2-day Training on Introduction to Risk Management and Business Process Mapping Skills

Transcription

1 TOLL FREE: (USA) (Middle East) 2-day Training on Introduction to Risk Management and Business Process Mapping Skills By: Joan Pastor, Ph.D., President, JPA International, Inc. Location: December Dubai, UAE Bringing 8+ Years of GRC Training Experience to Dubai, UAE Enterprise Risk Manageme nt ERM Org ani zational Culture Busine ss Process Mapping (BPM) Audi dit Plan Roo t Analysis Too ls Enterprise Risk Management ERM Org anizationala Cultur e Busi ness Process Mappin g (BPM) Audit Pl an Roo oot Analysis s Tools SPEAKER Joan Pastor, Ph.D., President, JPA International, Inc. Joan Pastor, Ph.D., president of JPA International, Inc. is a licensed organizational and clinical psychologist who provides keynote, training and consultation services to numerous national and international organizations and associations. Ms. Pastor is a certified speaking professional (CSP), a certified mediator, and has an extensive coaching practice. She is well-known for her keynotes and work in assisting organizations in developing their vision, plus the strategy and processes to achieve it. She has been working with finance, risk, security (including intelligence) & audit professionals since 1986 and has made pioneering contributions to these professions in risk assessments; all areas related to the People or Soft Skills ; integrating finance, incorporating risk and fraud into corporate objectives and strategy; business process documentation; and in working with executive management, boards, and audit committees. She has uncovered numerous embezzlement and other fraudulent schemes over the years in her own work and with audit, risk and finance colleagues. She has been named Outstanding Young Woman of the Year, awarded the U.S. Army Customer Service Award, and was awarded the National Leadership Award from the U.S. Business Advisory Council in both 2003 and Seminar instructor Joan Pastor has: Worked as the head facilitator for the National Security Agency. Facilitated off-sites with all the intelligence agencies of the Dept. of Defense as well as representatives from the White House under the Clinton Administration. Trained FBI professionals and police departments on white collar criminal and fraud interviewing skills. Facilitated many off-sites with executive teams from a number of private and public companies in numerous countries.

2 02 LEARNING OBJECTIVES Seminar attendees will learn: Enterprise Risk Management (ERM) vs. Risk Assessments vs. Risk Self-Assessments: How they all work together for the most efficient and comprehensive coverage. To use ERM to proactively address opportunities, increase customer and stakeholder value and determine risk threshold. To use the copyrighted JPA Top Down Risk Analysis Mapping Process to get to the real processes, procedures, risks and controls. Specific applications to regulatory standards, global and compliance standards, ISO, clinical trials and more. To take business process mapping and documentation and risk assessments to the highest level of real proactive organizational change. How to identify significant risks related to any business function through your clients' eyes and assess the existence and strength of controls against the risk exposure. The power of risk and fraud self-assessments (RSA), and a highly effective process for facilitating them. Secrets for turning around resistant noncompliant functions who fight your involvement. To use natural systems selection tools from organizational psychology to differentiate real risk from trivial risks, and immediately increase client buy-in. COURSE DESCRIPTION A number of different approaches to risk management and assessment have been developed, yet companies face challenges in deciding which approach to take: a method that brings benefits to one may not be good enough for another. This seminar provides companies ways to assess and manage risk, compliance and auditing that can be easily adapted to any kind of business across the globe. Attendees will learn practical approaches and proven tools to implement robust risk management systems within their organizations. This highly interactive 2 day in-person seminar will explain how to use any type of process to enhance risk and control identification and contribute important information to the overall risk management plan. Attendees will gain the skills for understanding risk management, how to do effective risk assessments, and how to include business process mapping into any enterprise risk management program, risk assessments and audit processes. The seminar will explain how any work function really operates, to identify risks and opportunities for improvement, and to implement changes or new processes that will have an immediate impact on both the participant s own, and the organization s, objectives. WHO WILL BENEFIT This course is designed in such a way so as to provide comprehensive learning for both risk/audit professionals and personnel in non-audit functions (including IT and executive teams) across industries. The following personnel will benefit from attending the course: Internal and external auditors Regulatory & compliance personnel Fraud & risk managers Company executives

