Course Description:

“In any business endeavor, if you don’t know exactly what to do or how to do something, it gets complicated really fast- and you waste a lot of time and money.”Joan Pastor, PhD

A number of different approaches to risk assessment have been developed, yet companies face challenges in deciding which approach to take: a method that brings benefits to one may not be good enough for another. An important part of assessing risk and the effectiveness of controls is knowing exactly how to maximize the power of business, strategic, IT, operation, financial, assurance, tangible and intangible processes. Efficient and effective processes are the lifeblood of an organization. Research shows that 95% of people in any organization want to do well, but 95% of the processes in an organization are the key cause for an organization’s failure due to certain specific bad risks and deliberate fraud and wrongdoing.

This concrete, hands-on, applications-focused two day program has consistently been one of the most popular courses in the world for the audit, risk management and finance professions or anyone who is trying to gather, prioritize and analyze the real threats to the business, and controls that will really work. Dr. Joan Pastor collaborated originally with several large telephone companies in the US to develop this course, and it has been continually updated as issues related to Governance, Risk and Compliance (GRC), Fraud, ERM and Risk Assessment, and the impact of IT to organizational systems evolve. There are a number of things that will make this course extremely useful and very different from any other training you have had in this area so far. These include:

  1. Focusing on getting the information from all levels of the workforce. In other words, from your Executive Committee and Board of Directors to any function in your organization, the information- and the analysis and decisions- will come from them, not you. Of course, you will actually have a strong influence, but in such a way that they will welcome your input and want your expertise.
  2. Learning how to conduct Fraud and Risk Organizational Assessments (FROA) at the executive and/or management levels (usually your most resistant people) of your organization and vastly increasing your influence with these people;
  3. Teaching the elusive concepts of risk, controls, residual risk, root cause analysis and so much more in such a concrete and easy to understand way that your clients finally completely understand it, really and truly understands how this information is great value to their own work, and want to tell you real (potential) risks and fraud;
  4. How to design and use questionnaires (and when NOT to use them) so that you get accurate information you can apply in numerous ways;
  5. Learning hundreds of strategies for influencing others, gaining “buy-in” to changes your clients need to make and for developing a truly collaborative relationship. You can, and will, be able to change what is often an adversarial relationship (or a disinterested party) into a true working relationship that benefits the whole company.
  6. Finally, you will learn the best and only way to develop, document and analyze-at the root cause level- process maps, and it will be much easier, much more fun, and take much less time than whatever you are currently doing.

Seminar instructor Joan Pastor has:

  • Worked as the head facilitator for the National Security Agency.
  • Facilitated off-sites with all the intelligence agencies of the Dept. of Defense as well as representatives from the White House under the Clinton Administration.
  • Trained FBI professionals and police departments on white collar criminal and fraud interviewing skills.
  • Opening keynoter for the Association of Certified Fraud Examiners
  • A core commentator on webinars, teleseminars and television for the AICPA, BRISK, and talk shows.
  • Facilitated many off-sites with executive teams from a number of private and public companies in numerous countries.
  • Recently she was awarded the Gallery of Success, by her alma mater Temple University in Philadelphia, PA.

This highly interactive course has been held up as a “best practice” for learning how to gather the best and most accurate information for risk and fraud programs. It is especially useful for service industries and overcomes the limitations that “lean” approaches sometimes have. Attendees will discover a lot more information about how your organization actually operates, what processes are vulnerable- whether financial, operational or regulatory- and will find your clients motivated to incorporate continuous improvement skills into their own work. Attendees will leave with concrete tools, a step-by-step process for gathering, analyzing and applying the information, vastly increased confidence in your ability to both lead and collaborate with others and most important, concrete, real-time information that just might allow you to catch fraud and critical risks before they have caused too much damage.

