Learn ISO 31000 Enterprise Risk Management, and how to leverage the ISO 31000 standard to establish and maintain an ERM program for conducting risk assessments throughout the enterprise.

Then build-out the initial risk program policy right in class! 

A successful risk management initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support. 

And since information security, business continuity/disaster recovery, environmental health and safety, and other critical management systems have the primary purpose of identifying and treating risk, it is essential that your organization establish a common platform and approach for managing risk. 

As the foundation session of CIS risk management training courses, this 3-day risk management training and policy  workshop session provides thorough coverage of the ISO 31000, 31010, 27005, and 23894 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:

• Describe the principles and processes of risk governance and management;
• Provide a thorough overview of the requirements of ISO 31000, ISO 31010, 27005, and 23894;
• Give practical guidance on designing and implementing a suitable enterprise risk management framework;
• Establish a firm program starting point by using ISO standards 31000:2018, 31010, 27005, and 23894 to build out the initial ERM core policy. Soft-copy editable templates are provided in the instructor-led class:
  • Complete ERM Policy (18-Page template provided)
  • ERM Context and Scope Document (10-Page template provided)
  • ERM Risk Assessment and Risk Treatment Methodology Document (18-Page template provided)
  • Procedure for Training and Development Needs Analysis document (8-Page template provided)
  • ERM Program project kick-off document (9-Page template provided)
  • Procedure for Identification of ERM Project Requirements document (4-Page template provided)
  • Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
• Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010, ISO 27005 and ISO 23894 best practices
• Leverage ISO best practices to properly identify, analyze, and evaluate risk 
• Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria) 
• Establish risk monitoring, communication, and reporting
• Prepare participants for the ISO 31000 CICRA exam #RM101
  

Class details

• Duration: 3 days, 8:30 - 4:30
• CPE Credit: 24
• Materials included with live instructor-led training:
  • Class manual (complete hard copy of class presentation)
  • Hardcopy policy templates
  • Softcopy policy templates
  • 14 days of unlimited access to online practice exams for exam #RM101
  • 1 attempt for the online certification exam #RM101
  • Current-year membership in the CIS Body of Certified Professionals
•  
• Professional Certification: This course fulfills all prerequisite training requirements for certification exam #RM101 for professional ISO certifications:
  • Certified ISO 31000 Internal Controls Risk Analyst (No further training or exam is required beyond what is included with this course)
  • Certified ISO 27001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 27001 Internal Controls Architect (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 27001 Lead Auditor (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 22301 Business Continuity Strategist (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 22301 Business Continuity Manager (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 42001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
• Certificate included with class: Upon course completion, we will provide you with an achievement certificate for 24 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
• Recommended prerequisite training: None
  
• Catering for participants attending in-person at location. (Not available for remote virtual classroom participants):
  
  • Morning refreshments and snack
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

Unlocking Business Success with ISO 42001 and Artificial Intelligence

In today's rapidly evolving technological landscape, businesses are constantly seeking ways to stay ahead of the curve. One of the most promising avenues for achieving this is through the implementation of Artificial Intelligence (AI). However, with great power comes great responsibility. This is where ISO 42001 comes into play. This international standard provides a comprehensive framework for managing AI systems, ensuring they are used responsibly and effectively to drive business success. Artificial Intelligence has the potential to revolutionize the way businesses operate. From automating routine tasks to providing deep insights through data analysis, AI can significantly enhance efficiency and productivity.  

Understanding ISO 42001

ISO 42001, officially known as ISO/IEC 42001:2023, is the world's first AI management system standard. It specifies the requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. This standard is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems.

The significance of ISO 42001 lies in its comprehensive approach to managing AI. It addresses the unique challenges posed by AI, such as ethical considerations, transparency, and continuous learning. By providing a structured way to manage risks and opportunities associated with AI, ISO 42001 helps organizations balance innovation with governance.

