The day’s agenda included keynotes and panels on technology, GRC, Cyber Risk Explainable AI and more.
San Jose, California, November 18, 2020: Day two of the MetricStream GRC Summit 2020 brought together a truly exceptional gathering of leaders in governance, risk, compliance, audit, and cyber from across the world. Carrying forward the themes from the first day, the presentations and discussions on the second day explored aspects of integration, adaptability and purpose in the context of GRC and technology such as AI, all within the context of the global pandemic and the future.
Andy Diggelmann, CTO MetricStream set the tone for the day with a compelling keynote on how MetricStream is shaping the future of risk management and GRC. He spoke of the new normal we are facing from a risk perspective, how our integrated risk management platform – intelligent by design- allows to strive in this new normal and how current and future technology innovations turn the accelerated digitization into huge opportunities for risk and GRC professionals.
"We need to cope with the current situation, apply the learnings to our GRC practices and evolve, and leverage the interconnected GRC hub to thrive in the future"
In a Fireside Chat with Tami Dokken Chief Data Privacy Officer, World Bank and Vidya Phalke, Chief Innovation and Infosec Officer, MetricStream, the duo discussed issues around the impact of COVID-19 on data privacy. Tami explained how as we return to work, we will be asked to fill in daily health questionnaires, and have temperature checks etc - things that would have been unfathomable prior to March. “Trust is key”, she emphasized. She stressed that organisations must use personal data in an appropriate way. Tami spoke on how we need to distinguish between data privacy and data security - two sides of the same coin, necessary for responsible data practices. She said it was like locking your filing cabinet at the end of the day, we now think of security as cyber protection. Data privacy on the other hand is the entire lifecycle of the use of personal data - including your IP address or your geolocation data.
“Privacy by design is incorporating all the underlying concepts into the fabric of every activity that an organization is doing”
Of the many panel discussions of the day, here are details of a few...
A riveting panel discussion on Bringing Ethical and Explainable AI to GRC explored how Artificial Intelligence (AI) is increasingly used for decisions that affect everyone’s life– even potentially life or death ones. AI can improve human decision-making, but it has its limits. There are good chances that the abundant of information processed using AI technologies can be biased or can be used in unethical ways to gain advantage in this competitive environment, that brings into question the reliability. This needs to be addressed through explainability of the data, reproducibility in testing for consistent results and auditability. When it comes GRC (Governance, Risk, and Compliance) solutions, AI plays a central role. AI will help organizations to be agile and responsive in reviewing new legislations and their impact on business processes.
Moderated by Yo McDonald, VP Customer Success and Engagement, MetricStream, participating panellists included Piyush Chowhan, Chief Information Security Officer, Lulu Group, Thomas Berngruber, Head of Data Analytics, Jyske bank, Bhaskar Dasari, Founder, Vivid Edge Corp, Elaine Weidman-Grunewald, Founder AI Sustainability Center.
The day also served up an interesting Panel Discussion on the Role of GRC during and post COVID business environment
This panel featuring analysts Michael Rasmussen. GRC 20/20 and Sid Dash from Chartis explored the challenges posed by COVID-19 on GRC programs Michael spoke on how he has seen a lot of organisations rethink their enterprise risk management strategies. A lot of organisations focused on IT security, but some of the other risks we’re facing are environmental or health and safety, such as the global pandemic, etc. He commented that many risk management programs are not balanced, and that he’s seen a lot of restructuring and balance in risk management programs in their coverage of the impacts facing the organisation.
“We need to leverage technology that’s intuitive, flexible and agile for the organization to meet the needs of the back office but also deliver the engagement needed for the front office”
Sid added that COVID-19 had made IT infrastructure clear. There needs to be a lot of thinking about cyber risk and so on. A lot of organisations were focused on surviving COVID-19 in the first half. But in the second half, there’s been a lot of thinking about the risks we are exposed to. There’s been a trend in the last few years to involve the front office a lot more, and COVID-19 has accelerated that.
“We need more interconnectedness, both technologically and individually”
In an enlightening Fireside Chat at the end of the day’s sessions, Ramesh Rasker Associate Professor, MIT Media Lab, responded to Anindo Banerjea, SVP Engineering, Cloud Platform Development’s question on how we should look at AI and governance and said, “ We think about decentralisation and computational privacy as a technique to mitigate risks. Idea to reduce risks is to not send the data in its raw form but to only share the wisdom and the raw data stays with the client.”
He continued,”COVID is a good example of how people have started thinking about decentralisation. Distributed and decentralised machine learning is going to be around which requires a lot of data, but data is unavailable because of privacy, trade secrets and regulation.”
Anindo asked how should we think about balance between bias and privacy; good for human society while also avoiding dangers of using data in the wrong way? Ramesh responden, “Before the green padlock on the browser, we physically entered credit card details and when we see this symbol we feel secure. If we can give people confidence that their data is being used in the right way, they will feel secure and we will start sharing data in an unfiltered way because we feel safe as with the green padlock. It’s the start of a new era in risk and compliance of data.”
An exciting new addition to this Summit is the “Ask The Expert’ chat room, where attendees can reach out to any MetricStream experts to better understand its products and solutions. Attendees can also book an appointment with our Executives
The MetricStream GRC Summit is on from November 16 – 18. Don’t miss out on the
excitement! Register now
About the GRC Summit
This is the eighth year of the GRC Summit. Past keynote speakers include General Colin L. Powell, former U.S. Secretary of State and National Security Advisor; Nassim Nicholas Taleb, author of the New York Times bestseller The Black Swan; Jim Quigley, CEO Emeritus, Deloitte, and Member of the Board, Audit Committee Chair, Risk Committee & Credit Committee, Wells Fargo & Company; and Lowell McAdam, CEO, Verizon Communications, among others. The event is one of the most influential gatherings of GRC business leaders, board members, regulators and practitioners.
MetricStream is the independent market leader in enterprise cloud applications for Governance, Risk, Compliance (GRC)/Integrated Risk Management(IRM). MetricStream apps and software solutions improve business performance by strengthening risk management, corporate governance, regulatory compliance, audit management, vendor governance, and quality management for organizations across industries, including banking and financial services, healthcare, life sciences, energy and utilities, consumer brands, government, technology and manufacturing. MetricStream is headquartered in California, with centers in New York, London, Milan, Madrid, Dubai, Sydney and Bangalore, among several other cities globally (www.metricstream.com).