Coleman D. Ross

Education Focused on Directorships


Carnegie Mellon Logo CERT Certificate in Cybersecurity Oversight

We see vividly – painfully – how technology can harm rather than help. Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies.

— Tim Cook, Apple Corporation Chief Executive Officer

Institutes CRF

The National Association of Corporate Directors’ Cyber Risk Oversight Certificate course is considered the premier credential for directors. The online, self-paced course was developed to:

  • enhance a director’s understanding of the cybersecurity threat landscape,
  • detail the respective responsibilities of the board and management in cyber-risk oversight,
  • lead a director through a cyber-crisis simulation to evaluate an organization’s preparedness, and
  • offer a tangible credential for a director to demonstrate his or her commitment to advanced cyber-risk oversight.

CERT Badge Software Engineering Institute The course was developed for the NACD by Carnegie Mellon University’s Software Engineering Institute, CERT Division, and is accredited by the NACD for 22 credit hours towards maintaining my NACD Fellowship designations.

The course is divided into the following seven modules:

CERT Certificate in Cybersecurity Oversight
  • NACD Welcome: NACD Director’s Handbook with April 2018 and October 2018 updates, directors and officers insurance concerns
  • Cybersecurity Oversight for Directors – Program Overview
  • Overview of Cybersecurity Leadership: cybersecurity principles, cybersecurity governance, cyber-risk and resilience management – risk management overview, operational risk and resilience, critical assets and processes, threats and vulnerabilities identification, risk and impact analysis determination, risk mitigation and risk assessment, cyber threats and vulnerabilities, cybersecurity controls – control types and method, selecting cybersecurity controls, cybersecurity testing, incidence response, business continuity and disaster recovery, cybersecurity resources
  • Effective Security Structure and Operations: security structure, planning, and operations; planning, strategizing, and managing for the security team, alignment with business objectives and goals, cybersecurity enforcement and training, security investment and measurement, cybersecurity metrics
  • Cybersecurity Oversight for Directors: setting the tone at the top and allocating oversight responsibilities, cyber-risk oversight as a fiduciary duty, disclosure issues, understanding liability, board communications with the Chief Information Security Officer and senior management Cyber-Crisis Simulation Exercise: simulation exercise
  • Cyber-Crisis Simulation Exercise: simulation exercise
  • Summary of Cybersecurity Oversight for Directors

I completed this program in June 2020.

Given the significant cyber-attacks that are occurring with disturbing frequency, and the mounting evidence that companies of all shapes and sizes are increasingly under a constant threat of potentially disastrous cyber-attacks, ensuring the adequacy of a company’s cybersecurity measures needs to be a critical part of a board of director’s risk oversight responsibilities.

— Luis A. Aguilar, SEC Commissioner

 

We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.

— Dr. Larry Ponemon, Chairman and Founder,
Ponemon Institute

(back to the Education main page)

Carnegie Mellon Logo Cyber Risk Management Certificate

In support of my role as an independent director and audit committee chair and to supplement the two other cybersecurity certificate programs that I had completed (CERT Certificate in Cybersecurity Oversight and Cybersecurity Fundamentals for Financial and Accounting Professionals Certificate), I earned the Insurance Institute of America’s Cyber Risk Management Certificate by completing three of the Institute’s courses:

Institutes CRF
  • Cyber Risk Fundamentals: holistically managing cyber risk and addressing cyber risk with insurance
  • Applying Cyber Risk Management Strategies: data management strategies, a global view of cyber security, and cyber risk fundamentals
  • Managing Cyber Risk: cyber risk fundamentals, cyber risk exposures, cyber regulation, managing internal and external cyber risks, organizational resiliency, cyber risk mitigation, and addressing cyber risk with insurance.
Cyber Risk Foundations
Combined, the courses were approved by the CPCU Society for 13 hours of continuing education credit for Chartered Property Casualty Underwriters. Upon completion of the courses in June 2021, I received the Institutes’ Cyber Risk Management Certificate.

Following completion of the Cyber Risk Management Certificate program, I completed another of the Institute’s courses, Managing Client’s Cyber Risks, which covered understanding cyber risk, managing data-related exposures, and recommending cyber risk insurance. This course was approved for 7.5 hours of continuing education credit for Chartered Property Casualty Underwriters.

