GRC LeaderConThursday, 30th June, 2016
Lords Cricket Ground, London
Time General09:00-09:30 Breakfast | Registration | Networking
09:30-09:45 General Session #1Opening RemarksLaurie Schultz, CEO, ACL
JJ Thomas Lord Suite
09:45-10:45 General Session #2Keynote: Reducing Risk’s Organisational DragViktoria Boyle, Research Director, CEB
It’s increasingly evident that leaders need to be better positioned to identify and manage strategic, operational and reputational risks to add significant value today. ACL is delighted to announce that CEB will be kicking off the event with valuable insights into the root causes of ‘organisational drag’ - a growing symptom which slows down decision making and execution, causing busineses to be less effective. However, there are many solutions to avoid it.
Key learning outcomes: ▪ Incorporation of risk management in strategy (and vice versa) to establish a healthy risk appetite ▪ Coordinating disparate risk information for decision makers to avoid duplication of effort ▪ Monitoring human behaviour as part of key business processes
JJ Thomas Lord Suite
10:45-11:15 Break | Networking
11:15-12:00 General Session #3Keynote: Benchmark the Performance of Your GRC Program Nick Hayes, Analyst Serving Security & Risk Professionals, Forrester Research
All companies have capabilities to comply with regulations and manage risks in order to meet objectives, but as their global footprint gets larger and more complex, they need more mature governance, risk, and compliance programs. In this session, Nick Hayes shares the insights he gathered in his report “Benchmark the Performance of Your GRC Program”. He will outline the key success factors of highly mature programs, identify the areas where many organisations fall flat, and review the emerging technologies that risk and compliance professionals are beginning to leverage to strengthen their capabilities.
Key learning takeaways: ▪ Realise that GRC maturity is far from advanced ▪ Learn how GRC coordination is critical to your organisation’s success ▪ Understand that risk technology adoption is on the rise -- and the trend will only continue
JJ Thomas Lord Suite
12.00-12.45 General Session #4Panel Discussion: GRC functions: Friend or Foe?Dr Ian Peters, Chief Executive Officer, Chartered Institute of Internal AuditorsAlexander Campbell, Divisional Content Editor, Risk.netPaul Chisnall, Executive Director of Financial Policy & Regulation, British Bankers’ AssociationNick Hayes, Analyst Serving Security & Risk Professionals, Forrester Research
Breaking down the functional silos to reduce the GRC burden on the business.
GRC functions should add value to the business and enable it to succeed. However many often work in isolation from each other, thereby causing the opposite impact - added burden. In this discussion, our panellists will share thoughts on how audit, risk and compliance efforts could be better integrated across the Three Lines of Defence, to ensure more robust levels of governance and as a result, making them the most sought-after professionals in the organisation.
Moderator: John Verver, CPA CA, CISA, CMC
JJ Thomas Lord Suite
12:45-13:45 Networking Luncheon
Time Track 1 Track 213:45-14:30 Session 1
The Future of Big Data Risk AnalyticsSergiu Cernautan, Director GRC Strategy, ACL
As organisational data management matures, corporate data becomes more accessible, and analytics continue to advance the future where Internal Audit must evolve to be data-centric or be rendered irrelevant is truly coming upon us. In this session, this shift will be illustrated, outlining what it means for Internal Audit leaders, and how to embrace the shift through people, process, and technology to make Internal Audit a trusted and sought-after advisor in the data-centric business environment inside today’s leading organisations.
Key learning outcomes: ▪ Define the people, process, and technology steps to
take in maturing to a data-centric approach to audit and risk management
▪ Describe the distinction between traditional data mining audit analytics and forward looking risk analytics, and understand how both fit into an effective program
▪ Review actual case studies of what worked and what didn’t at leading organisations shifting to a data-driven approach to audit and risk
JJ JP Morgan Media Centre
Session 1Understanding Risk in the Extended EnterpriseSimon King, Head of Risk Management, Ministry of Defence
A linked chain is only as strong as its weakest link – and organisations are all linked through third-party suppliers or contractors. Don’t leave your reputation in a third-party’s hands. In this session, learn how to take charge of due diligence and make sure your third-party suppliers meet your operational or compliance needs.
Key learning outcomes: ▪ Understand the stakeholder challenge of
many industries ▪ See examples of common extended
enterprise exposures ▪ Get suggestions on ways to illuminate third-
party truth ▪ Understand critical KRIs and KPIs for executive
and board assuranceJJ JP Morgan Media Centre
14:30-15:15 Session 2It’s Not the Tool, It’s the ProcessJacob Berg, Head of Internal Audit, Irish League of Credit Unions
A common pitfall audit leaders fall into when looking for ways to improve audit management within an organisation, is searching for solutions before taking a look at their core processes. In this session, we’ll hear from an audit leader who first got his process right and then added software to increase his team’s impact.
Key learning outcomes: ▪ Learn how to get started by defining what matters most
to your organisation ▪ Understand the importance of prioritisation based on
materiality and risksJJ JP Morgan Media Centre
Session 2 Risk Culture — it’s not just about Financial Services!Ben Kaye, Head of Internal Audit, Octo Telematics
Recent scandals have highlighted questionable business practices, and behaviour negatively affecting consumers means regulators across all industries are scrutinising companies for evidence of integrity. Corporate (risk) culture is a significant contributing factor towards these high profile mis-haps, forcing organisations to rapidly re-evaluate their approach to governance in this area. Join this session to find out how to get started with a speedy review of business processes at high risk of causing reputational damage.
Key learning outcomes: ▪ Find out why culture now eats strategy for breakfast
- how does it evolve, who influences it and how to strengthen it
▪ Consider ways to monitor conduct risk, ethics & risk culture and provide proof of compliance to the regulator
▪ Learn how to easily tie strategy to controls to risk mitigation - including employee, partner and consumer feedback - in a paper trail.
▪ Use simple surveys to develop KPI’s for organisational risk management
JJ JP Morgan Media Centre
Time Track 1 Track 215:15-15:45 Break | Networking
15:45-16:45 Session 3Managing and Elevating the Role of Internal Audit GloballyKevin Goulding, Global Head - Internal Audit, daa (Dublin Airport Authority)
You probably don’t think about it often, but your team is the only group capable of both doing “GRC” activities and providing assurance over GRC activities undertaken by the other two lines of defence. This is an opportunity for your team to transform itself and fulfill a more balanced advisory function to the executive. Learn how this transformation has been led in the context of a fast moving, highly regulated, global organisation.
Key learning outcomes: ▪ Learn how to ensure you’re always in alignment with
the executive agenda ▪ Find out how to strike a balance between assurance
and advisory ▪ Learn why evolving audit talent and risk analytics
are pivotal ▪ Get inspired to drive change when you get back to
the officeJJ JP Morgan Media Centre
Session 3Scaling a Global T&E Monitoring ProgramJohn Verver, CPA CA, CISA, CMC
If there was ever an ideal marriage, it is the meeting of Travel & Entertainment expense program risk with continuous risk monitoring technology. Yet, even enabled by the best technology in the world, setting out to create and scale a continuous monitoring program globally is a worthy challenge for audit, finance and operations teams.
Key learning outcomes: ▪ Examine the challenges and potential solutions for
getting access to data ▪ Learn how to select tests and implement analytics
that have proven effective ▪ Understand how to handle the remediation process,
false positives and testing ▪ Learn how to build a partnership between Finance
and Internal Audit teams to deliver value rather than burden
JJ JP Morgan Media Centre
16:50-18:00 Drinks Reception and Q&A with former England captain and Ashes winner:
Mike GattingJJ MCC Museum
Top Related