GRC Summit Agenda
Explore our comprehensive schedule of workshops, keynotes, and networking sessions
12:00 PM - 1:00 PM
Registration & Networking
Palace Suite Lobby
1:00 PM - 3:00 PM
UK Corporate Governance Code by Design: A Blueprint for Risk & Internal Control Effectiveness Under Provision 29
Victoria Suite
Speakers
The implementation of Provision 29 under UK Corp Governance Code marks the most significant shift in UK risk and control expectations in over a decade and organisations that treat it as a mere compliance exercise will fall short. In this hands-on, two-hour workshop, globally recognised GRC analyst and thought leader Michael Rasmussen delivers a structured, practical blueprint for designing and sustaining a modern risk and internal control framework that meets the expectations of boards, regulators, and investors. You will leave equipped to translate Provision 29 into a performance advantage, embedding risk and control into strategy, operations, and culture across your organisation. This workshop is for you if you are a: Board Member, CRO, Internal Auditor, GRC Professional, Compliance Officer, or Risk & Control Leader navigating the new governance landscape.
The Intelligent Risk Function: How AI is Redefining Risk Management for the Modern Enterprise
Albert Suite
Speakers
AI is transforming risk management from a reactive, periodic function into one that is cognitive, continuous, and connected. In this practical two-hour workshop, Manoj Kulwal explores where generative and agentic AI add real value across core risk activities, how to scale adoption responsibly, and the Top 10 Emerging AI Risks every risk leader needs on their radar in 2026 with concrete steps to act on immediately.
3:00 PM - 3:30 PM
Break
Palace Suite Lobby
3:30 PM - 4:30 PM
AI in GRC by Design: Orchestrating Governance, Risk Management & Compliance in the Age of Intelligent Systems
Victoria Suite
Speakers
Artificial intelligence is reshaping how organizations govern, manage risk, and maintain compliance — and GRC functions that fail to adapt risk being left behind. In this intensive two-hour workshop, renowned GRC analyst and thought leader Michael Rasmussen explores how AI is transforming GRC from a manual, reactive discipline into an intelligent, enterprise-wide orchestration capability. Drawing on the principles of GRC 7.0 – GRC Orchestrate, Michael will guide attendees through practical approaches to embedding AI across governance, risk, and compliance programs, improving risk intelligence, regulatory insight, control monitoring, and decision support. This is not a theoretical discussion. Attendees will leave with a clear understanding of where AI delivers the greatest impact in GRC, how to design AI-enabled architectures that connect objectives, risks, controls, and assurance, and how to establish the guardrails needed for responsible, explainable AI use.
From UI to AI: Inside the Latest MetricStream Regulatory Compliance Innovations
Albert Suite
Speakers
This session takes you inside the most significant enhancements to MetricStream's Regulatory Compliance suite. We'll cover the Euphrates II UI/UX uplift — delivering a cleaner, more intuitive experience — alongside a range of new functional features that give compliance teams greater control and visibility. And at the heart of it all: AI. Discover how MetricStream's latest AI capabilities are helping compliance teams cut through regulatory noise, reduce manual effort, and stay ahead of change — faster and with greater confidence. A practical, product-focused session built for compliance professionals who want to see real capability, not just concepts.
4:30 PM - 5:30 PM
AI in GRC by Design: Orchestrating Governance, Risk Management & Compliance in the Age of Intelligent Systems
Victoria Suite
Speakers
Artificial intelligence is reshaping how organizations govern, manage risk, and maintain compliance — and GRC functions that fail to adapt risk being left behind. In this intensive two-hour workshop, renowned GRC analyst and thought leader Michael Rasmussen explores how AI is transforming GRC from a manual, reactive discipline into an intelligent, enterprise-wide orchestration capability. Drawing on the principles of GRC 7.0 – GRC Orchestrate, Michael will guide attendees through practical approaches to embedding AI across governance, risk, and compliance programs, improving risk intelligence, regulatory insight, control monitoring, and decision support. This is not a theoretical discussion. Attendees will leave with a clear understanding of where AI delivers the greatest impact in GRC, how to design AI-enabled architectures that connect objectives, risks, controls, and assurance, and how to establish the guardrails needed for responsible, explainable AI use.
