Standardized training and professional certification

A strategic objective of IRMCB's mission is to assure the integrity and validity of standardized professional development training and certification programs for individuals involved in enterprise risk management systems. Certification and validation of competence of individuals involved in governance and management of enterprise risk and related management systems has become an important element of an increasingly mobile and global workforce, underscoring the value of industry-recognized credentials that can be carried across national borders.

IRMCB exists to:

  • Establish the minimum baseline requirements necessary to qualify certified professionals managing risk according to well-established best practices of ISO frameworks and standards including NIST, ISO 31000, ISO 27001, ISO 19600, ISO 37001, and ISO 22301;
  • Develop, maintain, and license reliable, valid, and current certification preparation curriculum and training to be delivered through authorized training and certification member organizations;
  • Develop, maintain, and license reliable, valid, and current certification examinations to be proctored through IRMCB authorized training and certification member organizations;
  • Establish requirements for the periodic renewal of certification and determining compliance with those requirements;
  • Ascertain that certificants meet ethical standards in their professional practice; and
  • Promote the benefits of certification to employers, public officials, practitioners in related fields, and the public.

IRMCB Authorized Training and Education Centers (ATECs) provide IRMCB-standardized training, examination, and certification services for individuals.

Standardized Training Programs

ISO 31000 Enterprise Risk Management


As the foundation session of IRMCB risk management training courses, this 3-day risk management strategy training and policy workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:

  • Describe the principles and processes of risk management;
  • Provide a thorough overview of the requirements of ISO 31000, ISO 31010, and 27005;
  • Give practical guidance on designing and implementing a suitable enterprise risk management framework;
  • Establish a firm program starting point by using ISO standards 31000, 31010, and 27005 to build out the initial ERM core policy; and
  • Provides pre-requisite training for professional certification as an ISO 31000 Certified Internal Controls Risk Analyst™ (CICRA™).

Information Security / Cybersecurity

 
NIST Cybersecurity Framework Lead Implementer Training

Get a thorough understanding of the NIST Cybersecurity Framework, and how to leverage the framework to establish and maintain an a robust and effective cybersecurity program.

Cybersecurity Governance

The NIST Cybersecurity Framework (CSF) provides the roadmap for establishing, implementing, operating, and managing a documented cybersecurity capability within its information security management program.  It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. This Framework is designed to ensure the selection of adequate and proportionate security controls that protect cyber-related assets and give confidence to interested parties.

This 3-day NIST Cybersecurity Framework workshop provides thorough coverage of the CSF, as well as setting out advice on the implementation of cybersecurity initiative. The purpose of the course is to:

  • Describe the principles and processes of cybersecurity governance and management;
  • Provide thorough coverage of the requirements of the NIST Cybersecurity Framework;
  • Give practical guidance on designing a suitable framework for the organization, and how to integrate NIST CSF recommendations into a comprehensive ISO 27001 ISMS;
  • Give practical advice on implementing cybersecurity management;
  • Prepare you for your NIST Cybersecurity Framework certification exam required for Certified NIST CSF Lead Implementer professional credentialing.
  • Establish a firm program starting point by using the NIST Cybersecurity Framework to build out the initial cybersecurity management core policy

Policy Workshop: ISO 27001 Information Security Management


This 2-day IRMCB ISO 27001 training and certification workshop provides thorough coverage of the ISO 27000 standards, as well as setting out advice on the implementation of an information security initiative. The purpose of the course is to:

  • Describe the principles and processes of information security governance and management;
  • Provide thorough coverage of the requirements of ISO 27001;
  • Give practical guidance on designing a suitable framework;
  • Give practical advice on implementing information security management;
  • Prepare you for your ISO 27001 certification exams required for Certified Internal Controls Architect (CICA) professional credentialing;
  • Establish a firm program starting point by using ISO 27001, ISO 27002, and 27003 to build out the initial Information Security Management core policy; and
  • Partially satisfy the pre-requisite training necessary for professional certification as an ISO 27001 Certified Internal Controls Architect (CICA™)

ISO 27001 Lead Auditor Training


Based upon the ISO 27001 related auditing standards ISO 27007 and 19011, this IRMCB one-day course will provide an intensive overview of how to manage an internal audit of an organization's risk management program in along with its corresponding information security management system. It will also provide valuable guidance on conducting the internal audits, on establishing and validating the competence of ISMS auditors, and prepare you for your ISO 27001 lead auditor certification exams required for the well-recognized ISO 27001 Lead Auditor professional certification.

