Day 1: Monday, October 16, 2023
Registration & Networking
(Hotel Lobby)
Track 1 (York Suite)
Track 2 (Lancaster Suite)
Workshop
Enterprise GRC by Design: Blueprint for an Effective, Efficient & Agile Enterprise GRC Management Program
Enterprise GRC by Design is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” This requires that GRC needs to be understood in the context of enterprise strategy, objectives, architecture, and processes. GRC by Design requires an enterprise/organization architecture approach to the organization and how it operates.
Michael Rasmussen
GRC Analyst & Pundit, GRC 20/20 Research
Workshop
"REAL" Cyber Risk Quantification: How to model and build a Cyber Risk Quantification program as a strategic and operational decision support system
The need for effective cyber risk management based on quantification has been recognized for many years as a prerequisite for success. Many of the models to date provide lots of promise but fall woefully short of delivering effective, scalable, and viable solutions to support near-real-time decision-making and prioritization. In part, this is due to the fact that the models focus almost exclusively on loss avoidance and are scenario-based. In this workshop, you'll get an up-close-and-personal overview of how Asset Value-based Risk Quantification works, how to model it in any business vertical, and how to get started on this pioneering approach to "real" risk quantification and management.
Grace Beason
Director of Governance, Risk and Compliance, Guidewire SoftwareGavin Anthony Grounds
CEO & Co-Founder, Mercury Risk and Compliance, Former - Meta & VerizonNetworking Break
(Piano Bar Kensington)
Workshop
(Continued)
Enterprise GRC by Design: Blueprint for an Effective, Efficient & Agile Enterprise GRC Management Program
Enterprise GRC by Design is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” This requires that GRC needs to be understood in the context of enterprise strategy, objectives, architecture, and processes. GRC by Design requires an enterprise/organization architecture approach to the organization and how it operates.
Michael Rasmussen
GRC Analyst & Pundit, GRC 20/20 Research
Product Session
Accelerate Your GRC with Flexible No Code/Low Code Customization
The foundation of a strong GRC and risk management program is a flexible, integrated software platform – one that is cognitive and powered by artificial intelligence for smart decisions; continuous and always available through automation and mobile; and cloud-based for fast access and easy, low-code updating. Explore the basis of the next generation of GRC – the MetricStream platform. Uncover new opportunities and discover the power of low-code/no-code.
Joy Bhowmick
Senior Vice President, Product Development, MetricStreamSunay Zelewat
Associate Director, Product Management, MetricStreamNetworking & Cocktails
(Piano Bar Kensington)
Day 2: Tuesday, October 17, 2023
Registration
(Hotel Lobby)
Networking Breakfast
(Palace Suite Lobby)
Welcome Note
Introduction and Welcome
(Palace Suite)
Jonathan Quayle
Regional Vice President, Europe, MetricStreamOpening Keynote
Experience the Power of Connection
Today's volatile and dynamic world, characterized by interconnected risks, increasing regulations, and rapidly emerging operational, cyber, geopolitical, enterprise, and technology challenges, demands new ways of working. Join us to learn how ConnectedGRC is powering agility and resilience through connected, cognitive, and cloud-based risk management.
Gaurav Kapoor
CEO and Co-Founder, MetricStreamDavid Storey
Vice President Health, Safety & Environment, dnataSarah Harman
Leader - Operational Risk Framework and Systems, Nationwide Building SocietyPanel
Navigating Complexity: Strategies for Mitigating Interconnected Risks and Compliance Challenges in a Dynamic Business Environment
Cyber. Operational Resilience. Enterprise. Supply Chain. Geopolitical. Cloud. As risks interconnect and regulations like DORA require immediate attention, how can risk and GRC leaders stay ahead? Join C-level experts as they discuss creating a connected framework to manage and mitigate interconnected risks, strategies to keep up with fast-moving regulatory change, and the importance of AI and automation in managing risk.
