How do I know that the training is for me and my organization?
View the complimentary 20-minute overview webinar to learn more. The webinar provides details regarding program expectations, ERM training program benefits as well as program testimonials.
Please feel free to follow up with PRIMA's Education and Training team (email@example.com), should you have any questions.
Why enterprise risk management (ERM)?
PRIMA has chosen to describe this training as enterprise risk management to make it clear that it is an expanded approach, beyond the traditional risk management model, which is focused on insurance and risk financing, loss prevention and claims management. Although ISO 31000 does not use the term ERM, we embrace it as a differentiator. This training teaches an integrated and organization-wide approach to managing risk. Traditional risk management focuses on transferring and preventing risks/threats whereas the ISO 31000 approach focuses on risk as uncertainty which embraces opportunities, risk-taking and structured decision-making.
After I have completed the training program, where else can I get training?
PRIMA is working to develop supplemental material to this training program. Check back here for updates in the future and in the meantime, information is available in the PRIMA Cybrary and on PRIMA’s blog. Additionally, the education program at PRIMA’s Annual Conference features an ERM learning track that will focus on specific skills and details of the process.
What if my primary responsibilities do not involve managing risk? Should I still take this training?
This training program is intended for public sector and higher education professionals. Everyone has a part to play in helping their organization manage risk. This program will help you understand this concept. This program will also teach you how to apply risk management activities within your responsibilities bring additional value within your areas of responsibility.
Are there resources available that will help me get support to attend this training?
There are a couple different things you can do to convince your supervisor you should go through this training program.
- Webinar: Share the overview webinar with key stakeholders. The Webinar goes over how ISO 31000 can add value to your organization.
- Get advice from the ISO 31000 faculty! Click through the bios of the faculty members and read their thoughts on how to get upper-management to recognize, support and buy into ERM and this training!
How does this course relate to the ARM courses I’ve taken?
The Associate in Risk Management (ARM) is a designation that you earn after taking three, two-hour long exams. These exams are self-directed and uniform. The exams are based on content in textbooks and the knowledge addressed in the texts is meant to give students in depth knowledge about general risk management practices and principles, risk assessment and risk financing. Texts and exams are coordinated by the The Institutes. Click here for more information about The Institutes and click here to explore how PRIMA can help you prepare for these exams.
PRIMA's ERM training, is in-person and designed to provide you with a foundational knowledge of the ISO 31000 Standard. The small workshops will teach you how risk management brings value to your organization and how to easily implement the concepts of ISO 31000 throughout your organization so that you can advance your organization's mission. Workshop attendees receive directives and suggestions from trainers that have years of experience in risk management and have implemented successful programs in their organizations. Attendees will also develop their own plans to either start or improve their own program.
About ISO 31000
There are other risk management frameworks. Why ISO 31000?
PRIMA has supported and has been involved with the ISO since 2009 through participation in the U.S. Technical Advisory Group.
ISO’s development process is the most rigorous, widely-adopted standard worldwide and has been adopted as a national standard by more than 50 standards organizations covering more than 70% of the global population. It has also been adopted by a number of United Nations agencies and national governments as a basis for developing their own risk-related standards and policies especially in the areas of disaster risk reduction and the management of disaster risk. The best practices within the ISO 310000 Standard are the most inclusive of all risk management techniques and approaches.
Who is the International Standard Organization (ISO)? How do volunteers get involved with standard development?
The International Organization for Standardization (ISO) is an independent, non-governmental membership organization and the world’s largest developer of voluntary international standards. ISO has published more than 19,500 international standards with the help of more than 160 member countries.
ISO members are a network of national standards bodies and each member represents ISO in its country. ISO standards are developed by groups of experts within technical committees. Technical committees are made up of representatives of industry, NGOS, governments or other stakeholders who are put forward by ISO’s members. For more information on how individuals get involved with technical committees, click here.
How is PRIMA monitoring the ISO/ANSI/ASSE 31000:2009 revision?
ISO/ANSI/ASSE 31000:20009 is currently under review. All published ISO standards get reviewed approximately every five years to ensure that they remain “state of the art” by international consensus. PRIMA is a member on the United States technical advisory committee that is participating in this review and will therefore be monitoring any substantive changes.
Additionally, PRIMA plans to review this program’s curriculum at least every two years. PRIMA’s review process will ensure that the training program’s curriculum incorporates any changes made by the ISO revision team.
What is the difference between the ISO 31000 Standard and the COSO framework?
COSO is a commission that formed in 1986 to help improve controls and deter fraud in political spending. The Integrated Internal Control Framework (ICF) includes Risk Assessment as one of the components. Therefore the COSO ICF has its widest support within the audit, accounting & forensic communities. In the absence of any alternative at that time, many organizations adopted COSO as a framework to help understand and address risks across the organization.
The purpose of the ISO 31000 Standard is to help organizations perform better through stronger, value-driven risk management activity, embracing the neutral view of risk as either positive OR negative uncertainty that could impact the objectives of an organization.
ISO 31000 considers controls in place for adverse risks as well as the people, processes and systems in place that could help an organization seize opportunities as well.
How does traditional risk management compare to risk management as outlined by the ISO 31000 Standard?
Traditional risk management is a term used often to describe such activities as insurance purchasing, claims management, loss control/prevention and security/safety.
ISO 31000 builds on traditional risk management activities but situates them in relation to objectives of the organization, using output from those traditional activities to help inform risk (& opportunity) assessment and treatment. The workshops will inspire you to situate your current responsibilities in a broader, organization-wide context. The workshops will also help you understand how risk management can bring [more] value to your organization when you align your practices with your organization’s objectives.
What other sources provide information about implementing ERM?
There are many sources of good (and bad) information about how to improve risk management in your organization. Workshop materials come with a recommended reading list that includes websites, blogs (click here to read PRIMA’s Risk Management Blog), books & periodicals to help satisfy your learning curiosity and extend your learning outside of the classroom.
Additionally, PRIMA members have access to an online members’ listserv that is dedicated to ERM. Click here to sign into the PRIMA Community and join the ERM/ISO 31000 listserv to exchange ideas with colleagues.
I’m a risk manager for a private university/institution. Is the training applicable to me?
The ISO standard was specifically written to be applicable to any type or size of organization and to be tailored to an organization’s specific objectives and business context. With that in mind, the training was designed to give participants from higher education institutions and public entities (of all types, sizes and structure) the opportunity to tailor the standard to their specific operations. We expect that there will be differences among higher education and public entity workshop participants; the training incorporates and supports that. The workshops blend together training (on the ISO 31000 architecture) along with tailoring (to apply that architecture to your institution or entity) to help participants create an ERM implementation plan that will work for their college or university.
I work for a K-12 public school. Should I take the public sector training or the higher education training?
If you work for a public school or a public school district, the public sector training is better suited to your organization. As a risk manager for a public school, you have considerations such as tax payers, elected officials and your community’s constituents. Higher education institutions do not share these considerations.