Connected Cyber GRC for Resilience
Albert Suite
5:30 PM - 7:30 PM
Drinks & Reception
8:00 AM - 8:45 AM
Registration & Networking Breakfast
Palace Suite Lobby
8:45 AM - 8:50 AM
Introduction and Welcome
Palace Suite
8:50 AM - 9:25 AM
Orchestrating the Future of GRC with AI-First Strategy
Palace Suite
Speakers
In today's rapidly evolving risk landscape—driven by cyber threats, regulatory changes, and operational complexity—organizations are looking for a simpler, smarter and faster way to manage GRC. This keynote explores the future of GRC with an AI-first strategy and how to orchestrate human and AI insights for maximum impact. Explore how generative and agentic AI streamline assessments, automate evidence collection, and deliver real-time insights—driving agility, accountability, and strategic impact. See how AI-first Connected GRC simplifies governance and amplifies outcomes across the enterprise.
9:25 AM - 10:10 AM
Keynote & Fireside Chat
Palace Suite
Speakers
10:10 AM - 10:55 AM
Amplifying Strategic Outcomes and Driving Customer Value
Palace Suite
Speakers
Join Marc Levine, CEO of MetricStream, as he shares his visionary perspective on the future of MetricStream and GRC. In this keynote, Marc will showcase how MetricStream is reimagining GRC with a focus on customer experience, simplicity, and value.
10:55 AM - 11:10 AM
GRC Journey Awards
Palace Suite
The GRC Journey Awards honor outstanding MetricStream customers and partners who are shaping the future of governance, risk, and compliance. These awards recognize organizations and individuals who demonstrate exceptional vision, execution, and impact in advancing risk-aware cultures, driving operational resilience, and delivering business value through innovative GRC strategies and solutions.
11:10 AM - 11:30 AM
Break
Palace Suite Lobby
11:30 AM - 12:10 PM
Driving Outcomes with AI and Resilience: How Leading Organisations Are Simplifying GRC
Palace Suite
Speakers
Risk and compliance programs built on periodic audits, manual processes, and siloed data are no longer fit for purpose. As regulatory demands multiply and operational risks converge, leading organisations are turning to AI to shift from reactive compliance to continuous, connected risk intelligence. This panel brings together senior practitioners who are transforming how their organisations approach GRC simplifying complexity, reducing manual burden, and delivering the board-level insights that drive real resilience. They'll share what's working, what's changed, and what's next for the future of risk and compliance.
12:10 PM - 12:55 PM
Choose Your Own Risk Adventure: Navigating the Enterprise from the Bridge
Palace Suite
Speakers
In this interactive keynote by Michael Rasmussen, we invite you to step onto the bridge of the Enterprise. Imagine your organization as a starship moving through a constantly shifting galaxy of risks and opportunities. Around you are asteroid fields of cyber threats, emerging planetary systems of geo-political risk, gravitational forces of social accountability expectations, and complex trade routes across vast third-party ecosystems. The decisions made on the bridge determine whether the mission succeeds or fails. Modern risk management must therefore evolve from a reactive discipline into the command center of strategic navigation by enabling leaders to see signals across the enterprise, anticipate disruption to confidently guide the organization forward.
12:55 PM -1:55 PM
Networking Lunch
Palace Suite Lobby
1:55 PM - 2:35 PM
The GRC Metrics That Matter to Boards and Regulators
Palace Suite
Speakers
Boards and regulators are demanding sharper, more actionable insights from GRC programs to drive informed decisions and ensure accountability. This panel will explore the key risk, compliance, and resilience metrics that truly resonate with leadership and regulatory bodies. Learn how to translate complex GRC data into meaningful narratives, highlight performance and risk trends, and demonstrate business value. Join industry leaders as they discuss best practices for aligning GRC metrics with strategic and regulatory expectations.
