2025 Enterprise Risk Management Virtual Conference

Put some strong data behind your decision to attend the 2025 ERM Virtual Conference. Our conference topics were pulled straight from today’s internal auditors’ top concerns, according to several leading reports.

ERM as a Priority for Internal Audit

• 74% of CAEs say their internal audit function plays an active role in ERM processes. (Source: IIA 2023 North American Pulse of Internal Audit)
• 46% of CAEs at publicly traded companies are also responsible for ERM. (Source: IIA 2023 North American Pulse of Internal Audit)
• Only 24% of organizations rate their risk management as “mature” or “robust,” highlighting a need for stronger ERM engagement. (Source: 2023 State of Risk Oversight Report – NC State University Poole College of Management)

Emerging Risks and Evolving Business Challenges

• 61% of risk professionals say risks are increasing in velocity and complexity, requiring stronger ERM frameworks. (Source: Protiviti 2024 Executive Perspectives on Top Risks)
• Cybersecurity, regulatory compliance, and AI-related risks are among the top concerns for CAEs in 2024. (Source: IIA OnRisk 2024 Report)

Blurring Between the Second and Third Lines

• 52% of CAEs report that internal audit is becoming more involved in risk oversight, compliance, and advisory functions, reflecting a shift in The IIA’s Three Lines Model. (Source: IIA 2023 Risk in Focus Report)

Risk-Based Auditing and Strategic Value of Internal Audit

• 89% of CAEs say a risk-based internal audit approach is critical to aligning with organizational strategy. (Source: IIA 2023 Global Perspectives & Insights)
• Organizations with mature ERM programs are 2.5 times more likely to have risk-informed decision-making at the executive level. (Source: NC State University ERM Initiative)

Dr. Dustin Sachs, DCS, CISSP, CCISO

Chief Cybersecurity Technologist and researcher in Cyber Risk Behavioral Psychology

Topic: The Post-Incident After Party: Turning Chaos into Cyber Resilience

When a cyber incident ends, the real work begins. This session rewinds the clock on a real-world breach, uncovering missteps and the preventative controls that could have changed the outcome. Learn how internal auditors turn lessons learned into actionable improvements, strengthening security resilience. Attendees will gain strategies for better detection, response, and leadership engagement—ensuring their next post-incident review drives real change, not just another report.

Learning Objectives

• Analyze incident aftermaths and decision-making biases.
• Evaluate auditors' role in reviews and behavioral influences.
• Implement lessons learned into action.
• Enhance response by understanding cognitive biases.
• Foster a security culture of learning, psychological safety, and adaptive decision-making.

Biography

Dr. Dustin Sachs is a Chief Cybersecurity Technologist and researcher in Cyber Risk Behavioral Psychology, specializing in securing critical infrastructure, fostering cybersecurity awareness, and driving leadership transformation. As Chief Technologist and Senior Director of Programs at CyberRisk Alliance, he develops tools and strategies to empower security professionals. With experience spanning Fortune 500 enterprises and critical infrastructure sectors, Dr. Sachs has led security programs at World Fuel Services, Performance Food Group, and CenterPoint Energy, enhancing cybersecurity maturity and risk management frameworks. Holding a Doctor of Computer Science in Cybersecurity, an MBA in Cybersecurity, and multiple industry certifications, he bridges behavioral science with cybersecurity leadership to improve decision-making and security culture. A sought-after speaker and educator, he teaches cyber risk psychology, security leadership, and AI-driven risk management at Lone Star College and industry conferences worldwide.

Jonathan T. Marks CPA, CFF, CITP, CGMA, CFE, MBA

Global & Complex Forensic/Fraud Investigations, Board Advisor, & Executive Coach

Topic: Enterprise Risk Management in Today’s Complex Environment

Enterprise Risk Management (ERM) is essential in today’s complex business environment, where companies face growing risks from fraud, operational failures, and external disruptions. A strong ERM framework provides an enterprise-wide approach to identifying, assessing, and managing risks that could threaten an organization’s strategic objectives. Concepts such as Black Swans, Dragon Kings, and Gray Rhinos highlight the need for proactive risk monitoring and scenario planning to prepare for both rare and foreseeable crises. Using frameworks like COSO ERM, organizations can integrate risk management into governance, decision-making, and corporate culture, ensuring resilience and long-term success.

Case studies such as Enron, the 2008 financial crisis, and Wells Fargo’s misconduct demonstrate how failures in ERM lead to catastrophic consequences, while companies that prioritize risk awareness and accountability can better navigate uncertainty. ERM is not just about compliance—it is a strategic enabler that helps businesses anticipate threats, mitigate vulnerabilities, and seize opportunities. Effective ERM fosters a culture where risk is understood across all levels of the organization, including within the extended enterprise of third-party vendors and partners. Organizations that fail to implement comprehensive risk management approaches expose themselves to financial losses, reputational damage, and regulatory scrutiny. By embedding ERM principles into decision-making, companies can create a structured approach to managing risks, improving corporate governance, and strengthening their ability to withstand crises.

Learning Objectives

Learn why ERM is not complicated.

• Identify major corporate failures and understand the governance, culture, and risk oversight deficiencies that contributed to them.
• Evaluate how effective ERM could have mitigated these failures by enforcing accountability and detecting early warning signs.
• Apply ERM principles to corporate governance, fraud prevention, and crisis response, ensuring ethical and responsible business practices.
• Recognize the significance of a risk-aware culture and enterprise-wide risk management, including risks associated with third-party relationships.
• Develop strategies for anticipating and managing emerging risks, including high-impact, low-probability events such as Black Swans and Dragon Kings.

Walk away with a better understanding of the risks facing today’s organizations and discover additional tactics for planning and fieldwork. Gain a greater appreciation for the risks affecting the organization now and in the future.

Bullet List:

• Assessing enterprise risk management programs.
• Change management and effective communication via risk-based decision making.
• Crisis management and business continuity.
• ERM in a changing risk landscape and emerging risks: cybersecurity, climate change, geopolitical instability, etc.
• Implementing agile/rapid risk assessments into the internal audit process.
• Leading the research in risk.
• Tapping ‘hidden’ value to gain risk insights from multiple sources: SOC, SOX and QA.
• Techniques for assessing risk, including who is finding the risks that others aren’t and what is untapped in terms of risk to the organization/business.