GRC LeaderConThursday, 30th June, 2016

Lords Cricket Ground, London

Time General09:00-09:30 Breakfast | Registration | Networking

09:30-09:45 General Session #1Opening RemarksLaurie Schultz, CEO, ACL

JJ Thomas Lord Suite

09:45-10:45 General Session #2Keynote: Reducing Risk’s Organisational DragViktoria Boyle, Research Director, CEB

It’s increasingly evident that leaders need to be better positioned to identify and manage strategic, operational and reputational risks to add significant value today. ACL is delighted to announce that CEB will be kicking off the event with valuable insights into the root causes of ‘organisational drag’ - a growing symptom which slows down decision making and execution, causing busineses to be less effective. However, there are many solutions to avoid it.

Key learning outcomes: ▪ Incorporation of risk management in strategy (and vice versa) to establish a healthy risk appetite ▪ Coordinating disparate risk information for decision makers to avoid duplication of effort ▪ Monitoring human behaviour as part of key business processes

JJ Thomas Lord Suite

10:45-11:15 Break | Networking

11:15-12:00 General Session #3Keynote: Benchmark the Performance of Your GRC Program Nick Hayes, Analyst Serving Security & Risk Professionals, Forrester Research

All companies have capabilities to comply with regulations and manage risks in order to meet objectives, but as their global footprint gets larger and more complex, they need more mature governance, risk, and compliance programs. In this session, Nick Hayes shares the insights he gathered in his report “Benchmark the Performance of Your GRC Program”. He will outline the key success factors of highly mature programs, identify the areas where many organisations fall flat, and review the emerging technologies that risk and compliance professionals are beginning to leverage to strengthen their capabilities.

Key learning takeaways: ▪ Realise that GRC maturity is far from advanced ▪ Learn how GRC coordination is critical to your organisation’s success ▪ Understand that risk technology adoption is on the rise -- and the trend will only continue

JJ Thomas Lord Suite

12.00-12.45 General Session #4Panel Discussion: GRC functions: Friend or Foe?Dr Ian Peters, Chief Executive Officer, Chartered Institute of Internal AuditorsAlexander Campbell, Divisional Content Editor, Risk.netPaul Chisnall, Executive Director of Financial Policy & Regulation, British Bankers’ AssociationNick Hayes, Analyst Serving Security & Risk Professionals, Forrester Research

Breaking down the functional silos to reduce the GRC burden on the business.

GRC functions should add value to the business and enable it to succeed. However many often work in isolation from each other, thereby causing the opposite impact - added burden. In this discussion, our panellists will share thoughts on how audit, risk and compliance efforts could be better integrated across the Three Lines of Defence, to ensure more robust levels of governance and as a result, making them the most sought-after professionals in the organisation.

Moderator: John Verver, CPA CA, CISA, CMC

JJ Thomas Lord Suite

12:45-13:45 Networking Luncheon

Time Track 1 Track 213:45-14:30 Session 1

The Future of Big Data Risk AnalyticsSergiu Cernautan, Director GRC Strategy, ACL

As organisational data management matures, corporate data becomes more accessible, and analytics continue to advance the future where Internal Audit must evolve to be data-centric or be rendered irrelevant is truly coming upon us. In this session, this shift will be illustrated, outlining what it means for Internal Audit leaders, and how to embrace the shift through people, process, and technology to make Internal Audit a trusted and sought-after advisor in the data-centric business environment inside today’s leading organisations.

Key learning outcomes: ▪ Define the people, process, and technology steps to

take in maturing to a data-centric approach to audit and risk management

▪ Describe the distinction between traditional data mining audit analytics and forward looking risk analytics, and understand how both fit into an effective program

▪ Review actual case studies of what worked and what didn’t at leading organisations shifting to a data-driven approach to audit and risk

JJ JP Morgan Media Centre

Session 1Understanding Risk in the Extended EnterpriseSimon King, Head of Risk Management, Ministry of Defence

A linked chain is only as strong as its weakest link – and organisations are all linked through third-party suppliers or contractors. Don’t leave your reputation in a third-party’s hands. In this session, learn how to take charge of due diligence and make sure your third-party suppliers meet your operational or compliance needs.

Key learning outcomes: ▪ Understand the stakeholder challenge of

many industries ▪ See examples of common extended

enterprise exposures ▪ Get suggestions on ways to illuminate third-

party truth ▪ Understand critical KRIs and KPIs for executive

and board assuranceJJ JP Morgan Media Centre

14:30-15:15 Session 2It’s Not the Tool, It’s the ProcessJacob Berg, Head of Internal Audit, Irish League of Credit Unions

A common pitfall audit leaders fall into when looking for ways to improve audit management within an organisation, is searching for solutions before taking a look at their core processes. In this session, we’ll hear from an audit leader who first got his process right and then added software to increase his team’s impact.

Key learning outcomes: ▪ Learn how to get started by defining what matters most

to your organisation ▪ Understand the importance of prioritisation based on

materiality and risksJJ JP Morgan Media Centre

Session 2 Risk Culture — it’s not just about Financial Services!Ben Kaye, Head of Internal Audit, Octo Telematics

Recent scandals have highlighted questionable business practices, and behaviour negatively affecting consumers means regulators across all industries are scrutinising companies for evidence of integrity. Corporate (risk) culture is a significant contributing factor towards these high profile mis-haps, forcing organisations to rapidly re-evaluate their approach to governance in this area. Join this session to find out how to get started with a speedy review of business processes at high risk of causing reputational damage.

Key learning outcomes: ▪ Find out why culture now eats strategy for breakfast

- how does it evolve, who influences it and how to strengthen it

▪ Consider ways to monitor conduct risk, ethics & risk culture and provide proof of compliance to the regulator

▪ Learn how to easily tie strategy to controls to risk mitigation - including employee, partner and consumer feedback - in a paper trail.

▪ Use simple surveys to develop KPI’s for organisational risk management

JJ JP Morgan Media Centre

Time Track 1 Track 215:15-15:45 Break | Networking

15:45-16:45 Session 3Managing and Elevating the Role of Internal Audit GloballyKevin Goulding, Global Head - Internal Audit, daa (Dublin Airport Authority)

You probably don’t think about it often, but your team is the only group capable of both doing “GRC” activities and providing assurance over GRC activities undertaken by the other two lines of defence. This is an opportunity for your team to transform itself and fulfill a more balanced advisory function to the executive. Learn how this transformation has been led in the context of a fast moving, highly regulated, global organisation.

Key learning outcomes: ▪ Learn how to ensure you’re always in alignment with

the executive agenda ▪ Find out how to strike a balance between assurance

and advisory ▪ Learn why evolving audit talent and risk analytics

are pivotal ▪ Get inspired to drive change when you get back to

the officeJJ JP Morgan Media Centre

Session 3Scaling a Global T&E Monitoring ProgramJohn Verver, CPA CA, CISA, CMC

If there was ever an ideal marriage, it is the meeting of Travel & Entertainment expense program risk with continuous risk monitoring technology. Yet, even enabled by the best technology in the world, setting out to create and scale a continuous monitoring program globally is a worthy challenge for audit, finance and operations teams.

Key learning outcomes: ▪ Examine the challenges and potential solutions for

getting access to data ▪ Learn how to select tests and implement analytics

that have proven effective ▪ Understand how to handle the remediation process,

false positives and testing ▪ Learn how to build a partnership between Finance

and Internal Audit teams to deliver value rather than burden

JJ JP Morgan Media Centre

16:50-18:00 Drinks Reception and Q&A with former England captain and Ashes winner:

Mike GattingJJ MCC Museum