Upload
vuliem
View
220
Download
1
Embed Size (px)
Citation preview
2017GRC Where Governance and Risk Management Align for Impact
Be among the global leaders at this
world-class event.
Aug. 16–18, 2017
Dallas-Ft. Worth, Texas, USA
#GRCconf
2017
GR
C W
here
Gov
erna
nce
and
Risk
Man
agem
ent A
lign
for I
mpa
ct
EAR
N U
P T
O 1
8 C
PE
CR
ED
ITS
.
SA
VE
US
$200 W
HEN
YO
U
REG
ISTE
R B
Y J
UN
E 12
, 201
7!
ww
w.t
heiia
.org
/GR
C
Join the Best and Brightest at 2017 GRC.2017 Governance, Risk, and Control ConferenceChallenges and changes impact our enterprises every day. To be best prepared for the future, it is critical to stay ahead of trends and share experiences with others about effective tools and solutions. The 2017 GRC Conference is an ideal setting to immerse yourself in a dynamic gathering of leaders in business, IT, and information systems governance, risk, and control. This unrivaled event is presented by two of the most globally respected associations in our field — The IIA and ISACA®.
Advance Your Knowledge and Gain New Insights 2017 GRC offers many opportunities for you to learn proven solutions for aligning governance and risk management, which you can take back and implement at your enterprise. This conference, which sold out the previous three years, takes place Aug. 16–18 at the Gaylord Texan Resort, in Dallas-Ft. Worth, Texas, USA.
Highlights of 2017 GRC include:
• Thought-provoking speakers who share real-world experiences and solutions
• Customized learning to meet your needs
• Innovative ideas to move your enterprise and your career forward
• Networking with global professionals
• Ability to earn up to 18 CPE hours, plus 7.5 more for a pre-conference workshop
Find the Solutions You Need Choose from among 40+ sessions and workshops to gain the knowledge and skills that are most important to you. Led by globally recognized experts, sessions are grouped into four hot-topic tracks:
• Attributes for Professional Improvement and Advancement
• Privacy/Security in the Technology World
• Integrated Auditing of GRC
• Deep Dive Interactive Discussions
Stay at the Heart of the Conference Action!
Gaylord Texan Resort & Convention Center1501 Gaylord TrailGrapevine, TX 76051, USA (Dallas-Ft. Worth area)Hotel reservations: +1-817-778-1000
Enjoy a first-class experience with southern hospitality as you participate in 2017 GRC sessions and activities. Overlooking beautiful Grapevine Lake, the resort features 4.5 acres of lush indoor gardens and winding waterways.
Your 2017 GRC conference registration includes:• All general and concurrent sessions
• Complimentary continental breakfast daily
• Complimentary lunches on Wednesday and Thursday
• Welcome networking reception on Wednesday
• Conference app with presentations uploaded (when available from speaker)
Bring your coworkers! Organizations that send 4 or more employees to 2017 GRC receive a group discount. For details, contact: +1-407-937-1111 or [email protected].
Special Discounted Room Rates for IIA and ISACA Attendees! Special hotel rates of $209 per night plus tax are available if booked by Friday, July 14, 2017. To obtain the preferred rate, mention that you are attending the 2017 GRC Conference.
Some restrictions apply. See details at www.theiia.org/GRC.
Conference Members and Registration Fees Nonmembers CPE
Early Bird – register by June 12 $1,345 18
Regular – through August 12 $1,545 18
Late – after August 12 $1,645 18
Pre-conference Workshops (each) $550 7.5
Save $200 if you register by June 12, 2017!
The IIA and ISACA are registered with the National Association of State Boards of Accountancy (NABSA) as sponsors of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org. IIA and ISACA certification holders are required to earn a minimum number of CPE credit hours in order to maintain their designations.
Attendees can earn up to 18 CPE hours by attending this conference and an additional 7.5 credits for attending optional Pre-conference Workshops. This IIA/ISACA conference is Group Live and does not require advanced preparation.
GRC Sold Out the Last Three Years.Space is limited — please reserve your seat soon!
Register today! www.theiia.org/GRC
3701
Alg
onqu
in R
oad,
Sui
te 1
010
Rol
ling
Mea
dow
s, IL
600
08, U
SA
370
2017GRC Where Governance and Risk Management Align for Impact
Be among the global leaders at this
world-class event.
Aug. 16–18, 2017
Dallas-Ft. Worth, Texas, USA
#GRCconf
2017
GR
C W
here
Gov
erna
nce
and
Risk
Man
agem
ent A
lign
for I
mpa
ct
EAR
N U
P T
O 1
8 C
PE
CR
ED
ITS
.
SA
VE
US
$200 W
HEN
YO
U
REG
ISTE
R B
Y J
UN
E 12
, 201
7!
ww
w.t
heiia
.org
/GR
C
Join the Best and Brightest at 2017 GRC.2017 Governance, Risk, and Control ConferenceChallenges and changes impact our enterprises every day. To be best prepared for the future, it is critical to stay ahead of trends and share experiences with others about effective tools and solutions. The 2017 GRC Conference is an ideal setting to immerse yourself in a dynamic gathering of leaders in business, IT, and information systems governance, risk, and control. This unrivaled event is presented by two of the most globally respected associations in our field — The IIA and ISACA®.
Advance Your Knowledge and Gain New Insights 2017 GRC offers many opportunities for you to learn proven solutions for aligning governance and risk management, which you can take back and implement at your enterprise. This conference, which sold out the previous three years, takes place Aug. 16–18 at the Gaylord Texan Resort, in Dallas-Ft. Worth, Texas, USA.