Azizi Bin Md Ali
Chief Compliance Officer, Petroliam Nasional Berhad (PETRONAS)Toby Billington
Managing Director - ICG Business Risk and Controls leadership team, CitiProduct Keynote
Future of ConnectedGRC
The future of Governance, Risk, and Compliance (GRC) lies in the integration of cognitive technologies, continuous monitoring, and cloud solutions. This paradigm shift, enabled through automated workflows, AI-driven insights, and cloud adoption, holds the promise to improve risk identification, mitigation, and compliance. Real-time monitoring enables proactive risk management, while cloud adoption fosters scalability and accessibility. In this session, experts will explore how these advancements streamline decision-making, heighten operational efficiency, and ensure adaptive compliance in an ever-evolving business landscape.
Prasad Sabbineni
Co-CEO, MetricStreamRaghuram Srinivas
SVP, Product Management, MetricStreamJoy Bhowmick
Senior Vice President, Product Development, MetricStreamNetworking Break
(Palace Suite Lobby)
Customer Case Study
Nordea
Jacob Holmehave
Head of Group Risk Office, NordeaBrian F. Sørensen
Chief Execution Leader - Group Risk Change Management, NordeaPanel
Driving Operational Resilience through Governance, Risk, Compliance, Cyber and Audit
Risks can occur in any part of your business--and preparing for them can't occur in siloes. Becoming operationally resilient requires a proactive, connected approach across governance, risk, compliance, audit, and cyber functions. In this C-level session, discover how to build a true resilience strategy across all lines of business and functions and the role of automation and AI to streamline GRC and audit processes.
Chandrra Sekhaar
Chief Audit Executive (EMEA) - SMF 5, MizuhoJacqui McDonald
CIO Group Finance, RFT Technology, BarclaysNor Harliza Baharom
General Counsel, Compliance Strategy & Planning, Petroliam Nasional Berhad (PETRONAS)Expert Talk
Agile and Cognitive GRC – Managing the Benefits and Risk of AI
New technologies like Generative AI hold the promise of transforming the GRC function by making it fully agile and resilient – yet AI too poses its own risks and challenges. Join Michael Rasmussen, the “father of GRC” from GRC 20/20 Research, as he explores the possibilities and pitfalls of AI for GRC and how you can adapt in this fast-changing technological landscape.
Michael Rasmussen
GRC Analyst & Pundit, GRC 20/20 ResearchNetworking Lunch
(Piano Bar Kensington)
Track 1 (Palace Suite)
Track 2 (York Suite)
Customer Case Study
dnata
David Storey
Vice President Health, Safety & Environment, dnata
Customer Case Study
Mediolanum
Denise Murray
Head of Risk & Compliance, Mediolanum International FundsPanel
The Changing Role of Internal Audit
Discover the evolving landscape of internal audit in the UK, Europe, and globally in this dynamic panel discussion. Uncover the latest trends, challenges, and opportunities that are reshaping the profession. Learn from industry experts as they provide valuable insights on adapting and excelling in this changing audit environment.
Brandon Wright
Head of Books & Records Audit, Bilfinger SEIvan Martinez
Chief Audit Executive, Banco Santander London BranchDespina Andreadou
Chief Audit Executive, Eurobank S.A.Neil Currie
Product – Integration and RegData, CUBE
Product Session
Accelerate Your GRC with Flexible No Code/Low Code Customization
The foundation of a strong GRC and risk management program is a flexible, integrated software platform – one that is cognitive and powered by artificial intelligence for smart decisions; continuous and always available through automation and mobile; and cloud-based for fast access and easy, low-code updating. Explore the basis of the next generation of GRC – the MetricStream platform. Uncover new opportunities and discover the power of low-code/no-code.
Joy Bhowmick
Senior Vice President, Product Development, MetricStreamSunay Zelewat
Associate Director, Product Management, MetricStreamCustomer Case Study
Nationwide Building Society
Sarah Harman
Leader - Operational Risk Framework and Systems, Nationwide Building SocietyPhil Crook
Head of Compliance, Nationwide Building Society
Product Session
Power What's Next in Enterprise & Operational Risk Management
In today’s connected world, managing enterprise and operational risks requires a complete, collaborative approach – across the organization and the extended enterprise, including your third parties. In this session, we will explore the importance of holistic enterprise and operational risk management strategies to identify and manage risk. Learn how MetricStream enables you to manage risk and ultimately, thrive on risk with a structured approach, best practice risk assessment methodologies and standards, and an accurate understanding of risk exposure across your organization.