3 03 AGENDA DAY ONE 8.30AM 5.00PM Registration Process: 8:30 AM 9:00 AM Session Start Time: 9:00 AM I II III What is Risk? Why is this so important? What does it mean to manager, employee and auditor? Traditional approaches to define risk Why traditional approaches are not enough Assessing risk at an organization-wide level vs. a business unit level What about areas that already have compliance controls in place (i.e.; environmental, safety, legal regulations) Enterprise Risk Management vs. Risk Assessment vs. Self-Assessment What exactly are each of these, how they work, and why all are of critical importance in risk assessment processes and risk management How to integrate all three arenas above so that they work together and complement each other Two Fundamental Approaches: the typical ones and the one that works The strength and weaknesses of the traditional approach that is usually taught A step by step process for implementing an approach that can be customized to your organization s particular needs, and to the needs and goals of specific business functions Two examples: Harley-Davidson and the Los Angeles Employee Retirement Association (LACERA) (a private and public organization) Who are Harley Davidson and LACERA? The step-by-step process for each organization that we developed and how we got there The struggles and challenges we went through Changes we made along the way Simple risk universe maps from other companies (i.e.; Caterpillar) Reviewing ERM and/or RA approaches in small groups and class discussion The role of organizational culture, vision and resources in determining the best approach and our approach All about Questionnaires What to do if you have a supportive management and culture Suggestions if you do not have a supportive management and culture What types of questionnaires are there and what works best in companies and different organizational cultures. Pros and cons to using questionnaires in risk assessments. Different types of questionnaires: self-assessment, 360, and abilities-based, and the strengths and limitations of each. How to put together a proper questionnaire that will gather the best information: what the experts say. How to determine where to do business process mapping to verify risk and control information given in the questionnaire. Why questionnaires are not enough Asking follow-up questions after reviewing the questionnaires IV V Gaining People's Buy-In to ERM and/or doing Risk Assessments Step-by-step strategies of gaining "buy-in" from the necessary people at all levels of your agency Critical Communication Skills: Tying your function s activities, goals and objectives to those you are trying to create collaboration with Explaining how risk management, risk assessment, the Audit Plan and the organization s goals and their strategies for achieving them all work together. Using Business Process Mapping and specific self-assessment techniques (to be taught on second day) to help people see how risk assessments add value. Action Plan Part One How to address and handle people s fear of change What to do and say when any level of management says things are fine as they are How Business Process Mapping (BPM) ties in and fills the gap between the desire to achieve goals and the actual ability to achieve goals. How integrating (BPM) appropriate risk management actually helps all organizational functions achieve their goals, and stay in alignment with the larger vision of the organization. Building a partnership both horizontally and vertically through risk assessments Making sure Audit Committees or equivalent also understand your objectives, how all parts of the process (i.e., from ERM to RA to Audit Plan) all fit together and are committed. What can you take from all this so far? Developing a preliminary plan, prioritizing areas to cover, determining how detailed to get Questions and concerns Sharing Your preliminary plan in groups Reviewing ERM and/or RA approaches and questionnaires from the class, ranking and weighting risks without business process mapping first: Small groups and facilitated discussions

4 04 AGENDA DAY TWO 8.30AM 5.00PM I II III Introduction to Business Process Mapping (BPM) and Root Analysis Tools What is business process mapping, and what are the tools used in process mapping (overview) Determining which business processes in your organization, or an organizational function, should be monitored How to construct process flow charts that are efficient and effective How to start aligning the process flow charts with BOTH risks and controls in mind The unique and only efficient way to do BPM: Determining value-added vs. non-value added activities Root Cause tools: the companion tool to this method of process mapping Doing Risk Assessments and Analyses off of Business Process Maps Step by step instruction and practice in doing risk assessments off of process maps Determining Root Cause : what it is and why it is critical to successful audits and risk assessments Introduction to Facilitation Skills for BPM and Group Self-Assessments The psychology behind business processes: how processes and procedures get messed up in the same way in all organizations around the world The objectives of process flow charting The extremely limited place for narratives and flowcharting software in BPM How root cause work impacts overall risk assessment, audit planning and the audits themselves Using BPM as a baseline for measuring performance, and performance improvement Analyzing controls off business process and/or root cause maps Action plans: keeping them simple while integrating them into BPM Why are facilitation skills a core competency in all types of audit, risk, IT, compliance and related professions? The 5 competencies required for excellent facilitation of groups Using facilitation skills to gain buy-in to making changes in processes and procedures What specific process mappings to use: a step-by-step process What each process mapping tool is, what it is designed to do, and when to use each Learn the best tool for getting to root cause Managing their resistance to change and to listening to you Your role as an effective change agent that also gains every client s respect Quick decision-making tools when consensus is not forthcoming IV V VI The Process for Leading a Business Process Mapping Workshop Assessing controls from the map or from deeper root analysis tools Practice, Practice, Practice Prework: Determining and ranking risks while encouraging creativity and innovation Planning the meeting from beginning to end to ensure success Meeting with the function s management before the BPM meeting: what to say and do How to address sensitive issues (i.e.; politics, resistance, conflicts) and set clear expectations before and during the meeting The actual workshop: How to start the workshop: agenda, ground rules, etc. How to turn any goal into a process, procedure or system to be mapped (and how to turn any process back into a goal!) Does benchmarking or further research need to be done before finishing? Creating action plans for gathering necessary research before meeting again. Determining the criteria for ranking risks and controls Bringing the type of risk into the picture- inherent risk, present risk, and residual risk Making sure the criteria for ranking and BPM improvements are customer focused, consider the vendor, and enhance quality, strategic goals and stated business objectives. Turning controls into action plans Ending the workshop, follow-up decisions and monitoring improvements Bringing the results back to the higher levels of larger risk assessments and to your risk universe or ERM program Practice on facilitation skills and the tools for doing BPM, Root Cause Analysis, assessing and ranking risks and controls Going through a live simulation of a BPM workshop Debrief and experience how it all fits together as one whole system Discuss applications ongoing to your own unique organization and situation Close: Action Plans: Part Two Updating your action plan(s) to take back to work and start using immediately

