Registration and networking at sponsor displays
Welcome and scene-setting
Nerushka Bowan , director and head of technology & innovation, Norton Rose Fulbright South Africa
Keynote address: Leveraging new technologies such as AI and RPA to build more robust and effective compliance
Kirti Harcharan , Head of ALICE, BDO
Amidst regulatory change, evolving business models evolve and rising complexity; the focus of governance, risk and compliance activities needs to change from reactive to proactive and from siloed to integrated risk thinking to remain effective. This is where leveraging new technologies in GRC applications such as AI and RPA is quickly gaining interest and momentum globally. GRC professionals, professional bodies and regulators are increasing their focus on the impact of new and emerging technologies to expand or shape compliance strategies and capabilities for operational efficiency, greater insights and further value-adding opportunities. This discussion will focus on the following key takeaways -
- Drivers for change to consider new and emerging tech in compliance applications
- Benefits of a tech-enabled compliance strategy
- Attributes and outcomes of a modernised compliance program using new and emerging tech
- Risk and control considerations
Adopting GRC automation for better preparedness in the digital era
Lauren Berrington , chief audit executive, Bidvest
Now that the digital era is upon us, it is pivotal for businesses to ensure that they are fully prepared to dictate and mitigate against the new are risks associated with new technologies such as AI, IoT, ML and cloud, just to name a few. This presentation will take an in-depth look at the following:
- How new and emerging technologies, digital business models, and analytics-driven decisions have rendered the existing GRC frameworks redundant;
- How Robotic Process Automation is playing a pivotal role in mitigating against risks and in securing critical business data
- How the advent of new technologies has led to increasingly complex regulatory requirements, legal obligations, standards, and policies
- The cost of sticking tolegacy GRC processes in the digital age
Refreshment break and networking at sponsor displays
Keynote address: The CISO''s role in driving trust: Why it matters, how to define it, and what success looks like.
Scott Bridgen , head of GRC, OneTrust
Trust initiatives are becoming an increasingly important agenda item for executives and boards. More companies are naming chief trust officers, creating formalized trust initiatives, and measuring trust as a metric for themselves and their business partners:- Explore the definition of trust and what it means to be a trusted organization.
- Discuss the evolution of the CISO in driving trust initiatives and supporting trust outcomes.
- Consider examples like ethical AI, trust in biometrics, and zero trust architecture.
- Discuss successful practices in setting trust objectives, adopting trust frameworks, and establishing trust metrics.
Addressing the governance and compliance risks of remote and hybrid working
Portia Maluleke , chief IT governance and risk officer, Telkom Group
One of the biggest information governance challenges of our times is the remote and hybrid working model. Organisations have to put in place consistent data capture and monitoring strategies that enable them to maintain confidence in their processes and controls. This session will examine the importance of organisations putting in place controls and processes to mitigate against risks associated with remote and hybrid working. The speaker will look at the following:Securing your remote and hybrid workforce in the Digital Age
Keeping governance at the forefront of all organisational operations
Keynote address: Using behaviour design to build effective security culture and awareness programs
Anna Collard , SVP of content strategy and evangelist, KnowBe4 Africa
In this talk, Anna will map BJ Fogg's Design Behaviour principles to security awareness and culture programs. She will reference KnowBe4's latest African research and survey findings and share how to practically build an awareness program combatting the most prominent cyber threats such as social engineering and cyber extortion attacks:
- BJ Fogg's Behaviour Model
- Examples of how to apply Motivation, Ability, and Prompts to security culture & awareness
- Challenges & opportunities
- Practically building a ransomware & extortion crime awareness program
Panel Discussion: The importance of adopting and implementing continuous assurance as opposed to annual or periodical assurance
Bella Sekhwela , internal audit manager - strategic initiatives assurance, Discovery Bank
Andre Schreuder , global head of IT audit, Investec
Sethu Nsele , chief audit executive, Ithala Ltd
Judith Masekwameng , associate director, KPMG Risk Advisory
Kenneth Palliam , senior IS audit manager & VP ISACA South Africa chapter, BDO
