• Home
• Schedule
  • Agenda At-A-Glance
  • Pre-Workshops
  • Day One Agenda
  • Day Two Agenda
• Speakers
• Event Information
  • Venue and Travel
  • Tuition
• Sponsors
  • Event Sponsors
  • Sponsorship Info
• News and Resources
• Media and Press
• Get Connected
  • Linked-In
  • Twitter
  • GSMI Community
  • Facebook

Day Two Overview

8:15
Continental Breakfast, Coffee & Tea 8:45
Chairperson’s Recap and Introduction to Day Two 9:00
How to Avoid Wagging The Dog: Steering Clear of Costly Errors
When Implementing a GRC Program Frameworks for meeting governance, risk management and compliance requirements can be fraught with challenges and pitfalls. Taking a wrong direction or path can be very costly to the organization. Knowing where to start and following a prescribed blueprint for achieving your goals will ensure that your GRC process is value adding and cost efficient. A successful implementation will use inputs from multiple stakeholders and, although these will be unique to each organization, knowing the steps you want to take and how to take them can save your organization time and money This session will present essential tips on ‘getting it right the first time.” 9:45
From Process (ERM) to Solution (GRC): Leveraging the Former to Effectuate that Latter
Ideally, you’d like your IT risk management efforts to be a subset of your overall ERM activities and overall GRC program. But, regardless
of how you decide to manage these related efforts, it is very important to make sure your approach to enterprise and IT risk is similar, in terms of managing risk processes, communicating risk appetite to all groups, etc. Everyone on the “front lines” should see risk management from their vantage point as being a consistent
approach to risk across all functional and business units. This session will detail ways that will enable you to develop and meet your strategic GRC goals, through an outgrowth of your ERM process and then evaluate how well those goals have been met. 10:00
Cheaper, Smarter, Faster: Realizing the Benefits of XBRL
Many organizations have been looking to the internet to bring the long-heralded promises of “better, faster, cheaper” data to organizational
decision-making, and specifically to business and financial reporting. XBRL (eXtensible Business Reporting Language) is an emerging technology poised to assist in meeting that goal. This session will detail exactly what XBRL is and what it is not and what impact it will have on the future of GRC.
10:45
Morning Refreshment & Networking Opportunity

CONCURRENT SESSIONS CHOOSE “A” OR “B”
Track A

11:00
Facilitating a “Holistic” Approach to Risk Management: Cross Functional Collaboration
It is common for IT and business executives to speak different languages when it comes to GRC. This session addresses the kind of miscommunication that occurs, and what are the best ways to resolve it. Because GRC is still being defined and the overly lapping aspects of the three, big component categories are best viewed through an all encompassing process, this session will help to clarify how to address the totality of your GRC program needs.

Track B

Avoiding Unnecessary Exposure to Regulatory Risk
The complexity of the business and regulatory landscape is increasing dramatically. Companies are navigating a proliferation of new regulatory requirements and stakeholder expectations, and are challenged to do so in a way that supports performance objectives, sustains value and offers protection. This session will address the best ways to avoid unnecessary exposure to regulatory risk including:

Meeting the demands and expectations of investors, legislators, regulators, customers, employees, analysts, consumers and other key stakeholders

Driving value and managing performance expectations for governance, ethics, risk management and compliance

Managing crisis and remediation while defending the organization and its executives / board members against legal enforcement and the rising impact of fines, penalties and business disruption.

Track A

11:45
Stop Killing Trees: Moving Towards Full Automation of the Entire GRC Management Process
When moving towards a full automation of your entire GRC management process it is worth considering technologies that offer a low risk approach that is capable of showing measurable results quickly. The benefits of GRC automation include reduced cost of managing compliance while eliminating redundant systems. Automation also allows for consolidation of data. You may also find that you can manage risk more effectively – track relevant data, avoid penalties for noncompliance and focus more on ‘above the line’ growth for your enterprise as your program becomes more and more automated. This session will also spotlight how, when automating your GRC process it is important to focus on how to simplify tasks and ways to insure that system implementation will by easy to install configure and operate and how to ensure that the technology will be compatible with current and future technologies while delivering significant value.

Track B:

11:45 Creating a Checklist for Both Common & Specific Business Risks
Organizational, commercial and regulatory compliance requirements change frequently; and to some degree vary from industry to industry. This session will clarify business risks that are fairly universal and how they can be universally addressed. Some time will also be spent on industry specific risks and how those challenges can be met. Particular industry spotlights will be:

NERC & FERC compliance for power & energy

Security practices and FISMA requirements for federal government

SOX compliance and risk management for financial services

FCC mandates for telecommunications

Patient information and HIPAA mandates in healthcare

PCI compliance in retail

CONCURRENT SESSIONS CONCLUDE

12:30
Luncheon for Speakers, Sponsors & Delegates 1:30
Where is the “S” in GRC? Ensuring that you meet Security Requirements with your GRC program
How do data breeches relate to GRC? Personal data is protected by various regulations and lapses in security protection of personal data can result in fines, bad publicity and reputational impact on an organization. Every organization needs to rethink the role of security within the enterprise and find ways to create efficiencies with governance, risk and compliance (GRC); establish the right set of priorities; and implement an architecture that responds to these security shifts. This session will address how to integrate security needs within your organization including aspects such as: access management, data loss prevention, records management, threat management and other aspects of security. 2:15
Enterprise Issues & Case Management
Enterprise issues surrounding GRC tend to focus primarily on how the company can achieve greater profitability and productivity. This session will address enterprise wide case management issues in clearly defined steps that can be taken including:

Compliance reporting and automation

Financial data and controls

Defining what your enterprise’ specific needs for GRC solution

3:00
Networking & Afternoon Refreshments 3:15
Tying Up The Loose Ends: Creating an Enterprise Wide GRC Culture
As with most ambitious, enterprise-wide initiatives, implementing an enterprise wide GRC culture requires coordination of different and sometimes opposing objectives, expectations and resources. This session will detail a few key best practices that can help to prove these efforts successful:

Anticipate opposition and obstacles

Finding a starting point and identify opportunities

Focusing on improving the way things are currently administered

Clarify how the benefits of GRC will differ from department to department and business group to business group

4:00
Evaluating the Results of Your GRC Program
Periodically evaluating a GRC program is essential to demonstrate that the organization’s GRC initiatives are delivering outcomes that really matter and are meeting your company’s objectives. How is it performing and is it effective? This session details the elements that need to be addressed when assessing your GRC program such as:

How measurable, actionable and relevant are your procedures?

Are your established processes meeting the needs of your culture?

Are roles and responsibilities clearly defined?

Do you have a process for policy development and deployment?

Can your infrastructure respond to and resolve incidents?
These and other evaluation tools will be addressed.

4:45
Conference Concludes

Platinium Sponsor:

Featured Sponsors:

Sponsors:

Media Partners:

Presented by