Implementing ISO 42001 for Responsible AI Use

While the benefits of AI are undeniable, it is crucial to implement AI systems responsibly. ISO 42001 provides a robust framework for achieving this. Here are some key aspects of the standard:

• Risk Management: ISO 42001 requires organizations to implement processes for identifying, analyzing, evaluating, and monitoring risks associated with AI systems. This ensures that potential issues are addressed proactively, minimizing the impact on business operations.
  • *Note: ISO 42001 requires implementing a risk-based approach to responsible and ethical development, implementation, and management of artificial intelligence. Accordingly, the ISO 42001 Lead Implementer certification is a stacking credential that requires current CIS certification as an ISO 31000 Certified Internal Controls Risk Analyst (CICRA) as a prerequisite for ISO 42001 Lead Implementer certification eligibility. Getting trained and certified in ISO 31000 and ISO 23894 risk management is highly necessary to make the most of learning how to responsibly and ethically develop, implement, and manage artificial intelligence. 
• Ethical Considerations: The standard emphasizes the importance of ethical AI use. Organizations must ensure that their AI systems are transparent, fair, and accountable. This includes addressing biases in AI algorithms and ensuring that AI decisions can be explained and justified.
• Continuous Improvement: ISO 42001 promotes a culture of continuous improvement. Organizations are required to monitor the performance of their AI systems and implement corrective actions as needed. This ensures that AI systems remain effective and relevant in a rapidly changing technological landscape.

What about the NIST AI Risk Management Framework 1.0? Which one should we use?

Both! ISO 42001 is the international standard for overall AI program governance and management, while the ISO 31000, ISO 23894, and NIST AI RMF 1.0 risk frameworks provide guidance for managing AI risk within an ISO 42001 AI Management System. The standards and frameworks don't compete; they work together for more fulsome, comprehensive, responsible, and trustworthy AI management and integration throughout your organization and its business processes.

The purpose of the 2-day course is to:

• Provide thorough coverage of ISO 42001 requirements and recommendations for AI strategy, governance, roles and responsibilities, risk management, assessment, monitoring, review, and improvement;
• Understand how to integrate AI risk management into overall Enterprise Risk Management;
• Professional Certification: This course fulfills prerequisite training requirements for certification exam #AIMS101 and #AIMS102 for professional certification as a Certified ISO 42001 Lead Implementer and Certified ISO 42001 Lead Auditor.
  • Prerequisite requirement for the Lead Implementer and Lead Auditor credential: Please note that the Certified ISO 42001 Lead Implementer and Lead Auditor certifications are stacking credentials that require current CIS Certified ISO 31000 Internal Controls Risk Analyst (CICRA) certification as a prerequisite for certification eligibility. 

Upon completion of this training and certificate program, participants will:

• Be equipped with knowledge and skills required to plan, implement, manage, monitor, assess, and improve policy and program in line with the ISO 42001 and related standards of best practice;
• Expand your AI management competency; and
• Be prepared to integrate a robust and certifiable 42001 AI Management System.

Register for a class (in-person or virtual) and get started today!

Class details

• Duration: 2 days, 8:30 - 4:30
• CPE Credit: 16
• Professional Certification: This course fulfills prerequisite training requirements for professional certification as a Certified ISO 42001 Lead Implementer and Certified ISO 42001 Lead Auditor.
   
  
  • Prerequisite requirement for the Lead Auditor credential: Please note that the Certified ISO 42001 Lead Implementer certification is a stacking credential that requires current CIS Certified ISO 31000 Internal Controls Risk Analyst (CICRA) certification as a prerequisite for Certified ISO 42001 Lead Implementer certification eligibility. 
• Materials included with live instructor-led training:
  • Class manual (complete hard copy of class presentation)
  • 14 days of unlimited access to online practice exams for exams #AIMS101 and #AIMS102
  • 1 attempt for the online certification exams #AIMS101 and #AIMS102
    
• Certificate of Achievement included with class: Upon course completion, we will provide you with an online digital achievement certificate for 16 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
• Recommended prerequisite training: None
  
• Catering:
  
  • Morning refreshments and snack for live in-person participants
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

* ISO standards are not provided in class, but are available as a separate purchase directly from ISO.