International Association of Risk and Compliance Professionals (IARCP) Member Benefits                                                                    How to Become a Member                                                   Certified Risk and Compliance Training                    Reading Room Certified Risk and Compliance Management Professional Certified Information Systems Risk and Compliance Professional The Role of the Chief Risk Officer                                                            Jobs for the Chief Risk Officer Certification for the Chief Risk Officer                                            Books for the Chief Risk Officer

Training for the Chief Risk Officer   Risk Officers need to have the necessary knowledge, experience and certifications.   First Certified Course:   Course Title Certified Risk and Compliance Management Professional (CRCMP)     Objectives: This course has been designed to provide with the knowledge and skills needed to understand and support regulatory compliance and enterprise wide risk management, and to promote best practices and international standards that align with business and regulatory requirements.   The course provides with the skills needed to pass the Certified Risk and Compliance Management Professional (CRCMP) exam.   Target Audience: This course is intended for professionals that want to understand risk and compliance and to work as risk and compliance officers. They will prove that they are qualified, when they pass the  Certified Risk and Compliance Management Professional (CRCMP) exam. This course is intended for employers demanding qualified risk and compliance professionals. This course is recommended for senior executives involved in risk and compliance.       About the Course   PART A: COMPLIANCE WITH LAWS AND REGULATIONS, AND RISK MANAGEMENT Introduction Regulatory Compliance and Risk Management. Definitions, roles and responsibilities The role of the board of directors, the supervisors, the internal and external auditors The new international landscape and the interaction among laws, regulations, and professional standards The difference between a best practice and a regulatory obligation Benefits of an enterprise wide compliance program Compliance culture: Why it is important, and how to communicate the regulatory obligations Policies, Workplace Ethics, Risk and Compliance Policies, procedures and the ethical code of conduct Privacy and information security Handling confidential information Conflicts of interest Use of organizational property Fair dealings with customers, vendors and competitors Reporting ethical concerns Governance, Risk and Compliance The definition of Governance, Risk and Compliance The need for Internal Controls Understand how to identify, mitigate and control risks effectively  Approaches to risk assessment  Qualitative, quantitative Integrating risk management into corporate governance and compliance PART B: THE FRAMEWORKS Internal Controls - COSO The Internal Control — Integrated Framework by the COSO committee Using the COSO framework effectively The Control Environment Risk Assessment Control Activities Information and Communication Monitoring Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with applicable laws and regulations IT Controls IT Controls and Sarbanes Oxley Act Relevance Program Development and Program Change Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls Layers of overlapping controls COSO Enterprise Risk Management (ERM) Framework Is COSO ERM needed for compliance? COSO AND COSO ERM Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring The two cubes Objectives: Strategic, Operations, Reporting, Compliance ERM – Application Techniques Core team preparedness Implementation plan Likelihood Risk Ranking Impact Risk Ranking COBIT - the framework that focuses on IT Is COBIT needed for compliance? COSO or COBIT? Corporate governance or financial reporting? Executive Summary Management Guidelines The Framework The 34 high-level control objectives What to do with the 318 specific control objectives COBIT Cube Maturity Models Critical Success Factors (CSFs) Key Goal Indicators (KGIs) Key Performance Indicators (KPIs) How to use COBIT for Sarbanes Oxley compliance   PART C: SARBANES OXLEY The Sarbanes Oxley Act The Need US federal legislation: Financial reporting or corporate governance? The Sarbanes-Oxley Act of 2002: Key Sections SEC, EDGAR, PCAOB, SAG The Act and its interpretation by SEC and PCAOB PCAOB Auditing Standards: What we need to know Management's Testing Management's Documentation Reports used to Validate SOX Compliant IT Infrastructure Documentation Issues Sections 302, 404, 906: The three certifications Sections 302, 404, 906: Examples and case studies Management's Responsibilities Committees and Teams Project Team – Section 404: Reports to Steering Committee Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee Certifying Officers and Audit Committee: Report to the Board of Directors Control Deficiency Deficiency in Design Deficiency in Operation Significant Deficiency