He specializes in consulting with major organizations regarding progressive Twenty-First Century methodologies for the construction of data centric enterprise risk assessment and management models including Financial, Operational, Regulatory, and IT areas of concern that yield high business values. He also consults with his clients in all areas of ERM, as well as auditing including continuous audit/consulting platforms.
In addition, in depth hands on consulting is also performed in the areas of operational analysis and process improvement methodologies. He has developed extensive risk assessment metric inventories for evaluating risks in all organizational areas including operations, IT application systems, IT operations, regulatory and financial areas.
Mr. Duckert has addressed the Permanent Undersecretary for Military Affairs of Parliament and the Defense Audit Board of the Ministry of Defense – United Kingdom on the subject matter of creating a risk based business approach to governmental oversight. He is involved in the building of or consulting on the creation of Data Centric Risk Assessment and Management models on an ongoing basis.
His other professional works and publications include the following: Process Flow Auditing; An ERM Approach to Building Annual Audit Plans; From Auditor to Consultant, Developing Essential Competencies; Data Driven Auditing, A Business Approach; Using Risk Assessment to Build Individual Audit Programs; The Business Risk Lab; Auditing the Manufacturing Process; Acquisitions, Mergers, and Divestitures; Auditing Healthcare Institutions; Auditing for Quality Improvement; Auditing Health Benefits; Sarbanes-Oxley: Roadmap to Compliance; COSO-ERM Utilizing the New Framework for SOX Compliance; Auditing Outsourced Operations; Establishing Enterprise Risk Assessment and Management Environments; Continuous Auditing: A Data Centric Approach; Establishing a 21st Century Audit/Consulting Function; Data Mining: An Essential Auditing Competency; Risk Boot Camp; Risk Based Internal Auditing; Auditing the ERM Environment; Dashboard Metrics for Auditing / Risk Management; and Building Continuous Risk Assessment Models; The CEO’s 10 Key Question Handbook for Their Direct Reports.
Thomas J. Schleppenbach, CISSP, CISM, QSA, ASV
Mr. Schleppenbach is a recognized expert in the field of IT and Information Security. He has authored several chapters for the Information Security Management Handbook on subjects of Zero trust as a Security Model, The Value of Incident Response Exercises, Vulnerability Management and Penetration Testing, Contingency at a Glance, and Spyware, Forensics and Incident Handling.
He is certified in Information Security; a Certified Information Systems Security Professional and Certified Information Security Manager. Mr. Schleppenbach was educated at the University of Wisconsin - Eau Claire with a BS in Computer Science with a minor in Business Administration in 1986.
In addition, provided leadership, strategic information security guidance, support and technical mentoring for security assessments, has a strong working knowledge of computer system integration and networking including experience with numerous security solutions, vulnerability assessment tools, techniques and methodologies.
His other professional works include the following:
- Performed Compliance reviews for the payment card (PCI-DSS), healthcare (HIPAA) and financial (GLBA) industries.
- Performed Information Security Operational Plans defining strategic organizational security programs.
- Drafted Information Security Policies and Procedures for organizations in the healthcare, financial and education industries.
- Provided executive overviews to review strategic direction and to educate on new technologies.