risk based auditing - project insightdownloads.projectinsight.net/.../risk-based-auditing.pdf ·...
TRANSCRIPT
![Page 1: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/1.jpg)
NOTICE Proprietary and Confidential
This presentation is proprietary to VBPM, LLC and contains trade secret and confidential information which is solely the property of VBPM, LLC. This presentation shall not be used,
reproduced, copied, disclosed, transmitted, in whole or in part, without the express consent of VBPM, LLC 2003, Value Based Project Management, LLC. All rights reserved
Risk Based AuditingRisk Based Auditing
Preventing the Next Black Swan Event
Program #: Risk Based Auditing VBPM-PI 20120924
![Page 2: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/2.jpg)
See NOTICE Proprietary and Confidential on page 1
2
Moderator
Melodie Pierson
www.projectinsight.net
![Page 3: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/3.jpg)
See NOTICE Proprietary and Confidential on page 1
3
Before we get started…
• Phones will be on mute
• Ask questions using your
GotoWebinar panel
• Webinar recording will be
available
![Page 4: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/4.jpg)
See NOTICE Proprietary and Confidential on page 1
4
About the Presenters
• Mike Beard, PMP CLP CLOP ITIL CSM– Managing Partner, Value Based Project Management
– Business Resilience & Efficiency Consulting, Assessor, Wisdom Advisor-Trainer
– Diverse hands-on and leadership background in manufacturing, operations, technology, industrial engineering, banking/mortgage…
• Mo Aiken– Principal Advisor, Barra Gwynn Enterprises
– Professional Services Provider – Advisor, Consultant, Trainer
– Eclectic leader/solution provider in SW and HW design; Methodologies and Processes for: defense, physics SW, gaming, SFA, IC Capital and other industries
![Page 5: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/5.jpg)
See NOTICE Proprietary and Confidential on page 1
5
PMI PDUs
• This webinar is valued at 1 PDU
• The PMI category for this webinar is Category B
• VBPM follows the same quality standards in the
develop and delivery of their training as an
approved REP
• Feel free to use Project Insight or VBPM for your
PDU submittal
• Program # is located on the title page
![Page 6: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/6.jpg)
See NOTICE Proprietary and Confidential on page 1
6
What is a Risk?
• A risk is an uncertain event or condition that, if it
occurs, has a positive or negative effect on an
objective
• If it has happened it is a problem and not a risk
![Page 7: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/7.jpg)
See NOTICE Proprietary and Confidential on page 1
7
Frameworks
• ISO 31000
• COSO
• Control Objectives for Information and related Technology
• ISACA
![Page 8: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/8.jpg)
See NOTICE Proprietary and Confidential on page 1
8
Risk-Based Auditing
• A different approach from control-based auditing
• Attitude, objective, process & methodology
• Business & operations
![Page 9: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/9.jpg)
See NOTICE Proprietary and Confidential on page 1
9
Benefits
• Assurance to board organization risk tolerance in
control
• Risks understood & managed
• Improved relationship with business and
operations
![Page 10: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/10.jpg)
See NOTICE Proprietary and Confidential on page 1
10
Path
• Define the risk culture of business– Averse or Tolerant
• Documented process and criteria
• Identify, assess, objectively quantify
• Prioritize
![Page 11: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/11.jpg)
See NOTICE Proprietary and Confidential on page 1
Poll
• Does your organization have a risk management
methodology from a business perspective?
• Yes
• No
• Don’t know
11
![Page 12: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/12.jpg)
See NOTICE Proprietary and Confidential on page 1
12
Leadership
• Governance
• Steering committee
• Teams
• What is the acceptable level of risk to meet the business and operational objectives?