Material Weakness Is it a Deficiency, or a Material Weakness? Reporting Weaknesses and Deficiencies Examples Case Studies Public Disclosure Requirements Real Time Disclosures on a rapid and current basis? Whistleblower protection Rulemaking process Companies Affected International companies Foreign Private Issuers (FPIs) American Depository Receipts (ADRs) Employees Affected Effective Dates   PART D: BASEL II The New Basel Capital Accord (Basel II) Realigning the regulation with the economic realities of the global banking markets New capital adequacy framework replaces the 1988 Accord Improving risk and asset management to avoid financial disasters "Sufficient assets" to offset risks The technical challenges for both banks and supervisors How much capital is necessary to serve as a sufficient buffer? The three-pillar regulatory structure Purposes of Basel II Pillar 1: Minimum capital requirements Credit Risk – 3 approaches The standardized approach to credit risk Claims on sovereigns Claims on banks Claims on corporates The two internal ratings-based (IRB) approaches to credit risk Some definitions: PD - The probability of default, LGD - The loss given default, EAD - Exposure at default, M – Maturity 5 classes of assets Pillar 2: Supervisory review Key principles Aspects and issues of the supervisory review process Pillar 3: Market discipline Disclosure requirements Qualitative and Quantitative disclosures Guiding principles Employees Affected Effective Dates Operational Risk What is operational risk Legal risk Information Technology operational risk Operational, operations and operating risk The evolving importance of operational risk Quantification of operational risk Loss categories and business lines Operational risk measurement methodologies Identification of operational risk Operational Risk Approaches Basic Indicator Approach (BIA) Standardized Approach (SA) Alternative Standardized Approach (ASA) Advanced Measurement Approaches (AMA) Internal Measurement Approach (IMA) Loss Distribution (LD) Standard Normal Distribution “Fat Tails” in the normal distribution Expected loss (EL), Unexpected Loss (UL) Value-at Risk (VaR) Calculating Value-at Risk Stress Testing Stress testing and Basel (AMA) Advantages / Disadvantages Operational Risk Measurement Issues The game theory The prisoner’s dilemma – and the connection with operational risk measurement and management Operational risk management Operational Risk Management Office Key functions of Operational Risk Management Office Key functions of Operational Risk Managers Key functions of Department Heads Internal and external audit Operational risk sound practices Operational risk mitigation Insurance to mitigate operational risk Basel II and other regulations Capital Requirements Directive (CRD) Markets in Financial Instruments Directive (MiFID) What will be the impact of MiFID to EU and non EU banks? Aligning Basel II operational risk and Sarbanes-Oxley 404 projects Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges   PART E: DESIGNING AND IMPLEMENTING A RISK AND COMPLIANCE PROGRAM Designing an Implementing an enterprise wide Risk and Compliance Program Designing an Internal Compliance System     Compliance programs that withstand scrutiny  How to optimize organizational structure for compliance Documentation Testing Training Ongoing compliance reviews and risk assessments for continuing compliance with laws and regulations Compliance Monitoring The company and other stakeholders Managing the regulators and change in regulations International and national regulatory requirements Regulatory compliance in Europe. Regulatory compliance in the USA. What is different The GCC countries The Caribbean The Pacific Rim Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges To learn more: www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm     Second Certified Course:   Course Title Certified Information Systems Risk and Compliance Professional (CISRCP)     Objectives: This course has been designed to provide IT and Information Security professionals with the knowledge and skills needed to understand and support regulatory compliance and enterprise wide risk management, and to promote best practices and international standards that align with business and regulatory requirements.   The course provides with the skills needed to pass the Certified Information Systems Risk and Compliance Professional (CISRCP) exam.   Target Audience: This course is intended for IT and Information Security professionals that want to understand risk and compliance and to work as risk and compliance officers, or IT managers and directors (and need to understand compliance and business risk management). They will prove that they are qualified, when they pass the  Certified Information Systems Risk and Compliance Professional (CISRCP) exam. This course is intended for employers demanding qualified IT and Information Security risk and compliance professionals. This course is recommended for senior executives with IT and Information Security background involved in risk and compliance.       