• Home
• Program
  • Agenda at-a-glance
  • Pre-Summit Workshops
  • Day One Overview
  • Day Two Overview
• Speakers
• Summit Info
  • Summit Venue
  • Summit Tuition
  • Who is Attending
• Sponsorship Info
  • Sponsors & Media Partners
• Get Connected
  • Linked-In
  • Facebook
  • Twitter
  • Community
• Brochure
• Register Now
• Promote

Day One Agenda

Time	Title/Description	Speakers
8:00 AM	Registration and Breakfast
8:15 AM	Keynote Session: Visa's Maturity Journey to a World Class ERM Program	Nancy Settles, Senior Business Leader, Enterprise Risk Management Visa Inc.
9:15 AM	Deconstructing & Demystifying GRC vs. ERM There is undoubtedly an evolution towards integrating GRC and ERM in a not quite merger of equals. There is also clearly some confusion surrounding exactly which is what. Is GRC umbrella philosophy, with ERM one methodology within it? Clearly the overriding goal with either GRC or ERM is to assure that all risks are identified, analyzed and quantified to determine where best to invest a company’s resources. With that said some clarity about what the differences are and how they work separately and together is in order. This session will shed some light on this increasing boundary blur between these two functions.
10:00 AM	Integrated GRC: Assurance Integration with Real ROI Integrated GRC in the Virtual, Hyper-Extended Business: Integration of GRC silos for Real ROI. Find out why integration is the key to success and why it is often the major cause of corporate governance failures as organizations transition to new business models in the virtual world. Discover new approaches for leveraging performance management and infrastructure monitoring systems to harvest empirical evidence for GRC. Learn how to reduce the cost and complexity of your company's silo’d GRC initiatives and gain insight into new strategies, tactics and approaches to optimize your infrastructure to create real return on investment.
10:45 AM	Morning Refreshments and Networking
11:15 AM	New This Year! Building, Implementing, and Monitoring an Effective GRC Program Theories are great, but how does one actually put the theories into practice? Learn how GRC can be implemented and monitored at a small to mid-sized organization by seeing how one company actually does it. This session is a case study on a work-in-progress implementation of an effective GRC program at a mid-sized manufacturing company. Areas covered include: • Finding a starting point and identifying opportunities • Creating a single GRC language and framework • Improving the way GRC areas are administered • Lessons learned	Jason Mefford, Vice President Business Process Assurance, Ventura Foods
12:00 AM	Luncheon for Speakers, Sponsors & Delegates
1:00 PM	TRACK A: IT GRC New This Year! New Dimensions in GRC: An Application Risk Management Program A successful Application Risk Management program is holistic and considers a variety of perspectives from risk categories such as Security, Quality assurance, 3rd Party Components, Legal components, and more. In this session, you will learn about the creation and step-by-step development of McKesson’s new, enterprise wide Application Risk Management program. Topics to be covered include: • The initial development and implementation of a risk assessment process • Compliance with Corporate policies • The development and implementation of the business unit's self-assessment of controls • Responding to customer requests and monitoring critical vendors • Coordination with the Business Units and the Corporate functions in the event of any incidents or breaches • Business unit implementation of remediation measures • Governance, metrics and reporting • The ISO 27001 security standard, and other existing compliance areas such as PCI, SOX, HIPAA etc. • Finding a starting point and identifying opportunities • Evaluation and monitoring of IT risk management	John Sapp, Product Development Standards - Security, Risk & Compliance, McKesson Corporation
1:00 PM	TRACK B: SECURITY & GOVERNANCE Chasing the Grade: An Information Security Perspective Information Security as a mission requires a comprehensive course correction. We are chasing compliance for the sake of compliance and looking to make a grade rather than delivering core security. When we focus on delivering core security first, compliance with specific regulations will render itself as a natural result of having a secure environment. IThis is a roundtable course that asks you to face the tough questions necessary for an information security course correction: • Do you understand the risks your company faces? • Are you focused on the risks that matter? • Are the risks that you take aligned with your business strategies and objectives? • Does your risk management slow you down or help you go faster? The end goal of Information Security is to enable the Business by protecting vital information assets. We as information security professionals must provide strategic security direction and continuous information protection through the governance and execution of an information security program. This can be realized through: 1. Strategic alignment with business requirements so that security investments support the enterprise strategy and drive differentiation over the competition 2. Risk management that defines your company’s threat, vulnerability, and risk profile and reduces information risk to an acceptable level for your industry 3. Value delivery through a framework-based security program with standards and controls established to meet the continuous and changing needs of the business	Bruce Gibson, Director, Global Information Security & Compliance Coca-Cola Enterprises
1:00 PM	TRACK C: ERM Data Privacy from both an IT Security and Legal Perspective As compliance issues have become increasingly important and the magnitude of their consequences has escalated, the interface between governance risk and compliance has moved up in prominence not just among regulators, but among stakeholders, shareholders, and management. This session will describe how these GRC elements are integrated with a focus on the role of enterprise risk management in strategic and operational planning.	John Schafer, VP Enterprise Risk Management and BCP, Salesforce.com Inc.