Highlights of 2017 GRC include:
• Thought-provoking speakers who share real-world experiences and solutions
• Customized learning to meet your needs
• Innovative ideas to move your enterprise and your career forward
• Networking with global professionals
• Ability to earn up to 18 CPE hours, plus 7.5 more for a pre-conference workshop
Find the Solutions You Need Choose from among 40+ sessions and workshops to gain the knowledge and skills that are most important to you. Led by globally recognized experts, sessions are grouped into four hot-topic tracks:
• Attributes for Professional Improvement and Advancement
• Privacy/Security in the Technology World
• Integrated Auditing of GRC
• Deep Dive Interactive Discussions
Stay at the Heart of the Conference Action!
Gaylord Texan Resort & Convention Center1501 Gaylord TrailGrapevine, TX 76051, USA (Dallas-Ft. Worth area)Hotel reservations: +1-817-778-1000
Enjoy a first-class experience with southern hospitality as you participate in 2017 GRC sessions and activities. Overlooking beautiful Grapevine Lake, the resort features 4.5 acres of lush indoor gardens and winding waterways.
Your 2017 GRC conference registration includes:• All general and concurrent sessions
• Complimentary continental breakfast daily
• Complimentary lunches on Wednesday and Thursday
• Welcome networking reception on Wednesday
• Conference app with presentations uploaded (when available from speaker)
Bring your coworkers! Organizations that send 4 or more employees to 2017 GRC receive a group discount. For details, contact: +1-407-937-1111 or [email protected].
Special Discounted Room Rates for IIA and ISACA Attendees! Special hotel rates of $209 per night plus tax are available if booked by Friday, July 14, 2017. To obtain the preferred rate, mention that you are attending the 2017 GRC Conference.
Some restrictions apply. See details at www.theiia.org/GRC.
Conference Members and Registration Fees Nonmembers CPE
Early Bird – register by June 12 $1,345 18
Regular – through August 12 $1,545 18
Late – after August 12 $1,645 18
Pre-conference Workshops (each) $550 7.5
Save $200 if you register by June 12, 2017!
The IIA and ISACA are registered with the National Association of State Boards of Accountancy (NABSA) as sponsors of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org. IIA and ISACA certification holders are required to earn a minimum number of CPE credit hours in order to maintain their designations.
Attendees can earn up to 18 CPE hours by attending this conference and an additional 7.5 credits for attending optional Pre-conference Workshops. This IIA/ISACA conference is Group Live and does not require advanced preparation.
GRC Sold Out the Last Three Years.Space is limited — please reserve your seat soon!
Register today! www.theiia.org/GRC
3701
Alg
onqu
in R
oad,
Sui
te 1
010
Rol
ling
Mea
dow
s, IL
600
08, U
SA
370
EDUCATIONAL SESSIONS
Wednesday, Aug. 16EDUCATIONAL SESSIONS
Thursday, Aug. 17PRE-CONFERENCE WORKSHOPS
Tuesday, Aug. 15EDUCATIONAL SESSIONS
Friday, Aug. 18
Track 1: Attributes for Professional Improvement and Advancement
Establishing and Maintaining an Effective Internal Audit Quality Assurance and Improvement Program: Tips, Tricks, and Tools
Stretch Yourself: Developing Internal Audit Communication Techniques for all Audiences
Chutes and Ladders of Internal Audit: How to Rise and Fall Due to Meeting or Failing to Meet Stakeholder Expectations
Critical Thinking for Results
Voice of the Customer; Stakeholders Messages From the CBOK Global Internal Audit Study
Track 2: Privacy/Security in the Technology World
NIST Cybersecurity Framework Assessment
Auditing the Cloud Environment: An Introduction
A Real-life Practical Internal Audit Approach to Cybersecurity
Hunting for Hackers: How to Turn the Table on Hackers
Operationalizing Cybersecurity With Risk-based Governance
Track 3: Integrated Auditing/GRC
How Risk Culture Affects Compliance and Internal Controls
GRC IQ: How Intelligent Is your ERP Environment?
Best Practices for Proactive IT Governance
Integrated Audits for Business Processes
Stop Fraud Before It Starts: New Guidance for Managing Fraud Risks
Track 4: Deep Dive Interactive Sessions
Data Analytics at Xerox: A Journey From Idea to Reality
Measuring Effectiveness of a Risk-focused Third-party Risk Management Program
Auditing the Cloud Environment: Advanced
Implementing ERM in a Small to Medium Enterprise
How Vanguard’s Fund Process Excellence Team Is Building an Effective Controls Culture
Track 1: Attributes for Professional Improvement and Advancement
External Quality Assessments (EQA): The Benefits of and Leading Practices to Exceed Stakeholder Expectations
Adding Value by Managing the Perception Gap
Cultivate a Culture of Accountability: Achieve Desired Results
Why Emotional Intelligence and Critical Thinking Skills Are Essential
Getting the Boss to Listen to You: Becoming a Trusted Strategic Advisor
Track 2: Privacy/Security in the Technology World
Cloud Computing Controls: Managing Risk
Auditing Network Devices
Cyber Resilience Framework for the 21st Century Executive
Ransomware in the Enterprise
Post-merger Cyber Considerations
Track 3: Integrated Auditing/GRC
COSO’s Revised ERM Framework: It’s Final!
Collaborative Risk Management: Audit and the 2nd Line of Defense
Auditing Business Continuity
The Transformational Internal Auditor: Improving Compliance by Improving Process
Outsourcing: Who Is Responsible for the Risk?
Track 4: Deep Dive Interactive Sessions
Change Management Best Practices for ERP Systems: A Case Study From Audits of Oracle E-Business Suite Installations
FCPA: Are You Risk-focused and Audit Ready?
When Life Gives You Lemons: 5 Ways to Turn GRC Struggles Into Success
Utilize the STAR Model in Auditing Governance
Diamond in the Rough: Maximizing Synergies of Global Governance and Investigation
GENERAL SESSION: 8:30 – 9:45 a.m.
