VALUE ADDED AUDITING™ BOOK

VAAValue Added Auditing™ is the first 400-page (8″ x 10″ trim) process and risk based manual for conducting operational, IT, cyber, and supply management assessments.  Please read: Value Added Auditing: Your Best Assessment Tool.

Value Added Auditing cost is $89.00 plus S/H $6.00 in US.  Offshore shipping costs are handled individually.  To order:  GregH@CERMAcademy.com

The objective of the manual is to enhance 1. Risk-based problem solving and 2. Risk-based decision making.  Value Added Auditing can be used as a ‘how to’ primer or reference for the following assessments:

  • ISO 9001, ISO 14001, and other ISO management system assessments that focus on continual improvement and achieving business objectives.  The book is harmonized to ISO 19011:2011.
  • Internal 9001:2015 process and risk audits (first – party).
  • Second party 9001:2015 audits of suppliers.
  • Standard manual for third party 9001:2015 audits.
  • Internal auditing (Yellow Book/Red Book/Quality) providing independent and objective assurance that an organization can accomplish its business objective
  • Business assurance assessments including compliance, maturity, capability, and benchmarking.
  • Supplier auditing that may involve forensics, assurance, and analytics.
  • Risk based Information Technology (IT) audits including ISO 27001, COBIT, ITIL, HIPAA, PCI, FISMA, and SOX assessments.
  • Assurance and opinion audits based on international standards.
  • Risk assurance assessments ensuring an organization can meet its governance, risk, and compliance (GRC) objectives.
  • Critical Infrastructure Protection (CIP) assessments including risk assessments, vulnerability, NERC CIP compliance, cyber security, resilience and CIP assessments addressing Presidential Policy Directive (PPD-21) – Critical Infrastructure Security and Resilience.
  • Agreed Upon Procedure (AUP) engagements including reporting findings based on reviewing specific procedures.

ABCValue Added Auditing is the primary text for the Risk Assurance element of the Certified Enterprise Risk Manager® certificate program.  Visit www.CERMAcademy.com.

US Department of Homeland Security (DHS) certified Value Added Auditing as a ‘Qualified Anti-Terrorist Technology’ under the Safety Act as a critical elements of Critical Infrastructure Protection: Forensics, Assurance, Analytics®.

CHAPTERS

Part I: Value Added Auditing Fundamentals

Chapter 1 – Today’s Competitive Marketplace
Chapter 2 – Governance and Auditing
Chapter 3 – Value Added Auditing 101
Chapter 4 – Enterprise Risk Management 101
Chapter 5 – Process Management 101

Part II: Managing Value Added Auditing

Chapter 6 – Managing the Value Added Audit

Part III: Planning the Value Added Audit

Chapter 7 – Step 1: Understand Audit and Business Objectives
Chapter 8 – Step 2: Notify/Visit Auditee
Chapter 9 – Step 3: Understand Auditee’s System, Process and Product Documentation
Chapter 10 – Step 4: Develop Audit Plan
Chapter 11 – Step 5: Develop Audit Survey

Part IV: Conducting the Value Added Audits

Chapter 12 – Step 1: Assess Organizational Maturity
Chapter 13 – Step 2: Assess Process Capabilities
Chapter 14 – Step 3: Assess System/Process Risks
Chapter 15 – Step 4: Evaluate Control Effectiveness
Chapter 16 – Step 5: Assess Evidence
Chapter 17 – Step 6: Issue Opinion
Chapter 18 – Step 7: Conduct Exit Meeting

Part V: Reporting Value Added Audit Results

Chapter 19 – Step 1: Communicate Audit Results
Chapter 20 – Step 2: Decide Audit Report Format
Chapter 21 – Step 3: Correct – Prevent – Predict – Preempt
Chapter 22 – Step 4: Maintain Audit File

WHO IS THE AUTHOR?

ABC px

Greg Hutchins Is the principal engineer with Quality + Engineering.  He has written a number of best selling ISO 9001, supply management, and quality books as shown on the right.