(back to the Education main page)

University of North Carolina seal
Cybersecurity Fundamentals for Financial
and Accounting Professionals Certificate

Breaking news about malware attacks, phishing scams, system hacks, and identity theft have become commonplace in today’s headlines. Cybersecurity threats are escalating, unnerving boards of directors, managers, investors, and other stakeholders of public and private organizations of all sizes. These organizations are under increasing pressure to demonstrate that they are managing threats, and that they have effective processes and controls in place to detect, respond to, mitigate, and recover from security incidents that could disrupt their business, result in financial loss, and destroy their reputation.

— American Institute of CPAs

AICPA
AICPA Badge

The AICPA's Cybersecurity Fundamentals for Financial and Accounting Professionals Certificate program is a comprehensive, on-demand learning experience covering the fundamental concepts of cybersecurity. In connection with my broad governance and specific audit committee roles at both Pan-American Life and Syncora Financial, I used the certificate program to broaden and strengthen my cybersecurity knowledge.

This program is approved for 15.5 hours of continuing education credits for CPAs by the National Association of State Boards of Accountancy (NASBA). The four courses in the program, which I completed in May 2019, follow:


AICPA certificate

Cybersecurity Terminology, Transformation, and Threat Landscape:

Key terms related to cybersecurity, the effect of digital transformation on business and how it relates to cybersecurity, and major areas of technology that are disrupting organizations.

Cybersecurity Frameworks:

Available cybersecurity frameworks and their use; US Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework and its five functions – identify, protect, detect, respond, and recover.

Cybersecurity Risk Management Program and the Description Criteria:

The importance of a fully developed cybersecurity risk management program focusing on the American Institute of CPAs’ Description Criteria for Management’s Description of the Entity’s Cybersecurity Risk Management Program and the implementation guidance provided for the description criteria or benchmarks within these categories – nature of business and operations, nature of information at risk, cybersecurity risk management program objectives, factors that have a significant effect on inherent cybersecurity risks, cybersecurity risk governance structure, cybersecurity risk assessment process, cybersecurity communications and quality of cybersecurity information, cybersecurity risk management program monitoring, and cybersecurity control process.

The Business of Cybersecurity:

The costs and risk transfer through cybersecurity insurance; overview of cybersecurity organizational structures; types of information security professionals; and cybersecurity services, such as readiness assessments, penetration testing, digital forensic services, and the American Institute of CPAs’ System and Organization Controls for Cybersecurity examination engagement.

Every case involving cybercrime that I’ve been involved in, I’ve never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody at the company did something they weren’t supposed to do. They read an email, went to a website they weren’t supposed to.

— Frank Abagnale
Author, “Catch Me If You Can”

(back to the Education main page)

COSO logo 
COSO Enterprise Risk
Management Certificate

COSO ERM Badge

In connection with my ongoing board responsibilities as well as my CPA continuing education requirements, I undertook the COSO Enterprise Risk Management Certificate program in 2021. COSO (an acronym for the Committee of Sponsoring Organizations of the Treadway Commission) is an organization sponsored by five finance and accounting organizations: American Accounting Association, American Institute of Certified Public Accountants, Financial Executives International, Institute of Internal Auditors, and Institute of Management Accountants.

COSO logo COSO logo COSO logo COSO logo COSO logo

The program, which I completed in December 2021, covers ERM’s framework from the publication, outlined in five interrelated components with 20 principles underlying those components:

COSO Enterprise Risk Management Certificate
COSO Enterprise Risk Management Certificate
  • Governance and culture: exercises board risk oversight, establishes operating structures, defines desired culture, demonstrates commitment to core values, attracts, develops, and retains capable individuals
  • Strategy and objective-setting: analyzes business context, defines risk appetite, evaluates alternative strategies, formulates business objectives
  • Performance: identifies risk, assesses severity of risks, prioritizes risk, implements risk responses, develops portfolio views
  • Review and revision: assesses substantial changes, reviews risks and performance, pursues improvement in enterprise risk management
  • Information, communication, and reporting: leverages information and technology, communicates information, reports on risk, culture, and performance

The program was approved for 13.5 hours of continuing education credits for CPAs by the National Association of State Boards of Accounting.