1:45 PM	TRACK A: IT GRC New This Year! Data privacy from both an IT security and legal perspective Privacy had traditionally been housed in the legal department, with little interaction between it and the information security team. Due to the current necessity of heightened data security, it is becoming imperative to view data privacy holistically, from both legal policy and technology perspectives. Especially as industry regulations such as the California Security Breach Notification Act and the Payment Card Industry Data Security Standard have been put into place, cooperation between legal, HR, sales and marketing, and IT departments is more vital than ever. In this session: • Learn the best practices for inventorying personal data • Explore data privacy from IT security and Legal perspectives individually, but also collectively from a variety of departments. individually, but also collectively from a variety of departments • Discuss enterprise threats and how to mitigate data security risk	Chad Wyckoff, Director IT GRC, Forest City Enterprises
1:45 PM	TRACK B: SECURITY & GOVERNANCE Security By Compliance - A Discussion of Information Risk Management’s Greatest Challenge When most organizations today think about information protection, compliance is at the top of that list. This new level of consciousness has become both a tremendous benefit to information security professionals as well as their greatest fear. The leadership of many companies are now falling into the trap of feeling secure merely because they are compliant; however simply meeting legal and regulatory compliance requirements, does not necessarily mean that companies have fulfilled their requirements for information risk management and protection. Learn how to take advantage of the benefits created by new compliance requirements, while also overcoming the challenge of this new operating procedure.	Franklin Donahoe, Director of Information Security GRC, T-Mobile USA, Inc.
1:45 PM	TRACK C: ERM Learn How Your ERM Strategy Can Enhance Your Company’s Value and Credit Rating The international risk management framework is scheduled to be published in 2009. Most risk professionals recognize the importance of a formalized framework to ensure the successful implementation of enterprise risk management (ERM). Starting with the ISO 31000 risk management process schedule, learn how to tailor ERM to the individual needs of any organization, align risk management objectives to organizational strategic goals and missions and graft ERM culture onto existing corporate culture.
2:30 PM	Break and Refreshments
2:45 PM	Plenary Session
3:30 PM	TRACK A: IT GRC Developing Metrics and Measures for Information Governance Information Governance has become a critical issue within organizations, and a key success factor for businesses. In order to effectively maintain the stewardship, integrity and security of an organization’s information infrastructure effective metrics and measures must be developed, implemented, and monitored. This session will cover the concept of enterprise metrics and measures in the context of Information Governance maturity as well as the issues that must be considered when developing, implementing and monitoring them. Attendees will participate in an interactive session to: • Identify current and target States on an Information Governance Maturity Model • Discuss challenges and strategies in implementing roadmaps, metrics and reporting • Learn about technologies that accelerate movement up Information Management maturity curves
3:30 PM	TRACK B: SECURITY & GOVERNANCE Where is the “S” in GRC? Ensuring that You Meet Security Requirements with Your GRC Program This session will present latest developments in how security issues can be incorporated in Governance, Risk and Compliance initiatives and Enterprise Risk Management. Every organization needs to be vigilant about the role of security within an organization and find ways to create efficiencies in governance, risk and compliance while protecting the enterprise for breaches in security. The session will include a discussion of identifying and mitigating risks, incident management, crisis planning, continuity, cyber risk and ways the security function is evolving into a main support function of operations and integrating with a company’s GRC efforts. This session will be presented by John Kroen, Chief Security Officer at DeVry, Inc. and was co-developed with Dr. Mark L. Frigo, Director of the Center for Strategy, Execution and Valuation and Strategic Risk Management Lab at DePaul University.	John Kroen, CSO, Devry, Inc
3:30 PM	TRACK C: ERM ISO 31000 and ERM The international risk management framework is scheduled to be published in 2009. Most risk professionals recognize the importance of a formalized framework to ensure the successful implementation of enterprise risk management (ERM). Starting with the ISO 31000 risk management process schedule, learn how to tailor ERM to the individual needs of any organization, align risk management objectives to organizational strategic goals and missions and graft ERM culture onto existing corporate culture.	Awad Loubani, Manager, Risk Management and Quality Assurance Services, Public Works and Government Services Canada (PWGSC)
4:15 PM	Conference Highlight: 10 FOR 7 DEMONSTRATION SERIES This demonstration session provides exposure to specific solutions to compliance challenges. 5 for7 is an innovative showcase where 5 hand-picked sellers present, for 7 minutes each, their latest innovations to interested buyers who are eager to learn about the latest solutions in the market. 5 for 7 provides a distinctly unique opportunity to quickly determine which solutions you may want to explore in greater depth.
5:00 PM	Networking Cocktail Reception

GRC Summit
Newsletter

Share with a Colleague

Presented by:

Featured Sponsor:

Sponsors:

Media Partners:

For information on Sponsorship opportunities, contact Michael Roche