iso 31000  enterprise risk management crisc 

One-Day Executive Overview of  ISO 31000 Enterprise Risk Management Oversight & Strategy

Board members and C-suite executives learn how ISO 31000 ERM can be leveraged to establish better corporate governance, as well as to provide required risk assessments and risk controls for ISO 9001 Quality Management, ISO 14001 Environmental Management, ISO 27001 Information Security, ISO 22301 Business Continuity/Disaster Recovery, ISO 37001 Anti-Bribery and Anti-Corruption, ISO 45001 OHS, and other ISO organizational management systems.

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for corporate governance and risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
Risk assessment and management provides the foundation for internal controls management of all ISO management systems. After all, ISO management systems exist purely to manage different types of operational and compliance risks. This means that an ISO management system can only be a good as the organization’s ability to create, authorize, and practice a single consistent approach to assessing and treating risks. The ISO/IEC 9001 certification of an organization’s Quality Management System (QMS) requires that all quality methods and controls must be driven by risk assessment as defined in an organization’s formal documented risk management methodology. ISO 22301 certification of its business continuity management system (BCMS), ISO 27001 certification of its information security management system, ISO 14001 certification of its environmental management system, and ISO 37001 certification of its anti-bribery and anti-corruption management system all require the same.

The ISO 31000, 31010, and 27005 standards provide guidelines for enterprise risk management and information security risk assessment. The standards are designed to harmonize risk management and risk assessment for operations risk, financial risk, information security risk, and even business continuity / incident management. These ISO standards are applicable to all types of organizations (e.g. commercial enterprises, co-operatives, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s security, compliance, and operations. As internationally accepted best practice guidelines for developing a solid risk management methodology that is fit-for-purpose for the organization, these ISO risk management/assessment standards are ideal for supporting ISO 9001, 14001, 27001, 22301, 45001, and 37001 management systems.

The problem with many organizations is that the very people who should be leading or performing risk assessment have never been sufficiently trained to be able to do the job properly. Risk assessment and management is complex - complex enough to have its own ISO/IEC standard! Certified Information Security provides the training and credentialing board members and C-suite executives need to properly lead and oversee risk assessment and management according to the ISO 31000, 31010, and 27005 standards.

Corporate Governors and Senior Management will learn ISO management systems requirements for leadership and oversight. Business governors (Board Members), C-Suite executives, and business leaders (business process owners) will get a concise introduction to Enterprise Risk Management as a concept, and how to use the ISO 31000, 31010, and 27005 risk frameworks to:

• Learn how to prepare the organization to properly manage operational risks
• Set up the Enterprise Risk Management Program, Policy, and Team
• Learn ISO leadership requirements for board oversight and C-suite executives

Course Summary

Course Duration: 1-Day

Recommended Follow-On Session: CIS Policy Workshop: ISO 31000 Enterprise Risk Management

Continuing Professional Education (CPE) Credit

Upon course completion, we will provide you with an achievement certificate for 8 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.

Exploring the use of ISO 31000, this course provides critical information for understanding the business drivers for using internal controls to manage operational risk, as well as the core concepts for planning  a formal risk management methodology according to the internationally accepted best practices.

Covered topics include:

• Learn how to prepare the organization to properly manage operational risks
• Compare and contrast ISO 27005, ISO 31000, and COSO risk management approaches
• Establish risk context criteria for risk evaluation, business impact, and risk acceptance
• Learn how to properly scope your risk management program
• Establish formal roles and responsibilities to manage operational risk throughout the enterprise

This program is only available by private on-site engagement. Contact us to request a quote.