In COSO’s Executive Summary to its publication, it describes the board’s guide to ERM:

Every board has an oversight role, helping to support the creation of value to an entity and prevent its decline. Traditionally, enterprise risk management has played a strong supporting role at the board level. Now, boards are increasingly expected to provide oversight of enterprise risk management…. The board’s risk oversight role may include, but is not limited to:

  • Reviewing, challenging, and concurring with management on:
    Proposed strategy and risk appetite; Alignment of strategy and business objectives with the entity’s stated mission, vision, and core values;
    Significant business decisions including mergers and acquisitions, capital allocations, funding, and dividend-related decisions;
    Response to significant fluctuations in entity performance or the portfolio view of risk; and
    Responses to instances of deviation from core values.
  • Approving management incentives and renumeration.
  • Participating in investor and stakeholder relations.

(back to the Education main page)

NACD logo 
Fundamentals of ESG Certificate

AICPA ESG Badge

In support of my CPA continuing education requirements, as well as for any future corporate director role, I completed the AICPA’s Fundamentals of ESG Certificate program in August 2023. The course is designed to assist CPAs and other finance professionals recognize the importance of ESG (i.e., Environmental protection, Social inclusion, and corporate Governance issues) in today’s business environment and the increasing stakeholder demand for sustainability information from businesses and the key role CPAs and other finance professionals have to play. It introduces the key bodies that have created suitable reporting standards, guidelines, frameworks, and requirements that have evolved and merged in a drive toward a global baseline.

The program is approved for 6.5 hours of continuing education credits for CPAs by the National Association of State Boards of Accounting. The courses in the program, which I completed in September 2022, were:

Fundamentals of ESG Certificate
Fundamentals of ESG Certificate
  • Introduction to ESG
  • The Importance of Sustainability and ESG in Today’s Business Environment
  • Climbing the Pillars of ESG
  • The Evolution and Future of ESG

(back to the Education main page)

NACD logo 
Certificate of Director Education

Directors of Pan-American Life
Directors of Pan-American Life

Directors of Pan-American Life

Photo courtesy of Pan-American Life

In support of my role as an independent director, I completed the National Association of Corporate Directors' two-day Director Professionalism program and received the Certificate of Director Education in June 2008. The NACD is the membership organization dedicated to serving the corporate governance needs of corporate directors and boards. The organization’s professionalism course that I completed covered the following curriculum topics:

Certificate of Director Education
Certificate of Director Education
  • Board excellence: roles, responsibilities, structure, and leadership
  • Fiduciary duties of corporate boards
  • Scrutinizing financial statements: knowing what questions to ask management and auditors
  • Creating and sustaining board value: corporate strategy and risk oversight
  • Board governance and the role of the Governance and Nominating Committee
  • Audit Committees: effectiveness in the new environment
  • Executive and director compensation in the changing landscape
  • A case study on risk management

The long-recognized challenge, of course, is that the interests of management are not always completely aligned with those of the shareholders. In 1776, Adam Smith wrote about the agency problem of management in the Wealth of Nations: when it comes to money, he said, managers "cannot well be expected that they should watch over it with the same anxious vigilance with which the partners in a private [partnership] frequently watch over their own". There, "negligence and profusion must always prevail, more or less, in the management of the affairs of such a company". In the face of such potential for managers' conflicts of interest, directors must guard the interests of shareholders and ensure that managers do their jobs. They also must perform an extremely important advisory role to management. The widespread dispersion of ownership in a modern corporation makes the role of directors all the more important.

— SEC Commissioner Paul S. Adkins,
"Remarks at the Corporate Directors Forum",
January 22, 2007

(back to the Education main page)

NACD logo 
Data Analytics Core Concepts Certificate

Data Analytics Core Concepts Certificate
Data Analytics Core Concepts Certificate
AICPADACC Badge

The AICPA’s Data Analytics Core Concepts Certificate program is a comprehensive, on-demand learning experience intended to equip the learner with an understanding of the foundation concepts in data analytics to help the learner move towards implementing and managing data analytics projects. In connection with my broad governance and specific audit committee roles at Pan-American Life, I used the certificate to broaden and strengthen my data analytics knowledge.

