Certified in Objective-Centric Risk & Certainty Management™ (cORCM™)

Field: Management Services | Delivery Method: Self Study | CPE Hours: 25.0

When you register now you will also get a bonus one hour call with Tim Leech for free (a $500 value) along with the other bonuses listed below.

Practical, step-by-step training to equip you, your risk management function, and/or internal audit department professionals to implement and maintain the newest generation of enterprise risk management (ERM) and Internal audit – objective-centric risk and certainty management.

Whether you are a risk management or internal audit professional there are clear signs that the future of both professions is objective-centric risk and certainty management.

In 2017 COSO issued new enterprise risk management (ERM) guidance titled Enterprise Risk Management: Integrating with Strategy and Performance. It calls on risk professionals to transition from risk-centric and risk register based ERM to one that focuses on assessing the risk/certainty linked to top strategic/value creation and value preservation objectives and directly linking risk assessments with performance data.

ISO 31000 2018, the global risk management standard, defines risk as “effect of uncertainty on objectives”. The introduction opens with: "Organizations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives ... Managing risk is iterative and assists organizations in setting strategy, achieving objectives and making informed decisions."

In the internal audit space, the IIA issued Sawyer's Internal Auditing: Enhancing and Protecting Organizational Value, 7th Edition in 2019. The book chronicles an evolution in internal audit methods/thinking. The most modern evolved internal auditor that started to emerge in 2015 is coined “the Objective-Based Auditor”.

  1. 1941 - the Internal/External Auditor
  2. 1970 - the Internal Control Process Auditor
  3. 1990 - the Risk-Based Auditor
  4. 2000 - the Risk Management-Based Auditor
  5. 2015 - the Objective-Based Auditor

Dan Clayton, one of the principal authors of this IIA Sawyer update, gave a progress report in February 2021 in a LinkedIn post. His conclusion was not encouraging: “Many internal auditors are still producing the original internal audit value from 1941.”

In 2020 the IIA updated the original THREE LINES of DEFENSE, and issued the new THREE LINES MODEL. Even a quick scan of the overview diagram below makes it clear that 1st and 2nd “LINES” focus is “Actions (including managing risks) to achieve organizational objectives”. The focus of the 3rd LINE is defined as “Independent and objective assurance and advice on all matters related to the achievement of objectives”. The role of the “GOVERNING BODY” is “organizational oversight”. Given the roles defined for 1st/2nd/3rd lines, it's clear the board’s job is to oversee risk/certainty top value creation and preservation objectives are achieved.

For Boards of Directors, powerful institutional investors are escalating pressure on boards to demonstrate that they are effectively overseeing strategic planning and risk management. The International Corporate Governance Network (ICGN), a global not-for-profit representing companies with assets under management totaling over $26 trillion, calls on investors to start by focusing their attention on the boards of investment companies:

“The risk oversight process begins with the board. The unitary or supervisory board has an overarching responsibility for deciding the company’s strategy and business model and understanding and agreeing on the level of risk that goes with it. The board has the task of overseeing management’s implementation of strategic and operational risk management”.

Benefits of Objective Centric Risk Management

  • All efforts are focused on increasing/managing the certainty of achieving top strategic/value creation and value preservation objectives, objectives key to a company’s long-term success.
  • Accountability to assess/report on risk/certainty is positioned squarely with management most responsible for achievement of the objective(s) and reacting quickly when new risk information and opportunities emerge, and/or performance data indicates major problems.
  • The focus of 2nd LINE is to help 1st line be the primary risk/certainty assessor/reporters. The 1st Line provides primary status data to the CEO and Board. The focus of the 3rd LINE is to assess and report opinions to the Board on the reliability of the risk/certainty status information the Board gets.
  • The C-suite with Board oversight defines the top strategic/value creation and value preservation objectives they want risk/certainty information on. Risk management and Internal Audit move from being “supply driven” to “demand driven” by their customers. A much safer place to be.
  • CEOs/Boards (RM/IA customers) specify the objectives important enough to warrant the cost of formal risk/certainty assessment and they specify the target level of risk/certainty assessment rigor. Risk/certainty assessment rigor options range from “intuitive/experiential” done by an Owner/Sponsor with or without facilitator assistance taking as little as an hour, to the most advanced risk/decision support methods available that may require many weeks, even months of time/effort.
  • Professionals taking this certification training are well positioned for future positions in 1st/2nd/3rd line groups in public and private sector organizations that buy the business case for objective centric risk and certainty management.
  • All the LINES are focused on assessing/reporting on the risk/certainty of achieving the company’s most important objectives. The goal – better data to make important decisions. For the first time, all the LINES use a common taxonomy and method to assess and report on risk/certainty of achieving top objectives.
  • Boards/companies are able to demonstrate to powerful institutional investors and regulators they are overseeing strategic planning, the effectiveness of the company’s risk management framework, and effectiveness of internal audit.
  • The value added by risk functions and internal audit is increased exponentially per dollar of spend.

