Course Description:

A number of different approaches to risk management and assessment have been developed, yet companies face challenges in deciding which approach to take: a method that brings benefits to one may not be good enough for another. This seminar provides companies ways to assess and manage risk, compliance and auditing that can be easily adapted to any kind of business across the globe. Attendees will learn practical approaches and proven tools to implement robust risk management systems within their organizations.

This highly interactive 2 day in-person seminar will explain how to use any type of process to enhance risk and control identification and contribute important information to the overall risk management plan. Attendees will gain the skills for understanding risk management, how to do effective risk assessments, and how to include business process mapping into any enterprise risk management program, risk assessments and audit processes. The seminar will explain how any work function really operates, to identify risks and opportunities for improvement, and to implement changes or new processes that will have an immediate impact on both the participant’s own, and the organization’s, objectives.

Learning Objective:

Seminar attendees will learn:

Seminar instructor Joan Pastor has:

  • Worked as the head facilitator for the National Security Agency.
  • Facilitated off-sites with all the intelligence agencies of the Dept. of Defense as well as representatives from the White House under the Clinton Administration.
  • Trained FBI professionals and police departments on white collar criminal and fraud interviewing skills.
  • Facilitated many off-sites with executive teams from a number of private and public companies in numerous countries.
  • Enterprise Risk Management (ERM) vs. Risk Assessments vs. Risk Self-Assessments: How they all work together for the most efficient and comprehensive coverage.
  • To use ERM to proactively address opportunities, increase customer and stakeholder value and determine risk threshold.
  • To use the copyrighted © JPA Top Down Risk Analysis Mapping Process to get to the real processes, procedures, risks and controls.
  • Specific applications to regulatory standards, global and compliance standards, ISO, clinical trials and more.
  • To take business process mapping and documentation and risk assessments to the highest level of real proactive organizational change.
  • How to identify significant risks related to any business function through your clients' eyes and assess the existence and strength of controls against the risk exposure.
  • The power of risk and fraud self-assessments (RSA), and a highly effective process for facilitating them.
  • Secrets for turning around resistant noncompliant functions who fight your involvement.
  • To use “natural systems selection” tools from organizational psychology to differentiate real risk from trivial risks, and immediately increase client buy-in.

Who will Benefit:

This course is designed in such a way so as to provide comprehensive learning for both risk/audit professionals and personnel in non-audit functions (including IT and executive teams) across industries. The following personnel will benefit from attending the course:

  • Internal and external auditors
  • Regulatory & compliance personnel
  • Fraud & risk managers
  • Company executives

Course Outline:

Day One (8:30 AM – 5:00 PM) Day Two (8:30 AM – 5:00 PM)

Registration Process: 8:30 AM – 9:00 AM

Session Start Time: 9:00 AM

  1. What is Risk?
    • Why is this so important? What does it mean to manager, employee and auditor?
    • Traditional approaches to define risk
    • Why traditional approaches are not enough
    • Assessing risk at an organization-wide level vs. a business unit level
    • What about areas that already have compliance controls in place (i.e.; environmental, safety, legal regulations)
  2. Enterprise Risk Management vs. Risk Assessment vs. Self-Assessment
    • What exactly are each of these, how they work, and why all are of critical importance in risk assessment processes and risk management
    • How to integrate all three arenas above so that they work together and complement each other
  3. Two Fundamental Approaches: the typical ones and the one that works
    • The strength and weaknesses of the traditional approach that is usually taught
    • A step by step process for implementing an approach that can be customized to your organization’s particular needs, and to the needs and goals of specific business functions
    • Two examples: Harley-Davidson and the Los Angeles Employee Retirement Association (LACERA) (a private and public organization)
      • Who are Harley Davidson and LACERA?
      • The step-by-step process for each organization that we developed and how we got there
      • The struggles and challenges we went through
      • Changes we made along the way
      • Simple risk universe maps from other companies (i.e.; Caterpillar)
    • Reviewing ERM and/or RA approaches in small groups and class discussion
    • The role of organizational culture, vision and resources in determining the best approach and our approach
      • What to do if you have a supportive management and culture
      • Suggestions if you do not have a supportive management and culture
    • All about Questionnaires
      • What types of questionnaires are there and what works best in companies and different organizational cultures
      • Pros and cons to using questionnaires in risk assessments
      • Different types of questionnaires: self-assessment, 360, and abilities-based, and the strengths and limitations of each
      • How to put together a proper questionnaire that will gather the best information: what the experts say
      • How to determine where to do business process mapping to verify risk and control information given in the questionnaire.
      • Why questionnaires are not enough
      • Asking follow-up questions after reviewing the questionnaires
    • Reviewing ERM and/or RA approaches and questionnaires from the class, ranking and weighting risks without business process mapping first:
      • Small groups and facilitated discussions
  4. Gaining People's Buy-In to ERM and/or doing Risk Assessments
    • Step-by-step strategies of gaining "buy-in" from the necessary people at all levels of your agency
      • How to address and handle people’s fear of change
      • What to do and say when any level of management says things are fine as they are
    • Critical Communication Skills: Tying your function’s activities, goals and objectives to those you are trying to create collaboration with
    • Explaining how risk management, risk assessment, the Audit Plan and the organization’s goals and their strategies for achieving them all work together.
    • Using Business Process Mapping and specific self-assessment techniques (to be taught on second day) to help people see how risk assessments add value.
      • How Business Process Mapping (BPM) ties in and fills the gap between the desire to achieve goals and the actual ability to achieve goals.
      • How integrating (BPM) appropriate risk management actually helps all organizational functions achieve their goals, and stay in alignment with the larger vision of the organization.
    • Building a partnership both “horizontally and vertically” through risk assessments
    • Making sure Audit Committees or equivalent also understand your objectives, how all parts of the process (i.e., from ERM to RA to Audit Plan) all fit together and are committed.
  5. Action Plan Part One
    • What can you take from all this so far?
      • Developing a preliminary plan, prioritizing areas to cover, determining how detailed to get
      • Questions and concerns
      • Sharing Your preliminary plan in groups