The program is approved for eight hours of continuing education credits for CPAs by the National Association of State Boards of Accounting. The four courses in the program, which I completed in December 2021, were:

  • Introduction to Data Analytics: developing an analytical and data driven mindset, how to approach a data analytics project, understanding data, categories and types of data, data analytics and data science, the technology and data ecosystem
  • Applying Data Analytics to Revenue Analysis: how is data analytics used in revenue analysis, revenue analysis application scenario, define the objective, review historical revenue analysis and observations, frame the problem and questions, evaluate organizational capability and gaps, consider additional factors, gather
  • Applying Data Analytics to Financial Planning and Analysis: getting started with the key concept, use of data analytics in financial planning and analysis, scenario background, demonstrate top—line metrics, provide insights to understand the customer, link revenue trends and target market, generate predictions for the future
  • Applying Data Analytics to Business Performance: why is data analytics used in business performance, how is data analytics used to inform business performance, scenario background, defining the objective, framing the problem, evaluating organization capabilities and gaps, gathering requirements

(back to the Education main page)

CFA logoInvestment Foundations Certificate

In recent years, annual trading in stocks – necessarily creating, by reason of the transaction costs involved, negative value for traders – averaged some $33 trillion. But capital formation – that is, directing fresh investment capital to its highest and best uses, such as new businesses, new technology, medical breakthroughs, and modern plant and equipment for existing business – averaged some $250 billion. Put another way, speculation represented about 99.2 percent of the activities of our equity market system, with capital formation accounting for 0.8 percent.

— John C. Bogle, Founder and Former Chairman of The Vanguard Group,
The Clash of the Cultures: Investment vs. Speculation

Inside the New York Stock Exchange
Inside the New York Stock Exchange

Inside the New York Stock Exchange

Photo from Wikipedia

CFA Badge
The CFA Institute Investment Foundations Certificate (formerly Claritas Investment Certificate) program is a comprehensive global education program offered by the CFA Institute that gives financial services professionals a clear understanding of the essentials of the investment industry.

I enrolled in the program in January 2016 to broaden and deepen my investment-related knowledge and in support of my board responsibilities. I completed the program in July 2016. The Institute estimated that the self-study program requires approximately 100 hours of examination preparation time. The Institute's examination covers the fundamentals of the investment industry across seven course modules and 20 topics within those modules:

AICPA certificate
Claritas Investment Certificate
  • Industry Overview: The investment industry: a top-down view
  • Ethics and Regulation: Ethics and investment professionals, Regulation
  • Inputs and Tools: Microeconomics, Macroeconomics, Economics of international trade, Financial statements, Quantitative concepts
  • Investment Instruments: Debt securities, Equity securities, Derivative instruments, Alternative instruments
  • Industry Structure: Structure of the investment industry, Investment vehicles, The functioning of financial markets
  • Serving Client Needs: Investors and their needs, Investment management
  • Industry Controls: Risk management, Performance evaluation, Investment industry documentation

Successful investing takes time, discipline, and patience. No matter how great the talent or effort, some things take time. You can't produce a baby in one month by getting nine women pregnant.

— Berkshire Hathaway Chairman Warren Buffett

(back to the Education main page)

AICPA logo Blockchain Fundamentals for Accounting and Finance Professionals Certificate

Blockchain technology isn’t just a more efficient way to settle securities. It will fundamentally change market structures, and maybe even the architecture of the Internet itself.

— Abigail Johnson
Fidelity Investments president
and chief executive officer

Blockchain is so versatile that besides recording financial transactions, it can be used for storing medical records, tracking the flow of goods, concluding binding agreements, storing personal credit records, and much more.

— American Institute of CPAs

Blockchain Evolution and Technology Concepts

The AICPA’s Blockchain Fundamentals for Accounting and Finance Professionals Certificate program is a comprehensive, on-demand learning experience covering the fundamental concepts of blockchain. In connection with my broad governance and specific audit committee roles at Pan-American Life, I used the certificate program to broaden and strengthen my blockchain knowledge.