Sunay Zelewat
Associate Director, Product Management, MetricStreamRitesh Kini
Director, Customer Success Europe, MetricStreamPanel
Modern Compliance: Connection, Collaboration, and Culture
Modern compliance is far from just a checkbox exercise: It's a business enabler that drives collaboration and value across and even outside the enterprise. From building a culture of compliance to connecting compliance data to uncover risks to collaborating across compliance areas like ESG, third-party risk, audit, HR, and more, join our panel of experts to see how strategic compliance can build value for your business.
Sophie Dupre-Echeverria
Chief Risk & Compliance Officer, GIB Asset ManagementPhil Crook
Head of Compliance, Nationwide Building SocietyPeter Funck
Head of Governance, Risk and Compliance, TrafikverketNael Kamil Nor Hisham
Senior Manager, Compliance System & Solutions, PETRONAS
Panel
Ensuring Collaboration Across the Lines of Defense to Strengthen Internal Controls
The effectiveness of an organization's internal controls is crucial in safeguarding assets, ensuring compliance, and mitigating risks. Achieving a robust control environment, however, hinges on seamless collaboration and communication across the lines of defense within the organization. This session explores strategies and best practices to break down silos and foster cooperation between the "Three Lines of Defense."
Fazal Mohammed
Head of ORM - Asset Management, Phoenix GroupBenjamin Rowsell
Head of Enterprise and Operational Risk, Nationwide Building SocietyJane Claydon
UK Compliance Director, American ExpressDorothea Liebl
Head of Internal Control Governance, Siemens EnergyNetworking Break
(Palace Suite Lobby) & (Piano Bar Kensington)
Panel
Innovation and Risk: Encouraging a Risk-Taking Mindset for Business Growth
In today's fast-paced and competitive landscape, fostering a culture of innovation and embracing calculated risks has become imperative for organizations seeking sustainable growth and success. The discussion delves into the challenges and opportunities that arise when encouraging a risk-taking mindset within the context of driving innovation and achieving business growth.
Philipp Herrmann
Head Risk Management, Operations Department, Abu Dhabi Investment AuthoritySahil Bhardwaj
Group Head of Internal Audit & Risk, British Standards Institution (BSI)Petr Brezina
Manager Operational Risk, KBC Asset ManagementDr. Jenny J Birdi
Head of Operational Risk and Risk Strategy UK, HSBC
Product Session
Power What's Next in IT & Cyber Risk, Compliance Management
Cyber risks and attacks are escalating sharply, with data breaches at an all-time high cost of $4.4M – putting your organization at business, financial, and reputational risk. In addition, new cyber regulations are being introduced, creating the need for fast disclosure time and robust compliance and risk management. Multiple standards and frameworks demand harmonization and automated control testing. How can your organization meet these evolving risk management and compliance needs – across IT, security, and the business? Join this session for practical advice and tips on how MetricStream can help.
Jose Biscaya
Director, Platform Product Manager - IT & Cyber Security, MetricStreamCustomer Case Study
Siemens Energy
Michael Gropp
IT Program Manager GRC, Siemens Energy
Expert Talk
Real-World Case Studies: Delivering Business Value and Operational Excellence Through Enterprise, Cyber Risk, and Compliance Management
As digital and cyber risks explode, a holistic approach to managing them is essential. The principles that apply to governance, risk, and compliance also apply to IT risk and compliance, especially as risks become more and more interconnected and attack surfaces expand. In this session, a practitioner will describe building a connected IT GRC/risk/compliance program from the ground up and the results generated.
Grace Beason
Director of Governance, Risk and Compliance, Guidewire SoftwareGavin Anthony Grounds
CEO & Co-Founder, Mercury Risk and Compliance, Former - Meta & VerizonClosing Keynote
(Palace Suite)
Gunjan Sinha
Executive Chairman, MetricStreamGRC Journey Awards
Recognizing GRC Excellence: The GRC Journey Awards
What does GRC excellence look like in action? MetricStream will recognize key achievements of customers and partners in the field of governance, risk and compliance management.
Reception
(Piano Bar Kensington)