HOME | CONTACT US | IIE MY ONLINE TRAINING
WHY IIE TRAINING CENTER?
EXPLORE OUR TRAINING
INSTRUCTORS
GENERAL INFORMATION
FAQ
 
Process Risk Management
2 Days | 1.4 CEUs

Overview:

The objective of this workshop is to provide an understanding of the specific process risk management framework that can be used to evaluate critical infrastructure, such as cyber security, power grid and SCADA systems. The workshop provides participants with principles, techniques and tools that will help them address and mitigate process risks.

Upon completion, participants will be able to lead and/or actively participate in teams to audit/evaluate enterprise, programmatic, process, transactional and product risks. Participants will learn various risk management and process management frameworks, processes, techniques and tools. Participants will learn how to audit for risk and understand where attestation and opinions must meet today’s higher threshold of due diligence and assurance. More often, federal, state and commercial clients want this level of due diligence of operational, IT and security assessments.

What You Will Learn:

  • Learn how to identify risk and determine when to use a risk-based, process approach to conduct an audit
  • Learn how to determine which publicly held companies, federal agencies, and states are requiring risk-based, operational process assessments
  • Learn how to conduct risk-based audits that comply with federal and state requirements
  • Use GAO Yellow Book and IIA Red Book standards to develop internal controls to manage risks
  • Apply a step-by-step approach to plan a risk-based audit
  • Learn how to conduct a successful risk-based audit
  • Report audit findings and, if required, issue an opinion

Course Content

Value Added Auditing and process fundamentals

  • Today’s competitive marketplace
  • Governance and auditing
  • Value Added Auditing 101
  • Enterprise Risk Management 101
  • Process Management 101
  • Exercise: Discussion on the history and development of process assessments and operational auditing
  • Case study: Differences between Yellow Book and Red Book auditing
  • Case study: Differences between ISO and risk auditing;

Managing Value Added Auditing

  • Managing the value added audit
  • Exercise: Examples of Red Book and Yellow Book auditing and their differences
  • Case study: Critical infrastructure protection audits and assessments
  • Case study: Discuss Hutchins’s Capability Maturity Model articles for conducting audits

Planning the value added audit

  • Step 1: Understand audit and business objectives
  • Step 2: Notify/visit auditee
  • Step 3: Understand auditee’s system, process and product documentation
  • Step 4: Develop audit plan
  • Step 5: Develop audit survey
  • Exercise: Developing a scope of work and audit plan
  • Case study: NERC CIP audits

Conducting the value added audits

  • Step 1: Assess organizational maturity
  • Step 2: Assess process capabilities
  • Step 3: Assess system/process risks
  • Step 4: Evaluate control effectiveness
  • Step 5: Assess evidence
  • Step 6: Issue opinion
  • Step 7: Conduct exit meeting
  • Exercise: 'Plan the work' and 'Work the plan'
  • Exercise: Implement plan for risk-control evaluations

Reporting value added audit results

  • Step 1: Communicate audit results
  • Step 2: Decide audit report format
  • Step 3: Correct – Prevent – Predict – Pre-empt
  • Step 4: Maintain audit file
  • Exercise: Report on the audit and results of field work
  • Case study: Attestation/assurance/opinions: Providing professional assurance

Future of ISO risk standards and operational auditing

  • ISO 28000
  • ISO 27000
  • ISO 14000
  • Discuss how to risk-assess various standard criteria
  • Future of operational auditing

Your next steps

  • Develop plan for implementing process risk management
  • Exercise: Discuss and evaluate project risk plans

CLASS CANCELLATION:

IIE reserves the right to cancel a class up to 15 business days prior to the scheduled start date

 

registration fee

Member: $795
Non-Member: $1,145

course schedule

No courses scheduled, contact Larry Aft for availability


 
TERMS OF USE | PRIVACY POLICY | © 2014 INSTITUTE OF INDUSTRIAL ENGINEERS