Agenda

Agenda
08:00

Display Centre opens. Engage with our sponsors

09:00

Welcome and scene-setting

Nerushka Bowan, Founder, L.I.T.T. Institute

09:10

Keynote Address: POPIA as an enabler of business in the data driven digital era and not an impediment to new innovations and profitability.

Adv. Pansy Tlakula, Chairperson, Information Regulator of South Africa

Many organisations are not seeing the business opportunities that come with being fully compliant to POPIA. Our speaker will unravel all the business benefits that are unlocked by embracing POPIA

09:50

Keynote Address: How to realise ROI from your GRC initiatives?

Jonathan Crisp, Managing Director, BarnOwl GRC and Audit software

Just like any other business functions, Governance, Risk and Compliance initiatives are expected to realise returns for them to successfully serve the business. Thus; this presentation will explore the various ways of showing and even calculating the value that a GRC program will add to your organization. The speaker will tackle, among other issues, the following:

  • How to realise savings from the reduction of legal fines due to compliance;
  • Savings from streamlined business processes due to improved reporting accuracy and employee productivity;
  • Attraction of new partners and customers due to effectively carrying out due diligence; and
  • Establishing a clear ownership of GRC processes.

10:30

Keynote Address: Are you forgetting about unstructured data and email in your journey to POPIA Compliance?

Brian Pinnock, Senior Director of Sales Engineering, EMEA, Mimecast

Most of the focus on POPIA compliance has centred around the collection and processing of structured data. This is data found in marketing systems, customer relationship managements systems, financial systems, enterprise resource planning systems or human resource systems, which are all linked to relational databases. But POPIA requires organisations to protect personal information in all its forms. In this keynote we’ll explain how to ensure POPIA compliance for semi-structured data such as email as well as other forms of unstructured data such as information on shared drives or social media platforms.

POPIA sets out 8 conditions for lawful processing of personal information. Condition 7 - security safeguards - is arguably one of the most important. Email security is a key consideration for these security safeguards. That’s because email is more than a communication mechanism or an archive of semi-structured data, it’s the most targeted vector for most organisations, with 9 out of 10 cyber-attacks starting with email. And having the right measures in place to secure data is a key part of achieving compliance.

11:10

Break – Visit the Display Centre and engage with sponsors

11:40

The importance of thorough due diligence in the protection of customer data

Russell Opland, Data Protection Officer, Law Firm

In order to protect clients personal information, financial service providers and other organisations need to conduct thorough due diligence when dealing with third parties. Not only does this protect their customers but also the organisation from any reputational damage caused by possible leakage of data. 

12:10

Five Steps to Overcome Data Overload: Using Data Discovery & Risk Formulas to Standardize Risk at Scale

Scott Bridgen, GRC Consulting Director, OneTrust GRC

Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request. Businesses should leverage the digital workstreams to collect information as updates occur using data discovery tools to find, document, and classify in real-time.

Exploring your data universe can be an overwhelming exercise, giving you more information than you know what to do with in certain circumstances. Using careful data classification methods and flexible risk formulas, organizations can map information to harness real-time updates through a data discovery engine to fuel and standardize risk at scale with the latest information. This session will review that you can quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights.

  • Identify data across business applications for the latest risk insight
  • Automatically categorize information to deliver meaningful insights across risk, compliance, and your executive teams
  • Explore a new way to aggregate and standardize risk using real-time data points
  • Understand the concentration of risk across risk domains to quantify risk using risk formulas

12:40

Panel Discussion: Strengthening your compliance, audit and risk mitigation protocols and systems after experiencing a cyber-attack

Nerushka Bowan, Founder, L.I.T.T. Institute

Shameem Goolamun, Africa Data Protection & Privacy Leader, Ernst & Young

Siphumle Ntsokolo, Manager (ISA) Information Systems Audit, Auditor General South Africa

Bulumko Kwetana, Head of Internal Audit, V & A Waterfront

Dumisa Sihawu, Associate Director, BDO

Cyber-attacks are most likely to happen to any company in any shape or form. This is especially relevant with the global pandemic as there is too much reliance on staff protecting information security from the comfort of their own homes. Due to the fact that a cyber-attack is likely to strike anytime, organisation place reliance on their compliance, audit and risk mitigation protocols. The pandemic has also challenged ways in which the Audit, Risk and Compliance function in other organisations. It is therefore imperative for the panel discussion to discuss key issues affecting the Audit, Risk and Compliance during the pandemic, the following key points will be considered:

  • How to manage a cyber-attack using the combined assurance perspective?
  • Do you proactively manage cyber risks as a combined assurance forum? How do you manage these risks?
  • Is the CISO in your organisation a role player in the combined assurance forum?
  • What are your views regarding the best ways to prevent future cyber-attacks?

