Contact: Greg Hutchins PE
800.COMPETE or 503.233.1012
Quality + Engineering is the developer of Certified Enterprise Risk Manager® (CERM) certificate and has developed a specialized certificate called CERM – Electric Reliability (CERM-ER)™. The certificate addresses critical compliance factors being adopted by DOE, FERC, NERC and the regional entities around risk-based compliance and enforcement as the next step beyond the Compliance Monitoring and Enforcement Program (CMEP).
Why? Critical BES stakeholders are focusing on risk-control management. FERC is focusing on risk-informed, decision-making, GAGAS risk based auditing, and risk based compliance and enforcement. DOE has developed enterprise risk management, cyber security guidelines. NIST has develop CIP risk based guidelines. NERC is developing risk-control standards. In Phase One, FERC approved NERC’s Find, Fix, Track, and Report (FFTR) program. In Phase Two, NERC and the regional entities will propose to the Commission risk-based enforcement and compliance.
What? CERM-ER consists of practical learning objectives and a 3 hour exam consisting of 160 risk-framework, GAGAS auditing, and risk-control questions. CERM-ER offers risk standards, examples, and frameworks from the electric power industry. CERM-ER offers CIP examples, tips, and tools from DHS and NIST. CERM-ER will be 100% online by January 2013. CERM Academy (www.CERMAcademy.com) will also offer special risk-control and GAGAS auditing assistance to CERM-ER certificate holders, such risk wiki’s, risk webinars on special topics such as SCADA auditing, risk newsletters and on line project compliance support.
CERM-ER VALUE PROPOSITION
CERM-ER certificate offers you and your organization the following value adds:
- Deploy Value Added Auditing™, which is based on the GAO Yellow Book and has been reviewed by DHS under the Safety Act.
- Design and deploy a governance architecture, risk management framework, and develop risk-based, compliance processes (GRC).
- Select and deploy your appropriate ERM framework, such as COSO, ISO 31000, DOE RMP, and/or NIST risk frameworks.
- Implement risk-based, problem-solving and risk-based, decision-making in your organization, similar to FERC’s risk-informed, decision-making (RIDM) model.
- Implement risk-control, based assurance, including GAGAS auditing, risk frameworks, internal control frameworks, etc.
- Implement processes that have been reviewed and designated/certified by US DHS.
- Know how-to identify critical risks including residual, inherent, control, and detection risks.
- Know how-to control residual risk within your organization’s risk tolerance.
- Develop how-to mature and improve capability of CIP risk-controls based on a DOE capability maturity model.