Why IIE Training Center? |   Testimonials|    FAQs|   Accreditation |   Hotel and General Info|   Instructors|   Contact Us
Enterprise Risk Management
  Print
ENTERPRISE RISK MANAGEMENT

3 day(s) | 2.10 CEUs

REGISTRATION FEE: Member: $1,195 | Non-member: $1,545

 

Enterprise Risk Management Workshop is a comprehensive and practical three-day workshop that introduces participants to the concepts, principles, processes and applications of enterprise risk management. This course is required for the Enterprise Risk Management Certificate Program.

Class Schedule:

Course IDCourse DatesLocationRegister
1810Nov 04 - 06, 2014Norcross, GARegister

Overview:

The workshop focus is on enterprise risk management. The workshop is delivered through lectures, class discussions, articles, case studies and exercises. The topics to be covered include: identifying, classifying, assessing and controlling operational risks, planning and implementing risk mitigation strategies for the identified risks. 

The workshop will help participants to understand and to develop risk management skills, and to apply what they have learned to real-life ERM projects. Participants will learn how to implement enterprise and programmatic risk management in their organizations. Participants will learn why management is adopting and developing a portfolio view of multiple views of risk-controls within their organizations and into the supply stream. The workshop format is approximately 1/3 lecture, 1/3 exercise and 1/3 ‘lesson learned’ discussion.

Topic Highlights:

  • Key Terms and Definitions
  • Introduction to ERM Frameworks
  • COSO ERM Framework
  • ISO 31000 Risk Management Standard
  • NIST 800-37 Security Risk Management Framework for Federal Information Systems
  • Common Elements of ERM Frameworks
  • ERM in the Real World
  • Next Steps

What You Will Learn:

  • Learn what is enterprise risk management and when to use it
  • Learn how to implement ERM successfully
  • Learn ISO 31000, COSO ERM, NIST 800-37 and additional ERM frameworks and standards
  • Learn how to identify risk tolerance and appetite for operational decision making
  • Learn and apply the operational risk management process

Course Content

Key Terms and Definitions

  • What is ERM? What is GRC?
  • ERM Drivers, past and present
  •  Why does ERM fail? Succeed?

ERM Core Building Block: Decision-making

  • What is a decision?
  • Who are the ERM decision makers?
  • Decision framing
  • Risk appetite/tolerance/biases
  • Key ingredient: principles, process, behavior and performance
  • Quantification and qualification of risk
  • Common decision techniques and pitfalls
  • What makes a good decision? 
  • Creating level decision playing field
  • Exercise: Understanding

Different Approaches to ERM

  • ERM standards: COSO, NIST, FAA, ISO, NASA, etc.
  • Strategic, operational, financial, insurable, social risks in an ERM context 
  • Linking strategic, operational and financial risks
  • Adaptive management benefits/pitfalls 
  • Enterprise (entity level) risk, programmatic/project risk, transactional/product risk 
  • Exercise: Growth of ERM discussion in security (cyber & physical), Gulf oil spill, etc. 
  • Exercise: Services business case study

Introduction to ERM Frameworks

  • COSO ERM explained 
  • ISO 31000 explained 
  • NIST 800-37 explained 
  • Common features of ERM frameworks 
  • Exercise: Enterprise Risk Management in companies and federal/state agencies 
  • Case study: Rockwell Collins ERM Approach

Elements of the COSO ERM Framework

  • Discussion of the COSO ERM cube 
  • Eight risk management steps of framework  
  • Benefits/challenges of framework 
  • Exercise: COSO framework application 

Elements of the ISO 31000 Risk Management Framework

  • Discussion of the 31000 approach
  • Risk definitions 
  • Relationships between the risk management principles, framework and process 
  • Benefits/challenges of framework 
  • Linking to ISO/IEEE Systems and Software Risk Management Standard 16085
  • Case study: Similarities and differences between project risk management standards

NIST 800-37: Guide for Applying the Risk Management Framework for Federal Information Systems: Security Lifecycle Approach

  • Integrated organization-wide risk management 
  • Information control allocation 
  • System develop life cycle 
  • Review of the life cycle process
  • Exercise: Managing enterprise risk on a government project

ERM in the Real World

  • Organizational risk culture
  • Who owns ERM? 
  • Implementing ERM: top down, bottom up, middle out?
  • Avoiding organizational risk conflicts
  • Risk capability and maturity 
  • Case study: Various forms of enterprise (entity), programmatic/project and event based controls 
  • Exercise: Managing the risks in a supply chain

Your Next Steps

  • Identify critical next steps for implementing ERM program 
  • Exercise: Discuss and evaluate ERM plans

Corporate Training

This course is available as a corporate training program and can be customized to meet your company’s needs. For more information, contact IIE Director of Continuing Education and Program Development Larry Aft, P.E., (770) 349-1130.

Class cancellation:  IIE reserves the right to cancel a class up to 15 business days prior to the scheduled start date.