
- ISO 9001, ISO 14001, and other ISO management system assessments that focus on continual improvement and achieving business objectives. The book is harmonized to ISO 19011:2011.
- Critical Infrastructure Protection (CIP) assessments including risk assessments, vulnerability, NERC CIP compliance, cyber security, resilience and CIP assessments addressing Presidential Policy Directive (PPD-21) – Critical Infrastructure Security and Resilience.
- Business assurance assessments including compliance, maturity, capability, and benchmarking.
- Internal auditing (Yellow Book/Red Book/Quality) providing independent and objective assurance that an organization can accomplish its business objectives.
- Supplier auditing that may involve forensics, assurance, and analytics.
- Risk based Information Technology (IT) audits including ISO 27001, COBIT, ITIL, HIPAA, PCI, FISMA, and SOX assessments.
- Assurance and opinion audits based on international standards.
- Risk assurance assessments ensuring an organization can meet its governance, risk, and compliance (GRC) objectives.
- Agreed Upon Procedure (AUP) engagements including reporting findings based on reviewing specific procedures.
Value Added Auditing is the primary text for the Risk Assurance element of the Certified Enterprise Risk Manager® certificate program. Visit www.CERMAcademy.com.
US Department of Homeland Security (DHS) certified Value Added Auditing as a ‘Qualified Anti-Terrorist Technology’ under the Safety Act as a critical elements of Critical Infrastructure Protection: Forensics, Assurance, Analytics®.