Board members and C-suite executives learn how ISO 31000 ERM can be leveraged to establish better corporate governance, as well as to provide required risk assessments and risk controls for ISO 9001 Quality Management, ISO 14001 Environmental Management, ISO
27001 Information Security, ISO 22301 Business Continuity/Disaster Recovery, ISO 37001 Anti-Bribery and Anti-Corruption, ISO 45001 OHS, and other ISO organizational management systems.
Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for corporate governance and risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
Risk assessment and management provides the foundation for internal controls management of all ISO management systems. After all, ISO management systems exist purely to manage different types of operational and compliance risks. This means that an ISO management system can only be a good as the organization’s ability to create, authorize, and practice a single consistent approach to assessing and treating risks. The ISO/IEC 9001 certification of an organization’s Quality Management System (QMS) requires that all quality methods and controls must be driven by risk assessment as defined in an organization’s formal documented risk management methodology. ISO 22301 certification of its business continuity management system (BCMS), ISO 27001 certification of its information security management system, ISO 14001 certification of its environmental management system, and ISO 37001 certification of its anti-bribery and anti-corruption management system all require the same.
The ISO 31000, 31010, and 27005 standards provide guidelines for enterprise risk management and information security risk assessment. The standards are designed to harmonize risk management and risk assessment for operations risk, financial risk, information security risk, and even business continuity / incident management. These ISO standards are applicable to all types of organizations (e.g. commercial enterprises, co-operatives, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s security, compliance, and operations. As internationally accepted best practice guidelines for developing a solid risk management methodology that is fit-for-purpose for the organization, these ISO risk management/assessment standards are ideal for supporting ISO 9001, 14001, 27001, 22301, 45001, and 37001 management systems.
The problem with many organizations is that the very people who should be leading or performing risk assessment have never been sufficiently trained to be able to do the job properly. Risk assessment and management is complex - complex enough to have its own ISO/IEC standard! Certified Information Security provides the training and credentialing board members and C-suite executives need to properly lead and oversee risk assessment and management according to the ISO 31000, 31010, and 27005 standards.
Corporate Governors and Senior Management will learn ISO management systems requirements for leadership and oversight Business governors (Board Members), C-Suite executives, and business leaders (business process owners) will get a concise introduction to Enterprise Risk Management as a concept, and how to use the ISO 31000, 31010, and 27005 risk frameworks to:
Course Duration: 1-Day
Recommended Follow-On Session: CIS Policy Workshop: ISO 31000 Enterprise Risk Management
Continuing Professional Education (CPE) Credit
Upon course completion, we will provide you with an achievement certificate for 8 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.