About the Course   PART A: COMPLIANCE WITH LAWS AND REGULATIONS, AND RISK MANAGEMENT Introduction Regulatory Compliance and Risk Management. Definitions, roles and responsibilities The role of the board of directors, the supervisors, the internal and external auditors The new international landscape and the interaction among laws, regulations, and professional standards The difference between a best practice and a regulatory obligation Benefits of an enterprise wide compliance program Compliance culture: Why it is important, and how to communicate the regulatory obligations Policies, Workplace Ethics, Risk and Compliance Policies, procedures and the ethical code of conduct Privacy and information security Handling confidential information Conflicts of interest Use of organizational property Fair dealings with customers, vendors and competitors Reporting ethical concerns Governance, Risk and Compliance The definition of Governance, Risk and Compliance The need for Internal Controls Understand how to identify, mitigate and control risks effectively  Approaches to risk assessment  Qualitative, quantitative Integrating risk management into corporate governance and compliance IT, Information Security, business risk and compliance   PART B: THE FRAMEWORKS Internal Controls - COSO The Internal Control — Integrated Framework by the COSO committee Using the COSO framework effectively The Control Environment Risk Assessment Control Activities Information and Communication Monitoring Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with applicable laws and regulations IT Controls IT Controls and Sarbanes Oxley Act Relevance Program Development and Program Change Deterrent, Preventive, Detective, Corrective, Recovery, Compensating, Monitoring and Disclosure Controls Layers of overlapping controls COSO Enterprise Risk Management (ERM) Framework Is COSO ERM needed for compliance? COSO AND COSO ERM Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring The two cubes Objectives: Strategic, Operations, Reporting, Compliance ERM – Application Techniques Core team preparedness Implementation plan Likelihood Risk Ranking Impact Risk Ranking COBIT - the framework that focuses on IT Is COBIT needed for compliance? COSO or COBIT? Corporate governance or financial reporting? Executive Summary Management Guidelines The Framework The 34 high-level control objectives What to do with the 318 specific control objectives COBIT Cube Maturity Models Critical Success Factors (CSFs) Key Goal Indicators (KGIs) Key Performance Indicators (KPIs) How to use COBIT for Sarbanes Oxley compliance The alignment of frameworks COSO and COBIT COSO ERM and COBIT ITIL and COBIT ISO/IEC 17799:2000 and COBIT ISO/IEC 15408 and COBIT Software and Spreadsheets Is software necessary for risk and compliance? Is software needed? When and why How large is your organization? Is it geographically dispersed? How many processes will you document? Are there enough persons for that? Selection process Spreadsheets It is just a spreadsheet… Certain spreadsheets must be considered applications Development Lifecycle Controls Access Control (Create, Read, Update, Delete) Integrity Controls Change Control Version Control Documentation Controls Continuity Controls Segregation of Duties Controls Spreadsheets – Errors Spreadsheets and material weaknesses Third-party service providers and vendors Redefining outsourcing Outsourcing services and Sarbanes Oxley compliance The new definition of outsourcing Outsourcing after Sarbanes Oxley Offshore outsourcing is also redefined Key risks of outsourcing What is needed from vendors and service providers SAS 70 Type I, II reports Advantages of SAS 70 Type II Disadvantages of SAS 70 Type II   PART C: SARBANES OXLEY The Sarbanes Oxley Act The Need US federal legislation: Financial reporting or corporate governance? The Sarbanes-Oxley Act of 2002: Key Sections SEC, EDGAR, PCAOB, SAG The Act and its interpretation by SEC and PCAOB PCAOB Auditing Standards: What we need to know Management's Testing Management's Documentation Reports used to Validate SOX Compliant IT Infrastructure Documentation Issues Sections 302, 404, 906: The three certifications Sections 302, 404, 906: Examples and case studies Management's Responsibilities Committees and Teams Project Team – Section 404: Reports to Steering Committee Steering Committee – Section 404: Reports to Certifying Officers and cooperates with Disclosure Committee Disclosure Committee: Reports to Certifying Officers and cooperates with Audit Committee Certifying Officers and Audit Committee: Report to the Board of Directors Control Deficiency Deficiency in Design Deficiency in Operation Significant Deficiency Material Weakness Is it a Deficiency, or a Material Weakness? Reporting Weaknesses and Deficiencies Examples Case Studies Public Disclosure Requirements Real Time Disclosures on a rapid and current basis? Whistleblower protection Rulemaking process Companies Affected International companies Foreign Private Issuers (FPIs) American Depository Receipts (ADRs) Employees