Certified Member of the Risk Committee of the Board of Directors (CMRBD), distance learning and online certification program


The program provides with the skills needed to understand and support regulatory compliance and enterprise wide risk management as a member of the Risk Committee of the Board of Directors. The program also provides with the skills needed to pass the Certified Member of the Risk Committee of the Board of Directors (CMRBD) exam. We have updated the program the 18th of January, 2019.

Target Audience

The CMRBD certification program is beneficial to potential, new and sitting members of the Risk Committee of the Board of Directors.

Course Synopsis

The Risk Committee of the Board of Directors.
From the OECD Principles of Corporate Governance.
From the FSB Thematic Review on Corporate Governance, Peer Review Report.
Case studies, where we can clearly understand the role of the risk committee.
Designing and implementing a risk and compliance program.
Principles of effective compliance programs.

COSO, COSO ERM - The frameworks.
The Internal Control - Integrated Framework.
Understanding the five interrelated components, necessary for effective internal controls.
1. The control environment.
2. Risk assessment.
3. Control activities.
4. Information and communication.
5. Monitoring.
Internal Control - Integrated Framework 2013.
Using the Internal Control - Integrated Framework.
Example: Cyber risk and COSO.

The COSO ERM Framework.
COSO and COSO ERM cubes.
The eight interrelated components.
1. Internal Environment.
2. Objective Setting.
3. Event Identification.
4. Risk Assessment.
5. Risk Response.
6. Control Activities.
7. Information and Communication.
8. Monitoring.
Achievement of Objectives.
1. Strategic - high-level goals, aligned with and supporting its mission.
2. Operations - effective and efficient use of its resources.
3. Reporting - reliability of reporting.
4. Compliance - compliance with applicable laws and regulations.
2017 - The updated COSO ERM.
The changing risk landscape.
Benefits of effective Enterprise Risk Management.
The role of risk in strategy selection.

The SEC and the Sarbanes-Oxley Act.
The PCAOB rulemaking process.
Public Company Accounting Oversight Board, Auditing Standards.

Stress Testing.
What is financial stress testing.
Scenario tests.
A. The portfolio-driven approach.
B. The event-driven approach.
Sensitivity tests.
Choosing stress-test scenarios.
Berkowitz and stress testing.
Regulatory stress tests.
Micro stress tests.
Macro stress tests.
Stress testing scenarios based on a higher correlation environment.
Correlation coefficient.
Endogenous and Exogenous risks.
Heisenberg's uncertainty principle and stress testing.
The birth of stress testing.
Financial Sector Assessment Programs (FSAPs).
From the Value at Risk to Stress Testing.
What is expected under normal market conditions.
Expected and Unexpected Losses.
Use of stress testing and integration in risk governance.

Basel Committee, stress testing principles, December 2017.
1. Stress testing frameworks should have clearly articulated and formally adopted objectives.
2. Stress testing frameworks should include an effective governance structure.
3. Stress testing should be used as a risk management tool and to inform business decisions.
4. Stress testing frameworks should capture material and relevant risks and apply stresses that are sufficiently severe.
5. Resources and organisational structures should be adequate to meet the objectives of the stress testing framework.
6. Stress tests should be supported by accurate and sufficiently granular data and by robust IT systems.
7. Models and methodologies to assess the impacts of scenarios and sensitivities should be fit for purpose.
8. Stress testing models, results and frameworks should be subject to challenge and regular review.
9. Stress testing practices and findings should be communicated within and across jurisdictions. Comparison of current principles and proposed new principles.

Introduction to Cyber Risk.
Defining cybersecurity.
Information Operations (IO).
Cyber Espionage.
Cyber risks today, and what is different for organizations and employees.
The attribution problem.
The second attribution problem.
Misinformation, disinformation, deception management, fabrication.
Disinformation management.
Active Defence and Offensive Countermeasures.
The future.

For secure payment we work with PayPal, the faster and safer way to make online payments. With PayPal we minimize the cost of administration and compliance with national and international laws, so we can keep the cost of our programs and services so low.

Only PayPal receives your credit card number and your financial information. We receive your full name, your email, and your mail address. According to the PayPal rules, you have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email and we will refund the payment, no questions asked.

When you click "Buy Now" below, you will be redirected to the PayPal web site. Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Rebackerstrasse 7, 8810 Horgen, Switzerland, Handelsregister des Kantons Z├╝rich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

We will send the program up to 24 hours after the payment.

The all-inclusive cost is $297. There is no additional cost, now or in the future, for this program.

What is included in the program:

A. The official presentations we use in our instructor-led classes (1,217 slides)

B. Up to 3 Online Exams

You have to pass one exam. If you fail, you must study the official presentations and try again, but you do not need to spend money. Up to 3 exams are included in the price. To learn more you may visit:



C. Your certificate

Processing and posting to your office or home (via registered mail).

Frequently Asked Questions

1. How comprehensive are the presentations? Are they just bullet points?

Answer: The presentations are not bullet points, you can read them, understand, and learn. These are the official presentations we use in our instructor-led classes.

2. Do I need to buy books to pass the exam?

Answer: No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations.

If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, like "FSAP", "Stress Test" etc., to know where to find the answer of a question.

3. Is it an open book exam? Why?

Answer: Yes, it is an open book exam. Risk and compliance management is not something you have to memorize, it is something you must understand and learn.

4. Do I have to sit for the exam soon after receiving the presentations?

Answer: No. You can sit for the exam from your office or home, any time in the future. Your account never expires and there is no restriction of any kind.

5. Do I have to spend more money in the future to remain certified?

Answer: No. Your certificate never expires. It will be valid, without the need to spend money or to sit for another exam in the future.

6. Ok, the certificate never expires, but things change.

Answer: Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.

Things change, and this is the reason you need to become (at no cost) a member of the association. You will receive our newsletter every month, with updates, alerts and opportunities, to stay current.

7. How many hours do I need to study to pass the exam?

Answer: It depends on your knowledge and experience. You must study the presentations at least twice, to ensure you have learned the details. The average time needed is about 32 hours, but there are important differences.

8. I want to learn more about the online exam.

Answer: You will be given 90 minutes to complete a 35-question multiple-choice exam. You must score 70% or higher.

We do not send sample questions. If you study the presentations carefully, you can score 100%.

9. Why should I get certified?

Answer: After the failures of so many organizations during the recent crisis, firms and organizations hire "fit and proper" board members who can provide evidence that they are qualified.

10. Why should I choose your certification program?

Answer: It is always good to investigate first. We strongly believe that we offer very good value for money:

a. The CMRBD is a unique program. You can check the course synopsis above.

b. The all-inclusive cost of the program ($297) is very low. There is no additional cost for this program, now or in the future, for any reason.

c. There are 3 exams that are included in the cost of the program, so you do not have to spend money again if you fail.

d. No recertification is required. Your certificate never expires.