The Power of Connection: Reflections from the 2023 GRC Summit in MiamiGRC | 7 Min Read |11 July 23|by Patricia McParland
Just a few short weeks ago, on June 13-15, 250+ governance, risk, and compliance leaders braved the Miami heat for the event of the summer: The GRC Summit. I had the privilege of being the MC, and it was invigorating, given the breadth and depth of content, and being face-to-face with so many inspiring leaders.
For two and half days, MetricStream was privileged to host some of the leading minds in GRC – including 50+ speakers – who shared best practices, case studies, and insights on where leaders should focus and what they should prioritize and enjoyed the time to network with colleagues and celebrate as we announced the 2023 GRC Journey Awards winners.
I wanted to share a few highlights and key themes that I experienced. For video highlights and presentations, please visit the 2023 GRC Summit site.
The Power of AI and Automation
If there was one overall theme that surfaced in almost every discussion, it was how artificial intelligence presents an immense opportunity to gain even greater efficiency while at the same time introducing a whole new field of risks to manage and mitigate. Most panels focused on some element of AI – the possibilities to automate, make recommendations, and remediate, as well as the potential risks and rewards.
Of course, AI isn’t new. Many researchers point to British computer pioneer Alan Turing as the father of AI in the 1940s, and we’re all familiar with machine learning for processing vast amounts of data to make decisions easier. Some argue that the history of AI goes all the way back to Plato! (See this fun history from Tableau.)
But the explosion of generative AI with ChatGPT from Open.ai onto the scene last November has changed everything. Nearly every session at the Summit touched on AI in some way:
- How can AI help detect data breaches and protect my company from cyber risk? How can it be used by bad actors?
- Will AI itself be regulated, and how can I keep up with the evolving regulations to use AI in an ethical, governed way? What should I be thinking about now?
- How can I use AI to understand, manage, and gain insights from my vast amounts of GRC and control data – whether it’s internal or external data?
AI’s ability to automate processes like control monitoring, third-party risk evaluation, creation of a common view of risks across your enterprise, and so much more is groundbreaking. (See the discussion of MetricStream’s just-announced product AiSPIRE, below, for more on this aspect!)
Here are two quotes that sum up the depth of discussions around AI.
“We need GRC for AI, not just AI for GRC,” explained Gunjan Sinha, Co-Founder and Executive Chairman, MetricStream.
Prasad Sabbineni, Co-CEO, MetricStream, cautioned on over-regulation. “Use common sense to harness the power of AI before you over-regulate,” he said.
The Inspiration of AiSPIRE
A top highlight of the summit was the launch of MetricStream’s brand-new product AiSPIRE- an industry-first AI-powered, knowledge-centric GRC product designed to gather intelligence from an organization’s existing GRC and risk data to break down siloes and provide guidance to improve the effectiveness of existing programs.
What’s exciting about AiSPIRE is that it connects with any GRC platform, creating connected insights from underlying risk and control data, and providing recommendations to improve the performance of existing risk and control environments.
AiSPIRE stands apart from other GRC tools that rely on manually defined rules and workflows and works by leveraging your organization’s data to train advanced machine learning models and AI. It further can continuously and intelligently sense risk and control deficiencies, patterns of over-testing and under-testing of controls.
The result? AiSPIRE, powered by AI, enables you to anticipate risks with proactive planning and prioritization of risk assessments, control testing, issue, and action planning. We believe it’s a game-changer – and we invite you to learn more about MetricStream AiSPIRE today!
Cyber Risk Management – A Strategic Safeguard
Cyber risk was also a primary topic of focus. Now a critical concern for organizations across all industries – a top 10 risk according to the World Economic Forum, with a data breach cost at a global high of $4.4M according to thinktank the Ponemon Institute – cyber risk was on attendees’ minds. Discussions centered around various strategies to effectively manage it, including:
- Ensuring active risk management to reduce the risk of cyber breaches
- Using cyber risk quantification to measure risk exposure and prioritize cyber risks
- Implementing AI and automation for greater efficiency
- Leveraging continuous control monitoring for improved compliance and security, particularly in the cloud – featuring advice from our guest speakers from AWS
The Regulatory World is Getting More Complex
The current complexities in the regulatory environment, the pace of change along with cross-border compliance and compounding compliance costs was also top of mind.
