Description
Who is the author: Greg Hutchins PE CERM? Greg Hutchins is a professional engineer, writer, maker, curator, and developer. Greg is the author of 15 ISO, risk, and supply management books. Greg is the risk evangelist who coined the expression Future of Quality: Risk and is the developer of Certified Enterprise Risk Manager (CERM) certificate. What is Value Added Auditing(TM) (VAA)? Value Added Auditing (440 pages) is a process and risk based manual for ISO management system and risk based audits. The manual can be used to conduct performance, operational, IT, cyber, and supply management assessments. The objective of the manual is to enhance: 1. Risk-based, problem solving and 2. Risk-based, decision making. All ISO 9001:2015 and ISO 14001 companies should read this book to understand and implement Risk Based Thinking (RBT) and Risk Based Auditing (RBA). VAA is also core to the CERM certificate. What This Book Can Do For You? Value Added Auditing can be used as your ‘how to’ primer or reference for the following assessments: ISO 9001, ISO 14001, and other ISO management system assessments that focus on continual improvement and achieving business objectives. The book is harmonized to ISO 31000. Business assurance assessments including attestation, compliance, maturity, capability, and benchmarking. Internal auditing (Yellow Book/Red Book/Quality) providing independent and objective assurance that an organization can accomplish its business objectives within its risk appetite. Supplier auditing that may involve risk forensics, assurance, and analytics. Risk based Information Technology (IT) audits including ISO 27001, COBIT, ITIL, HIPAA, PCI, FISMA, and SOX assessments. Risk assurance assessments ensuring an organization can meet its governance, risk, and compliance (GRC) objectives. Assurance and opinion audits based on international standards. Bonus Materials/Resources Access to 1000 risk and RBT articles through CERM Academy – www.http://insights.cermacademy.com/ Get a discount for the Certified Enterprise Risk Manager (CERM) certificate. Get discounts for CERM Academy products. Greg Hutchins PE CERM is the risk evangelist who coined the expression Future of Quality: Risk and is the developer of Certified Enterprise Risk Manager (CERM) certificate (www.CERMAcademy.com). Certified Enterprise Risk Manager (CERM) is a risk management certificate based on ISO, ANSI, IEC, and NIST standards. The purpose of CERM is to certificate professionals in risk management problem-solving and risk-based decision-making based on the CERM Lifecycle Learning Model shown in the above figure. The model has three stages: 1. Certified Enterprise Risk Manager certificate and sub-certificates; 2. Risk webinars; and 3. Risk resources. _____________________________________________________________________________________ Greg Hutchins is a professional engineer and is the managing engineering of Quality Plus Engineering (Q+E). Q+E is US Department of Homeland Security (DHS) certified to conduct Critical Infrastructure Protection: Forensics, Assurance, and Analytics assessments. US Department of Homeland Security (DHS) has certified Q+E for Critical Infrastructure Protection: Forensics, Assurance, Analytics. DHS has designated Q+E forensic, assurance, and analytical technologies including Value Added Auditing as ‘Anti-Terrorist Technologies.’ Please see next page delegation of authorities from the DHS Under Secretary. Under the DHS certification, Q+E is authorized to conduct the following independent and objective homeland security Critical Infrastructure Protection (CIP) assessments: * Analytical. Q+E engineers and scientists conduct analytical analysis following Q+E protocols evaluating IT and cyber security systems against IEEE, PMI, ISO, NIST, and AEC standards. * Assurance. Q+E can offer the client three levels of assurance: Compliance. Q+E conducts a compliance audit using COBIT, NIST, or ISO standards. Assurance with opinion. Q+E issues an opinion based on the results of a governance, risk, and compliance audit. Assurance with DHS Safety Act coverage. Q+E conducts an audit and provides the requisite level of due diligence and due care for the auditee to be covered by the Safety Act against domestic and state-sponsored terrorism. * Forensics. Q+E provides all of the above levels of assurance as well as supplies a letter to DHS averring compliance that above criteria have been met. _____________________________________________________________________________________ Greg Hutchins has written more than 15 best selling books on supply management, risk management, operations management, and quality management. Greg is the author of ISO 9000 (best selling – translated into 8 languages), Supply Management Strategies (APICS, ISM, ASQ endorsed and used in certifications), and Operational Auditing (first risk based, operational auditing book).
