GRC Conference 2025

At GRC 2025, attendees will gain critical insights and actionable knowledge across a range of topics designed to meet today’s challenges and opportunities head-on. This year’s sessions are curated to empower professionals with practical tools, innovative strategies, and forward-thinking ideas to excel in their roles and advance their organizations.

Controls

Learn how to design, implement, and adapt internal controls that enhance operational efficiency while meeting evolving regulatory requirements. Discover innovative frameworks and real-world applications to optimize your control environment.

Cybersecurity

Delve into cutting-edge strategies to safeguard your organization from emerging cyber threats. Gain insights into aligning cybersecurity initiatives with broader risk management goals to protect sensitive data and ensure business continuity.

Data

Unlock the potential of data as a strategic asset. Sessions will focus on leveraging data analytics to inform decisions, improve audit performance, and address critical data governance challenges, from security to ethical considerations.

Governance

Elevate your understanding of corporate governance with sessions on strengthening organizational structure, fostering transparency, and building trust among stakeholders. Explore how governance frameworks adapt to global and industry-specific trends.

Leadership & Career Development

Enhance your leadership acumen with actionable strategies to inspire teams, drive performance, and build resilient organizations. Gain expert guidance on career progression in the evolving fields of audit, risk, and controls.

Risk

Stay ahead of emerging risks with innovative management approaches. Learn to balance risk and opportunity in decision-making while keeping your organization agile in an ever-changing landscape.

Technology Trends

Prepare for the future by exploring the impact of transformative technologies such as AI, blockchain, and more. Discover how these trends are reshaping governance, risk, and control practices, and learn how to adapt for success.

Pre-Conference Workshop 1: Performing Artificial Intelligence Audit Using ISACA’s AI Audit Toolkit

Sunday, 17 August 2025 | 8:00 A.M. – 5:00 P.M. ET | 7 CPEs | $650 

OVERVIEW:

This workshop will introduce auditors to a structured approach to AI compliance and control assessment using ISACA’s AI audit toolkit. Auditors will gain the knowledge to develop a robust AI assessment program leveraging the toolkit’s key considerations, including cybersecurity, control families, and control categories that span Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability.

Zachy Olorunojowon,
MBA, CISA, CGEIT, CISM, CET

Workshop Facilitator

Workshop Approach:

Provides guidance and a learning experience with real-world use cases, framework, and additional tools for continued learning/exploration. This workshop also includes breakout and scenario-based application of the toolkit to reinforce concepts.

1. Artificial Intelligence Governance, Risk, and Controls

• Concepts of AI Governance, and Establishing Its Framework
• Importance of AI Governance to AI Auditing
• Auditing AI in the Context of Governance
• Auditing AI Systems in Relation to Global Framework and Regulations
• Applying NIST AI RMF

2. Artificial Intelligence Audit Toolkit/Program

• ISACA AI Audit Toolkit Overview
• Control Families: Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability
• Compliance Assessment Guidance
• AI Control Assessment Process, and Explainability Integration
• Building and Implementing an AI Audit Program From the Toolkit

3. Group Exercise

An Interactive Experience – Navigating Crisis Scenarios as a GRC Professional

Sunday, 17 August 2025 | 8:00 A.M. – 5:00 P.M. ET | 7 CPEs | $650 

OVERVIEW:

This dynamic, simulation-based workshop is designed to immerse GRC, internal audit, and security professionals in a high-stakes, real-time crisis management experience. Participants will work in teams, role-playing as key stakeholders in a fictitious organization facing a series of crises. Each scenario will require participants to rapidly assess risks, make governance and compliance decisions, and coordinate a strategic response. As events unfold, they will need to adapt to new information, handle communication challenges, and address both immediate and long-term risks.

 

Shawna Flanders

The Institute of Internal Auditors

Workshop Outline

Morning Session: Preparing for the Crisis Simulation

1. Introduction to Crisis Management

• Brief overview of crisis management principles, focusing on risk assessment, compliance-focused decision-making, and governance under pressure.
• Discussion: Participants share their own crisis management experiences and strategies for effective GRC response.

2. Setting the Stage: Meet Your “Organization” and Team

• Participants are divided into small teams, each assigned specific roles within a fictitious organization (e.g., Risk Manager, Compliance Officer, Internal Auditor, etc.).
• Teams review the organizational structure, mission, governance framework, crisis management plan, and key risks of their assigned “company” to set the context for the upcoming simulation.

3. Crisis Scenario Introduction: Initial Briefing

• The facilitator introduces the first crisis scenario (e.g., data breach, compliance violation, product recall) with background information.
• Teams begin initial discussions, identifying immediate risks and mapping out preliminary actions.

Afternoon Session: Crisis Simulation and Post-Crisis Analysis

4. Crisis Simulation Part I: Real-Time Decision-Making

• The crisis scenario unfolds through timed “event drops,” each with new information and evolving complications.
• Teams make decisions, document actions, and communicate with other “departments” in response to these developments.
• Facilitator checks in with each group, challenging them with questions or introducing complications (e.g., media scrutiny, regulatory inquiries) to test their response strategies.

5. Crisis Simulation Part II: Managing the Aftermath

• As the immediate crisis winds down, teams focus on containment, damage control, and longer-term responses.
• Teams discuss and implement compliance reviews, stakeholder communication strategies, and governance adjustments to prevent recurrence.

6. Post-Crisis Analysis and Reflection

• Each team presents a brief overview of their actions, rationale, and lessons learned.
• Group discussion: Identify key takeaways from the simulation, sharing effective strategies and common challenges.

7. Update the Crisis Management Plan

• Workshop exercise: Each team drafts a crisis management framework based on what they have learned, including specific steps for risk assessment, decision-making, communication, and post-crisis evaluation.
• Participants share frameworks with the larger group, receiving feedback and insights.

8. Workshop Wrap-Up and Reflection

• Facilitator summarizes key points and encourages participants to think about how they can apply these crisis management techniques in their own organizations.
• Final Q&A and networking opportunity.