UK Corporate Governance, DORA & NIS2: Audit-Ready by Design with One Common Controls Program
Kensington Suite
Speakers
2:35 PM - 3:15 PM
Zurich Insurance's AI-Powered GRC Journey with MetricStream
Palace Suite
Speakers
As one of the world's leading insurance providers, Zurich Insurance Group has embarked on a transformative journey to embed artificial intelligence across its GRC operations. In this case study, Fabien and Dean will demonstrate how Zurich is leveraging AI to move from reactive compliance management to proactive, intelligent risk and control optimization. Through live demonstrations, they will showcase groundbreaking AI use cases reshaping their GRC landscape. Attendees will gain practical insights into how Zurich is building a smarter, faster, and more resilient GRC function - turning AI from a buzzword into a tangible business advantage across their global operations.
What’s Next for Enterprise & Operational Risk Management?
Kensington Suite
Speakers
As the risk landscape evolves, operational risk management must adapt to new challenges including emerging technologies, increasing regulatory expectations, and rapidly changing market conditions. In this session, panelists will explore the key shifts shaping the future of operational risk, how to make ORM more strategic and business aligned, and how to drive actionable insights through AI, automation, and risk quantification. Join us to learn practical strategies to elevate ORM programs, strengthen governance and resilience, and help organisations stay competitive in a dynamic risk environment.
3:15 PM - 3:35 PM
Break
Palace Suite Lobby
3:35 PM - 4:15 PM
AI in Risk and Internal Controls: What Works, What Doesn’t, and What Comes Next
Palace Suite
Speakers
As organisations rapidly adopt AI across risk and control functions, the reality often falls somewhere between promise and hype. This panel cuts through the noise to explore where AI is genuinely delivering value today, where it is falling short, and what leaders need to rethink as internal control and assurance models evolve. Senior practitioners will share real world lessons on trust, explainability, governance, and auditability, and discuss how risk, compliance, and internal audit functions must adapt as AI becomes embedded in the control environment.
From Cyber Risk to Enterprise Risk: How are IT and cyber risk becoming core to enterprise GRC strategy?
Kensington Suite
Speakers
As cyber, technology, and operational threats continue to reshape the business landscape, organisations are moving beyond siloed security and compliance conversations to embed these risks into broader enterprise wide GRC and strategic risk management frameworks. This panel will explore how leading enterprises are integrating cyber, technology, compliance, and operational risk into enterprise risk reporting, strengthening board level accountability, and building resilience across business operations and third party ecosystems. Join senior cyber, compliance, and enterprise risk leaders as they share practical insights on aligning emerging risk domains with business priorities, enhancing governance visibility, and driving more integrated, data driven decision making through modern GRC strategies.
4:15 PM - 4:55 PM
AI, Trust and Accountability: What the Board Expects from Risk, Audit, Compliance and Security
Palace Suite
Speakers
As AI adoption accelerates, boards are demanding greater transparency, stronger governance and clearer accountability across risk, audit, compliance and security functions. This panel will explore how senior leaders are strengthening oversight, building trust in AI driven decisions, and aligning risk and assurance strategies with evolving regulatory and ethical expectations. Join senior executives as they share practical insights on enabling innovation while maintaining control, resilience and board level confidence.
Panel
Kensington Suite
4:55 AM -5:25 PM
From Implementation to Intelligence: How AI Makes GRC Transformation Stick
Palace Suite
GRC platforms go live, but value rarely follows — adoption stalls, users revert to workarounds, and the programme becomes expensive infrastructure rather than strategic capability. The reality is that most organisations still implement GRC as a software project rather than an organisational transformation, "out of the box" remains more myth than reality, and user experience is rarely treated as a first-order design principle. AI is changing this equation across the full lifecycle — accelerating and enriching implementation, closing adoption gaps through intelligent training and real-time guidance, and delivering intuitive experiences that make strategic GRC feel effortless rather than enforced. This panel explores what GRC buyers should demand from their platforms today, whether agentic AI will complement or replace traditional GRC tooling, and how organisations can build a GRC capability that continuously learns, adapts, and gets smarter as risks, regulations, and business models evolve around it.
Product Session
Kensington Suite
5:25 PM - 5:40 PM
Closing Note
Palace Suite
Speakers
5:40 PM - 7:10 PM