2025
Enterprise Risk Management
Virtual Conference
September 9, 2025 | 10:00 a.m. - 5:00 p.m. ET | 6.6 CPEs
Focus on the Greatest Risk to Provide the Greatest Value from Your Audit Engagement Results.
This one-day virtual conference will focus on multiple areas of risk affecting today’s organizations and governmental agencies. Auditors and others attending this event will gain the latest insight on how to approach internal audit activities related to the assessments of risk and risk management practices.
This conference is focused on the internal audit community’s needs and second line functions and emphasizes the tremendous value of collaboration between these two essential functions. It provides a review of tactics for discovering, assessing, remediating, and auditing both evolving and current risks and risk management practices.
Attendees will walk away with a better understanding of the risk facing today’s organizations and will have discovered added tactics for planning and fieldwork. Auditors will receive a greater appreciation towards the risk currently and or futuristically affecting their organization.
Register Now
Members Save 10% When Registered by July 30, 2025*.
MEMBER EARLY: $539*
MEMBER: $599
NON-MEMBER: $749
Group Discounts
Bring your team and save! Register with colleagues and enjoy:
- Groups of 3-9: 5% off for your team
- Groups of 10+: 10% discount
Contact GetTraining@theiia.org for assistance.
-
Dr. Dustin Sachs, DCS, CISSP, CCISO
Chief Cybersecurity Technologist and researcher in Cyber Risk Behavioral Psychology
Topic: The Post-Incident After Party: Turning Chaos into Cyber Resilience
When a cyber incident ends, the real work begins. This session rewinds the clock on a real-world breach, uncovering missteps and the preventative controls that could have changed the outcome. Learn how internal auditors turn lessons learned into actionable improvements, strengthening security resilience. Attendees will gain strategies for better detection, response, and leadership engagement—ensuring their next post-incident review drives real change, not just another report.
Learning Objectives
- Analyze incident aftermaths and decision-making biases.
- Evaluate auditors' role in reviews and behavioral influences.
- Implement lessons learned into action.
- Enhance response by understanding cognitive biases.
- Foster a security culture of learning, psychological safety, and adaptive decision-making.
Biography
Dr. Dustin Sachs is a Chief Cybersecurity Technologist and researcher in Cyber Risk Behavioral Psychology, specializing in securing critical infrastructure, fostering cybersecurity awareness, and driving leadership transformation. As Chief Technologist and Senior Director of Programs at CyberRisk Alliance, he develops tools and strategies to empower security professionals. With experience spanning Fortune 500 enterprises and critical infrastructure sectors, Dr. Sachs has led security programs at World Fuel Services, Performance Food Group, and CenterPoint Energy, enhancing cybersecurity maturity and risk management frameworks. Holding a Doctor of Computer Science in Cybersecurity, an MBA in Cybersecurity, and multiple industry certifications, he bridges behavioral science with cybersecurity leadership to improve decision-making and security culture. A sought-after speaker and educator, he teaches cyber risk psychology, security leadership, and AI-driven risk management at Lone Star College and industry conferences worldwide.
-
Jonathan T. (Jonathan Marks) Marks CPA, CFF, CITP, CGMA, CFE, MBA
Global & Complex Forensic/Fraud Investigations, Board Advisor, & Executive Coach
Topic: Enterprise Risk Management in Today’s Complex Environment
Enterprise Risk Management (ERM) is essential in today’s complex business environment, where companies face growing risks from fraud, operational failures, and external disruptions. A strong ERM framework provides an enterprise-wide approach to identifying, assessing, and managing risks that could threaten an organization’s strategic objectives. Concepts such as Black Swans, Dragon Kings, and Gray Rhinos highlight the need for proactive risk monitoring and scenario planning to prepare for both rare and foreseeable crises. Using frameworks like COSO ERM, organizations can integrate risk management into governance, decision-making, and corporate culture, ensuring resilience and long-term success.
Case studies such as Enron, the 2008 financial crisis, and Wells Fargo’s misconduct demonstrate how failures in ERM lead to catastrophic consequences, while companies that prioritize risk awareness and accountability can better navigate uncertainty. ERM is not just about compliance—it is a strategic enabler that helps businesses anticipate threats, mitigate vulnerabilities, and seize opportunities. Effective ERM fosters a culture where risk is understood across all levels of the organization, including within the extended enterprise of third-party vendors and partners. Organizations that fail to implement comprehensive risk management approaches expose themselves to financial losses, reputational damage, and regulatory scrutiny. By embedding ERM principles into decision-making, companies can create a structured approach to managing risks, improving corporate governance, and strengthening their ability to withstand crises.
Learning Objectives
Learn why ERM is not complicated.
- Identify major corporate failures and understand the governance, culture, and risk oversight deficiencies that contributed to them.
- Evaluate how effective ERM could have mitigated these failures by enforcing accountability and detecting early warning signs.
- Apply ERM principles to corporate governance, fraud prevention, and crisis response, ensuring ethical and responsible business practices.
- Recognize the significance of a risk-aware culture and enterprise-wide risk management, including risks associated with third-party relationships.
- Develop strategies for anticipating and managing emerging risks, including high-impact, low-probability events such as Black Swans and Dragon Kings.