13:10

BREAK. Visit the Display Centre and engage with the sponsors

Track one: Empowered Human Elements for Enhanced GRC
13:35

Chairman’s welcome

Nerushka Bowan, Founder, L.I.T.T. Institute

13:40

Dealing with a data breach – steps and protocols to follow in containing the breach

Bevan Smith, Head of Risk, Visa Sub-Saharan Africa

COVID-19 and social distancing has created an unprecedented shift in consumer behavior towards digitally-enabled merchants and service providers. And while global fraud rates are at an all-time low, there has been an increasing trend in both the variety and quantity of breach incidents. This session will explore the proactive steps Visa is taking to maintain trust in the payments ecosystem – with a specific focus on the technologies to detect and mitigate risk, and the support provided to members once a breach is identified.

  • The Payments Threat Landscape
  • Visa’s Payment System Risk Detection and Breach Management Capabilities
  • Best Practices for Mitigating Against Breaches
  • Security Predictions for the Near and Medium Term

14:10

The rise of POPIA as a value driver - five aspects to cover

Leishen Pillay, Associate Director, Risk Advisory, Deloitte

As the COVID-19 pandemic has taken grip of the world, causing economic downturns, it has arguably become the single most defined driver for digital transformation.

South African organisations are on the road to compliance, but have a significant journey ahead of them. This is due in part to the fact that the area of data privacy has been largely unregulated, save for disparate pieces of legislation that are industry specific, as well as certain voluntary obligations that were not adopted on a substantial scale.

In order to ensure that an organisation is sufficiently enabled to comply with the provisions of POPIA and derive value, a cross-functional, multidisciplinary, fully integrated privacy team is required. The team should have regulatory, cyber security, data management and analytics, representation to ensure alignment with the key aspects of POPIA.

POPIA creates an opportunity to revolutionise the way in which business is conducted in South Africa, and truly usher in the Fourth Industrial Revolution.

14:40

Break. Visit the Display Centre and engage with the sponsors

15:10

A company journey towards GDPR compliance

Benn van Coller, Independent Data Privacy Contractor

15:40

Visit the Display Centre and engage with the sponsors

16:30

Close of conference

Track two: All Hands on Tech: Technologies Driving GRC
13:35

Chairman's welcome

Nathan Desfontaines, Founder and MD, CyberSec

13:40

How to implement continuous compliance and audit processes in order to effectively mitigate risks in a fast paced digital era?

Karl Fischer, Automation Lead, Obsidian Systems

Simon Fisher, Director of EMEA Presales and Customer Success, Chef Software

14:10

The importance of integrating GRC into the mainstream business activities

Rianne Potgieter, CA (SA), CEO, Compliance Institute Southern Africa

14:40

Break. Visit the Display Centre and engage with the sponsors

15:10

How AI, cloud and other new technologies are affecting GRC?

Emily Gosling, Audit Consultant, SAP Concur

Atang Motshabi, Implementation Manager, Seriti

Greg Cubitt, Solution Consultant, Concur Africa

15:40

Visit the Display Centre and engage with sponsors

16:30

Close of conference

Platinum sponsor

Mimecast

Mimecast is a cybersecurity provider that helps thousands of organizations worldwide make email safer, restore trust and bolster cyber resilience. Mimecast’s expanded cloud suite enables organizations to implement a comprehensive cyber resilience strategy. From email and web security, archive and data protection, to awareness training, uptime assurance and more, Mimecast helps organizations stand strong in the face of cyberattacks, human error and technical failure.

Please visit: www.mimecast.com

Gold sponsor

OneTrust

OneTrust is the #1 fastest growing and most widely used technology to help organizations build more trusted privacy, security, and governance programs.

Please visit: www.onetrust.com

Silver sponsors

SAP Concur

SAP® Concur® is the world’s leading brand for integrated travel, expense, and invoice management solutions, driven by a relentless pursuit to simplify and automate these everyday processes. The highly-rated SAP Concur mobile app guides employees through business trips, charges are directly populated into expense reports, and invoice approvals are automated. By integrating near real-time data and using AI to analyze transactions, businesses can see what they’re spending and avoid possible blind spots in the budget. SAP Concur solutions help eliminate yesterday’s tedious tasks, make today’s work easier, and support businesses to run at their best.

Learn more at: www.concur.co.za


Obsidian Systems in partnership with Chef

Obsidian Systems

Obsidian have expanded their knowledge base in partnership with subsidiaries Cape Town based Autumn Leaf and GuruHut, a software development house. The expansion of skills is now a formidable team with Java™ expertise aligning our Enterprise Open Source solution for retail, supporting technology and consulting services across enterprise-ready open source infrastructure, big data, collaboration and agile IT strategies for your business.

Thought Leader

Deloitte

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services. With more than 150 years of hard work and commitment to making a real difference, our organisation has grown in scale and diversity—approximately 286,000 people in 150 countries and territories, providing these services—yet our shared culture remains the same. Our organisation serves four out of five Fortune Global 500® companies.

Please visit: www2.deloitte.com/za/en/pages/risk/articles/the-rise-of-popia-as-a-value-driver.html