GRC Summit Agenda
Explore our comprehensive schedule of workshops, keynotes, and networking sessions
12:00 PM - 1:00 PM
Registration & Networking
1:00 PM - 3:00 PM
UK Corporate Governance Code by Design: A Blueprint for Risk & Internal Control Effectiveness Under Provision 29
Speakers
The implementation of Provision 29 under UK Corp Governance Code marks the most significant shift in UK risk and control expectations in over a decade and organisations that treat it as a mere compliance exercise will fall short. In this hands-on, two-hour workshop, globally recognised GRC analyst and thought leader Michael Rasmussen delivers a structured, practical blueprint for designing and sustaining a modern risk and internal control framework that meets the expectations of boards, regulators, and investors. You will leave equipped to translate Provision 29 into a performance advantage, embedding risk and control into strategy, operations, and culture across your organisation. This workshop is for you if you are a: Board Member, CRO, Internal Auditor, GRC Professional, Compliance Officer, or Risk & Control Leader navigating the new governance landscape.
The Intelligent Risk Function: How AI is Redefining Risk Management for the Modern Enterprise
Speakers
AI is transforming risk management from a reactive, periodic function into one that is cognitive, continuous, and connected. In this practical two-hour workshop, Manoj Kulwal explores where generative and agentic AI add real value across core risk activities, how to scale adoption responsibly, and the Top 10 Emerging AI Risks every risk leader needs on their radar in 2026 with concrete steps to act on immediately.
3:00 PM - 3:30 PM
Break
3:30 PM - 4:30 PM
AI in GRC by Design: Orchestrating Governance, Risk Management & Compliance in the Age of Intelligent Systems
Speakers
Artificial intelligence is reshaping how organizations govern, manage risk, and maintain compliance — and GRC functions that fail to adapt risk being left behind. In this intensive two-hour workshop, renowned GRC analyst and thought leader Michael Rasmussen explores how AI is transforming GRC from a manual, reactive discipline into an intelligent, enterprise-wide orchestration capability. Drawing on the principles of GRC 7.0 – GRC Orchestrate, Michael will guide attendees through practical approaches to embedding AI across governance, risk, and compliance programs, improving risk intelligence, regulatory insight, control monitoring, and decision support. This is not a theoretical discussion. Attendees will leave with a clear understanding of where AI delivers the greatest impact in GRC, how to design AI-enabled architectures that connect objectives, risks, controls, and assurance, and how to establish the guardrails needed for responsible, explainable AI use.
What's New in MetricStream's Operational Risk and Enterprise Risk Management
4:30 PM - 5:30 PM
AI in GRC by Design: Orchestrating Governance, Risk Management & Compliance in the Age of Intelligent Systems
Speakers
Artificial intelligence is reshaping how organizations govern, manage risk, and maintain compliance — and GRC functions that fail to adapt risk being left behind. In this intensive two-hour workshop, renowned GRC analyst and thought leader Michael Rasmussen explores how AI is transforming GRC from a manual, reactive discipline into an intelligent, enterprise-wide orchestration capability. Drawing on the principles of GRC 7.0 – GRC Orchestrate, Michael will guide attendees through practical approaches to embedding AI across governance, risk, and compliance programs, improving risk intelligence, regulatory insight, control monitoring, and decision support. This is not a theoretical discussion. Attendees will leave with a clear understanding of where AI delivers the greatest impact in GRC, how to design AI-enabled architectures that connect objectives, risks, controls, and assurance, and how to establish the guardrails needed for responsible, explainable AI use.
Connected Cyber GRC for Resilience
5:30 PM - 7:30 PM
Drinks & Reception
8:00 AM - 8:45 AM
Registration & Networking Breakfast
8:45 AM - 8:50 AM
Introduction and Welcome
8:50 AM - 9:25 AM
Orchestrating the Future of GRC with AI-First Strategy
In today's rapidly evolving risk landscape—driven by cyber threats, regulatory changes, and operational complexity—organizations are looking for a simpler, smarter and faster way to manage GRC. This keynote explores the future of GRC with an AI-first strategy and how to orchestrate human and AI insights for maximum impact. Explore how generative and agentic AI streamline assessments, automate evidence collection, and deliver real-time insights—driving agility, accountability, and strategic impact. See how AI-first Connected GRC simplifies governance and amplifies outcomes across the enterprise.
9:25 AM - 9:50 AM
Amplifying Strategic Outcomes and Driving Customer Value
9:50 AM - 10:35 AM
Driving Outcomes with AI and Resilience: How Leading Organisations Are Simplifying GRC
Speakers
Risk and compliance programs built on periodic audits, manual processes, and siloed data are no longer fit for purpose. As regulatory demands multiply and operational risks converge, leading organisations are turning to AI to shift from reactive compliance to continuous, connected risk intelligence. This panel brings together senior practitioners who are transforming how their organisations approach GRC simplifying complexity, reducing manual burden, and delivering the board-level insights that drive real resilience. They'll share what's working, what's changed, and what's next for the future of risk and compliance.