Learning Objective:

  • Learn how to identify fraud and significant risks related to any business function through your clients’ eyes and assess the existence and strength of controls against the fraud or risk exposure.
  • Learn why “narratives,” flowcharting software and most traditional flowcharting techniques do NOT work for risk analysis, and how to use the copyrighted © JPA Top Down Risk Analysis Mapping Process to get to the real processes, procedures, risks and controls.
  • Learn how work diagrams, parallel flowcharts, critical pathing and mapping symbols fit in.
  • Learn C-E diagramming and another tool to get to “root cause” vulnerabilities, and how to map controls to root cause analysis.
  • Learn how to incorporate residual risk, inherent risk and current risk into your model.
  • Questionnaires: Likert scales, Thornton forced-choice responding procedures, and designing questionnaires that are valid and reliable.
  • Learn how to gain “buy-in” from others to new ideas you want them to consider and changes you need them to make.
  • Learn critical facilitation tools and techniques for getting the best quality information.
  • Learn the best process for both gathering and distributing risk and fraud information to the highest levels in your organization.
  • Learn how and why processes and procedures become so problematic, and how to create processes that really work, and really achieve the outcomes they were meant to accomplish.
  • Learn how to communicate technical concepts that are hard for the average person, including executives, to understand in such a manner that gains their buy in.
  • Learn the signs and “red flags” by analyzing organizational systems that indicate an increased chance of unmitigated risk and current fraud.
  • Obtain a special overview on white collar criminals, how they think, and how to apply that information to your fraud and risk programs.

Who will Benefit:

This course is designed for anyone who wants to learn how to obtain real current and potential frauds and risks in their company or function, or who wants to teach others how to analyze their own processes, risks, potential frauds and controls in order to more quickly reach their goals as well as increase their efficiency and effectiveness. The following personnel will benefit from attending the course:

  • Internal and External Auditors
  • Regulatory & Compliance Personnel
  • Fraud Managers
  • Company Executives
  • Finance and Accounting Management
  • Risk Managers
  • Internal Control Professionals

Course Outline:

Day One (8:30 AM – 5:00 PM) Day Two (8:30 AM – 5:00 PM)

Registration Process: 8:30 AM – 9:00 AM

Session Start Time: 9:00 AM

  1. Why Risk and Fraud? How are they alike and where do they differ?
  2. Enterprise Risk Management vs. Risk Assessment vs. Self-Assessment vs. Fraud programs
    1. A quick review: What are exactly are each of these, how they work, and why ALL are of critical importance
    2. Why Process Mapping and Documentation (PMD) and Root Cause Analysis are the core to each area, and the core to organizational health
      1. What is PMD and how does it differ from Business Process Mapping (BPM)
      2. When to use each, and continuous improvement strategies, to increase the value of your services to your own work function, to others and to the organization as a whole
    3. The secret of the 95%, the two key components to highly successful organizations, and where your contribution lays
  3. Gaining People's Buy-In to looking at risk and fraud and adopting an ethical organizational culture
    1. Step-by-step strategies of gaining "buy-in" from the necessary people at any and all levels of your organization
      1. How to address and handle people’s fear of change
      2. What to do and say when any level of management says things are fine as they are (and they are not!)
      3. Learn the six steps to positively influence people to see the value of integrating risk and fraud (self) assessments into organizational culture and strategy, and into their own function
    2. More Critical Communication and Influencing Skills: Tying your function’s activities (ie.; audits, investigations, assessments) and your goals and objectives to another group or person’s activities and goals
      1. Why it is very important to show this link in order to build rapport and their trust
    3. How to show the value of using PMD, Root Cause Analysis and other techniques (see details below) to Boards, executives and management.
      1. How Business Process Mapping and PMD activities ties in and fills the gap between management’s desire to achieve goals and their actual ability to achieve goals.
      2. How these tools cause organizational functions to stay in alignment with the larger vision of senior management and the strategic vision for the organization.
      3. How these same tools, plus a few others, can target fraud and unethical behavior more quickly.
      4. How to show executives and management that they actually want a fraud program- that they will actually benefit the most from one.
      5. Most important of all, learn the successful process of how to obtain PMD of potential fraud, risks and controls from the executive team, how to obtain the same plus root cause analysis at key lower levels and functions, and how to then bring the real and true information back up to management, Board and executive levels in such a manner that will increase their buy-in and support for your efforts.
    4. Building a partnership both “horizontally and vertically” throughout the organization through FRSA and collaborative process mapping, documentation and root cause analysis
    5. Making sure Audit Committees or equivalent also understand your objectives, how all parts of the process (i.e., from RA to FRSA to Audit Plans) all fit together and are committed.
  4. FRSA Overview
    1. How does FRSA fit into risk assessment, fraud and audit programs?
    2. The truth about fraud: a fascinating look behind the mind of the white collar criminal.
    3. Learn a specific approach for obtaining critical risks for you’re a work function to focus on.
    4. Learn how to use this model to identify core risks, controls and residual risk with ANY group of people, including management and executive level teams.
    5. Use this methodology for any type of organization of any size: companies, government sectors and non-profit organizations.
  5. The Core Process for Leading a FRSA Workshop
    1. A detailed five step process for planning and delivering the FRSA workshop from beginning to end
      1. Learn exactly what to do, and where, when and how to use PMD, Root Cause Analysis to assess, fraud, risks, processes, control vulnerabilities and the state of residual risk
    2. The facilitation, interviewing and probing skills to increase the participants’ respect and trust in opening up to you
    3. Introduction to the tools and how you will use them with a group of people (ideal) or in one on one meeting
      1. Brainstorming, Business Process Mapping and Process Mapping and Documentation, Root Cause Diagrams to Assist in making the correct and best analyses of real causes, the real control situation
      2. Additional Analyses, Action Planning and Follow-up
      3. Literally hundreds of strategies you never thought of or learned anywhere else for PMD and Root Cause Analysis
    4. How to Use these Tools to Increase the Quality and Quantity of Information From the Participants- and the secret as to why they are so effective
    5. How to Use These Tools to Manage Group Dynamics and difficult people in the group or in a one-on-one meeting
    6. Using simple risk universe maps from other companies (i.e.; Caterpillar) or of your own making within the workshop to get maximum information from your participants
    7. Fun ways to get even more fraud scenarios from the clients and participants
    8. Additional questions you will learn the answers to:
      1. How do FROAs done with executives and management teams differ from FRSAs?
      2. What is the secret to making people open up and tell the truth?
      3. What is my role as a facilitator and/or interviewer during this process? How do I obtain and maintain independence and objectivity? When should I NOT be objective? What is the secret to inserting my opinion without alienating the group- is that possible? When should I NOT insert my opinion(s)?
      4. What do I do when the group or individual does not come up with the same risks, potential frauds, or control status that my pre-work shows to exist?
      5. Can I modify this process to use at other points in an audit, i.e.; a shortened version at the engagement stage to determine scope?
      6. If I only do compliance audits and assessments or only fraud investigations, how do I make these tools work for me?
      7. How do I directly apply the information gathered to risk assessments, audit plans, building out the content for my fraud program, and/or to constructing a really powerful questionnaire?