1980s
![Page 13: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/13.jpg)
See NOTICE Proprietary and Confidential on page 1
13
Visibility & Communication
• War Room ~ Visibility Room
• Daily quick assessment
• Constant focus
• Continuous feedback
• Pro-active infrastructure
![Page 14: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/14.jpg)
See NOTICE Proprietary and Confidential on page 1
14
Risk Behaviors
• Decision levels
• Reasoning
• Pressure
• Experience
• Uncertainty
Rock-Paper-Scissors
Framing
Urgent
![Page 15: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/15.jpg)
See NOTICE Proprietary and Confidential on page 1
15
Stimulate Conflict & Debate
• Point-Counterpoint– Red Team vs. Blue Team
• Role-play with diverse teams
• Scenario-planning (mind mapping)
![Page 16: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/16.jpg)
See NOTICE Proprietary and Confidential on page 1
16
Root Cause
• Research and learn
• Talk to people closest to the problem
• Seek out optimum approach
Kaizen Event Approach
![Page 17: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/17.jpg)
See NOTICE Proprietary and Confidential on page 1
17
Deciding How to Decide
• Objective decision criteria
• Prevents bias
• Clear consequences
A decision is a process, not an event!
“Making good decisions is a critical skill at all levels.”
Peter Drucker
![Page 18: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/18.jpg)
See NOTICE Proprietary and Confidential on page 1
18
Business Objectives
• Achieve a total integrated understanding of the
business, executives & people
• Strategic plan alignment
![Page 19: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/19.jpg)
See NOTICE Proprietary and Confidential on page 1
Poll
• Does your organization have an objective
prioritization of risks with clear definitions and
criteria in words?
• Yes
• No
• Don’t know
19
![Page 20: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/20.jpg)
See NOTICE Proprietary and Confidential on page 1
20
Risk Universe & Convergence
![Page 21: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/21.jpg)
See NOTICE Proprietary and Confidential on page 1
21
Analyze
• Perform an analysis of all risks
• Validate with risk owners
• Assess converging risks
• Validate actions on risks above threshold
![Page 22: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/22.jpg)
See NOTICE Proprietary and Confidential on page 1
22
Residual Risk
• What is the appropriate level of Residual Risk in
the organization to allow the business and
operations to meet the strategic objectives?
• What level of monitoring & control is required to
ensure residual risk does not impact other areas?
![Page 23: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/23.jpg)
See NOTICE Proprietary and Confidential on page 1
23
Black Swan
• Are you prepared for a Black Swan event?
• Are you looking at the outliers?
![Page 24: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/24.jpg)
See NOTICE Proprietary and Confidential on page 1
24
Maturity Profile
![Page 25: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/25.jpg)
See NOTICE Proprietary and Confidential on page 1
25
Maturity Profile
• Where are you now?
• Which direction do you need to go?
• What is the cost/benefit analysis?
• How will you get there?
![Page 26: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/26.jpg)
See NOTICE Proprietary and Confidential on page 1
26
Change
“It is not necessary to change. Survival is not mandatory.”
W. Edwards Deming
![Page 27: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/27.jpg)
See NOTICE Proprietary and Confidential on page 1
27
Summary – Risk-Based Auditing…
• Simple but it does take time and work
• Needs to reflect unique environment
• May be a culture change in some organizations
• Requires an integrated systems thinking approach
![Page 28: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/28.jpg)
See NOTICE Proprietary and Confidential on page 1
Training & Speaking Availability
• VBPM and/or Barra Gwynn are available for
training or speaking at your organization
• Contact Mike Beard– [email protected]
– 714-357-6766
28
Los Angeles Police DepartmentRisk Based Auditing
PMI-OCFuture of Project Management
![Page 29: Risk Based Auditing - Project Insightdownloads.projectinsight.net/.../risk-based-auditing.pdf · • Mike Beard, PMP CLP CLOP ITIL CSM ... 11. See NOTICE ... Microsoft PowerPoint](https://reader036.vdocuments.net/reader036/viewer/2022062413/5b780de17f8b9ade548b6513/html5/thumbnails/29.jpg)
See NOTICE Proprietary and Confidential on page 1
29
www.vbpm.org
Mike Beard, PMP CLP CLOP ITIL CSM
714-357-6766
Eliminating the Waste and Confusion™