This program is approved for 16.0 hours of continuing education credit for CPAs by the National Association of State Boards of Accountancy. The nine courses in the program, which I completed in April 2020, follow:



Blockchain Evolution and Technology Concepts:

AICPA Blockchain certificate
AICPA BLockchain Certificate

Blockchain technology is in a period of exceptional growth, and the accounting profession will play a significant role in driving its adoption. This 3.5-hour course makes the participant be a part of the blockchain evolution. Starting with a focus on the history and evolution of blockchain and bitcoin and then on to the characteristics of bitcoin, you will get a refresher on the fundamentals of money/currency and learn how bitcoin fits into the global business landscape.

Blockchain: Using and Securing Cryptocurrencies

Bitcoin This 2.0-hour course focuses on an overview of securing cryptocurrency. It covers wallets that are the fundamental security concept for cryptocurrencies and the most important aspect of this new technology for accountants and auditors to understand. It dives into the relationship that exists between physical and digital security. In addition, the participant learns the importance of password managers, which are web-based tools for storing and encrypting data.

Blockchain: Benefits, Values, and Opportunities

This 2.0-hour course focuses on many of the benefits, values and opportunities that arise with the emergence of blockchain technology. It dives into the four characteristics of the bitcoin blockchain: censorship resistance, borderless, neutral and open. It expands on a use case for blockchain, supply chain. In addition, the participant covers industry-specific applications, such as healthcare, accounting, tax and legal.

Risks and Challenges of Blockchain

This 1.5-hour course focuses on blockchain and cryptocurrency risks and covers the emergence of new risks that did not exist in the traditional business models. The participant explores key management risk, wallet and code risk, fork and chain split risk, consensus risk, legacy risk and fungibility risk. In addition, this webcast expands on regulatory concerns and standards related to cryptocurrencies.

Blockchain Trends (1.5 hours)

This 1.5-hour course focuses on the trends for the blockchain technology and expands on scaling as a major focus for new and existing blockchains. It describes how many innovations are making financial transactions easier and how accounting and auditing may see more challenges. In addition, it focuses on the swing towards blockchain interdependence.

Permissioned Ledgers and Other Solutions

Blockchain is disrupting the accounting and finance professions. In this 1.0-hour course, the participant learns how professionals can incorporate permissioned ledgers and blockchain solutions into their everyday work. This course expands on the effects on internal controls and segregation of duties and how they are becoming much more technological in nature, which will affect the way that professionals perform their procedures. In addition, the participant dives into blockchain-as-a-service solutions and the shift related to the assurance and financial statement preparation procedures.

Transactions and Smart Contracts

The participant becomes part of the blockchain evolution with this 1.5-hour course, which introduces several key concepts related to transactions and smart contracts. The course discusses the transaction throughput, transaction fees, gas (i.e., Ethereum transaction fees), and confirmations. Also, the participant learns how to apply metrics for traditional financial system to blockchain in a way that allows others to understand the capacity of a given blockchain.

The Blockchain Landscape

This 1.5-hour course focuses on the blockchain landscape, which enables users to have a framework for researching and understanding the technology from an investor and professional viewpoint. It expands on different types of crypto-asset exchanges as well as initial coin offerings. In addition, this webcast reviews different approaches to applying blockchain technologies in order to create new business solutions.

Blockchain – Process and Technical Controls

In this 1.5-hour course, the participant explores process controls and service organization controls in the blockchain context. By exposing the opportunities and challenges of this new technology, this webcast teaches the participant how to verify important process controls. Additionally, the participant learns how the CPA’s role and duties will change because of blockchain application.

Following completion of the AICPA’s Blockchain Fundamentals for Accounting and Finance Professionals Certificate program, I also completed two other online AICPA blockchain courses, Blockchain for Insurance and Blockchain for Healthcare. These two courses, each accredited for 5.0 hours of continuing education for CPAs, covered how blockchain will affect the insurance and healthcare industries. Following an overview of blockchain for each industry, the courses presented blockchain use cases for insurance (property and casualty insurance, life insurance, and reinsurance) and healthcare (patient data management, drug traceability, and healthcare data management) and emerging and future trends of blockchain for each industry.

