Why IIE Training Center? |   Testimonials|    FAQs|   Accreditation |   Hotel and General Info|   Instructors|   Contact Us
Process Risk Management
  Print
PROCESS RISK MANAGEMENT

2 day(s) | 1.40 CEUs

REGISTRATION FEE: Member: $795 | Non-member: $1,145

 

The Process Risk Management workshop is a comprehensive and practical two-day workshop that introduces participants to the frameworks, principles and application of process risk management and assurance based on Value Added Auditing®. Value Added Auditing is a risk-based methodology for managing, planning, conducting and reporting audits.

The U.S. Department of Homeland Security (DHS) has certified Value Added Auditing under the Safety Act as a Critical Infrastructure Protection: Forensics, Assurance, Analytics® "Qualified Anti-Terrorist Technology."

Process Risk Management (Value Added Auditing) follows a:

  1. Risk-based approach
  2. Is compliant and harmonized to critical federal and state statutes
  3. Can be used to offer a professional opinion and/or attestation

Course Schedule

No courses currently scheduled. If you are interested in information on availability, contact IIE Director of Continuing Education and Program Development Larry Aft, P.E., (770) 349-1130.

Overview:

The objective of this workshop is to provide an understanding of the specific process risk management framework that can be used to evaluate critical infrastructure, such as cyber security, power grid and SCADA systems. The workshop provides participants with principles, techniques and tools that will help them address and mitigate process risks.

Upon completion, participants will be able to lead and/or actively participate in teams to audit/evaluate enterprise, programmatic, process, transactional and product risks. Participants will learn various risk management and process management frameworks, processes, techniques and tools. Participants will learn how to audit for risk and understand where attestation and opinions must meet today’s higher threshold of due diligence and assurance. More often, federal, state and commercial clients want this level of due diligence of operational, IT and security assessments.

Topic Highlights:

  • Value Added Auditing and process fundamentals
  • Managing Value Added Auditing
  • Planning the value added audit
  • Conducting the value added audits
  • Reporting Value Added Auditing Results
  • Future of ISO risk standards and operational auditing
  • Your next steps

     

What You Will Learn:

  • Learn how to identify risk and determine when to use a risk-based, process approach to conduct an audit
  • Learn how to determine which publicly held companies, federal agencies, and states are requiring risk-based, operational process assessments
  • Learn how to conduct risk-based audits that comply with federal and state requirements
  • Use GAO Yellow Book and IIA Red Book standards to develop internal controls to manage risks
  • Apply a step-by-step approach to plan a risk-based audit
  • Learn how to conduct a successful risk-based audit
  • Report audit findings and, if required, issue an opinion

Course Content

Value Added Auditing and process fundamentals

  • Today’s competitive marketplace
  • Governance and auditing
  • Value Added Auditing 101
  • Enterprise Risk Management 101
  • Process Management 101
  • Exercise: Discussion on the history and development of process assessments and operational auditing
  • Case study: Differences between Yellow Book and Red Book auditing
  • Case study: Differences between ISO and risk auditing   

Managing Value Added Auditing

  • Managing the value added audit
  • Exercise: Examples of Red Book and Yellow Book auditing and their differences
  • Case study: Critical infrastructure protection audits and assessments
  • Case study: Discuss Hutchins’s Capability Maturity Model articles for conducting audits

Planning the value added audit

  • Step 1: Understand audit and business objectives
  • Step 2: Notify/visit auditee
  • Step 3: Understand auditee’s system, process and product documentation
  • Step 4: Develop audit plan
  • Step 5: Develop audit survey
  • Exercise: Developing a scope of work and audit plan
  • Case study: NERC CIP audits

Conducting the value added audits

  • Step 1: Assess organizational maturity
  • Step 2: Assess process capabilities
  • Step 3: Assess system/process risks
  • Step 4: Evaluate control effectiveness
  • Step 5: Assess evidence
  • Step 6: Issue opinion
  • Step 7: Conduct exit meeting
  • Exercise: 'Plan the work' and 'Work the plan'
  • Exercise: Implement plan for risk-control evaluations

Reporting value added audit results

  • Step 1: Communicate audit results
  • Step 2: Decide audit report format
  • Step 3: Correct – Prevent – Predict – Pre-empt
  • Step 4: Maintain audit file
  • Exercise: Report on the audit and results of field work
  • Case study: Attestation/assurance/opinions: Providing professional assurance

Future of ISO risk standards and operational auditing

  • ISO 28000
  • ISO 27000
  • ISO 14000
  • Discuss how to risk-assess various standard criteria
  • Future of operational auditing

Your next steps

  • Develop plan for implementing process risk management
  • Exercise: Discuss and evaluate project risk plans

Corporate Training

This course is available as a corporate training program and can be customized to meet your company’s needs. For more information, contact IIE Director of Continuing Education and Program Development Larry Aft, P.E., (770) 349-1130.

Class cancellation:  IIE reserves the right to cancel a class up to 15 business days prior to the scheduled start date.