The Cyber Blacklist: Top Threats and Countermeasures for Data SecurityJohn Sileo’s identity was stolen by a business insider and used to embezzle $300,000 from his clients. This destroyed Sileo’s company and consumed two precious years as he fought to stay out of jail. Combining real-world experience with years of study, Sileo became an award-winning author and trusted advisor on managing privacy and reputation in an economy plagued by digital overexposure. His story helps empower others to take control of their data exposure before it is too late.
GENERAL SESSION: 8:30 – 9:45 a.m.
Internal Audit in a World of ChangeLearning Objectives:
• Discuss key disrupters of change affecting internalaudit
• Identify what to audit and when in a world of changeand disrupters
• Review competencies needed to adapt to change
• Explore strategies to retain those with the neededrange of skills to conduct audits at the speed of risk
8:30 a.m. – 5:00 p.m.
COBIT® NIST Cybersecurity Framework Limited capacity: only 50 seats available!Prerequisites: Basic knowledge of COBIT and security concepts
This course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps, and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.
After completing this workshop, you will be able to:
• Understand the goals of the CSF
• Know and discuss the content of the CSF and what itmeans to align to it
• Understand each of the seven CSF implementation steps
• Be able to apply and evaluate the implementation stepsusing COBIT 5
8:30 a.m. – 5:00 p.m.
ERM Can Now Work! Putting the Updated COSO ERM Framework and ISO 31000 Standards Into Practice Limited capacity: only 50 seats available!
This workshop will use the new COSO ERM Framework, with reference to ISO 31000, to discuss how we should consider risk and what it means to properly manage risk in an organization. Those responsible for facilitating risk management in their organization, or auditing a risk management activity, will find this workshop to be useful in providing a firm understanding of how risk manage-ment should be defined, structured, and executed in organizations. In addition, as all auditors use risk as the foundation for audit planning, execution, and reporting, this workshop will provide insight on how an auditor’s view of risk should be upgraded to incorporate the latest thinking embodied in these two updated projects. The workshop will use a combination of theory and small group discussion to unpack the theory into easily under-standable parts, and case studies to cover these topics.
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Facilitator Doug AndersonManaging Director, CAE SolutionsThe IIA
Facilitator Charlie Wright Director, Enterprise Risk SolutionsBKD
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Keynote Speaker John Sileo, CSPCEOThe Sileo Group
Keynote Speaker Larry Harrington, CIA, QIAL, CRMA, CPAVice President, Internal AuditRaytheon CompanyPast ChairmanIIA Global Board of Directors
10:15 – 11:30 a.m.
Which Leadership Quality Matters Most…With Clients and EmployeesLeaders who build trust excel at our two most important goals: create respected relationships with stakeholders and produce more work from their teams. Which trust skills matter most? Our studies say this:
1. Be transparent…show vulnerability by saying “I don’tknow,” take risks to do the right things, be consistentup and down the organization chart
2. Apologize when you should…take responsibility for allyou do right and wrong, commit to improving in thefuture
3. Hold others accountable…whether stakeholders orthose on your team, express clear expectations,recognize those who do well, and follow up with thosewho miss; keep performance discussions confidential
These same trust-building skills apply to our stakeholders, too, as small but strong indicators go a long way to believing in our competence and integrity. And those two words…competence and integrity…are in the first sentence of any auditor’s job description.
8:30 – 9:45 a.m.
Using Multiple Guidance Systems for the Governance of Enterprise ITLearning Objectives:
• Recognize the importance of having multiple“guidance systems” to navigate your GRC effortsin a holistic manner
• Learn how to leverage multiple perspectives andtechniques in balancing performance andconformance when determining GRC priorities
• Gain insight into how you can take the things you’velearned at the conference and apply them in a mannerthat truly creates value for your enterprise
Keynote Speaker Dick FinneganCEOC-Suite Analytics
10:15 a.m. – 5:05 p.m. 10:10 a.m. – 5:00 p.m.
REGISTER BY JUNE 12 AND SAVE US$200! Visit www.theiia.org/GRC to learn the latest and register.
Some sessions are still to be determined. Speakers and sessions are subject to change without notice.
EDUCATIONAL SESSIONS
Wednesday, Aug. 16EDUCATIONAL SESSIONS
Thursday, Aug. 17PRE-CONFERENCE WORKSHOPS
Tuesday, Aug. 15EDUCATIONAL SESSIONS
Friday, Aug. 18
Track 1: Attributes for Professional Improvement and Advancement
Establishing and Maintaining an Effective Internal Audit Quality Assurance and Improvement Program: Tips, Tricks, and Tools
Stretch Yourself: Developing Internal Audit Communication Techniques for all Audiences
Chutes and Ladders of Internal Audit: How to Rise and Fall Due to Meeting or Failing to Meet Stakeholder Expectations
Critical Thinking for Results
Voice of the Customer; Stakeholders Messages From the CBOK Global Internal Audit Study
Track 2: Privacy/Security in the Technology World
NIST Cybersecurity Framework Assessment
Auditing the Cloud Environment: An Introduction
A Real-life Practical Internal Audit Approach to Cybersecurity
Hunting for Hackers: How to Turn the Table on Hackers
Operationalizing Cybersecurity With Risk-based Governance
Track 3: Integrated Auditing/GRC
How Risk Culture Affects Compliance and Internal Controls
GRC IQ: How Intelligent Is your ERP Environment?
