Risk Based Auditing: Using ISO 19011:2018: CERM Academy Series On Enterprise Risk Management (Cerm Academy Enterprise Risk Management) - Softcover

Über die Autorin bzw. den Autor

Greg Hutchins is the founder of 800Compete.com, WorkingIt.com, CERMAcademy.com, QualityPlusEngineering.com, and other startups. Greg Hutchins is the risk evangelist who coined the expression Future of Quality: Risk® Greg Hutchins PE CERM is also the principal professional engineer Quality + Engineering - international supply and quality management firm. He has written best selling books on global ISO standards and risk management. Greg is the author of ISO 9000 (best selling translated into 8 languages published through John Wiley), Value Added Auditing, ISO 31000: Enterprise Risk Management, ISO Risk Based Thinking, Risk Based Thinking, Supply Management Strategies (APICS, ISM, ASQ endorsed and used in certifications), and Standard Manual of Quality Auditing and more than a dozen article international books. Q+E is the designer and developer of Certified Enterprise Risk Manager® (CERM), CERM Cyber™certificate, and best selling ISO and ERM books. Q+E has deep domain expertise in ISO 31000, ISO 27001, and NIST 800’s. Q+E designed CERM based on its security IP including Critical Infrastructure Protection: Forensics, Assurance, Analytics®; Value Added Auditing™; Certified Enterprise Risk Manager®; Future of Quality: Risk®; CERM: Risk Based, Problem Solving | Risk Based, Decision Making®; etc. Q+E has been certified by the Department of Homeland Security for Critical Infrastructure Protection: Forensics, Assurance, Analytics®. Q+E has conducted the following Critical Infrastructure Protection (CIP) risk assessments: • Analytical. Q+E engineers and scientists conduct analytical analyses following Q+E protocols evaluating business continuity, cyber security, and physical security systems against IEEE, NFPA, ISA, PMI, ISO, NIST, COSO, NERC, DIACAP, FISMA, and ASIS standards. • Assurance. Q+E offers the client three levels of assurance: o Compliance. Q+E conducts a compliance audit against appropriate standards and guidance. o Assurance with opinion. Q+E issues an opinion based on the results of a governance, risk, and compliance (GRC) audit or ERM controls assessment. o Assurance with insurance coverage. Q+E conducts an audit and provides the requisite level of due diligence for the auditee to be covered. • Forensics. Q+E provides the above levels of assurance as well as supplies a letter to the regulatory authority averring compliance that criteria have been met.