This course  is applicable to those needing to understand or conduct internal or external audits of a risk management system supporting an ISMS, or how to manage an ISO 27001 ISMS audit program. This is the only ISO 27001 Lead Auditor training and professional examination program to incorporate ISO's 27007 standard as core content within its program. Building upon the foundation understanding of the ISO 27005 risk management framework and ISO 27001 framework validated by the Certified Internal Controls Architect credential , the ISO 27001 Lead Auditor certification accredits your ability to audit the formal structure, governance, and policy of an ISO 27001 conforming Information Security Management System (ISMS). Furthermore, the ISO 27001 Lead Auditor certification ensures that you are qualified to assure strategic objectives according to core ISO 27001, 27002, 27003, and 27005 best practices. This IRMCB course partially satisfies the prerequisite training necessary for certification as an ISO 27001 Lead Auditor.

Policy Workshop: ISO 22301 Business Continuity Management


This 2-day IRMCB ISO 22301 business continuity training and policy workshop provides participants with a solid understanding of business continuity management. It is based on industry best practice and guidelines for business continuity and reviews the ISO 22301 Standard for business continuity management. Practical exercises and instructor-led discussions will help students understand the benefits of business continuity management in an organization.

This business continuity training will:

  • Describe the principles and processes of business continuity management and governance;
  • Provide thorough coverage of the requirements of ISO 22301;
  • Give practical guidance on designing a suitable framework and business continuity management strategy;
  • Give practical advice on setting up and operating business continuity management;
  • Partially satisfy the prerequisite training for eligibility to be certified as an ISO 22301 Certified Business Continuity Strategist™ (CBCS™); and
  • Establish a firm program starting point by using ISO 22301 to build out the initial Business Continuity Management core policy.

Deploy, Exercise, and Certify Business Continuity Management

Building upon the foundation understanding of the ISO 22301 Business Continuity Management System (BCMS) platform learned in "Policy Workshop: ISO 22301 Business Continuity Management", this IRMCB course provides participants with the knowledge, methods, and skills to put the previous course's strategy into practice. It is based on industry best practice and guidelines for business continuity based upon the ISO 22301 and 22313 standards. Again, practical exercises and instructor-led discussions will help students understand the techniques to deploy, test, and maintain business continuity management in an organization. This course will partially satisfy the prerequisite training necessary for eligibility for certification as an ISO 22301 Certified Business Continuity Administrator™ (CBCA™) or ISO 22301 Certified Business Continuity Manager™ (CBCM™).

Internal Fraud Prevention and Detection

 
This IRMCB three-day workshop will enable participants to:

  • Assess an organization's current capabilities to properly prevent, detect, investigate, and recover losses resulting from internal fraud or abuse;
  • Detect a wide variety internal fraud and corruption, including (but not limited to) purchasing and acquisition fraud, payroll fraud, check fraud, reporting fraud, and abuse of company assets;
  • Effectively investigate suspicions of internal fraud or abuse to support recovery of losses, possible termination or disciplinary proceedings, or even potential prosecution; and
  • Partially satisfy the prerequisite training necessary to be eligible for certification as a Certified Fraud Control Associate™, Certified Fraud Control Professional™, or Certified Fraud Control Manager™.

