What is Risk Based Auditing (RBA)?
International Organization for Standardization (ISO) incorporated Risk Based Thinking (RBT) into ISO 9001:2015 ISO incorporated Risk Based Auditing into ISO 19011:2015. and its management system standards. ISO: Risk Based Thinking is the first book to address risk based auditing which is fundamental to first-party, second-party, and third-party auditing in all the new ISO families of standards. Learn what RBA means and most importantly understand what you need to do to manage, plan, conduct, and report Risk Based Audits. Everyone who is certified to ISO 9001:2015 or any ISO standard should read this book to understand and implement RBA.
What This Book Can Do for You?
Explains the integration of risk into auditing all ISO Management Systems.
Answers the critical questions you need to know about RBA and risk management.
Explains key risk concepts such as Risk Based Auditing, managing RBA programs, planning, conducting, and reporting Risk Based Audits.
Explains in detail ISO 19011:2018.
Explains in detail the steps for planning, conducting, and reporting Risk Based Audits.
Presents insider tips and tools known to first-party, second-party, and third-party auditors.
Bonus Materials/Resources:
Access almost 2,000 risk and quality articles through CERM Academy.
Get Lessons Learned at the end of each key question.
Get free course materials such as using FMEA's in ISO 9001:2015.
Author Biography:
Greg Hutchins PE CERM is the founder of: + 800Compete.com. + WorkingIt.com. + CERMAcademy.com. + QualityPlusEngineering.com, and other startups. + CERMAcademy.com. Greg Hutchins is the risk evangelist who coined the expression Future of Quality: Risk(R). He is the founder of Certified Enterprise Risk Manager Academy(R). He can be contacted at GregH@europa.com or 503.233.1012. Greg is the founder of Working It Academy and the author of Working It: Disruption Rules. Greg Hutchins PE CERM is also the principal professional engineer Quality + Engineering - international supply and quality management firm. Q+E is the designer and developer of Certified Enterprise Risk Manager(R) (CERM), CERM Cyber(TM) certificate, and best-selling ISO and ERM books. Q+E has deep domain expertise in ISO 31000, ISO 27001, and NIST 800's. Q+E designed CERM based on its security IP including Critical Infrastructure Protection: Forensics, Assurance, Analytics(R); Value Added Auditing(TM); Certified Enterprise Risk Manager(R); Future of Quality: Risk(R); CERM: Risk Based, Problem Solving Risk Based, Decision Making(R); etc. Q+E has been certified by the Department of Homeland Security for Critical Infrastructure Protection: Forensics, Assurance, Analytics(R). Q+E has conducted the following Critical Infrastructure Protection (CIP) risk assessments: + Analytical. Q+E engineers and scientists conduct analytical analyses following Q+E protocols evaluating business continuity, cyber security, and physical security systems against IEEE, NFPA, ISA, PMI, ISO, NIST, COSO, NERC, DIACAP, FISMA, and ASIS standards. + Assurance. Q+E offers the client three levels of assurance: + Compliance. Q+E conducts a compliance audit against appropriate standards and guidance. + Assurance with opinion. Q+E issues an opinion based on the results of a governance, risk, and compliance (GRC) audit or ERM controls assessment. + Assurance with insurance coverage. Q+E conducts an audit and provides the requisite level of due diligence for the auditee to be covered. + Forensics. Q+E provides the above levels of assurance as well as supplies a letter to the regulatory authority averring compliance that criteria have been met. Our ISO background includes: Was lead trainer and consultant for first US based certification body in 1987 (AGA Laboratories). Was member of US TAG in 1987 - developer of ISO 9001 Consulted and trained FAA in risk-based auditing, certification, etc.