  1. Yet More Things You Will Learn in order to conduct outstanding Information-Gathering Sessions, AND Practice, Practice Practice!
    1. Prework:
      1. Planning the meeting from beginning to end to ensure success
      2. Meeting with the function or division’s management before the FRSA meeting (or before an FROA): what to say and do. What results you want to get from that meeting with management
      3. How to address sensitive issues (i.e.; politics, resistance, conflicts) and set clear expectations before and during the meeting
    2. The actual workshop: How to start the workshop: agenda, ground rules, etc.
    3. How to turn any goal into a process, procedure or system to be mapped (and how to turn any process back into a goal!)
    4. Does benchmarking or further research need to be done before finishing?
      1. Creating action plans for gathering necessary research before meeting again.
    5. Determining and ranking risks while encouraging creativity and innovation
      1. Determining the criteria for ranking risks and controls
      2. Bringing the type of risk into the picture- inherent risk, present risk, and residual risk
      3. Making sure the criteria for ranking and BPM improvements are customer focused, consider the vendor, and enhance quality, strategic goals and stated business objectives.
    6. Assessing controls from the map or from deeper root analysis tools
      1. How the participants will automatically turn controls that need to be strengthened or created into action plans
    7. Ending the workshop, follow-up decisions and monitoring improvements
    8. Bringing the results back to the higher levels of larger risk assessments and to your risk universe or ERM program
  2. Voting/consensus ranking Techniques
    1. Statistically valid, consensus-building voting techniques when accuracy is critical
    2. Fun and creative voting techniques for prioritizing and also getting to consensus on which risks are the most important
    3. The pros and cons of voting technology, and how to make it work for you if you decide to invest (optional).
    4. Determining the right criteria to use for prioritizing risks and controls
      1. Comparing voting and prioritizing and weighting techniques used in this course to the standard frequency and likelihood categories
      2. For example, what criteria should be used to make sure the rankings reflect a customer focus? Should criteria differ if prioritizing and measuring reputational risk vs. financial risk?
  3. Practice, Practice, Practice
    1. Practice on facilitation skills and the tools for doing PMD, Root Cause Analysis, assessing and prioritizing risks and controls.
    2. Going through a live simulation of a FRSA workshop
      1. Specific coaching will be provided throughout to help learn the tools, body language and verbal language skills that are very effective
    3. Debrief, and personally experience how FRSA all fits together as one whole system
    4. Discuss applications ongoing to your own unique organization and situation
  4. A Brief Introduction to the White Collar Criminal Mind
    1. The two main types of criminals to know in the workplace
    2. The Five components that make up the hard core white collar criminal
    3. How and why it is important to learn how to think like a criminal for fraud programs
  5. All about Questionnaires
    1. What types of questionnaires are there and what works best in companies and different organizational cultures
    2. Pros and cons to using questionnaires in risk assessments and fraud programs
      1. When to use them and when not
      2. Different types of questionnaires: self-assessment, 360, and abilities- based, and the strengths and limitations of each
      3. Why questionnaires are not enough- they supplement and work hand in hand with PMD
    3. How to put together a proper questionnaire that will gather the best information: what the experts say
    4. When to use a questionnaire before doing FRSAs and when to use them as a follow up after doing FRSAs
      1. Yes, you can use them both before and after process mapping, documentation and analysis
      2. How to determine where to do business process mapping to verify risk and control information given in the questionnaire.
      3. Asking follow-up questions after reviewing the questionnaires
    5. Reviewing questionnaires from the class
      1. Small groups and facilitated discussions
    NOTE: If you or your colleagues have created and used a questionnaire for any aspect of risk or fraud information gathering, please bring it along with 5 copies.
  6. Action Plans and Close
    1. Developing a preliminary plan, prioritizing areas to cover, that you will start implementing upon your return to work
    2. If time, sharing your preliminary plan in group

