Want to learn what STRONG 1st LINE/OBJECTIVE CENTRIC/DEMAND DRIVEN ERM and internal audit is all about? Want to learn how to successfully sell, implement, and support a STRONG 1st LINE/OBJECTIVE CENTRIC/DEMAND DRIVEN framework? Want to know “baby steps” options if your culture is better suited to an evolutionary approach vs fast track implementation? No matter what your budget, we have options for you.

Super frugal approach $0: just visit our RESOURCES page at  Everything you need to support a DO-IT-YOURSELF approach is there. Free core training and reference materials.  Sample presentations. Descriptions and links to hundreds of short Linked In posts explaining every facet of this new modern approach.  Tons of information on the business case for change and overcoming common management and board objections. 

Least expensive with support skills training – select the modules you need/want from our c-Risk Academy portal.  They are individually priced at $99 U.S.  You can just the ones you want at $99/module or take all 11 core modules in the full #ORCM certificate course without the testing component for $1089 U.S. plus applicable taxes. Use the link below to book your c-Risk Academy courses and Tim Leech will provide an hour of free question and answer time.

One-on-one virtual training with Tim Leech – Tim Leech is the originator and developer of this game changing approach.  He has worked with thousands of companies around the world since the early 90s that wanted to learn more about the benefits of STRONG 1st LINE/OBJECTIVE CENTRIC/DEMAND DRIVEN ERM and internal audit and how to do it.  Tim will take you through all 11 modules of the OCRM certificate course and provide answers specific to our situation and needs. Student receive copyright license to all training and reference materials necessary for successful implementation. This option is priced a $1999 U.S. plus any applicable tax. Contact Tim at for more information.

Full certificate program via c-Risk Academy – want the flexibility to take the training when you want, where you want? Details on the certificate program are below.  Cost is $1999 U.S. plus applicable taxes including final exam and certificate from c-Risk Academy in OBJECTIVE CENTRIC RISK AND UNCERTAINTY MANAGEMENT.  This option includes 1 free hour of Question & Answer with Tim via Zoom. 

One-on-more-than-1 virtual training with Tim Leech – Tim will train up to 10 people at a cost of $1999 U.S. for the 1st person plus $1000/person for each additional student.  A description of the certificate course is below.  The training presentation will be customized to your specific business sector, circumstances and needs.  Students will receive copyright license to all materials necessary for successful implementation. Contact Tim at for more information.

Customized in-person training - Contact Tim at for more information and a detailed quote.  We will customize your training to fit your specific needs. Tim has been providing world-class training for over 3 decades.

Learn from Experts that Pioneered Objective-Centric Risk

img traning


Practical, step-by-step training to equip you/your risk function and/or internal audit department professionals to implement and maintain the newest generation of ERM and Internal audit – objective centric risk and uncertainty management. Earn CPE = 20

Whether you are a risk specialist or internal auditor there are clear signs that the future of both professions is objective centric risk and uncertainty management.

In 2017 COSO issued new ERM guidance. The title is “Enterprise Risk Management: Integrating with Strategy and Performance”. It calls on risk professionals to transition from risk centric/risk register based ERM to one that focuses on assessing the risk/uncertainty linked to top strategic/value creation and value preservation objectives and directly linking risk assessments with performance data.

ISO 31000 2018, the global risk management standard, defines risk as “effect of uncertainty on objectives”. The introduction opens with:

Organizations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives.

Managing risk is iterative and assists organizations in setting strategy, achieving objectives and making informed decisions.

In the internal audit space, the IIA issued Sawyer's Internal Auditing: Enhancing and Protecting Organizational Value, 7th Edition in 2019. The book chronicles an evolution in internal audit methods/thinking. The most modern evolved internal auditor that started to emerge in 2015 is coined “the Objective-Based Auditor”.

1. 1941 - the Internal/External Auditor
2. 1970 - the Internal Control Process Auditor
3. 1990 - the Risk-Based Auditor
4. 2000 - the Risk Management-Based Auditor
5. 2015 - the Objective-Based Auditor

Dan Clayton, one of the principal authors of this IIA Sawyer update, gave a progress report in February 2021 in a Linked In post. His conclusion was not encouraging: “Many internal auditors are still producing the original internal audit value from 1941.”

In 2020 the IIA updated the original THREE LINES of DEFENSE, a weak 1st LINE model, and issued the new THREE LINES MODEL. Even a quick scan of the overview diagram below makes it clear that 1st and 2nd “LINES” focus is “Actions (including managing risks) to achieve organizational objectives”. The focus of the 3rd LINE is defined as “Independent and objective assurance and advice on all matters related to the achievement of objectives”. The role of the “GOVERNING BODY” is “organizational oversight”. Given the roles defined for 1st/2nd/3rd lines, its clear the board’s job is to oversee risk/uncertainty top value creation and preservation objectives are achieved.

