance, analyse (regulatory) risks, and compliance issues.
3 Presentation
The students are requested to select a relevant fragment of one of the regulatory frameworks presented during the unit and encode it.
Then the students are requested to present the reasons for selection and explain their encoding.
Please refer to the unit's Moodle site for a detailed description of the task(s).
Use of Generative AI: AI Collaboration. You may use AI to assist with specific tasks such as drafting text, refining and evaluating your work. You must critically evaluate and modify any AI-generated content you use.
Week 12 Monday (1 June 2026) 11:45 pm AEST
Live presentation in class during the tutorial
Certification date
The marking criteria are based:
- clarity of the presentation and explanations
- appropriateness of the selected material
- correctness of the encoding
Please refer to the unit's Moodle site for the detailed description of the marking criteria.
- Identify critical situations and analyse the business needs of an organisation to develop appropriate computing governance strategies to address regulatory risks and compliance situations
- Compare and contrast general and conflicting organisation-specific technical issues in enterprise governance and organisational change
- Evaluate alternative approaches to implement effective governance, risk and compliance assessment practices in the context of an organisation
- Develop innovative approaches for the implementation of enterprise governance based on contemporary practices
- Apply enterprise analysis skills to identify and analyse the root causes of a given enterprise governance problem and develop recommendations
- Work collaboratively and communicate effectively to report on enterprise governance, analyse (regulatory) risks, and compliance issues.
As a CQUniversity student you are expected to act honestly in all aspects of your academic work.
Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.
When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.
Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.
As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.
What is a breach of academic integrity?
A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.
Why is academic integrity important?
A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.
Where can I get assistance?
For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.
What can you do to act with integrity?