Meet Your Instructor

Joan Pastor, Ph.D.
President, JPA International, Inc.

Joan Pastor, Ph.D., president of JPA International, Inc. is a licensed organizational and clinical psychologist who provides keynote, training and consultation services to numerous national and international organizations and associations. Ms. Pastor is a certified speaking professional (CSP), a certified mediator, and has an extensive coaching practice. She is well-known for her keynotes and work in assisting organizations in developing their vision, plus the strategy and processes to achieve it.

She has been working with finance, risk, security (including intelligence) & audit professionals since 1986 and has made pioneering contributions to these professions in risk assessments; all areas related to the “People or Soft Skills”; integrating finance, incorporating risk and fraud into corporate objectives and strategy; business process documentation; and in working with executive management , boards, and audit committees.

She has uncovered numerous embezzlement and other fraudulent schemes over the years in her own work and with audit, risk and finance colleagues. She has been named Outstanding Young Woman of the Year, awarded the U.S. Army Customer Service Award, and was awarded the National Leadership Award from the U.S. Business Advisory Council in both 2003 and 2006.

Seminar Instructor Joan Pastor has:

  • Worked as the head facilitator for the National Security Agency.
  • Facilitated off-sites with all the intelligence agencies of the Dept. of Defense as well as representatives from the White House under the Clinton Administration.
  • Trained FBI professionals and police departments on white collar criminal and fraud interviewing skills.
  • Opening keynoter for the Association of Certified Fraud Examiners
  • A core commentator on webinars, teleseminars and television for the AICPA, BRISK, and talk shows.
  • Facilitated many off-sites with executive teams from a number of private and public companies in numerous countries.
  • Recently she was awarded the Gallery of Success, by her alma mater Temple University in Philadelphia, PA.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at [email protected]

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
6201 America Center Drive Suite 240
San Jose, CA 95002

By Wire -

Register / Pay by Wire Transfer

Please contact us at +1-888-717-2436 to get details of wire transfer option.

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ [email protected]

Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:
After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by ComplianceOnline for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline for any kind of claims arising out of copyright or privacy violations.


