Events Calendar

Webinar - Cyber Series: Expanding & Improving Your Required IT Risk Assessment Program
Thursday, August 09, 2018, 03:00pm - 04:30pm

Do you know the difference between a risk assessment, an IT audit, and an IT compliance assessment? These can mean different things, depending on the speaker and audience. This session will examine different types of risk assessments and IT audits that organizations frequently need and address the pros and cons of each. Attendees will receive practical recommendations and insights to improve their IT risk management program and IT risk assessments.


  • Pros and cons of different types of IT risk assessments
  • How to explain overlap with the FFIEC cybersecurity risk assessment guidance on an IT risk assessment
  • Case study example of asset-based IT risk assessment
  • Examples of IT risk assessment models from a variety of standards, governance, and compliance frames such as NIST, CIS, etc.
  • Common risk mitigation strategies
    • Sample IT risk assessment work program
    • Sample standards document for IT risk assessments, IT audits, and IT penetration testing
    • Employee training log
    • Quiz you can administer to measure staff learning and a separate answer key


This informative session is designed for those responsible for risk management, including internal auditors, IT operations, and executive management with oversight of the IT and cybersecurity operations.

SPEAKER:  Randall J. Romes, CliftonLarsonAllen LLP

Randy Romes has been a consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services Group, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.

Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.

Register Here