Who the cORCM™ Certification Course if For:

  • Internal audit professionals
  • Risk management professionals
  • 1st line function professionals and managers
  • 2nd line function professionals and managers

The cORCM™ Certification Course includes:

  • Strong 1st Line Objective Centric Risk & Certainty Management: The big picture, business case, and linkages to COSO ERM 2017, ISO 31000 2018 and IIA 2020 THREE LINES MODEL.
  • Selling the business case and overcoming objections to strong 1st LINE/demand driven/objective centric risk and certainty management.
  • Populating the Objectives Register: Methods to decide on/identify top strategic/value creation objectives and value preservation objectives and assign Owner/Sponsors, target risk/certainty assessment rigor, and target independent assurance.
  • Identifying risks: introduction to 10 primary methods to identify risks to an objective and 30 to 40 more additional supplemental methods to identify/assess risks that effect certainty objectives will be achieved
  • Methods to identify risk treatments available to mitigate risk/transfer risk/share risk/finance risk/avoid risk/accept risk. Methods include using a 9 category Risk Treatment Principles/100+ sub-element framework and other methods including research, benchmarking, facilitation prompts and many more.
  • Creating a reliable picture of the current Residual Risk Status/Certainty linked to top objectives for decision makers, including best available performance data, impacts of non-achievement of the objective, impediment data, and accepted and unacceptable concerns/unmitigated risk situations. This step defines the an organization’s true “risk appetite/tolerance”.
  • Reporting results to Owner/Sponsors/C-suites/Boards: Recommended reports and summary commentary from CROs/CAEs.
  • 6 Level quality assurance framework: Ensuring that the C-Suite and Board are getting materially reliable information on current risk/certainty linked to top strategic/value creation objectives and value preservation objectives
  • Selecting software to support OCRCM: Lessons learned since 1996 building and implementing objective centric software systems. Beware of vendors who say their software can be configured to do anything/everything.
  • Core skills to successfully facilitate objective centric risk and certainty management assessments using CertaintyStatusLine – lessons from a 35 years of facilitating workshops around the world.
  • Using objective centric risk and certainty management for SOX 404/SOX like risk/control assessments to identify the balance sheet/income statement line items/XBRL codes with unacceptable residual risk/certainty.

When you are ready to start using the speed of 5G internal auditing and risk management, the cORCM™ certification course is exactly right for you.

Organizations are requesting objective-centric, demand-driven, and stronger 1st line functions, that is exactly what you learn to do in this certification course.

Take your career to a new level when you get in on the ground floor of this radical shift to risk management and internal audit.

Field: Management Services
Delivery Method: Self Study
CPE Hours: 25.0
Format: Videos, Tools and Downloads


  • Templates and tools to implement OCRCM at your organization ($1,000+ value)
  • Certification exam and study material included as part of the course for free ($500-$1,000 value)
  • The Certification in Objective-Centric Risk & Certainty Management (cORCM™) professional designation when you pass the exam at the end of the course.
  • Use your cORCM designation on LinkedIn and your resume / CV for life proving to others you know how to use objective-centric risk & certainty management and assurance approach.
  • No travel necessary ($2,000+ savings)


"Great course - really enjoyed the interaction between Jason and Tim" - Steven

"Good luck with this certification, Tim and Jason! You are on target with what you are trying to teach and certify" - Paul

Your Instructor

Tim Leech
Tim Leech

Tim is founder and Managing Director at Risk Oversight Solutions. His focus for the past 30 years has been promoting the business case for, and helping organizations implement, strong management driven objective centric risk and certainty management. He has received awards for outstanding contributions from CPA Ontario, IIA, ACFE and OCEG. His work in the field of strategy and risk governance has been recognized by articles published by Harvard and Columbia Universities, London School of Economics, the IIA, Conference Board, and many others.