The speaker was very knowledgeable and the support material provided was very useful. I would strongly recommend this conference to others.
- Finance Manager, Omani National Livestock Development Co SAOC

It was my first experience with the ComplianceOnline and its good ComplianceOnline took initiative to interact with attendees to draw feedback for improvement. Speaker has got very good communication skills.
- Internal Auditor, Al Ahli Bank of Kuwait

Overall it was good seminar. People from ComplianceOnline were available all the time.
- Accounting Manager - Financial Controller, Aramex International

The program was well organized and coordinated by ComplianceOnline
- Corporate Finance Manager, Aramex International

Presenter was very well experienced in her field. Material was good for compliance/ audit field professionals.
- Finance Manager, Weir Solutions FZE

The seminar was well planned and interactive. Informal conversations with other attendees were very useful.
- Business Analyst, Weir Solutions FZE

The seminar was very interactive and the presenter was very knowledgeable
- Deputy CEO, AllianzTiriac Pensions CO

Communication skills of the trainer were very good.
- Senior Internal Auditor, Coca Cola Icecek

It was very interactive seminar.
- Internal Auditor, Coca Cola Icecek

Joan is a good speaker and was very knowledgeable.
- EHS & WCP Manager, CROWN Emirates Co. Ltd.

Media Partners



Zener IT Solutions

Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions

One of the more breathtaking scenes on the lake is this tall ship approaching the docks at Navy Pier. The 148-foot four-masted schooner (and its new sister ship, the Windy II ) sets sail for 90-minute cruises two to five times a day, both day and evening. (Because the boats are sometimes booked by groups, the schedule changes each week; call first to confirm sailing times). The boats are at the whims of the wind, so every cruise charts a different course. Passengers are welcome to help raise and trim the sails and occasionally take turns at the ship's helm (with the captain standing close by). The boats are not accessible for people with disabilities.

The building may be historic (it was the first planetarium in the Western Hemisphere), but some of the attractions here will captivate the most jaded video-game addict.

Your first stop should be the modern Sky Pavilion, where the don't-miss experience is the StarRider Theater. Settle down under the massive dome, and you'll take a half-hour interactive virtual-reality trip through the Milky Way and into deep space, featuring a computer-generated 3-D-graphics projection system and controls in the armrest of each seat. Six high-resolution video projectors form a seamless image above your head -- you'll feel as if you're literally floating in space. If you're looking for more entertainment, the Sky Theater shows movies with an astronomical bent; recent shows have included Secrets of Saturn and Mars Now!

With its gleaming-white, palatial, six-story grandstand and lush gardens, this racecourse is one of the most beautiful showcases for thoroughbred horse racing in the world. Its storied history stretches back to 1927, and such equine stars as Citation, Secretariat, and Cigar have graced the track. The annual Arlington Million (the sport's first million-dollar race, held in mid-Aug) attracts top jockeys, trainers, and horses and is part of the World Series Racing Championship, which includes the Breeders Cup races. Arlington's race days are thrilling to behold, with all of racing's time-honored pageantry on display -- from the bugler in traditional dress to the parade of jockeys.

You can't -- and shouldn't -- miss the Art Institute. (You really have no excuse, since it's conveniently located right on Michigan Ave. in the heart of downtown.) No matter what medium or century interests you, the Art Institute has something in its collection to fit the bill. Japanese ukiyo-e prints, ancient Egyptian bronzes, Greek vases, 19th-century British photography, masterpieces by most of the greatest names in 20th-century sculpture, and modern American textiles are just some of the works on display, but for a general overview of the museum's collection, take the free "Highlights of the Art Institute" tour Saturday and Sunday.

A truly grand theater with historic-landmark status, the Auditorium gives visitors a taste of late-19th-century Chicago opulence. Because it's still a working theater -- not a museum -- it's not always open to the public during the day; to make sure you'll get in, schedule a guided tour, which are offered on Mondays at 10am and noon.

Designed and built in 1889 by Louis Sullivan and Dankmar Adler, the 4,000-seat Auditorium was a wonder of the world: the heaviest (110,000 tons) and most massive modern edifice on earth, the most fireproof building ever constructed, and the tallest building in Chicago. It was also the first large-scale building to be lit by electricity, and its theater was the first in the country to install air-conditioning. Originally the home of the Chicago Opera Company, Sullivan and Adler's masterpiece is defined by powerful arches lit by thousands of bulbs and features Sullivan's trademark ornamentation -- in this case, elaborate golden stenciling and gold plaster medallions. It's equally renowned for otherworldly acoustics and unobstructed sightlines.

We need below information to serve you better



6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2023 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method