Best Practices for Proactive IT Governance
Integrated Audits for Business Processes
Stop Fraud Before It Starts: New Guidance for Managing Fraud Risks
Track 4: Deep Dive Interactive Sessions
Data Analytics at Xerox: A Journey From Idea to Reality
Measuring Effectiveness of a Risk-focused Third-party Risk Management Program
Auditing the Cloud Environment: Advanced
Implementing ERM in a Small to Medium Enterprise
How Vanguard’s Fund Process Excellence Team Is Building an Effective Controls Culture
Track 1: Attributes for Professional Improvement and Advancement
External Quality Assessments (EQA): The Benefits of and Leading Practices to Exceed Stakeholder Expectations
Adding Value by Managing the Perception Gap
Cultivate a Culture of Accountability: Achieve Desired Results
Why Emotional Intelligence and Critical Thinking Skills Are Essential
Getting the Boss to Listen to You: Becoming a Trusted Strategic Advisor
Track 2: Privacy/Security in the Technology World
Cloud Computing Controls: Managing Risk
Auditing Network Devices
Cyber Resilience Framework for the 21st Century Executive
Ransomware in the Enterprise
Post-merger Cyber Considerations
Track 3: Integrated Auditing/GRC
COSO’s Revised ERM Framework: It’s Final!
Collaborative Risk Management: Audit and the 2nd Line of Defense
Auditing Business Continuity
The Transformational Internal Auditor: Improving Compliance by Improving Process
Outsourcing: Who Is Responsible for the Risk?
Track 4: Deep Dive Interactive Sessions
Change Management Best Practices for ERP Systems: A Case Study From Audits of Oracle E-Business Suite Installations
FCPA: Are You Risk-focused and Audit Ready?
When Life Gives You Lemons: 5 Ways to Turn GRC Struggles Into Success
Utilize the STAR Model in Auditing Governance
Diamond in the Rough: Maximizing Synergies of Global Governance and Investigation
GENERAL SESSION: 8:30 – 9:45 a.m.
The Cyber Blacklist: Top Threats and Countermeasures for Data SecurityJohn Sileo’s identity was stolen by a business insider and used to embezzle $300,000 from his clients. This destroyed Sileo’s company and consumed two precious years as he fought to stay out of jail. Combining real-world experience with years of study, Sileo became an award-winning author and trusted advisor on managing privacy and reputation in an economy plagued by digital overexposure. His story helps empower others to take control of their data exposure before it is too late.
GENERAL SESSION: 8:30 – 9:45 a.m.
Internal Audit in a World of ChangeLearning Objectives:
• Discuss key disrupters of change affecting internalaudit
• Identify what to audit and when in a world of changeand disrupters
• Review competencies needed to adapt to change
• Explore strategies to retain those with the neededrange of skills to conduct audits at the speed of risk
8:30 a.m. – 5:00 p.m.
COBIT® NIST Cybersecurity Framework Limited capacity: only 50 seats available!Prerequisites: Basic knowledge of COBIT and security concepts
This course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps, and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.
After completing this workshop, you will be able to:
• Understand the goals of the CSF
• Know and discuss the content of the CSF and what itmeans to align to it
• Understand each of the seven CSF implementation steps
• Be able to apply and evaluate the implementation stepsusing COBIT 5
8:30 a.m. – 5:00 p.m.
ERM Can Now Work! Putting the Updated COSO ERM Framework and ISO 31000 Standards Into Practice Limited capacity: only 50 seats available!
This workshop will use the new COSO ERM Framework, with reference to ISO 31000, to discuss how we should consider risk and what it means to properly manage risk in an organization. Those responsible for facilitating risk management in their organization, or auditing a risk management activity, will find this workshop to be useful in providing a firm understanding of how risk manage-ment should be defined, structured, and executed in organizations. In addition, as all auditors use risk as the foundation for audit planning, execution, and reporting, this workshop will provide insight on how an auditor’s view of risk should be upgraded to incorporate the latest thinking embodied in these two updated projects. The workshop will use a combination of theory and small group discussion to unpack the theory into easily under-standable parts, and case studies to cover these topics.
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Facilitator Doug AndersonManaging Director, CAE SolutionsThe IIA
Facilitator Charlie Wright Director, Enterprise Risk SolutionsBKD
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Keynote Speaker John Sileo, CSPCEOThe Sileo Group
Keynote Speaker Larry Harrington, CIA, QIAL, CRMA, CPAVice President, Internal AuditRaytheon CompanyPast ChairmanIIA Global Board of Directors
10:15 – 11:30 a.m.
Which Leadership Quality Matters Most…With Clients and EmployeesLeaders who build trust excel at our two most important goals: create respected relationships with stakeholders and produce more work from their teams. Which trust skills matter most? Our studies say this:
1. Be transparent…show vulnerability by saying “I don’tknow,” take risks to do the right things, be consistentup and down the organization chart
2. Apologize when you should…take responsibility for allyou do right and wrong, commit to improving in thefuture
3. Hold others accountable…whether stakeholders orthose on your team, express clear expectations,recognize those who do well, and follow up with thosewho miss; keep performance discussions confidential
These same trust-building skills apply to our stakeholders, too, as small but strong indicators go a long way to believing in our competence and integrity. And those two words…competence and integrity…are in the first sentence of any auditor’s job description.
8:30 – 9:45 a.m.
Using Multiple Guidance Systems for the Governance of Enterprise ITLearning Objectives:
• Recognize the importance of having multiple“guidance systems” to navigate your GRC effortsin a holistic manner
• Learn how to leverage multiple perspectives andtechniques in balancing performance andconformance when determining GRC priorities
• Gain insight into how you can take the things you’velearned at the conference and apply them in a mannerthat truly creates value for your enterprise
Keynote Speaker Dick FinneganCEOC-Suite Analytics
10:15 a.m. – 5:05 p.m. 10:10 a.m. – 5:00 p.m.
REGISTER BY JUNE 12 AND SAVE US$200! Visit www.theiia.org/GRC to learn the latest and register.
Some sessions are still to be determined. Speakers and sessions are subject to change without notice.