He has taught tens of thousands of board directors, senior executives, risk specialists and internal auditors around the globe. In December 2019 Richard Chambers named Tim to his list of the top 10 internal audit and risk thought leaders of the decade globally.

He has provided training and advice to major corporations around the world including Mobil, Shell, Telstra, NAB, KPMG, RBC, CIBC, MBNA, Manulife, Canadian federal government, BellSouth, Sonera, Rabobank, Telecom Italia, ABN Amro, Novartis, TMX, City of Burlington, public sector organizations at all levels, SVG Capital, and hundreds of others.


Course Curriculum

  #1 Strong 1st Line Objective Centric Risk & Certainty Management
Available in days
days after you enroll
  #1A Aligning ERM and Internal Audit With Your Corporate Risk Culture
Available in days
days after you enroll
  Additional Resources & Downloads
Available in days
days after you enroll
  #2 Selling the Business Case and Overcoming Objections
Available in days
days after you enroll
  #3 Populating the Objectives Register
Available in days
days after you enroll
  #4 Methods to Identify and Assess Risks and Opportunities
Available in days
days after you enroll
  #5 Risk Treatments - Much More Than Controls
Available in days
days after you enroll
  #6 Creating a Reliable Picture of the Current Residual Risk Status/Certainty Linked to Top Objectives
Available in days
days after you enroll
  #7 Reporting Results to Owner/Sponsors/C-suites/Boards
Available in days
days after you enroll
  #8 Six Level Quality Assurance Framework
Available in days
days after you enroll
  #9 Facilitating Workshops
Available in days
days after you enroll
  #10 Using Objective Centric Risk Assessment for SOX 404 and SOX 404 like requirements
Available in days
days after you enroll
  Objective Centric and Demand Driven Internal Auditing
Available in days
days after you enroll
  Selecting Software to Support OCRCM
Available in days
days after you enroll
  cORCM™ Exam
Available in days
days after you enroll
  Certification Process
Available in days
days after you enroll

Frequently Asked Questions

When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 7 days and we will give you a full refund.
How do I receive the cORCM designation?
Complete the course, study and take the exam that is included for free with the course. Once you pass the exam, you will submit an application (step-by-step details are included in the course) and 3-4 weeks later you will receive your cORCM designation via e-mail.
Do I need to get other materials or pay anything additional to get the cORCM professional designation?
No. Everything you need to get certified is included in the course. There is also no requirement to pay for renewal of the cORCM designation. Once you obtain it, you can use the designation for life.
What if I don't pass the cORCM exam?
You need to get a 70% or better score to pass the cORCM exam. The exam is 35 multiple choice questions, based on the material from the course. You take the exam as part of the course from your computer or device. There is no testing center requirement. If you don't pass the exam, you can take it again as many times as you need until you pass.
What is the format of the course?
This is a video on-demand lecture format course, so you can listen to the lectures as if you were in an in-person course. There is a participant workbook for taking notes and preparing for the exam and tools you will need to implement this approach included.
How many continuing professional education (CPE) hours are available for the course?
The Certification in Objective-Centric Risk & Certainty Management (cORCM) certification course qualifies for 25 hours of continuing professional education for the topic of management services and self-study.
What are the continuing professional education (CPE) requirements?
You must maintain a minimum of 40 hours of CPE each year, 20 hours of which need to be in the field of study: auditing. You will not need to submit your CPE each year, but may be randomly selected for CPE audit where you will need to provide us with evidence that you completed your annual CPE.

Get started now!