The Institutes Logo

In addition, I completed an online topic course, Blockchain and the Insurance Industry, offered by The Institutes (formerly the Insurance Institute of America and the American Institute of Chartered Property Casualty Underwriters). The course covered four topics: blockchain overview and benefits; blockchain, cryptocurrency, and smart contracts; business applications of blockchain; and insurance applications of blockchain and was accredited for 6.0 hours of continuing education for CPCUs.

Blockchain is the financial challenge of our time. It is going to change the way our financial world operates

-- Blythe Masters, former Hyperledger
Project board chair and former Digital
Asset chief executive officer

 

Over the next decade, there will be disruption as the Internet was for publishing, where blockchain is going to disrupt dozens of industries, one being capital markets and Wall Street.

-- Patrick M. Byrne, former
Overstock.com chairman and chief
executive officer

(back to the Education main page)

AICPA logo 
Not-for-Profit Certificates

I think the character that you learn in Scouting – working together, being honest with each other, being close knit … and depending on one another, on our camping trips and doing things – all these things build character in a young man that he takes with him into adulthood and makes him a better citizen. And that's why Scouting to me has always been an organization I've wanted to help. I think it's one of the best youth organizations that we have … in this country.

— James Lovell, Eagle Scout and Apollo 13 Astronaut

Boy Scouts
Boy Scouts

Beyond the Easel" by Norman Rockwell from a 1969 Boy Scouts of America calendar published by Brown & Bigelow

Photo from Wikipedia

The AICPA's Not-for-Profit Certificate programs are comprehensive, on-demand learning experiences covering the core concepts of accounting and financial reporting, tax compliance, and governance and assurance. In connection with my governance, accounting, and audit committee roles at national, regional, and local levels within the Boy Scouts of America, I used the two certificate programs to broaden and strengthen my not-for-profit accounting and financial reporting knowledge.

not for profit badge

I enrolled in the Not-for-Profit Certificate I in July 2015, which I completed in December 2015. This program is approved for 40 hours of continuing education credits for CPAs by the National Association of State Boards of Accountancy (NASBA). The four areas and 24 courses in the first program follow:

AICPA certificate
AICPA certificate
  • Introduction to not-for-profit entities: accounting, tax, and compliance essentials (one course)
  • Accounting and financial reporting: generally accepted accounting principles for not-for-profit entities, financial statement presentation, assets, investments, programmatic investments, split-interest agreements and endowments, liabilities, fair value issues specific to not-for-profit entities, net assets, revenue from contributions, exchange and agency transactions, and expenses (12 courses)
  • Tax compliance: tax-exempt status, unrelated business income, introduction to Form 990, federal and state filing requirements, and private foundations (five courses)
  • Governance and assurance: best practices in board governance; financial oversight, budget, and strategy; risk assessment and internal controls; fraud oversight and prevention; planning the audit engagement; and auditing considerations (six courses)
not for profit badge

I later enrolled in the Not-for-Profit Certificate II program in January 2017, which I completed in September 2018. This program is approved by for 30 hours of continuing education credit for CPAs by the NASBA. The three areas and 17 courses in the second program follow:

AICPA certificate
AICPA certificate
  • Accounting and financial reporting: preparing consolidates financial statements, statement of financial position, statement of activities, statement of cash flows, statement of functional expenses, financial statement note disclosures, and interpreting and analyzing financial statements (seven courses)
  • Tax compliance: Form 990 preparation – core form, Form 990 preparation – schedules, maintaining tax exemption, and unrelated business income tax (UBIT) case studies (four courses)
  • Governance and assurance: aligning mission and strategy, performance measurement, risk assessment, ethical issues, applying the COSO enterprise risk management framework, and budgeting considerations (six courses)

I think that American leadership is vital to peace and prosperity and the advancement of democracy in the world, and that requires having strong leaders. And I don't think there's any organization in the world, certainly not in the United States, that better prepares young men for leadership in this country than the Boy Scouts of America – in teaching leadership skills, in teaching values, in teaching importance of standing up for what's right.

— Robert Gates, Eagle Scout,
former Secretary of Defense and
Director of the Central Intelligence Agency,
and President of the Boy Scouts of America

(back to the Education main page)