Risk Based Auditing: Using ISO 19011:2018: CERM Academy Series On Enterprise Risk Management - Brossura

Informazioni sull?autore

Greg Hutchins is the founder of 800Compete.com, WorkingIt.com, CERMAcademy.com, QualityPlusEngineering.com, and other startups. Greg Hutchins is the risk evangelist who coined the expression Future of Quality: Risk® Greg Hutchins PE CERM is also the principal professional engineer Quality + Engineering - international supply and quality management firm. He has written best selling books on global ISO standards and risk management. Greg is the author of ISO 9000 (best selling translated into 8 languages published through John Wiley), Value Added Auditing, ISO 31000: Enterprise Risk Management, ISO Risk Based Thinking, Risk Based Thinking, Supply Management Strategies (APICS, ISM, ASQ endorsed and used in certifications), and Standard Manual of Quality Auditing and more than a dozen article international books. Q+E is the designer and developer of Certified Enterprise Risk Manager® (CERM), CERM Cyber™certificate, and best selling ISO and ERM books. Q+E has deep domain expertise in ISO 31000, ISO 27001, and NIST 800’s. Q+E designed CERM based on its security IP including Critical Infrastructure Protection: Forensics, Assurance, Analytics®; Value Added Auditing™; Certified Enterprise Risk Manager®; Future of Quality: Risk®; CERM: Risk Based, Problem Solving | Risk Based, Decision Making®; etc. Q+E has been certified by the Department of Homeland Security for Critical Infrastructure Protection: Forensics, Assurance, Analytics®. Q+E has conducted the following Critical Infrastructure Protection (CIP) risk assessments: • Analytical. Q+E engineers and scientists conduct analytical analyses following Q+E protocols evaluating business continuity, cyber security, and physical security systems against IEEE, NFPA, ISA, PMI, ISO, NIST, COSO, NERC, DIACAP, FISMA, and ASIS standards. • Assurance. Q+E offers the client three levels of assurance: o Compliance. Q+E conducts a compliance audit against appropriate standards and guidance. o Assurance with opinion. Q+E issues an opinion based on the results of a governance, risk, and compliance (GRC) audit or ERM controls assessment. o Assurance with insurance coverage. Q+E conducts an audit and provides the requisite level of due diligence for the auditee to be covered. • Forensics. Q+E provides the above levels of assurance as well as supplies a letter to the regulatory authority averring compliance that criteria have been met.