Chief Risk Officer (CRO) Certificate

I can’t say enough about the amazing experience I had attending these programs and the value it has provided me over the past several years. I completed the CISO certificate program and it was so helpful that I went back for the CRO program. As many of us have seen over the past decade, cyber threats are an enterprise risk and the education, relationships, and insight I received from both programs at CMU has been invaluable. Jim Trainor | Senior Vice President, Aon | Former Asst. Director, FBI Cyber Division

• Cohort 11 (Spring 2025) Program Dates & Schedule

  Virtual Orientation: 12:00 - 5:00 p.m. EST
  February 12-14, 2025
  
  Virtual Modules: 4:00 - 9:00 p.m. EST/EDT
  (Note: all virtual class dates are Tuesdays)
  February 25 (2025)
  March 18, 25 (2025)
  April 8, 15 (2025)
  May 6 (2025)
  
  Mid-Session: 9:00 - 5:00 p.m. EDT (Pittsburgh, PA; virtual option available)
  May 13-15, 2025
  
  Virtual Modules: 4:00 - 9:00 p.m. EDT
  (Note: all virtual class dates are Tuesdays)
  June 3, 10, 17 (2025)
  July 15, 22 (2025)

  Practicum: 9:00 a.m. - 5:00 p.m. EDT (Pittsburgh, PA; virtual option available)
  August 11-12, 2025

• Cohort 10 (Spring 2024) Program Dates & Schedule

  Virtual Orientation: 12:00 - 5:00 p.m. EDT
  May 14-16, 2024
  
  Virtual Modules: 4:00 - 9:00 p.m EDT
  (Note: all virtual class dates are Tuesdays)
  May 28 (2024)
  June 4, 18, 25 (2024)
  July 16, 23 (2024)

  Program Mid-Session: 9:00 a.m. - 5:00 p.m. EDT (Pittsburgh, PA; virtual option available)
  July 29-31, 2024
  
  Virtual Modules: 4:00 - 9:00 p.m. EST
  (Note: all virtual class dates are Tuesdays)
  August 13, 20, 27 (2024)
  September 10, 17 (2024)
  
  Practicum: 9:00 a.m. - 5:00 p.m. EST (Pittsburgh, PA; virtual option available)
  September 30-October 1, 2024

• Class Location
  The program mid-session and practicum will be held in person at our main campus in Pittsburgh:
  
  Heinz College of Information Systems and Public Policy
  Carnegie Mellon University
  4800 Forbes Avenue
  Pittsburgh, PA 15213
  
  A virtual option will be offered for the program mid-session and practicum; students will not be required to travel to complete the program.
• The Executive Advantage Program

  Earning your executive education certificate is just the beginning of a lifelong relationship with CMU; we're here to help you advance your career throughout your professional life. The Heinz College Executive Advantage program is meant for people who always want to be ahead of the curve—those who want to lead the conversation, not just be a part of it. 

  Executive Advantage was designed with you—C-suite executives and lifelong learners—in mind. In addition to the valuable skills you gain through our executive certificate programs, you now have access to workshops, leadership summits, and conferences. 

• Role of the CRO

  Instructors:
  Brian Schwartz | Lead Client Partner and Enterprise Risk Management Leader, PwC
  Jonathan Schwartz | Vice President, Internal Audit, Compass

  In today’s global business environment, risk management must be aligned to business strategy. The CRO role is an important catalyst in this process so that a company can realize its long-term strategic objectives. This module focuses on discussing CRO roles and responsibilities; how the CRO integrates effectively in organizational governance and operations; and leadership and management practices that enhance the ability of today’s CRO to succeed in any organization.

  This session sets the stage for the overall CRO certificate program and the subsequent modules.

• Enterprise Risk Governance — Models and Frameworks

  Instructor: 
  Brett Tucker | Technical Manager, Cyber Risk Management, SEI

  This module will define the baseline components of an enterprise risk management program, develop a risk appetite statement, and work to establish the governance and policy framework for the organization. This module will also provide practical guidance on available models, standards, and frameworks that can be tailored to your organization’s needs. Students will also discuss how to implement a model within an organization.

• Executive Presence — Leadership and Communications

  Instructors: 
  David Lassman | Distinguished Service Professor, Carnegie Mellon University's Heinz College
  Chris Labash | Assistant Teaching Professor, Carnegie Mellon University's Heinz College

  This module is designed to improve your effectiveness as a leader by introducing you to frameworks for understanding organizations and organizational processes.

  This session will focus on how to effectively lead and inspire, foster teamwork, and create a culture that helps better manage risk. This module will also discuss effective ways to communicate risk related organizational goals to the board and senior management.

• Enterprise Landscape of Risk — Part 1, Financial Risk

  Instructor: 
  James Quinn | Co-Founder, Q9 Capital

  This module is focused on discussing a major component within the landscape of en­terprise risks—financial risk. It will help to set the stage for an overall understanding of the components of financial risk including market and credit risk. The module will also provide a baseline for students on GRC best practices, risk taxonomy, and issues man­agement.

• Enterprise Landscape of Risk — Part 2, Operational Risk

  Instructor: 
  David Dunn | Chief Risk Officer, FIS

  Understanding how to identify, measure, and manage operational risk commensurate with one’s specific business, industry, or sector is a primary objective of any enterprise risk framework, and consequently, of any CRO.

  This module will provide a comprehensive overview of operational risk concepts, including common frameworks and activities, and provide practical guidance and techniques to implement and manage an operational risk management function. The module will conclude with a guest lecture on privacy risk management issues from a Chief Privacy Officer

• Enterprise Landscape of Risk — Part 3, Strategic Risk

  Instructor: 
  James Lam | President, James Lam & Associates, Inc.

