Certified Enterprise Risk Manager® – Electric Reliability™

Contact: Greg Hutchins PE
800.COMPETE or 503.233.1012

Quality + Engineering is the developer of Certified Enterprise Risk Manager® (CERM) certificate and has developed a specialized certificate called CERM – Electric Reliability (CERM-ER)™.  The certificate addresses critical compliance factors being adopted by DOE, FERC, NERC and the regional entities around risk-based compliance and enforcement as the next step beyond the Compliance Monitoring and Enforcement Program (CMEP).

Why?  Critical BES stakeholders are focusing on risk-control management.  FERC is focusing on risk-informed, decision-making, GAGAS risk based auditing, and risk based compliance and enforcement.  DOE has developed enterprise risk management, cyber security guidelines.  NIST has develop CIP risk based guidelines.  NERC is developing risk-control standards. In Phase One, FERC approved NERC’s Find, Fix, Track, and Report (FFTR) program.  In Phase Two, NERC and the regional entities will propose to the Commission risk-based enforcement and compliance.

What?  CERM-ER consists of practical learning objectives and a 3 hour exam consisting of 160 risk-framework, GAGAS auditing, and risk-control questions.  CERM-ER offers risk standards, examples, and frameworks from the electric power industry.  CERM-ER offers CIP examples, tips, and tools from DHS and NIST.  CERM-ER will be 100% online by January 2013.  CERM Academy (www.CERMAcademy.com) will also offer special risk-control and GAGAS auditing assistance to CERM-ER certificate holders, such risk wiki’s, risk webinars on special topics such as SCADA auditing, risk newsletters and on line project compliance support.

CERM-ER certificate offers you and your organization the following value adds:

  • Deploy Value Added Auditing™, which is based on the GAO Yellow Book and has been reviewed by DHS under the Safety Act.
  • Design and deploy a governance architecture, risk management framework, and develop risk-based, compliance processes (GRC).
  • Select and deploy your appropriate ERM framework, such as COSO, ISO 31000, DOE RMP, and/or NIST risk frameworks.
  • Implement risk-based, problem-solving and risk-based, decision-making in your organization, similar to FERC’s risk-informed, decision-making (RIDM) model.
  • Implement risk-control, based assurance, including GAGAS auditing, risk frameworks, internal control frameworks, etc.
  • Implement processes that have been reviewed and designated/certified by US DHS.
  • Know how-to identify critical risks including residual, inherent, control, and detection risks.
  • Know how-to control residual risk within your organization’s risk tolerance.
  • Develop how-to mature and improve capability of CIP risk-controls based on a DOE capability maturity model.