Value Added Auditing™ is the first 400-page (8″ x 10″ trim) process and risk based manual for conducting operational, IT, cyber, and supply management assessments. Please read: Value Added Auditing: Your Best Assessment Tool.
The objective of the manual is to enhance 1. Risk-based problem solving and 2. Risk-based decision making. Value Added Auditing can be used as a ‘how to’ primer or reference for the following assessments:
- ISO 9001, ISO 14001, and other ISO management system assessments that focus on continual improvement and achieving business objectives. The book is harmonized to ISO 19011:2011.
- Internal 9001:2015 process and risk audits (first – party).
- Second party 9001:2015 audits of suppliers.
- Standard manual for third party 9001:2015 audits.
- Internal auditing (Yellow Book/Red Book/Quality) providing independent and objective assurance that an organization can accomplish its business objective
- Business assurance assessments including compliance, maturity, capability, and benchmarking.
- Supplier auditing that may involve forensics, assurance, and analytics.
- Risk based Information Technology (IT) audits including ISO 27001, COBIT, ITIL, HIPAA, PCI, FISMA, and SOX assessments.
- Assurance and opinion audits based on international standards.
- Risk assurance assessments ensuring an organization can meet its governance, risk, and compliance (GRC) objectives.
- Critical Infrastructure Protection (CIP) assessments including risk assessments, vulnerability, NERC CIP compliance, cyber security, resilience and CIP assessments addressing Presidential Policy Directive (PPD-21) – Critical Infrastructure Security and Resilience.
- Agreed Upon Procedure (AUP) engagements including reporting findings based on reviewing specific procedures.
US Department of Homeland Security (DHS) certified Value Added Auditing as a ‘Qualified Anti-Terrorist Technology’ under the Safety Act as a critical elements of Critical Infrastructure Protection: Forensics, Assurance, Analytics®.
Part I: Value Added Auditing Fundamentals
Chapter 1 – Today’s Competitive Marketplace
Chapter 2 – Governance and Auditing
Chapter 3 – Value Added Auditing 101
Chapter 4 – Enterprise Risk Management 101
Chapter 5 – Process Management 101
Part II: Managing Value Added Auditing
Chapter 6 – Managing the Value Added Audit
Part III: Planning the Value Added Audit
Chapter 7 – Step 1: Understand Audit and Business Objectives
Chapter 8 – Step 2: Notify/Visit Auditee
Chapter 9 – Step 3: Understand Auditee’s System, Process and Product Documentation
Chapter 10 – Step 4: Develop Audit Plan
Chapter 11 – Step 5: Develop Audit Survey
Part IV: Conducting the Value Added Audits
Chapter 12 – Step 1: Assess Organizational Maturity
Chapter 13 – Step 2: Assess Process Capabilities
Chapter 14 – Step 3: Assess System/Process Risks
Chapter 15 – Step 4: Evaluate Control Effectiveness
Chapter 16 – Step 5: Assess Evidence
Chapter 17 – Step 6: Issue Opinion
Chapter 18 – Step 7: Conduct Exit Meeting
Part V: Reporting Value Added Audit Results
Chapter 19 – Step 1: Communicate Audit Results
Chapter 20 – Step 2: Decide Audit Report Format
Chapter 21 – Step 3: Correct – Prevent – Predict – Preempt
Chapter 22 – Step 4: Maintain Audit File
WHO IS THE AUTHOR?
Greg Hutchins Is the principal engineer with Quality + Engineering. He has written a number of best selling ISO 9001, supply management, and quality books as shown on the right.
I have been in quality for more than 30 years. I go back to the Mil Q (predecessor of ISO 9001) and Mil I (inspection) days of quality. I have been involved with Enterprise Risk Management (ERM) for a dozen years and product risk (FMEA) for almost 20 years. A little more background may also help:
- Principal Engineer with Quality + Engineering, a Critical Infrastructure Protection: Forensics, Assurance, Analytics® engineering firm.
- Risk engineer and consultant for global companies.
- Developer of Future of Quality: Risk slide deck that went viral on Linkedin.
- 9001, ISO 14001, and ISO 27001 management systems consultant.
- Lead instructor and consultant for one of the first North American certification bodies.
- Author of best selling ISO 9001 (translated into more than 8 languages).
- Author of Value Added Auditing™ – the first risk-based, quality-auditing and assurance book.
- Author of multiple risk-based, auditing books, which have been approved by national authorities.
- Author of 100′s of quality and risk articles for ASQ, PMI, IEEE, IIE, QD, and many other journals.
- Developer of Certified Enterprise Risk Manager® and other risk certificates.
- Founder of CERM Risk Insights™ emagazine with a circulation that is doubling each year.