  The intersection of ERM and strategy is arguably one of the most important areas where the CRO can add value. As such, strategic risk should be a key focus area in any ERM program.

  What is the role of the CRO in strategic risk management? How should the CRO support the CEO and the Board and collaborate with the CFO and head of strategy? What are best practice strategic risk frameworks that companies can consider? This module will address and explore these questions.

• Enterprise Landscape of Risk — Part 4, Cyber Risk

  Instructor: 
  Shaun Khalfan | SVP, CISO, PayPal

  Today’s businesses face an array of potential disruptions from digital-based threats, such as denial-of-service attacks or the proliferation of ransomware. To effectively manage risk-based operations, an organization must become adept at preventing disruptions whenever possible and ensuring continuity of operations when a disruption occurs.

  This module discusses the necessary steps to enhance existing cyber risk management processes, and examines the role that the CRO can play.

• Enterprise Landscape of Risk — Part 5, Compliance Risk

  Instructor: 
  K.C. Turan | Executive Vice President, Chief Risk, Compliance & Ethics Officer, Commonwealth Care Alliance

  Compliance risk management is the process of identifying, assessing and mitigating potential losses that may arise from an organization’s noncompliance with laws, regula­tions, standards, and both internal and external policies and procedures. Organizations must have compliance risk management policies and procedures, which are the frame­work and mechanisms they implement to control compliance risk. This module will cov­er the compliance risk landscape organizations are facing today (including privacy and ESG), and will discuss the needed policies, procedures and training programs to stay in compliance with key organizational directives and regulations.

• Risk Assessment and Appetite for Decision Making

  Instructor:
  Dr. Earl Crane | Risk Executive Strategic Advisor, Earl Crane, LLC

  This module will discuss the importance of risk assessment to the ERM program and the Chief Risk Officer in risk governance and management and decision making. Risk assessments are critical to effective risk management, reporting issues, and designing internal controls.

  This module will also focus on developing risk appetite statements (qualitative and quantitative). Students will be led through a design workshop to understand the details of this important tool for risk-informed decision making.

• Disruptive Risk and Scenario Analysis

  Instructor: 
  James Lam | President, James Lam & Associates

  This module will discuss how organizations can cope and overcome disruptive risks to minimize impact to business operations and discuss best practices for using scenario analysis to not only manage the expected risks that their organizations may face in the course of daily operations, but now also the unexpected risks that would have a potential, material impact.

• CRO Organization Function and Operations — Build and Run

  Instructor: 
  Spyro Karetsos | Chief Compliance Officer, Remitly

  This module is an overview of practical “day-to-day” operations. Students will learn how to properly plan, structure, finance, and obtain “buy-in” from the organization and report on your risk team. This clear outline of the risk team structure and operations will better enable CROs to demonstrate the charter and effectiveness of the team to their organizations.

• CRO Metrics and Reporting

  Instructor:
  Summer Fowler | CISO, Torc Robotics

  This module will discuss important tips on how to build useful meaningful, strategic metrics, communicate the effectiveness of the program, and establish effective communication links with the C-suite and Board.

  This module will also cover how to develop more effective risk visualizations to enhance reporting effectiveness.

• BC/DR Best Practices and Building Organizational Resilience

  Instructor: 
  Matt Butkovic | Technical Director of Cyber Risk and Resilience, CERT Division of SEI

  This module provides a comprehensive overview of organizational resilience management and its related subjects and challenges.

  This session will also cover best practices for developing comprehensive business continuity and disaster recovery plans in order to manage the impact of today’s risk landscape efficiently and effectively. The module will end with a guest lecture to discuss how to implement and operate an effective BC/DR plan in times of uncertainty.

• Risk Response Techniques

  Instructor:
  Laurie Champion | Managing Director & Global Client Executive, Marsh & McLennan Companies

  The CRO plays an important role in encouraging understanding of potential trade-offs between pre-event planning and post-event response, as well as how a combination of Risk Response techniques can offer the best solution.

  This module discusses the key characteristics of an effective Risk Response capability, along with the role the CRO plays in building Risk Response capability across the organization. Discussion will provide practical insight into best practices, including risk control, supply chain and contract management, insurance, and related matters. The module will conclude with a guest lecture on Risk Engineering from an insurance carrier.

• CRO Organization Function and Operations — Mature

  Instructor: 
  Ryan Zanin | Chief Risk Officer, Westpac

  In this module, students will discuss the aspirations, efforts, methods, and challenges involved in maturing your risk operations to be a highly respected contributor to the overall success of the enterprise.

  This module will cover how to build and evolve risk organizations from a “must have” speed bump on the highway of corporate ambition to becoming an invaluable contributor to the successful realization of corporate strategy and a leader setting table stakes for the corporate culture. The module will also include a guest lecture from a Chief Audit Executive to provide some insight into how a mature organization works with this function.

• Role of Data and Analytics in Risk Management

  Instructor: 
  Denise Letcher | Executive Vice President, Chief Data Officer, PNC Financial Services Group, Inc.

  With the rise of new risks, the use of data analytics and other advanced technologies has become more important than ever. The risk management approach must embed these technologies across the entire risk management process, starting from identification to assessment to mitigation to monitoring. This module will discuss how an analytics-driven approach can be used to measure the risk characteristics of a unit, as well as define common metrics for measuring an enterprise-wide risk profile.