  1. Introduction to Business Process Mapping (BPM) and Root Analysis Tools
    • What is business process mapping, and what are the tools used in process mapping (overview)
    • Determining which business processes in your organization, or an organizational function, should be monitored
    • How to construct process flow charts that are efficient and effective
      • The psychology behind business processes: how processes and procedures get messed up in the same way in all organizations around the world
      • The objectives of process flow charting
      • The extremely limited place for narratives and flowcharting software in BPM
    • How to start aligning the process flow charts with BOTH risks and controls in mind
    • The unique and only efficient way to do BPM:
      • What specific process mappings to use: a step-by-step process
      • What each process mapping tool is, what it is designed to do, and when to use each
    • Determining value-added vs. non-value added activities
    • Root Cause tools: the companion tool to this method of process mapping
  2. Doing Risk Assessments and Analyses off of Business Process Maps
    • Step by step instruction and practice in doing risk assessments off of process maps
    • Determining “Root Cause”: what it is and why it is critical to successful audits and risk assessments
      • Learn the best tool for getting to root cause
    • How root cause work impacts overall risk assessment, audit planning and the audits themselves
    • Using BPM as a baseline for measuring performance, and performance improvement
    • Analyzing controls off business process and/or root cause maps
    • Action plans: keeping them simple while integrating them into BPM
  3. Introduction to Facilitation Skills for BPM and Group Self-Assessments
    • Why are facilitation skills a core competency in all types of audit, risk, IT, compliance and related professions?
    • The 5 competencies required for excellent facilitation of groups
    • Using facilitation skills to gain buy-in to making changes in processes and procedures
      • Managing their resistance to change and to listening to you
      • Your role as an effective change agent that also gains every client’s respect
    • Quick decision-making tools when consensus is not forthcoming
  4. The Process for Leading a Business Process Mapping Workshop
    • Prework:
      • Planning the meeting from beginning to end to ensure success
      • Meeting with the function’s management before the BPM meeting: what to say and do
      • How to address sensitive issues (i.e.; politics, resistance, conflicts) and set clear expectations before and during the meeting
    • The actual workshop: How to start the workshop: agenda, ground rules, etc.
    • How to turn any goal into a process, procedure or system to be mapped (and how to turn any process back into a goal!)
    • Does benchmarking or further research need to be done before finishing?
      • Creating action plans for gathering necessary research before meeting again.
    • Determining and ranking risks while encouraging creativity and innovation
      • Determining the criteria for ranking risks and controls
      • Bringing the type of risk into the picture- inherent risk, present risk, and residual risk
      • Making sure the criteria for ranking and BPM improvements are customer focused, consider the vendor, and enhance quality, strategic goals and stated business objectives.
    • Assessing controls from the map or from deeper root analysis tools
      • Turning controls into action plans
      • Ending the workshop, follow-up decisions and monitoring improvements
      • Bringing the results back to the higher levels of larger risk assessments and to your risk universe or ERM program
  5. Practice, Practice, Practice
    • Practice on facilitation skills and the tools for doing BPM, Root Cause Analysis, assessing and ranking risks and controls
    • Going through a live simulation of a BPM workshop
    • Debrief and experience how it all fits together as one whole system
    • Discuss applications ongoing to your own unique organization and situation
  6. Close: Action Plans: Part Two
    • Updating your action plan(s) to take back to work and start using immediately

Meet Your Instructor

Joan Pastor, Ph.D.
President, JPA International, Inc.

