A Look Back at the GRC Summit 2019

Introduction

Now in its seventh year, the GRC Summit hosted by MetricStream is one of the biggest and most anticipated events for GRC practitioners around the world. This year, the summit was held on June 2-5 in Baltimore, Maryland, bringing together over 450 GRC and business leaders to talk about the latest trends and opportunities in GRC. It was an incredible four days of learning, discovery, and collaboration—topped off by an exclusive cruise, as well as a glittering awards ceremony.

Here are some of the top highlights from the summit:

• Integrity Front and Center

In keeping with the theme of the summit—”Perform with Integrity™”—many of the speakers pointed out that financial performance is no longer the sole indicator of success. Trust is what really drives business today, and integrity is what drives trust.

MetricStream CEO, Mikael Hagstroem talked about building integrity by fostering a sense of compassion in the way we approach customers, the way we treat employees, and the way we shape the future of technology. “Successful performance—be it an individual level, an organizational level, or a global level—begins with a spark of passion that, when guided by integrity and compassion, helps us improve the human condition, and enable a higher quality of life,” he said.

MetricStream Chairman, Gunjan Sinha, emphasized the need to build purpose-driven organizations where doing good is as much of a priority as doing well. A strong sense of purpose, he predicted, is what will define the successful organizations of the future, along with a commitment to diversity, inclusion, empowerment of the front line, ethical data, and social conscious AI.

• Tony Scott on the Key Transformation Drivers of the Next Five Years

The former Chief Information Officer of the United States government (2015-17) described how “relentless digitization” is rapidly upending traditional analog business models. And with it, the notion of security and privacy by design is becoming more important than ever. Technology is moving faster than we’re prepared for, he cautioned. Do we understand the risks of new tools like AI and machine learning? How do we build good governance, accountability, and transparency around these new technologies? How do we keep humanity at the center of innovation? All key questions to consider.

• Jim Quigley: Coping with the “Knowns” and “Unknowns” of Business

Drawing on his experience as a member of the board and risk committee at Wells Fargo, as well as CEO Emeritus of Deloitte, Jim Quigley talked about why the work of GRC practitioners is so critical in helping boards and management teams make better strategic decisions in the midst of escalating “known unknowns” and “unknown unknowns.” He also emphasized the importance of building sustainable risk cultures. “The biggest driver of culture in any organization is observable behavior,” he said, quoting a colleague. “We want people to raise their hands and identify problems as quickly as possible.”

• The Power of Innovation

MetricStream’s Chief Technology Officer, Andreas Diggelmann, along with Chief Innovation and Cloud Officer, Vidyadhar Phalke, delved into the new technology innovations that are emerging across the whole chain of GRC. Chatbots, for instance, are being used to capture issue data from the first line of defense in a manner that is simple and engaging. Predictive analytics are being used in the second and third lines to anticipate and respond to potential emerging risks proactively. Machine learning tools are enabling executive teams to detect risk patterns, and understand optimal mitigation practices based on historical evidence. Essentially, the possibilities with technology are endless.

• Anna Felländer on Being Vigilant to the Ethical Risks of AI

Co-founder of the AI Sustainability Center, Anna Felländer pointed out that in a data-driven world, AI is key to helping organizations build better operational efficiency and deeper client relationships. Yet, it also introduces many ethical risks around the misuse/ overuse of the technology as well as multiple biases. If we want to avoid these pitfalls, we need to start investing as much in the humanistic side of AI as the engineering side, she said. We need to shape a future where humans lead AI, not the other way around. We need to find ways of ensuring that technology doesn’t get ahead of regulation.

• Risk Management Is Everyone’s Responsibility

Many of the speakers emphasized the need to strengthen risk awareness at every level of the organization, right from the front lines to the boardroom. “Risk needs to be something that companies walk, talk, eat, and breathe every day,” said Kenneth Bacon, Member of the Board, Comcast, and Co-founder and Managing Partner, RailField Realty Partners. We need to have more risks and issues self-identified by the business rather than by internal audit or regulators, pointed out Sarah Dahlgren, Head of Regulatory Relations – Corporate Risk, Wells Fargo & Company. The more proactive the first and second lines of defense are in reporting risk data, the better informed and more confident the board and management team can be in their strategic decision-making processes.

• In a Fast-Changing World, GRC Must be Agile

Disruption is the only constant in business today, pointed out MetricStream’s Chief Operating Officer, Gaurav Kapoor. If we want to be prepared for the new risks around the corner, GRC programs have to be agile, he said. Other speakers talked about what agility entails. Raven Catlin, Former CAE and Industry Expert in Internal Audit and Risk Management, described how internal audit must be ready to embrace new tools, new skills, and new approaches to auditing. Michael Rasmussen, Chief GRC Pundit, GRC 20/20, highlighted the importance of integration and collaboration in building more agile GRC functions.

• A Celebration of GRC Champions

The much-anticipated GRC Journey awards ceremony, held on day 1 of the summit, recognized and honored MetricStream’s business partners, individuals, and customer organizations that have made significant strides on their GRC journey towards strengthening business performance. This year, there were 17 award recipients across five categories.

• Connecting and Collaborating

There were plenty of opportunities for attendees to connect, share with, and learn from with each other – be it the many interactive workshops and networking sessions, or the relaxed “happy hours.” Day 2 of the summit culminated in an exclusive cruise down Patapsco River which saw attendees letting loose and singing their hearts out at a Karaoke session.