Practical Enterprise Risk Management: A Business Process Approach

The most practical and sensible way to implement ERM-while avoiding all of the classic mistakes

Emphasizing an enterprise risk management approach that utilizes actual business data to estimate the probability and impact of key risks in an organization, Practical Enterprise Risk Management: A Business Process Approach boils this topic down to make it accessible to both line managers and high level executives alike. The key lessons involve basing risk estimates and prevention techniques on known quantities rather than subjective estimates, which many popular ERM methodologies consist of.

• Shows readers how to look at real results and actual business processes to get to the root cause of key risks
• Explains how to manage risks based on an understanding of the problem rather than best guess estimates
• Emphasizes a focus on potential outcomes from existing processes, as well as a look at actual outcomes over time

Throughout, practical examples are included from various healthcare, manufacturing, and retail industries that demonstrate key concepts, implementation guidance to get started, as well as tables of risk indicators and metrics, physical structure diagrams, and graphs.

About the Author

GREGORY H. DUCKERT, MBA, CPA, CISA, CIA, CRISC, is a Certified Public Accountant, Certified Information Systems Auditor, and Certified Internal Auditor. Mr. Duckert was educated at the University of Wisconsin–Madison and obtained an MBA in Accounting in 1989, a BBA in Accounting in 1978, and a BA in Economics in 1971. He is also the CEO and Founder of the Virtual Governance Institute. The Virtual Governance Institute specializes in consulting with major organizations regarding progressive twenty-first century methodologies for the construction of data centric enterprise risk assessment and management models including Financial, Operational, Regulatory, and IT areas of concern that yield high business values. He also consults with his clients in all areas of auditing including continuous audit/consulting platforms.

In addition, in depth hands-on consulting is also performed in the areas of operational analysis and process improvement methodologies. He has developed extensive risk assessment metric inventories for evaluating risks in all organizational areas including operations, IT application systems, IT operations, regulatory and financial areas. During his audit career he has championed progressive, high value, high impact audit techniques to ensure the maximization of the audit product delivered.

Mr. Duckert is the only non-governmental person ever invited to address the Permanent Undersecretary for Military Affairs of Parliament and the Defense Audit Board of the Ministry of Defense–United Kingdom on the subject matter of risk. He also is involved in the building of or consulting on the creation of Data Centric Risk Assessment and Management models on a continuous basis.

Mr. Duckert is also a Senior Consultant for MIS Training Institute and a lead instructor in their audit practice area on an independent contractor basis. He has also authored and taught numerous IT/audit/consulting seminars and workshops which are currently or were previously offered in the public and private venues.

His professional works and publications include the following: Process Flow Auditing; An ERM Approach to Building Annual Audit Plans; From Auditor to Consultant, Developing Essential Competencies; Data Driven Auditing: A Business Approach; Using Risk Assessment to Build Individual Audit Programs; The Business Risk Lab; Auditing the Manufacturing Process; Acquisitions, Mergers, and Divestitures; Auditing Healthcare Institutions; Auditing for Quality Improvement; Auditing Health Benefits; Sarbanes-Oxley: Roadmap to Compliance; COSO-ERM Utilizing the New Framework for SOX Compliance; Auditing Outsourced Operations; Establishing Enterprise Risk Assessment and Management Environments; Continuous Auditing: A Data Centric Approach; Establishing a 21st Century Audit/Consulting Function; Data Mining: An Essential Auditing Competency; Risk Boot Camp; Risk Based Internal Auditing; Auditing the ERM Environment; Dashboard Metrics for Auditing/Risk Management; Building Continuous Risk Assessment Models; and The CEO’s 10 Key Question Handbook for Their Direct Reports.