My favorite quote came from Kellie Bickenbach, Head of Control Assurance, First Citizens Bank. During the session on Effectively Managing Operational Risks Through Control Rationalization for Improved Decision-Making, Kellie said, “I think of a control as hungry mouths that need to be fed. For every control there is care and feeding.”
This summed up the discussion well.
From Risk to Opportunity: Resilience Requires a Connected Approach
Managing risk effectively today has now become a vital asset in strengthening strategic foresight. Viewed through the lens of growth, it represents value and opportunity. But today, risks are interconnected. Viewed in isolation they can lead to hidden and potentially catastrophic consequences.
Gaurav Kapoor, Co-CEO and Co-Founder, best summarized it when he said. “On the surface, tidal islands are like risks. They appear to have no connection but under the water line, they are all connected.”
As organizations strive to attain a competitive edge in the market, a key differentiator will be their ability to implement a connected approach to risk management. This, along with the adoption of technologically advanced GRC tools, will help organizations strengthen their operational resiliency strategies.
The Collective Strength of the GRC Community
True to the theme The Power of Connection, the Summit was also notable for how it united the strengths of some of the best minds in GRC.
- Learning from Success in Action
Nothing excites the GRC community more than watching their peers recount real-life triumphs.
Several of our customers from diverse industries presented their success stories, which served as powerful demonstrations of how organizations have successfully navigated the complex landscape of GRC challenges.
Sessions from the National Credit Union Administration, Guidewire, Apple Bank, Blue Cross Blue Shield of Michigan, Autodesk, and American Fidelity Assurance saw candid conversations on how innovative strategies and continuous improvement helped build proactive approaches to audit, enterprise risk management, compliance, cyber risk management, and third-party risk management.
The showcasing of their achievements not just encouraged their peers, but the learnings will surely serve as a catalyst for the growth and advancement of the entire GRC community.
For example, Jonathan Ruf, First Vice President - Head of Cyber and Information Risk, Apple Bank, speaking about the importance of strong, well-defined processes for technology to perform at its optimal level made the important point that “Technology will only provide visibility to how bad your processes are,” while Michael Cover, Director, Blue Cross Blue Shield of Michigan, reiterated the importance of the frontline in risk management. “Frontline is the cornerstone of risk management. They have all the information and can provide the right intelligence,” he said.
- Awarding GRC Excellence
Another highlight of the Summit was the 2023 GRC Journey Awards. These awards recognize exceptional performance and progress from our customers and partners on their all-important GRC journeys. Outstanding GRC program leaders, visionaries, practice leaders, and partners who championed GRC programs, achieved superior business performance, and created high-value impact through GRC were awarded in four categories: GRC Journey Awards, GRC Visionary Awards, GRC Practice Leader Awards, and GRC Partner Awards.
We congratulate all the winners!
Learn more about the awards and winners.
Connecting with Peers
The Summit also served as a potent networking platform for promoting collective growth, fostering innovation, and driving the field of GRC forward. The sense of collaboration, connection, and community at the Summit amazed me: experts were quick to share how they solved their challenges and sign up to help each other moving forward. The connections did not stop at the Summit.
Amidst the bustling atmosphere during networking sessions, GRC leaders and practitioners shared experiences, exchanged best practices, and discussed challenges. The multiple themes and threads of discussion also acted as a major source of encouragement for those who are about to embark on their own GRC journey.
Get Ready for the GRC Summit in London!
As we wrapped up our days in Miami, I heard a lot of “great conference” and “you hit our GRC questions on the head.” All credit goes to the event team for their organization and the superb presenters for sharing their GRC experiences and wisdom.
We’ll be doing it again in October in London! We hope to see you there! Register now.
Learn more on what was discussed at the GRC Summit: Download the presentations. Register to watch the videos.