In a world filled with relentless cyber attackers, constant change, and rapid technological advancements, there is a great need for players in the combined assurance space to be constantly aligned in order to plan for and provide proactive assurance. Thus, assurance planning in any line of the combined assurance model is expected to move with high speed and agility across organisations. This discussion will explore how continuous assurance uses technology and data to perform proactive audit planning with focus on the following:- How continuous auditing is done to allow for risk assessments and control checks more frequently;
- Why it is critical for businesses to adopt continuous assurance to establish risk patterns and fortify their systems against cyber threats
- Get an understanding of the current state of continuous auditing and continuous monitoring
- How to manage risk and the audit process in a world of instantaneous change
Lunch and networking at sponsor displays
Agenda
ITWeb Governance, Risk & Compliance 2022: Agenda
Track 1 - Technologies driving GRC in the digital era
Chairman's welcome
Nerushka Bowan , director and head of technology & innovation, Norton Rose Fulbright South Africa
Case Study: Distell internal audit's RPA implementation journey
Kumeren Pillay , chief audit executive, Distell Group Ltd
As businesses increase the extent of automated processes, data and analytics and Robotics Process Automation (RPA) is rapidly becoming a key value driver for risk, governance and assurance functions. The talk provides practical insight into Distell Internal Audit’s RPA implementation journey.- Foundational elements of RPA
- Practical steps for the RPA implementation journey
- Critical success factors for the RPA implementation
- Use case demonstration where RPA was used to reduce the time of a manual process by 80%.
Aligning business and risk functions to provide an integrated technology experience
Nadiah Maharaj , chief risk officer: FNB Commercial, First National Bank
Digital transformation means that technology and innovation are spearheading business continuity, resilience and growth. It is therefore important to ensure that your business, IT and risk functions are aligned in order to have a holistic approach to operate a profitable entity. This session will look at this and explore the following:- Why business need to align their IT GRC strategy with their business strategy;
- How strong IT governance extends business value by optimising risk and managing resources to support the organisation’s mission, goals and objectives
Refreshment break and networking at sponsor displays
How to get involvement or buy in of business owners, board and senior executives
Ayanda Mtuki , governance and compliance lead, NSFAS
One of the longstanding issues when it comes to GRC strategy implementation is the lack of support from senior management, boards and business owners. This presentation will explore the importance of making these parties understand the functions of GRC in a business and how practitioners can raise awareness and get buy in from every aspect and level of the business for the successful and profitable running of the enterprise. It will delve deeper into the following:- Outlining why a robust GRC strategy is important for organisational success;
- The importance of getting proper representation in the board in order to make GRC part of the company’s ongoing strategy;
- Why the board need to understand the organisation’ strategic risks and related risk management processes; and
- Keeping the board informed about key risks and changes to the company’s risk profile.
Clearly defining and communicating roles and responsibilities within the organisation
Lerato Lehabe , legal, regulatory & operational risk professional
Wrap up and close of conference
Track 2 - GRC as a culture: All the soft elements of GRC
Chairman's welcome
James Francis , writer and ITWeb Brainstorm contributor
Keeping your board continually informed of relevant IT laws, rules, codes and standards
Nomthi Nelwamondo , group CIO, Assupol Holdings Limited
Many CIOs, Technology & Information leaders still do not have a seat at the Board table, not even the EXCO table and this leaves a lot of organisations vulnerable to IT risks. This presentation will delve into how IT risks are now business risks and therefore the upper echelons of every organisations need to have a clear understanding of relevant IT laws, rules, codes and standards. The presenter will take a look at the following:
- Why board engagement with IT oversight oversight is a must
- The need for boards to understand their organisation’s IT approach and impact
- How risk practitioners can report to boards and other upper management staff.
- How the IT GRC Forum manages specific IT risks and IT benefits and ensure that IT frameworks, policies, standards and processes are well coordinated, developed and monitored
How DNS-based security empower digital transformation
Abdullah Kaymakci , chief technical officer, DNSSense
- This session will cover:
- DNS & Security Gap Visibility
- Advanced DNS Visibility
- Security Gap Analysis
- Invisible, Firstly Seen/Visited Domains
- SIEM Integration
- Infected Device(s)
Refreshment break and networking at sponsor displays
Viewing GRC as a value driver and not a hindrance to innovation
Henry Denner , information security officer, Gautrain Management Agency
Wrap-up and close of conference
James Francis , writer and ITWeb Brainstorm contributor