EDUCATIONAL SESSIONS
Wednesday, Aug. 16EDUCATIONAL SESSIONS
Thursday, Aug. 17PRE-CONFERENCE WORKSHOPS
Tuesday, Aug. 15EDUCATIONAL SESSIONS
Friday, Aug. 18
Track 1: Attributes for Professional Improvement and Advancement
Establishing and Maintaining an Effective Internal Audit Quality Assurance and Improvement Program: Tips, Tricks, and Tools
Stretch Yourself: Developing Internal Audit Communication Techniques for all Audiences
Chutes and Ladders of Internal Audit: How to Rise and Fall Due to Meeting or Failing to Meet Stakeholder Expectations
Critical Thinking for Results
Voice of the Customer; Stakeholders Messages From the CBOK Global Internal Audit Study
Track 2: Privacy/Security in the Technology World
NIST Cybersecurity Framework Assessment
Auditing the Cloud Environment: An Introduction
A Real-life Practical Internal Audit Approach to Cybersecurity
Hunting for Hackers: How to Turn the Table on Hackers
Operationalizing Cybersecurity With Risk-based Governance
Track 3: Integrated Auditing/GRC
How Risk Culture Affects Compliance and Internal Controls
GRC IQ: How Intelligent Is your ERP Environment?
Best Practices for Proactive IT Governance
Integrated Audits for Business Processes
Stop Fraud Before It Starts: New Guidance for Managing Fraud Risks
Track 4: Deep Dive Interactive Sessions
Data Analytics at Xerox: A Journey From Idea to Reality
Measuring Effectiveness of a Risk-focused Third-party Risk Management Program
Auditing the Cloud Environment: Advanced
Implementing ERM in a Small to Medium Enterprise
How Vanguard’s Fund Process Excellence Team Is Building an Effective Controls Culture
Track 1: Attributes for Professional Improvement and Advancement
External Quality Assessments (EQA): The Benefits of and Leading Practices to Exceed Stakeholder Expectations
Adding Value by Managing the Perception Gap
Cultivate a Culture of Accountability: Achieve Desired Results
Why Emotional Intelligence and Critical Thinking Skills Are Essential
Getting the Boss to Listen to You: Becoming a Trusted Strategic Advisor
Track 2: Privacy/Security in the Technology World
Cloud Computing Controls: Managing Risk
Auditing Network Devices
Cyber Resilience Framework for the 21st Century Executive
Ransomware in the Enterprise
Post-merger Cyber Considerations
Track 3: Integrated Auditing/GRC
COSO’s Revised ERM Framework: It’s Final!
Collaborative Risk Management: Audit and the 2nd Line of Defense
Auditing Business Continuity
The Transformational Internal Auditor: Improving Compliance by Improving Process
Outsourcing: Who Is Responsible for the Risk?
Track 4: Deep Dive Interactive Sessions
Change Management Best Practices for ERP Systems: A Case Study From Audits of Oracle E-Business Suite Installations
FCPA: Are You Risk-focused and Audit Ready?
When Life Gives You Lemons: 5 Ways to Turn GRC Struggles Into Success
Utilize the STAR Model in Auditing Governance
Diamond in the Rough: Maximizing Synergies of Global Governance and Investigation
2017 Governance, Risk, and Control Conference
GENERAL SESSION: 8:30 – 9:45 a.m.
The Cyber Blacklist: Top Threats and Countermeasures for Data SecurityJohn Sileo’s identity was stolen by a business insider and used to embezzle $300,000 from his clients. This destroyed Sileo’s company and consumed two precious years as he fought to stay out of jail. Combining real-world experience with years of study, Sileo became an award-winning author and trusted advisor on managing privacy and reputation in an economy plagued by digital overexposure. His story helps empower others to take control of their data exposure before it is too late.
GENERAL SESSION: 8:30 – 9:45 a.m.
Internal Audit in a World of ChangeLearning Objectives:
• Discuss key disrupters of change affecting internal audit
• Identify what to audit and when in a world of change and disrupters
• Review competencies needed to adapt to change
• Explore strategies to retain those with the needed range of skills to conduct audits at the speed of risk
8:30 a.m. – 5:00 p.m.
COBIT® NIST Cybersecurity Framework Limited capacity: only 50 seats available!Prerequisites: Basic knowledge of COBIT and security concepts
This course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps, and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.
After completing this workshop, you will be able to:
• Understand the goals of the CSF
• Know and discuss the content of the CSF and what it means to align to it
• Understand each of the seven CSF implementation steps
• Be able to apply and evaluate the implementation steps using COBIT 5
8:30 a.m. – 5:00 p.m.
ERM Can Now Work! Putting the Updated COSO ERM Framework and ISO 31000 Standards Into Practice Limited capacity: only 50 seats available!
This workshop will use the new COSO ERM Framework, with reference to ISO 31000, to discuss how we should consider risk and what it means to properly manage risk in an organization. Those responsible for facilitating risk management in their organization, or auditing a risk management activity, will find this workshop to be useful in providing a firm understanding of how risk manage-ment should be defined, structured, and executed in organizations. In addition, as all auditors use risk as the foundation for audit planning, execution, and reporting, this workshop will provide insight on how an auditor’s view of risk should be upgraded to incorporate the latest thinking embodied in these two updated projects. The workshop will use a combination of theory and small group discussion to unpack the theory into easily under-standable parts, and case studies to cover these topics.
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Facilitator Doug AndersonManaging Director, CAE SolutionsThe IIA
Facilitator Charlie Wright Director, Enterprise Risk SolutionsBKD
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Keynote Speaker John Sileo, CSPCEOThe Sileo Group
Keynote Speaker Larry Harrington, CIA, QIAL, CRMA, CPAVice President, Internal AuditRaytheon CompanyPast ChairmanIIA Global Board of Directors
10:15 – 11:30 a.m.
Which Leadership Quality Matters Most…With Clients and EmployeesLeaders who build trust excel at our two most important goals: create respected relationships with stakeholders and produce more work from their teams. Which trust skills matter most? Our studies say this:
1. Be transparent…show vulnerability by saying “I don’t know,” take risks to do the right things, be consistent up and down the organization chart
2. Apologize when you should…take responsibility for all you do right and wrong, commit to improving in the future
3. Hold others accountable…whether stakeholders or those on your team, express clear expectations, recognize those who do well, and follow up with those who miss; keep performance discussions confidential
These same trust-building skills apply to our stakeholders, too, as small but strong indicators go a long way to believing in our competence and integrity. And those two words…competence and integrity…are in the first sentence of any auditor’s job description.
8:30 – 9:45 a.m.
Using Multiple Guidance Systems for the Governance of Enterprise ITLearning Objectives:
• Recognize the importance of having multiple “guidance systems” to navigate your GRC efforts in a holistic manner
• Learn how to leverage multiple perspectives and techniques in balancing performance and conformance when determining GRC priorities
• Gain insight into how you can take the things you’ve learned at the conference and apply them in a manner that truly creates value for your enterprise
Keynote Speaker Dick FinneganCEOC-Suite Analytics
10:15 a.m. – 5:05 p.m. 10:10 a.m. – 5:00 p.m.
REGISTER BY JUNE 12 AND SAVE US$200! Visit www.theiia.org/GRC to learn the latest and register.
Some sessions are still to be determined. Speakers and sessions are subject to change without notice.
EDUCATIONAL SESSIONS
Wednesday, Aug. 16EDUCATIONAL SESSIONS
Thursday, Aug. 17PRE-CONFERENCE WORKSHOPS
Tuesday, Aug. 15EDUCATIONAL SESSIONS
Friday, Aug. 18
Track 1: Attributes for Professional Improvement and Advancement
Establishing and Maintaining an Effective Internal Audit Quality Assurance and Improvement Program: Tips, Tricks, and Tools
Stretch Yourself: Developing Internal Audit Communication Techniques for all Audiences
Chutes and Ladders of Internal Audit: How to Rise and Fall Due to Meeting or Failing to Meet Stakeholder Expectations
Critical Thinking for Results
Voice of the Customer; Stakeholders Messages From the CBOK Global Internal Audit Study
Track 2: Privacy/Security in the Technology World
NIST Cybersecurity Framework Assessment
Auditing the Cloud Environment: An Introduction
A Real-life Practical Internal Audit Approach to Cybersecurity
Hunting for Hackers: How to Turn the Table on Hackers
Operationalizing Cybersecurity With Risk-based Governance
Track 3: Integrated Auditing/GRC
How Risk Culture Affects Compliance and Internal Controls
GRC IQ: How Intelligent Is your ERP Environment?
Best Practices for Proactive IT Governance
Integrated Audits for Business Processes
Stop Fraud Before It Starts: New Guidance for Managing Fraud Risks
Track 4: Deep Dive Interactive Sessions
Data Analytics at Xerox: A Journey From Idea to Reality
Measuring Effectiveness of a Risk-focused Third-party Risk Management Program
Auditing the Cloud Environment: Advanced
Implementing ERM in a Small to Medium Enterprise
How Vanguard’s Fund Process Excellence Team Is Building an Effective Controls Culture
Track 1: Attributes for Professional Improvement and Advancement
External Quality Assessments (EQA): The Benefits of and Leading Practices to Exceed Stakeholder Expectations
Adding Value by Managing the Perception Gap
Cultivate a Culture of Accountability: Achieve Desired Results
Why Emotional Intelligence and Critical Thinking Skills Are Essential
Getting the Boss to Listen to You: Becoming a Trusted Strategic Advisor
Track 2: Privacy/Security in the Technology World
Cloud Computing Controls: Managing Risk
Auditing Network Devices
Cyber Resilience Framework for the 21st Century Executive
Ransomware in the Enterprise
Post-merger Cyber Considerations
Track 3: Integrated Auditing/GRC
COSO’s Revised ERM Framework: It’s Final!
Collaborative Risk Management: Audit and the 2nd Line of Defense
Auditing Business Continuity
The Transformational Internal Auditor: Improving Compliance by Improving Process
Outsourcing: Who Is Responsible for the Risk?
Track 4: Deep Dive Interactive Sessions
Change Management Best Practices for ERP Systems: A Case Study From Audits of Oracle E-Business Suite Installations
FCPA: Are You Risk-focused and Audit Ready?
When Life Gives You Lemons: 5 Ways to Turn GRC Struggles Into Success
Utilize the STAR Model in Auditing Governance
Diamond in the Rough: Maximizing Synergies of Global Governance and Investigation
2017 Governance, Risk, and Control Conference
GENERAL SESSION: 8:30 – 9:45 a.m.
The Cyber Blacklist: Top Threats and Countermeasures for Data SecurityJohn Sileo’s identity was stolen by a business insider and used to embezzle $300,000 from his clients. This destroyed Sileo’s company and consumed two precious years as he fought to stay out of jail. Combining real-world experience with years of study, Sileo became an award-winning author and trusted advisor on managing privacy and reputation in an economy plagued by digital overexposure. His story helps empower others to take control of their data exposure before it is too late.
GENERAL SESSION: 8:30 – 9:45 a.m.
Internal Audit in a World of ChangeLearning Objectives:
• Discuss key disrupters of change affecting internal audit
• Identify what to audit and when in a world of change and disrupters
• Review competencies needed to adapt to change
• Explore strategies to retain those with the needed range of skills to conduct audits at the speed of risk
8:30 a.m. – 5:00 p.m.
COBIT® NIST Cybersecurity Framework Limited capacity: only 50 seats available!Prerequisites: Basic knowledge of COBIT and security concepts
This course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps, and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.
After completing this workshop, you will be able to:
• Understand the goals of the CSF
• Know and discuss the content of the CSF and what it means to align to it
• Understand each of the seven CSF implementation steps
• Be able to apply and evaluate the implementation steps using COBIT 5
8:30 a.m. – 5:00 p.m.
ERM Can Now Work! Putting the Updated COSO ERM Framework and ISO 31000 Standards Into Practice Limited capacity: only 50 seats available!
This workshop will use the new COSO ERM Framework, with reference to ISO 31000, to discuss how we should consider risk and what it means to properly manage risk in an organization. Those responsible for facilitating risk management in their organization, or auditing a risk management activity, will find this workshop to be useful in providing a firm understanding of how risk manage-ment should be defined, structured, and executed in organizations. In addition, as all auditors use risk as the foundation for audit planning, execution, and reporting, this workshop will provide insight on how an auditor’s view of risk should be upgraded to incorporate the latest thinking embodied in these two updated projects. The workshop will use a combination of theory and small group discussion to unpack the theory into easily under-standable parts, and case studies to cover these topics.
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Facilitator Doug AndersonManaging Director, CAE SolutionsThe IIA
Facilitator Charlie Wright Director, Enterprise Risk SolutionsBKD
Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting
Keynote Speaker John Sileo, CSPCEOThe Sileo Group
Keynote Speaker Larry Harrington, CIA, QIAL, CRMA, CPAVice President, Internal AuditRaytheon CompanyPast ChairmanIIA Global Board of Directors
10:15 – 11:30 a.m.
Which Leadership Quality Matters Most…With Clients and EmployeesLeaders who build trust excel at our two most important goals: create respected relationships with stakeholders and produce more work from their teams. Which trust skills matter most? Our studies say this:
1. Be transparent…show vulnerability by saying “I don’t know,” take risks to do the right things, be consistent up and down the organization chart
2. Apologize when you should…take responsibility for all you do right and wrong, commit to improving in the future
3. Hold others accountable…whether stakeholders or those on your team, express clear expectations, recognize those who do well, and follow up with those who miss; keep performance discussions confidential
These same trust-building skills apply to our stakeholders, too, as small but strong indicators go a long way to believing in our competence and integrity. And those two words…competence and integrity…are in the first sentence of any auditor’s job description.
8:30 – 9:45 a.m.
Using Multiple Guidance Systems for the Governance of Enterprise ITLearning Objectives:
• Recognize the importance of having multiple “guidance systems” to navigate your GRC efforts in a holistic manner
• Learn how to leverage multiple perspectives and techniques in balancing performance and conformance when determining GRC priorities
• Gain insight into how you can take the things you’ve learned at the conference and apply them in a manner that truly creates value for your enterprise
Keynote Speaker Dick FinneganCEOC-Suite Analytics
10:15 a.m. – 5:05 p.m. 10:10 a.m. – 5:00 p.m.
REGISTER BY JUNE 12 AND SAVE US$200! Visit www.theiia.org/GRC to learn the latest and register.
Some sessions are still to be determined. Speakers and sessions are subject to change without notice.
2017GRC Where Governance and Risk Management Align for Impact
Be among the global leaders at this
world-class event.
Aug. 16–18, 2017
Dallas-Ft. Worth, Texas, USA
#GRCconf
2017
GR
C W
here
Gov
erna
nce
and
Risk
Man
agem
ent A
lign
for I
mpa
ct
EAR
N U
P T
O 1
8 C
PE
CR
ED
ITS
.
SA
VE
US
$200 W
HEN
YO
U
REG
ISTE
R B
Y J
UN
E 12
, 201
7!
ww
w.t
heiia
.org
/GR
C
Join the Best and Brightest at 2017 GRC.2017 Governance, Risk, and Control ConferenceChallenges and changes impact our enterprises every day. To be best prepared for the future, it is critical to stay ahead of trends and share experiences with others about effective tools and solutions. The 2017 GRC Conference is an ideal setting to immerse yourself in a dynamic gathering of leaders in business, IT, and information systems governance, risk, and control. This unrivaled event is presented by two of the most globally respected associations in our field — The IIA and ISACA®.
Advance Your Knowledge and Gain New Insights 2017 GRC offers many opportunities for you to learn proven solutions for aligning governance and risk management, which you can take back and implement at your enterprise. This conference, which sold out the previous three years, takes place Aug. 16–18 at the Gaylord Texan Resort, in Dallas-Ft. Worth, Texas, USA.
Highlights of 2017 GRC include:
• Thought-provoking speakers who share real-world experiences and solutions
• Customized learning to meet your needs
• Innovative ideas to move your enterprise and your career forward
• Networking with global professionals
• Ability to earn up to 18 CPE hours, plus 7.5 more for a pre-conference workshop
Find the Solutions You Need Choose from among 40+ sessions and workshops to gain the knowledge and skills that are most important to you. Led by globally recognized experts, sessions are grouped into four hot-topic tracks:
• Attributes for Professional Improvement and Advancement
• Privacy/Security in the Technology World
• Integrated Auditing of GRC
• Deep Dive Interactive Discussions
Stay at the Heart of the Conference Action!
Gaylord Texan Resort & Convention Center1501 Gaylord TrailGrapevine, TX 76051, USA (Dallas-Ft. Worth area)Hotel reservations: +1-817-778-1000
Enjoy a first-class experience with southern hospitality as you participate in 2017 GRC sessions and activities. Overlooking beautiful Grapevine Lake, the resort features 4.5 acres of lush indoor gardens and winding waterways.
Your 2017 GRC conference registration includes:• All general and concurrent sessions
• Complimentary continental breakfast daily
• Complimentary lunches on Wednesday and Thursday
• Welcome networking reception on Wednesday
• Conference app with presentations uploaded (when available from speaker)
Bring your coworkers! Organizations that send 4 or more employees to 2017 GRC receive a group discount. For details, contact: +1-407-937-1111 or [email protected].
Special Discounted Room Rates for IIA and ISACA Attendees! Special hotel rates of $209 per night plus tax are available if booked by Friday, July 14, 2017. To obtain the preferred rate, mention that you are attending the 2017 GRC Conference.
Some restrictions apply. See details at www.theiia.org/GRC.
Conference Members and Registration Fees Nonmembers CPE
Early Bird – register by June 12 $1,345 18
Regular – through August 12 $1,545 18
Late – after August 12 $1,645 18
Pre-conference Workshops (each) $550 7.5
Save $200 if you register by June 12, 2017!
The IIA and ISACA are registered with the National Association of State Boards of Accountancy (NABSA) as sponsors of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org. IIA and ISACA certification holders are required to earn a minimum number of CPE credit hours in order to maintain their designations.
Attendees can earn up to 18 CPE hours by attending this conference and an additional 7.5 credits for attending optional Pre-conference Workshops. This IIA/ISACA conference is Group Live and does not require advanced preparation.
GRC Sold Out the Last Three Years.Space is limited — please reserve your seat soon!
Register today! www.theiia.org/GRC
3701
Alg
onqu
in R
oad,
Sui
te 1
010
Rol
ling
Mea
dow
s, IL
600
08, U
SA
370
2017GR
C W
here Governance and Risk Managem
ent Align for Impact
Be am
ong th
e
glo
bal le
aders at th
is w
orld
-class eve
nt.
Aug. 1
6–1
8, 2
017
Dallas-F
t. Worth
, Texas, U
SA
#G
RC
conf
2017GRC Where Governance and Risk Management Align for Impact
EARN UP TO 18 CPE CREDITS.
SAVE US$200 WHEN YOU REGISTER BY JUNE 12, 2017!
www.theiia.org/GRC
Join the Best and Brightest at 2017 GRC.2017 Governance, Risk, and Control ConferenceC
hallenges and changes impact our enterprises every day. To be best
prepared for the future, it is critical to stay ahead of trends and share experiences w
ith others about effective tools and solutions. The 2017 G
RC
Conference is an ideal setting to im
merse yourself in a dynam
ic gathering of leaders in business, IT, and inform
ation systems governance,
risk, and control. This unrivaled event is presented by two of the m
ost globally respected associations in our field —
The IIA and IS
AC
A®.
Advance Your Knowledge and Gain New
Insights 2017 G
RC
offers many opportunities for you to learn proven solutions for
aligning governance and risk managem
ent, which you can take back and
implem
ent at your enterprise. This conference, which sold out the previous
three years, takes place Aug. 16–18 at the G
aylord Texan Resort, in
Dallas-Ft. W
orth, Texas, US
A.
Highlights of 2017 G
RC
include:
•Thought-provoking speakers w
ho share real-world experiences
and solutions
•C
ustomized learning to m
eet your needs
•Innovative ideas to m
ove your enterprise and your career forward
•N
etworking w
ith global professionals
•A
bility to earn up to 18 CP
E hours, plus 7.5 m
ore for a pre-conference w
orkshop
Find the Solutions You Need C
hoose from am
ong 40+ sessions and w
orkshops to gain the knowledge
and skills that are most im
portant to you. Led by globally recognized experts, sessions are grouped into four hot-topic tracks:
•A
ttributes for Professional Im
provement and A
dvancement
•P
rivacy/Security in the Technology W
orld
•Integrated A
uditing of GR
C
•D
eep Dive Interactive D
iscussions
Stay at the Heart of the Conference Action!
Gaylo
rd Texan R
esort &
Co
nvention C
enter1501 G
aylord TrailG
rapevine, TX 76051, US
A
(Dallas-Ft. W
orth area)H
otel reservations: +1-817-778-1000
Enjoy a first-class experience with southern hospitality as you participate in
2017 GR
C sessions and activities. O
verlooking beautiful Grapevine Lake,
the resort features 4.5 acres of lush indoor gardens and winding w
aterways.
Your 2017 GRC conference registration includes:•
All general and concurrent sessions
•C
omplim
entary continental breakfast daily
•C
omplim
entary lunches on Wednesday and Thursday
•W
elcome netw
orking reception on Wednesday
•C
onference app with presentations uploaded (w
hen available from speaker)
Bring your cow
orkers! Organizations that send 4 or m
ore employees to 2017 G
RC
receive a group discount. For details, contact: +1-407-937-1111 or C
ustomerR
Sp
ecial Discounted
Room
Rates for IIA
and IS
AC
A A
ttendees! S
pecial hotel rates of $209 per night plus tax are available if booked by Friday, July 14, 2017. To obtain the preferred rate, m
ention that you are attending the 2017 GR
C C
onference.
Som
e restrictions apply. See details at w
ww
.theiia.org/GR
C.
Co
nference M
emb
ers and
Reg
istration F
ees N
onm
emb
ers C
PE
Early B
ird – register by June 12 $1,345
18
Regular – through A
ugust 12 $1,545
18
Late – after August 12
$1,645 18
Pre-conference W
orkshops (each) $550
7.5
Save $200 if you register by June 12, 2017!
The IIA and ISACA are registered with the National Association of State Boards of Accountancy
(NABSA) as sponsors of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Com
plaints regarding registered sponsors may be subm
itted to the National Registry of CPE Sponsors through its w
ebsite: ww
w.learningmarket.org. IIA and ISACA certification holders
are required to earn a minim
um num
ber of CPE credit hours in order to maintain their designations.
Attendees can earn up to 18 CPE hours by attending this conference and an additional 7.5 credits for attending optional Pre-conference W
orkshops. This IIA/ISACA conference is Group Live and does not require advanced preparation.
GRC Sold Out the Last Three Years.Space is lim
ited — please reserve your seat soon!
Register today! ww
w.theiia.org/GRC
3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008, USA
370