Course Duration: 3-Days;
UPDATED FOR ISO 31000:2018!
Recommended Follow-On Session
Professional ISO 31000 Certification
This course fulfills all prerequisite training requirements for CIS risk management certification exam #RM101 for professional ISO 31000 Enterprise Risk Management certification.
Continuing Professional Education (CPE) Credit
Upon course completion, we will provide you with an achievement certificate for 24 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
Learn ISO 31000 Enterprise Risk Management, and how to leverage the ISO 31000 standard to establish and maintain an ERM program for conducting risk assessments throughout the enterprise.
Then build-out the initial risk program policy right in class!
A successful enterprise risk management (ERM) initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support.
And since information security, business continuity/disaster recovery, environmental health and safety, and other critical management systems have the primary purpose of identifying and treating risk, it is essential that your organization establish a common platform and approach for managing risk.
As the foundation session of CIS risk management training courses, this 3-day risk management training and policy workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:
- Describe the principles and processes of risk governance and management;
- Provide a thorough overview of the requirements of ISO 31000:2018, ISO 31010, and 27005;
- Give practical guidance on designing and implementing a suitable enterprise risk management framework;
- Establish a firm program starting point by using ISO standards 31000:2018, 31010, and 27005 to build out the initial ERM core policy. Soft-copy editable templates are provided in the instructor-led class:
- Complete ERM Policy (18-Page template provided)
- ERM Context and Scope Document (10-Page template provided)
- ERM Risk Assessment and Risk Treatment Methodology Document (18-Page template provided)
- Procedure for Training and Development Needs Analysis document (8-Page template provided)
- ERM Program project kick-off document (9-Page template provided)
- Procedure for Identification of ERM Project Requirements document (4-Page template provided)
- Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
- Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010 and ISO 27005 best practices
- Leverage ISO best practices to properly identify, analyze, and evaluate risk
- Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria)
- Establish risk monitoring, communication, and reporting
|* ISO Standards are NOT included in this risk management training, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org.|