10:35 AM - 11:20 AM
External Keynote
Speakers
11:20 AM - 11:40 AM
Break
11:40 AM -12:20 PM
AI-First Connected GRC: The Next Frontier in Risk and Resilience
As GRC continues to evolve in an increasingly complex risk environment, the next frontier is being shaped by the transformative power of artificial intelligence. AI is the catalyst accelerating every element of Connected GRC. From predictive analytics to intelligent automation and real-time decision support, learn how MetricStream AI-first Connected GRC is redefining how organizations anticipate risk, ensure compliance, and drive strategic agility. Whether you're a risk, audit or compliance executive this session will equip you with actionable strategies to future-proof your GRC programs and unlock measurable value—at scale.
12:20 PM - 1:05 PM
Choose Your Own Risk Adventure: Navigating the Enterprise from the Bridge
Speakers
In this interactive keynote by Michael Rasmussen, we invite you to step onto the bridge of the Enterprise. Imagine your organization as a starship moving through a constantly shifting galaxy of risks and opportunities. Around you are asteroid fields of cyber threats, emerging planetary systems of geo-political risk, gravitational forces of social accountability expectations, and complex trade routes across vast third-party ecosystems. The decisions made on the bridge determine whether the mission succeeds or fails. Modern risk management must therefore evolve from a reactive discipline into the command center of strategic navigation by enabling leaders to see signals across the enterprise, anticipate disruption to confidently guide the organization forward.
1:05 PM -2:05 PM
Networking Lunch
2:05 PM - 2:45 PM
The GRC Metrics That Matter to Boards and Regulators
Speakers
Boards and regulators are demanding sharper, more actionable insights from GRC programs to drive informed decisions and ensure accountability. This panel will explore the key risk, compliance, and resilience metrics that truly resonate with leadership and regulatory bodies. Learn how to translate complex GRC data into meaningful narratives, highlight performance and risk trends, and demonstrate business value. Join industry leaders as they discuss best practices for aligning GRC metrics with strategic and regulatory expectations.
UK Corporate Governance, DORA & NIS2: Audit-Ready by Design: with One Common Controls Program
Speakers
Learn how to consolidate overlapping requirements from DORA operational resilience, and NIS2 into a single common controls program. We’ll cover how to harmonize controls across frameworks, define test cadence, centralize and reuse evidence, and run one remediation workflow, so audits become retrieval, not a scramble.
2:45 PM - 3:25 PM
To Be Announced
What’s Next for Enterprise & Operational Risk Management?
Speakers
As the risk landscape evolves, operational risk management must adapt to new challenges including emerging technologies, increasing regulatory expectations, and rapidly changing market conditions. In this session, panelists will explore the key shifts shaping the future of operational risk, how to make ORM more strategic and business aligned, and how to drive actionable insights through AI, automation, and risk quantification. Join us to learn practical strategies to elevate ORM programs, strengthen governance and resilience, and help organisations stay competitive in a dynamic risk environment.
3:25 PM - 3:45 PM
Break
3:45 PM - 4:25 PM
AI in Risk and Internal Controls: What Works, What Doesn’t, and What Comes Next
Speakers
As organisations rapidly adopt AI across risk and control functions, the reality often falls somewhere between promise and hype. This panel cuts through the noise to explore where AI is genuinely delivering value today, where it is falling short, and what leaders need to rethink as internal control and assurance models evolve. Senior practitioners will share real world lessons on trust, explainability, governance, and auditability, and discuss how risk, compliance, and internal audit functions must adapt as AI becomes embedded in the control environment.
From Cyber Risk to Enterprise Risk: How are IT and cyber risk becoming core to enterprise GRC strategy?
Speakers
As cyber threats continue to reshape the business landscape, organisations are moving beyond siloed security conversations and embedding cyber risk into enterprise wide GRC strategy. This panel will explore how leading enterprises are connecting cyber risk with enterprise risk reporting, strengthening board level accountability, and building resilience across operations and third party ecosystems. Join senior risk and GRC leaders as they share practical insights on aligning technology risk with business priorities, improving governance visibility, and driving more integrated, data driven decision making through modern GRC approaches.
4:25 PM - 5:05 PM
AI, Trust and Accountability: What the Board Expects from Risk, Audit, Compliance and Security
Speakers
As AI adoption accelerates, boards are demanding greater transparency, stronger governance and clearer accountability across risk, audit, compliance and security functions. This panel will explore how senior leaders are strengthening oversight, building trust in AI driven decisions, and aligning risk and assurance strategies with evolving regulatory and ethical expectations. Join senior executives as they share practical insights on enabling innovation while maintaining control, resilience and board level confidence.
dnata's GRC Journey
Speakers
5:05 PM - 5:20 PM
Closing Note
Speakers
5:20 PM - 6:50 PM