Governance, Risk & Controls Conference

Who should attend the GRC Conference?

The GRC Conference is designed for professionals in governance, risk management, and control who are interested in learning about the latest trends, new tools, and fresh techniques in their industry.

What can you expect from GRC?

• Get informed and be inspired in more than 40 educational sessions.
• Hear unique insights from 50+ speakers.

Controls

• Learn how to design, implement, and adapt internal controls that enhance operational efficiency while meeting evolving regulatory requirements.
• Discover innovative frameworks and real-world applications to optimize your control environment.

Cybersecurity

• Delve into cutting-edge strategies to safeguard your organization from emerging cyber threats.
• Gain insights into aligning cybersecurity initiatives with broader risk management goals to protect sensitive data and ensure business continuity.

Data

• Unlock the potential of data as a strategic asset.
• Sessions will focus on leveraging data analytics to inform decisions, improve audit performance, and address critical data governance challenges, from security to ethical considerations.

Governance

• Elevate your understanding of corporate governance with sessions on strengthening organizational structure, fostering transparency, and building trust among stakeholders.
• Explore how governance frameworks adapt to global and industry-specific trends.

Leadership & Career Development

• Enhance your leadership acumen with actionable strategies to inspire teams, drive performance, and build resilient organizations.
• Gain expert guidance on career progression in the evolving fields of audit, risk, and controls.

Risk

• Stay ahead of emerging risks with innovative management approaches.
• Learn to balance risk and opportunity in decision-making while keeping your organization agile in an ever-changing landscape.

Technology Trends

• Prepare for the future by exploring the impact of transformative technologies such as AI, blockchain, and more.
• Discover how these trends are reshaping governance, risk, and control practices, and learn how to adapt for success.

Morning session: Preparing for the Crisis Simulation

1. Introduction to Crisis Management

• Brief overview of crisis management principles, focusing on risk assessment, compliance-focused decision-making, and governance under pressure.
• Discussion: Participants share their own crisis management experiences and strategies for effective GRC response.

2. Setting the Stage: Meet Your “Organization” and Team

• Participants are divided into small teams, each assigned specific roles within a fictitious organization (e.g., Risk Manager, Compliance Officer, Internal Auditor, etc.).
• Teams review the organizational structure, mission, governance framework, crisis management plan, and key risks of their assigned “company” to set the context for the upcoming simulation.

3. Crisis Scenario Introduction: Initial Briefing

• The facilitator introduces the first crisis scenario (e.g., data breach, compliance violation, product recall) with background information.
• Teams begin initial discussions, identifying immediate risks and mapping out preliminary actions.

Afternoon session: Crisis Simulation and Post-Crisis Analysis

4. Crisis Simulation Part I: Real-Time Decision-Making

• The crisis scenario unfolds through timed “event drops,” each with new information and evolving complications.
• Teams make decisions, document actions, and communicate with other “departments” in response to these developments.
• Facilitator checks in with each group, challenging them with questions or introducing complications (e.g., media scrutiny, regulatory inquiries) to test their response strategies.

5. Crisis Simulation Part II: Managing the Aftermath

• As the immediate crisis winds down, teams focus on containment, damage control, and longer-term responses.
• Teams discuss and implement compliance reviews, stakeholder communication strategies, and governance adjustments to prevent recurrence.

6. Post-Crisis Analysis and Reflection

• Each team presents a brief overview of their actions, rationale, and lessons learned.
• Group discussion: Identify key takeaways from the simulation, sharing effective strategies and common challenges.

7. Update the Crisis Management Plan

• Workshop exercise: Each team drafts a crisis management framework based on what they have learned, including specific steps for risk assessment, decision-making, communication, and post-crisis evaluation.
• Participants share frameworks with the larger group, receiving feedback and insights.

8. Workshop Wrap-Up and Reflection

• Facilitator summarizes key points and encourages participants to think about how they can apply these crisis management techniques in their own organizations.
• Final Q&A and networking opportunity.

1. Artificial Intelligence Governance, Risk, and Controls

• Concepts of AI Governance, and Establishing Its Framework
• Importance of AI Governance to AI Auditing
• Auditing AI in the Context of Governance
• Auditing AI Systems in Relation to Global Framework and Regulations
• Applying NIST AI RMF

2. Artificial Intelligence Audit Toolkit/Program

• ISACA AI Audit Toolkit Overview
• Control Families: Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability
• Compliance Assessment Guidance
• AI Control Assessment Process, and Explainability Integration
• Building and Implementing an AI Audit Program From the Toolkit

3. Group Exercise