5 05 TESTIMONIALS Feedback of some of our satisfied customers who has attended trainings and continue to use ComplianceOnline resources for their daily GRC needs. The speaker was very knowledgeable and the support material provided was very useful. I would strongly recommend this conference to others. - Finance Manager, Omani National Livestock Development Co SAOC It was my first experience with the ComplianceOnline and its good ComplianceOnline took initiative to interact with attendees to draw feedback for improvement. Speaker has got very good communication skills. - Internal Auditor, Al Ahli Bank of Kuwait Overall it was good seminar. People from ComplianceOnline were available all the time. - Accounting Manager - Financial Controller, Aramex International The program was well organized and coordinated by ComplianceOnline - Corporate Finance Manager, Aramex International Presenter was very well experienced in her field. Material was good for compliance/ audit field professionals. - Finance Manager, Weir Solutions FZE... The seminar was well planned and interactive. Informal conversations with other attendees were very useful. - Business Analyst, Weir Solutions FZE The seminar was very interactive and the presenter was very knowledgeable - Deputy CEO, AllianzTiriac Pensions CO Communication skills of the trainer were very good. - Senior Internal Auditor, Coca Cola Icecek It was very interactive seminar. - Internal Auditor, Coca Cola Icecek Joan is a good speaker and was very knowledgeable. - EHS & WCP Manager, CROWN Emirates Co. Ltd.

6 ... Registration Form Registration Information:... Register Online. Use your American Express, Visa or MasterCard. Get your group to attend the seminar at a discounted price call Call Toll Free: (USA), (Middle East) or Fax your PO: Pay your check to (payee name) MetricStream Inc our parent company and Mail the check to: ComplianceOnline (MetricStream, Inc), 2600 E. Bayshore Road, Palo Alto, CA Please fill this form with attendee details and payment details and fax it to Terms & Conditions Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call Toll Free: (USA), (Middle East) or editor@complianceonline.com Cancellations and Substitutions 2-day Training on Introduction to Risk Management and Business Process Mapping Skills GROUP REGISTRATIONS Send Your Team for Maximum Benefit Get your team up to speed! 2 Attendees - Get 10% off 3 to 6 Attendees - Get 20% off 7 to 10 Attendees - Get 25% off 10+ Attendees - Get 30% off Call Toll Free (USA), (Middle East) if you have any queries. Written cancellations through fax or (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund less a $200 administration fee. No cancellations will be accepted nor refunds issued within 10 calendar days from the start date of the event. On request by or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued. Substitutions may be made at any time. No-shows will be charged the full amount. We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over. In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice. Seminar Topic: Date & Location:... Attendee Details: Register for 3 and 4 person gets a free pass. Name Title Attendee 1 Attendee 2 Attendee 3 Attendee 4 address (so you can receive order acknowledgements, updated news, product information and special offers) Company Information Organization Address City... State... Zip... Country... Phone... Fax... Payment Options Check enclosed, payable in U.S. funds to ComplianceOnline (MetricStream, Inc.) Charge to: Visa MasterCard American Express Credit card no.... Expiration date... Total amount $... Signature... (Signature required on credit card and bill-me orders.) Print name... Bill me/my company $... Purchase order #... (Payment is required by the date of the conference.) Please fill this form with attendee details and payment details and fax it to E. Bayshore Road Palo Alto, CA Ph: Fax: