Agenda Day 1, April 15, 2021: (see Agenda Day 2) (back to GRC EMEA Event Summary)
(time zone used is Central European Time)
08.30 – Welcome and Networking in Lounge
09.00 – Having your Governance in Place and Managing Risks Across the Supply Chain
• Build and share governance role with Corporate Risk Management and Compliance
• Interact with business partners along the Supply Chain Risk Management process
• Implement a digital IT platform to gain full end-to-end supply chain visibility
Jian Huang, Global Head of Corporate Supply Chain Risk Management, HELLA
09.45 – The Compliance Paradox: Why GRC Initiatives Should Never Slow You Down
Do you over-comply? The compliance team’s primary function is to apply already established rules: to work within ever-expanding mandatory boundaries and processes and not to create them, aside from internal compliance initiatives. However, compliance teams inevitably develop unique methods and tasks to report across the business; Particularly when teams must apply their own interpretation of a general text, or vague compliance language, which is the case for most compliance programs. These expanding checklist exercises can soon end up consuming more resources than necessary, and the processes can quickly become manual and redundant.
There is a lot of overlap between different initiatives, including security, privacy, and internal governance practices. You already have a GRC strategy, how can GRC professionals best leverage modern applications to realize new efficiencies? In this presentation, we’ll discuss what type of infrastructure you should look for to support optimized compliance practices today. Taking a “by design” approach to GRC system configuration, without the need for traditional customizations. We’ll also focus on standards to help you scale GRC outside of your second-line professionals to enhance accountability for individuals across your organization.
Scott Bridgen, GRC Consulting Manager, OneTrust GRC
10.30 – Virtual Coffee and Networking
• Private Smaller Meetings at Virtual Roundtables and 1-to-1 Meetings
• Meetings with Event Partners at their Virtual Tables
11.00 – Flipping the Pyramid - Benefits of Control Automation and Data Driven Compliance - Quality Up and Compliance Cost Down
• Push Assurance down to the 1st line while retaining independence and objective
o Transition supported by tooling and proper change management - from build on controls towards build in controls, how to re-use by the 2/3/4 Line of defense, cultural adjustments and cross-silo collaborations.
• Reducing manual processes through data decisions support:
o Various forms of data driven compliance like control automation, transaction monitoring and decision support including prescription of direction
• The next frontier - Data and AI in compliance processes:
o Further enhancing decision support by embedding AI/NLP to help prescribe or predict compliance related workflows
Anton Lissone, Chief Technology Officer, SAI Global
Peter Paul Brouwers, Partner, KPMG GRC Technology
11.45 – Achieving Maturity on the Corporate GRC RoadMap
• The journey (Start with ownership and low hanging fruits, not the technology)
• The value (GRC is “100%” geared towards the first line of defence)
• The tools (Tell me the story)
Jan Heemskerk, Head Operational Risk Management, NN Investment Partners
12.30 – Integrating New Businesses after M&A: Ingredients for Success
• The GRC journey from due-diligence to integration
• Lessons learned from a recent acquisition
Laurence Houlbert, Senior Manager Global Compliance, nVent
13.15 - Lunch Break
14.15 - Looking for Added Value in your Audits? Start Creating Involvement of your First Line Management!
• What does stakeholder management mean in an internal audit?
-What are the business leaders’ internal audit needs?
-What kind of risks or uncertainties do they see?
-Are the business’ value drivers clearly defined to steer your internal audit?
• Can we use better practices to challenge management?
-Is subject matter expertise available in the audit team?
-Do you want to assess and look back or forward?
-What is key for business?
• Involvement of management in the audits is King!
-What have we learned from the agile approach?
-Why is the difference between ‘delivering assurance’ or ‘creating insights’ relevant?
-True involvement will lead to change!
Ronald Jansen, Chief Audit Executive, Ingka Services B.V. (IKEA)
15.00 – How to Augment Your Existing GRC Solution with Third-Party Risk Management
Considering that more than 60% of data breaches involve a third-party, how can organizations develop a simplified, holistic risk management strategy that encompasses not only internal risk factors, but also those introduced by external parties? Join Brenda Ferraro, an experienced third-party risk management leader from Aetna, PayPal/eBay and Charles Schwab, as she explores key third-party risk management considerations, including:
• How 3rd party risks start before day 1 & how to assess it
• The top assessment types to expand the scope of risk assessment efforts
• The role of continuous monitoring to validate the presence of controls
Attendees will gain a clear picture of where GRC solutions end, and where dedicated third-party risk management solutions can fill the gaps for a complete enterprise risk management approach.
Brenda Ferraro, Global GRC Executive, Prevalent
15.45 – Having a Climate Change Risk Strategy in your GRC Agenda
• Commonly seen as the next Black Swan event, is your company preparing GRC strategies to mitigate against climate change events?
• Considering your global operations locations, employee location and living/work conditions, carbon footprint
• Anticipating the effect of possible future climate events (and their short and long term affects) such as rising sea level, extreme weather, energy scarcity, sudden economic crisis
• Readjusting your organisation’s structure to account for these factors
Rudi Hex, Audit Process Owner, KBC Group
16.30 - Virtual Coffee and Networking
• Private Smaller Meetings at Virtual Roundtables and 1-to-1 Meetings
• Meetings with Event Partners at their Virtual Tables
17.00 – Behavior and Cultural Risk Management: “Soft” Governance
• Embedding integrity, motivation, discipline, transparency, and independence
• Key practices to achieving the correct culture & behavior
o Leadership and tone from the top
o Trainings, honest communications
o Incentives/compensation
o Additional “soft” controls
Andrew Bailey, Head of Forensic and Compliance, Airbus
17.45 – Strategic Project Governance
Florence Touze, GRC Delegate Director, Thalys
18.30 – Closing Remarks from the Chair and End of Day 1