For Boards of Directors powerful institutional investors are escalating pressure on boards to demonstrate that they are effectively overseeing strategic planning and risk management. The International Corporate Governance Network (ICGN), a global not-for-profit representing companies with assets under management totalling over $26 trillion, calls on investors to start by focusing their attention on the boards of investee companies:

“The risk oversight process begins with the board. The unitary or supervisory board has an overarching responsibility for deciding the company’s strategy and business model and understanding and agreeing on the level of risk that goes with it. The board has the task of overseeing management’s implementation of strategic and operational risk management”.

Benefits of Objective-Centric Risk & Uncertainty Management

  • All efforts are focused on increasing/managing the uncertainty of achieving top strategic/value creation and value preservation objectives, objectives key to a company’s long-term success.
  • Accountability to assess/report on risk/uncertainty is positioned squarely with management most responsible for achievement of the objective(s) and reacting quickly when new risk information and opportunities emerge, and/or performance data indicates major problems.
  • The focus of 2nd LINE is to help 1st line be the primary risk/uncertainty assessor/reporters. The 1st Line provides primary status data to the CEO and Board. The focus of the 3rd LINE is to assess and report opinions to the Board on the reliability of the risk/uncertainty status information the Board gets.
  • The C-suite with Board oversight defines the top strategic/value creation and value preservation objectives they want risk/uncertainty information on. Risk management and Internal Audit move from being “supply driven” to “demand driven” by their customers. A much safer place to be.
  • CEOs/Boards (RM/IA customers) specify the objectives important enough to warrant the cost of formal risk/uncertainty assessment and they specify the target level of risk/uncertainty assessment rigor. Risk/uncertainty assessment rigor options range from “intuitive/experiential” done by an Owner/Sponsor with or without facilitator assistance taking as little as an hour, to the most advanced risk/decision support methods available that may require many weeks, even months of time/effort.
  • Professional taking this training are well positioned for future positions in 1st/2nd/3rd line groups in public and private sector organizations that buy the business case for objective centric risk and uncertainty management.
  • All the LINES are focused on assessing/reporting on the risk/uncertainty of achieving the company’s most important objectives. The goal – better data to make important decisions. For the first time, all the LINES use a common taxonomy and method to assess and report on risk/uncertainty of achieving top objectives.
  • Boards/companies are able to demonstrate to powerful institutional investors and regulators they are overseeing strategic planning, the effectiveness of the company’s risk management framework, and effectiveness of internal audit.
  • The value added by risk functions and internal audit is increased exponentially per dollar of spend.


c-ORCM Certification Courses included:

  • Strong 1st Line Objective Centric Risk & Uncertainty Management: The big picture, business case, and linkages to COSO ERM 2017, ISO 31000 2018 and IIA 2020 THREE LINES MODEL.
  • Selling the business case and overcoming objections to strong 1st LINE/demand driven/objective centric risk and uncertainty management.
  • Populating the Objectives Register: Methods to decide on/identify top strategic/value creation objectives and value preservation objectives and assign Owner/Sponsors, target risk/uncertainty assessment rigor, and target independent assurance.
  • Identifying risks: introduction to 10 primary methods to identify risks to an objective and 30 to 40 more additional supplemental methods to identify/assess risks that effect uncertainty objectives will be achieved
  • Methods to identify risk treatments available to mitigate risk/transfer risk/share risk/finance risk/avoid risk/accept risk. Methods include using a 9 category Risk Treatment Principles/100+ sub-element framework and other methods including research, benchmarking, facilitation prompts and many more.
  • Creating a reliable picture of the current Residual Risk Status/Uncertainty linked to top objectives for decision makers, including best available performance data, impacts of non-achievement of the objective, impediment data, and accepted and unacceptable concerns/unmitigated risk situations. This step defines the an organization’s true “risk appetite/tolerance”.
  • Reporting results to Owner/Sponsors/C-suites/Boards: Recommended reports and summary commentary from CROs/CAEs.
  • 6 Level quality assurance framework: Ensuring that the C-Suite and Board are getting materially reliable information on current risk/uncertainty linked to top strategic/value creation objectives and value preservation objectives
  • Selecting software to support OCRCM: Lessons learned since 1996 building and implementing objective centric software systems. Beware of vendors who say their software can be configured to do anything/everything.
  • Using objective centric risk and uncertainty management for SOX 404/SOX like risk/control assessments to identify the balance sheet/income statement line items/XBRL codes with unacceptable residual risk/uncertainty