I have been in quality for more than 30 years.  I go back to the Mil Q (predecessor of ISO 9001) and Mil I (inspection) days of quality.  I have been involved with Enterprise Risk Management (ERM) for a dozen years and product risk (FMEA) for almost 20 years.  A little more background may also help:

  • Principal Engineer with Quality + Engineering, a Critical Infrastructure Protection: Forensics, Assurance, Analytics® engineering firm.
  • Risk engineer and consultant for global companies.
  • Developer of Future of Quality: Risk slide deck that went viral on Linkedin.
  • 9001, ISO 14001, and ISO 27001 management systems consultant.
  • Lead instructor and consultant for one of the first North American certification bodies.
  • Author of best selling ISO 9001 (translated into more than 8 languages).
  • Author of Value Added Auditing™ – the first risk-based, quality-auditing and assurance book.
  • Author of multiple risk-based, auditing books, which have been approved by national authorities.
  • Author of 100′s of quality and risk articles for ASQ, PMI, IEEE, IIE, QD, and many other journals.
  • Developer of Certified Enterprise Risk Manager® and other risk certificates.
  • Founder of CERM Risk Insights™ emagazine with a circulation that is doubling each year.

18 thoughts on “VALUE ADDED AUDITING™ BOOK

  1. Hi Greg. Amazon shows it out of print and currently unavailable. Is rev 2 (2003) the latest edition? How do I get hold of a copy? Best regards Clive

    • Hi Clive:

      We’ve updated the Value Added auditing in 2014. We can send you a copy and use PayPal for payment. If in the US, cost is $89 plus 6 for S/H. And if you’re offshore then it’ll be air cost.

      Hope this helps. Thanks for your interest. Best,

      Greg H

      • I am interessted in a copy too. PayPal would be ok. Fine if you could provide me with a copy. Just email back what you need of information.

  2. Hi
    I am keen to order a copy for our company, but I can’t see where on this website that I can do that, PayPal or not PayPaul
    My details are:
    Paul Tudor
    Information Manager
    Tonkin & Taylor Ltd
    105 Carlton Gore Road
    Newmarket
    NEW ZEALAND
    ptudor@tonkin.co.nz

    • HI Ian:

      It’s good to meet you.

      ISO picking up Risk Based Thinking was a surprise. If ISO intends to adopt RBT in all of its standards, it’ll be a game changer to the quality profession. And, I think your question is answered.

      The feds (USA) announced they will require ERM through statute and rules in Q1 2015. The VAA book is based on the federal methodology. It does not guarantee that ‘what if’s will be found. It’s a good way to structure risk based problem solving and risk based decision making.

      Hoep this helps.

    • HI Ian:

      It’s good to meet you.

      ISO picking up Risk Based Thinking was a surprise. If ISO intends to adopt RBT in all of its standards, it’ll be a game changer to the quality profession. And, I think your question is answered.

      The feds (USA) announced they will require ERM through statute and rules in Q1 2015. The VAA book is based on the federal methodology. It does not guarantee that ‘what if’s will be found. It’s a good way to structure risk based problem solving and risk based decision making.

      Hoep this helps.

  3. I am interested to buy the new version of the book. Would you please let me know in which website I can buy it? Thank you

  4. Greg: I am also interested to order one of your books. The email is attached. Can you please provide me details of how I can obtain and pay for the book.

    Thanks

    Alex Latif

  5. Hi Greg,
    Nice to meet you!
    I am very interested to buy the new version of this book and the book: ISO Risk Based Thinking 2015 edition
    Please, would you let me know how I can buy them?
    I live in Italy and I have a friend in Venezuela, who would like to buy them
    Thank you very much!

  6. Can we have sample pages of this book. PLease let us know from where this book will be available in India
    Technical Manager
    Bureau Veritas Certicication India ( P ) Ltd
    91 + 0 93 243 186 92

  7. Hi Greg,
    As a aerospace engineer over 20 years ago and since then a 3rd party auditor I have only a rudimentary knowledge of IT.
    The book seems to have a very strong focus on IT and cyber risks.
    1) Will I be able to understand and apply some of the concepts, especially in small companies?
    2) Is there any way that we can achieve a recognised competence from studying and applying the knowledge? ( It would be great for CPD!)
    Thanks,
    Leon.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*