Joan Pastor, Ph.D., president of JPA International, Inc. is a licensed organizational and clinical psychologist who provides keynote, training and consultation services to numerous national and international organizations and associations. Ms. Pastor is a certified speaking professional (CSP), a certified mediator, and has an extensive coaching practice. She is well-known for her keynotes and work in assisting organizations in developing their vision, plus the strategy and processes to achieve it.

She has been working with finance, risk, security (including intelligence) & audit professionals since 1986 and has made pioneering contributions to these professions in risk assessments; all areas related to the “People or Soft Skills”; integrating finance, incorporating risk and fraud into corporate objectives and strategy; business process documentation; and in working with executive management , boards, and audit committees.

She has uncovered numerous embezzlement and other fraudulent schemes over the years in her own work and with audit, risk and finance colleagues. She has been named Outstanding Young Woman of the Year, awarded the U.S. Army Customer Service Award, and was awarded the National Leadership Award from the U.S. Business Advisory Council in both 2003 and 2006.

Seminar Instructor Joan Pastor has:

  • Worked as the head facilitator for the National Security Agency.
  • Facilitated off-sites with all the intelligence agencies of the Dept. of Defense as well as representatives from the White House under the Clinton Administration.
  • Trained FBI professionals and police departments on white collar criminal and fraud interviewing skills.
  • Facilitated many off-sites with executive teams from a number of private and public companies in numerous countries.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at [email protected]

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
6201 America Center Drive Suite 240
San Jose, CA 95002

By Wire -

Register / Pay by Wire Transfer

Please contact us at +1-888-717-2436 to get details of wire transfer option.

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ [email protected]

Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:
After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by ComplianceOnline for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline for any kind of claims arising out of copyright or privacy violations.


The speaker was very knowledgeable and the support material provided was very useful. I would strongly recommend this conference to others.
- Finance Manager, Omani National Livestock Development Co SAOC

It was my first experience with the ComplianceOnline and its good ComplianceOnline took initiative to interact with attendees to draw feedback for improvement. Speaker has got very good communication skills.
- Internal Auditor, Al Ahli Bank of Kuwait

Overall it was good seminar. People from ComplianceOnline were available all the time.
- Accounting Manager - Financial Controller, Aramex International

The program was well organized and coordinated by ComplianceOnline
- Corporate Finance Manager, Aramex International

Presenter was very well experienced in her field. Material was good for compliance/ audit field professionals.
- Finance Manager, Weir Solutions FZE

The seminar was well planned and interactive. Informal conversations with other attendees were very useful.
- Business Analyst, Weir Solutions FZE

The seminar was very interactive and the presenter was very knowledgeable
- Deputy CEO, AllianzTiriac Pensions CO

Communication skills of the trainer were very good.
- Senior Internal Auditor, Coca Cola Icecek

It was very interactive seminar.
- Internal Auditor, Coca Cola Icecek

Joan is a good speaker and was very knowledgeable.
- EHS & WCP Manager, CROWN Emirates Co. Ltd.

Media Partners



Zener IT Solutions

Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.


Local Attractions

Board a luxurious Think Escape party bus or limo and be whisked away to San Francisco's hottest nightclubs where VIP treatment brings all party bus guests to the front of the line. Planning the perfect night on the town is easy with Think Escape's fleet of luxury buses and extended vehicles, each with different amenities for socializing and transport. Think Escape's Bay Area party bus rentals include free entry into selected exclusive nightclubs, professional hostess and chauffer, in-vehicle coolers stocked with amenities for a perfect night of partying.

The Alcatraz Lunch Cruise is a luxurious way to get to see some of San Francisco’s favorite sights. A gourmet lunch buffet features options like asiago Caesar salad, bay shrimp salad, roasted chicken, garlic-herb roasted new potatoes and more. While guests enjoy lunch, they can take in views of San Francisco Bay’s flora and fauna, Angel Island and Alcatraz, and a live narration explores the history of Alcatraz. Please note that this tour doesn’t stop on Alcatraz Island.

A relaxing way to explore the San Francisco Bay is with the Luxury Catamaran Sailing Cruise. A drink bar and snacks are available for travelers’ enjoyment as they travel under the Golden Gate Bridge, around Alcatraz Island and even past a colony of sea lions. This is a peaceful San Francisco cruise option for families, and children under 5 ride for free.

City Kayak, located on San Francisco's Embarcadero close to the San Francisco Giant's ATT Park, offers a great way to experience San Francisco from Bay level, a point of view and a unique experience you'll not soon forget.

San Franciscans may be familiar with Think Escape's party buses that shuttle the late-night crowds to and from various city nightclubs, but the Cache Creek Casino Escape is a little-known gem among Bay Area destinations. With personal charter service on the luxurious Fantasy Limo Bus to Cache Creek Casino and Resort, the Cache Creek Casino Escape tour is a smart choice for San Franciscans looking for a little gaming fun or planning a large group activity

We need below information to serve you better



6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2023 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method