Cyber Series: Expanding & Improving Your Required IT Risk Assessment Program

Regular price $258.48 (tax included)

This is an on-demand webinar

You will receive this product as a digital download or stream.
Click here to learn more.

Do you know the difference between a risk assessment, an IT audit, and an IT compliance assessment? These can mean different things, depending on the speaker and audience. This session will examine different types of risk assessments and IT audits that organizations frequently need and address the pros and cons of each. Attendees will receive practical recommendations and insights to improve their IT risk management program and IT risk assessments.


  • Pros and cons of different types of IT risk assessments
  • How to explain overlap with the FFIEC cybersecurity risk assessment guidance on an IT risk assessment
  • Case study example of asset-based IT risk assessment
  • Examples of IT risk assessment models from a variety of standards, governance, and compliance frames such as NIST, CIS, etc.
  • Common risk mitigation strategies


  • Sample IT risk assessment work program
  • Sample standards document for IT risk assessments, IT audits, and IT penetration testing
  • Employee training log
  • Quiz you can administer to measure staff learning and a separate answer key


This informative session is designed for those responsible for risk management, including internal auditors, IT operations, and executive management with oversight of the IT and cybersecurity operations.

Please note:  The live webinar option allows you to have one telephone connection for the audio portion and one Internet connection (from a single computer terminal) to view online visuals as the presentation is delivered.  You may have as many people as you like listen from your office speaker phone.

ABOUT THE PRESENTER – Randy Romes, CISSP, CRISC, MCP, CliftonLarsonAllen LLP

Randy Romes has been a consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services Group, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.

Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.

Originally recorded on August 7, 2018.

Recorded webinar link is available until February 28, 2018.

Free Digital Copy included with purchase to download and view beyond link expiration date.

Price includes sales tax.