Affected Effective Dates IT and Information Security Control Objectives and Control Framework   PART D: BASEL II The New Basel Capital Accord (Basel II) Realigning the regulation with the economic realities of the global banking markets New capital adequacy framework replaces the 1988 Accord Improving risk and asset management to avoid financial disasters "Sufficient assets" to offset risks The technical challenges for both banks and supervisors How much capital is necessary to serve as a sufficient buffer? The three-pillar regulatory structure Purposes of Basel II Pillar 1: Minimum capital requirements Credit Risk – 3 approaches The standardized approach to credit risk Claims on sovereigns Claims on banks Claims on corporates The two internal ratings-based (IRB) approaches to credit risk Some definitions: PD - The probability of default, LGD - The loss given default, EAD - Exposure at default, M – Maturity 5 classes of assets Pillar 2: Supervisory review Key principles Aspects and issues of the supervisory review process Pillar 3: Market discipline Disclosure requirements Qualitative and Quantitative disclosures Guiding principles Employees Affected Effective Dates Operational Risk What is operational risk Legal risk Information Technology operational risk Operational, operations and operating risk The evolving importance of operational risk Quantification of operational risk Loss categories and business lines Operational risk measurement methodologies Identification of operational risk Operational Risk Approaches Basic Indicator Approach (BIA) Standardized Approach (SA) Alternative Standardized Approach (ASA) Advanced Measurement Approaches (AMA) Internal Measurement Approach (IMA) Loss Distribution (LD) Standard Normal Distribution “Fat Tails” in the normal distribution Expected loss (EL), Unexpected Loss (UL) Value-at Risk (VaR) Calculating Value-at Risk Stress Testing Stress testing and Basel (AMA) Advantages / Disadvantages Operational Risk Measurement Issues The game theory The prisoner’s dilemma – and the connection with operational risk measurement and management Operational risk management Operational Risk Management Office Key functions of Operational Risk Management Office Key functions of Operational Risk Managers Key functions of Department Heads Internal and external audit Operational risk sound practices Operational risk mitigation Insurance to mitigate operational risk IT and Information Security in the Basel ii framework and projects Basel II and other regulations Capital Requirements Directive (CRD) Markets in Financial Instruments Directive (MiFID) What will be the impact of MiFID to EU and non EU banks? Aligning Basel II operational risk and Sarbanes-Oxley 404 projects Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges   PART E: DESIGNING AND IMPLEMENTING A RISK AND COMPLIANCE PROGRAM Designing an Implementing an enterprise wide Risk and Compliance Program Designing an Internal Compliance System     Compliance programs that withstand scrutiny  How to optimize organizational structure for compliance Documentation Testing Training Ongoing compliance reviews and risk assessments for continuing compliance with laws and regulations Compliance Monitoring The company and other stakeholders Managing the regulators and change in regulations International and national regulatory requirements Regulatory compliance in Europe. Regulatory compliance in the USA. What is different The GCC countries The Caribbean The Pacific Rim Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges To learn more: www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm     Join the International Association of Risk and Compliance Professionals (IARCP). Membership is Free www.risk-compliance-association.com/How_to_become_member.htm Benefits for Members: www.risk-compliance-association.com/Member_Benefits.htm Reading Room www.risk-compliance-association.com/Reading_Room.htm Certified Risk and Compliance Management Professional (CRCMP) www.risk-compliance-association.com/Distance_Learning_and_Certification.htm Certified Information Systems Risk and Compliance Professional (CISRCP) www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm Privacy and Compliance with the Federal Trade Commission Fair, the California Online Privacy Protection Act, the Children Online Privacy Protection Act, the Privacy Alliance, the Controlling the Assault of Non-Solicited Pornography and Marketing Act www.risk-compliance-association.com/Privacy.htm         Certified Risk and Compliance Management Professional (CRCMP) - Distance Learning and Online Certification Program   Certified Information Systems Risk and Compliance Professional (CISRCP) - Distance Learning and Online Certification Program   To learn more: www.risk-compliance-association.com/Distance_Learning_and_Certification.htm   Receive the New Member Orientation Newsletters You will have the opportunity to learn what members registered before you have already learned. Understand better risk and compliance management, projects, careers, challenges and opportunities.