About The Virtual Governance Institute

The 21st century is dictating a more progressive approach to governance and oversight. Over the past twenty-plus years VGI founder, Greg Duckert, and co-founder, Thomas Schleppenbach, have created a core curriculum of proprietary methodologies and academic content to deliver cutting edge approaches and elevate your Risk Assessment and Enterprise Risk Management results.

In the early 1990’s Duckert recognized that risk analysis methods used by most businesses provide an estimation platform for arriving at a risk position using assumptions and speculation. They largely ignore specific data about the business that may impact the decision at hand.

Duckert created Data Centric™ Customized Enterprise Risk Management (CERM™), a data driven risk analysis method that ensures a four dimensional approach considering your business’s Financial, Operational, Regulatory, and Technological (FORT™) history in every decision.

Virtual Governance Institute is the knowledge base necessary for the implementation of CERM™. VGI is dedicated to providing hands-on guidance and counsel for CERM™ to all types of public and private organizations in all industries. Completing one or more of our professional and paraprofessional certificates will distinct yourself from the rest and ensure confidence in your business decisions.

About The Founders

Gregory H. Duckert, MBA, CRISC, CPA, CISA, CIA

He specializes in consulting with major organizations regarding progressive Twenty-First Century methodologies for the construction of data centric enterprise risk assessment and management models including Financial, Operational, Regulatory, and IT areas of concern that yield high business values. He also consults with his clients in all areas of ERM, as well as auditing including continuous audit/consulting platforms.

In addition, in depth hands on consulting is also performed in the areas of operational analysis and process improvement methodologies. He has developed extensive risk assessment metric inventories for evaluating risks in all organizational areas including operations, IT application systems, IT operations, regulatory and financial areas.

Mr. Duckert has addressed the Permanent Undersecretary for Military Affairs of Parliament and the Defense Audit Board of the Ministry of Defense – United Kingdom on the subject matter of creating a risk based business approach to governmental oversight. He is involved in the building of or consulting on the creation of Data Centric Risk Assessment and Management models on an ongoing basis.

His other professional works and publications include the following: Process Flow Auditing; An ERM Approach to Building Annual Audit Plans; From Auditor to Consultant, Developing Essential Competencies; Data Driven Auditing, A Business Approach; Using Risk Assessment to Build Individual Audit Programs; The Business Risk Lab; Auditing the Manufacturing Process; Acquisitions, Mergers, and Divestitures; Auditing Healthcare Institutions; Auditing for Quality Improvement; Auditing Health Benefits; Sarbanes-Oxley: Roadmap to Compliance; COSO-ERM Utilizing the New Framework for SOX Compliance; Auditing Outsourced Operations; Establishing Enterprise Risk Assessment and Management Environments; Continuous Auditing: A Data Centric Approach; Establishing a 21st Century Audit/Consulting Function; Data Mining: An Essential Auditing Competency; Risk Boot Camp; Risk Based Internal Auditing; Auditing the ERM Environment; Dashboard Metrics for Auditing / Risk Management; and Building Continuous Risk Assessment Models; The CEO’s 10 Key Question Handbook for Their Direct Reports.

Thomas J. Schleppenbach, CISSP, CISM, QSA, ASV

Mr. Schleppenbach is a recognized expert in the field of IT and Information Security.  He has authored several chapters for the Information Security Management Handbook on subjects of Zero trust as a Security Model, The Value of Incident Response Exercises, Vulnerability Management and Penetration Testing, Contingency at a Glance, and Spyware, Forensics and Incident Handling.

He is certified in Information Security; a Certified Information Systems Security Professional and Certified Information Security Manager. Mr. Schleppenbach was educated at the University of Wisconsin - Eau Claire with a BS in Computer Science with a minor in Business Administration in 1986.

In addition, provided leadership, strategic information security guidance, support and technical mentoring for security assessments, has a strong working knowledge of computer system integration and networking including experience with numerous security solutions, vulnerability assessment tools, techniques and methodologies.

His other professional works include the following:

  • Performed Compliance reviews for the payment card (PCI-DSS), healthcare (HIPAA) and financial (GLBA) industries.
  • Performed Information Security Operational Plans defining strategic organizational security programs.
  • Drafted Information Security Policies and Procedures for organizations in the healthcare, financial and education industries.
  • Provided executive overviews to review strategic direction and to educate on new technologies.


  • About VGI
  • Announcements and News
  • Articles
  • Books and Publications
  • CPE Credits
  • Fees
  • Strategic Partners

Risk University

The Virtual Governance Institute has created a core curriculum of progressive methodologies and academic content in the areas of Risk Assessment, Enterprise Risk Management and Fraud Auditing to deliver cutting edge proprietary approaches to each of these critical governance areas.


The Virtual Governance Institute has created and is now introducing professional certifications that will identify individuals as leaders in the field of Auditing, Enterprise Risk Management and Data Analytics.


Virtual Governance Institute (VGI) Professional Member Information.