To learn more about additional tracks, click here:


 Track 1- Audit Track 

Wednesday, 11/20/19 - Thursday, 11/21/19 

Presented by Leighton Johnson, CISSP, CISA, CISM, Founder and CTO of ISFMT

Successfully Implementing and Managing Enterprise Risk Management


Course Description


COSO defines Enterprise Risk Management (ERM) as “a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” That sounds rather vague. What does it mean to your organization, and how do you make it happen?


During this course participants will examine risk types, methods for identification of risk, evaluation of risks, mitigating options, and on-going monitoring. This class will help individuals learn and develop the skills necessary to help drive, implement, and execute an effective Enterprise Risk Assessment through the use of lecture, interactive discussion, case studies, best practices, and group exercises.


Learning Objectives


  • Learning what ERM is and why it is important and valuable to organizations

  • Understanding risk issues faced by organizations

  • Understanding risk management frameworks used in managing risks

  • Learning how to assess risks and risk drivers for a corporation

  • Learning why risk quantification is important and basic quantification approaches

  • Understanding how risk management is a powerful tool for both strategic and tactical decisions


Course Outline


Enterprise Risk Management Basics


  • What is risk?

  • What ERM is and why it’s important

  • Value proposition of ERM

  • The role corporate culture plays

  • Internal and external environments

    COSO ERM Model


  • Internal environment

  • Objective setting

  • Event identification

  • Risk assessment

  • Control activities

  • Information and communication

  • Monitoring

    The ERM Process


  • Defining the risk culture

  • Establishing roles and responsibilities

    • Sponsorship

    • Tone at the Top

    • Formally defining roles and responsibilities

    • Internal Audit’s role

  • Establishing goals and objectives

    • Implementing a formal ERM framework, process, and documentation

    • Aligning business strategy with ERM goals

    • Considering organizational culture, principles, and values

    • Determining resource allocation for ERM

    • Communications for ERM process

  • Identifying the risks—assessment methodologies, tools, and techniques to use

    • External and environmental risks

    • Business and reputational risks

    • Financial risks

    • Operational and process risks

  • Assessing the risks—qualitative and quantitative assessment

  • Evaluating the risks—options for managing the risks

  • Mitigating the risks—strategies and methods for implementing mitigation and monitoring

  • Monitoring the risks—internal audit, data analytics, dashboards, etc.

    Incorporating Fraud Risk Assessments


  • Learning how to conduct a fraud risk assessment

  • Understanding basic fraud concepts

  • Identifying best practices in fraud risk assessment

  • Learning to utilize appropriate frameworks for assessing fraud risks

  • Usage of commonly used frameworks, scorecards, and reporting templates

  • Incorporating into the ERM

    Exercises, Case Studies, and Best Practices


  • Tools and techniques

  • Successes and failures

  • Best practices


Additional Information


Who Should Attend


  • Internal audit management and staff

  • Financial an operational management and staff

    Learning Level

    Intermediate

    Delivery

    Group-Live

    Field

    Auditing

    Advanced Preparation

    None

    Recommended Prerequisites

    Auditing experience

    Session Duration

    Online: N/A

    On Site: 2 days

    CPE Credits: 16

     

About the Speaker


Leighton Johnson, CISSP, CISA, CISM, is the CTO of ISFMT (Information Security & Forensics Management Team).  He has presented computer security, cyber security and forensics classes and seminars all across the US and Europe.  He was regional CIO and Senior Security Engineer for a 450 person directorate within Lockheed Martin Information Systems & Global Solutions Company covering 7 locations within the Eastern and Midwestern parts of the U.S. He is an adjunct instructor of digital and network forensics and incident response at Augusta State University. He has over 36 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator) CSSLP (Certified Security Software Lifecycle Professional), CMAS (Certified Master Antiterrorism Specialist) and CISA (Certified Information Systems Auditor) credentials. He has taught CISSP, CISA, CISM, DIACAP, Digital and Network Forensics, and Risk Management courses around the US over the past 7 years. He has presented at EuroCACS 2010, ISMC 2007, ISMC 2006, CyberCrime Summit 2007, multiple year presentations for OPNET Technologies international conferences, INFOSEC WORLD 2005, multiple presentations for military and civilian conferences for customers and clients worldwide.