Fraud Investigation and Interviewing

This two-day IRMCB workshop will give participants the knowledge and skills you need to effectively interview and interrogate witnesses, conspirators, and perpetrators potentially involved with incidents of fraud or abuse. Set into a practical workshop format, important concepts are reinforced through your in-class analysis of real videotaped interviews from actual investigations of two cases of internal employee fraud. This session partially satisfies the prerequisite training necessary to be eligible for certification as a Certified Fraud Control Associate™, Certified Fraud Control Professional™, or Certified Fraud Control Manager™.

Certified ISO 37001 Anti-Bribery & Corruption Manager Training

ISO 37001 CABCM™ is the anti-bribery management certification appropriate for managers at every level, including top management at the officer and vice president level. This training enabled participants to develop and manage a custom anti-bribery and anti-corruption system and methodology based upon the ISO 37001 Anti-Bribery Management System framework.  This session fully satisfies the prerequisite training necessary to be eligible for certification as a Certified ISO 37001 Anti-Bribery & Corruption Manager™

 This five-day workshop will enable participants to:

  • Plan, deploy, manage, and manage Anti-bribery Management System in accordance with ISO 37001
  • Understand the approaches, methods, measures and techniques required for the effective management of Anti-bribery Management System
  • Identifying risk and opportunities associated with an organization
  • Support an organization in establishing, implementing, managing and maintaining the Anti-bribery Management System as specified in ISO 37001
  • Advise organizations on the anti-bribery good practices
  • Prepare an organization for an ISO 37001 audit
  • Become eligible for professional certification as a Certified ISO 37001 Anti-Bribery & Corruption Manager™ 

CIS Policy Workshop: ISO 19600 Compliance Management

 

Get trained and certified in establishing, managing, operating, and auditing an ISO 19600 Compliance Management System 

CPP 250Every day, organizations face the ever-increasing need to manage and fulfil regulatory and industry requirements to allow them to conduct business. "Compliance" is no longer simply a legal concern isolated to a legal compliance unit. After all, how the organization operates determines its ability to comply with external stakeholder requirements. This means that compliance requirements permeate all business activities - from procurement, to human resource management, to information management, to manufacturing processes, to environmental management - and on and on. Since complying with one requirement can impact compliance with another requirement, compliance with all of the various requirements in total gets quite complicated. Compliance must be very carefully designed, managed, and monitored - throughout the organization

Upon completion of this training and certificate program, you will: 

  • Understand the principles and processes of risk governance and management;
  • Get a thorough overview of the requirements of ISO 19600:2014;
  • Get practical guidance on designing and implementing a suitable compliance management framework;
  • Establish a firm program starting point by using ISO standard 19600 to build out the initial Compliance Management core policy. Soft-copy editable templates are provided in the instructor-led class:
    • Complete ISO 19600 Compliance Management System Policy 
    • Procedure for Training and Development Needs Analysis document 
    • ERM Program project kick-off document 
    • Leverage ISO best practices to properly manage and monitor compliance requirements 
    • Leverage ISO best practices to implement controls to ensure compliance with stakeholder requirements
    • Establish compliance monitoring, communication, and reporting 

ISO 45001 OHSMS Assessment and Migration

 

Learn ISO Risk Management, and how to leverage ISO 31000 and ISO 31010 to facilitate OH&S hazard analysis and risk assessments

A successful occupational health and safety risk management initiative can affect the likelihood and consequences of OH&S risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support. 

Since occupational health and safety has a primary purpose of identifying and treating risk, it is essential that your organization establish a consistent methodology for assessing and managing risk. This 2-day risk assessment workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementations of an ISO risk assessments. The purpose of the training is to:

  • Provide an introduction to Enterprise Risk Management concepts and an overview of integrating ISO 45001 OHS hazard analysis and risk assessments into ISO 31000 Enterprise Risk Management;
  • Provide a practical understanding of risk criteria, and how they are properly applied in risk assessments; and
  • Give practical guidance leveraging ISO 31010 and ISO 27005 to establish a formalized risk assessment and risk treatment methodology for OHS hazard management;
    • Leverage ISO best practices to properly identify, analyze, and evaluate risk
    • Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria)
    • Establish risk monitoring, communication, and reporting