Where Governance and Risk Management Align for Impact

2016GRCan I IA and ISACA co l l abora t ion

Aug. 22– 24, 2016 | Fort Lauderdale, Florida, USA

Be among the global leaders at this world-class event.

Reserve Your Place Today!#GRCConf

© 2

015

ISA

CA

. All

right

s re

serv

ed.

Join Us in Ft. Lauderdale, Fla., USA2016 Governance, Risk, and Control ConferenceMany of the best and brightest minds in business, IT, and information systems governance, risk, and control gather at GRC each year. Advance your knowledge and join these leaders at the 2016 conference. This innovative event is presented by two of the most respected and globally recognized associations in our field—The IIA and ISACA®.

Embrace Challenges, Forge Solutions, and Define the Future of GRC Collaboration is key to growth and success. At GRC 2016 you’ll learn the latest tips and tools in aligning governance and risk management to add value to your enterprise. This conference, which sold out the previous two years, takes place Aug. 22–24, 2016, at the Diplomat Resort & Spa in Ft. Lauderdale, Florida, USA. By attending GRC 2016, you can:

• Be inspired by world-class speakers.

• Learn solutions to business issues regarding enterprise governance, risk, and control.

• Gain and share innovative ideas to move your enterprise and your career forward.

• Meet new colleagues and build your network of peers.

• Earn up to 18 CPE hours—plus 7.5 more if you participate in a pre-conference workshop.

Select the Sessions and Workshops That Fit Your Needs Customize your experience. GRC 2016 offers more than 50 sessions and workshops led by globally recognized experts. Select the learning that is best for you from four dynamic tracks:

• Cyber: Risks, Controls, and Probabilities

• IT Audit Core Principles

• Internal Audit: Personal Brand Enhancement Strategies

• Internal Audit Core Skills Refinement

Stay at the Heart of the Conference Action!Diplomat Resort & Spa3555 S. Ocean DriveHollywood, FL 33019Hotel reservations: +1-954-602-6000

Take in spectacular views of the Atlantic Ocean and the Intracoastal Waterway from the Diplomat Resort & Spa Hollywood, by Hilton. Ideally situated on golden sand beaches, this resort blends full business amenities in a distinctly memorable location.

Your 2016 GRC conference registration INCLUDES: • Complimentary continental breakfast daily.

• Complimentary lunches on Monday and Tuesday.

• Welcome networking reception on Monday night.

• Conference app with presentations uploaded (when available from speaker).

Bring Your Colleagues! Organizations that send 4 or more employees to GRC 2016 can receive a group discount. For details, contact: +1-407-937-1111 or CustomerRelations@theiia.org.

Special Discounted Room Rates for IIA/ISACA Attendees! Special hotel rates of US$209 per night plus tax are available three days prior to and following the conference, and are subject to availability. To obtain the preferred rate, mention that you are attending the 2016 GRC Conference.

Reservation requests received after July 21, 2016 will be honored on a space-available basis only. All reservations must be guaranteed with a deposit of one night’s room rate. Individuals are responsible for securing their own deposit at the time reservations are made. One-night room deposit (excluding taxes) is required at time of reservation. If a reservation is cancelled within three days of arrival, the full deposit will be forfeited (non-refundable). If a reservation is reduced in length of the stay within the cancellation period, a penalty fee applies. All reservations require a valid credit card and picture identification at check-in. Visit our website for details on discounted transportation to the event.

Conference Members and Registration Fees Non-members CPE

Early Bird – register by June 20 US$1,295 18

Regular – through August 12 US$1,495 18

Late – after August 12 US$1,595 18

Pre-conference Workshops (each) US$550 7.5

Save US$200 if you register by June 20, 2016!

The IIA and ISACA are registered with the National Association of State Boards of Accountancy (NABSA) as sponsors of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org. IIA and ISACA certification holders are required to earn a minimum number of CPE credit hours in order to maintain their designations.

Attendees can earn up to 18 CPE hours by attending this conference and an additional 7.5 credits for attending optional Pre-conference Workshops. This IIA/ISACA conference is Group Live and does not require advanced preparation.

GRC Sold Out the Last Two Years.Space is limited, please reserve your seat soon.

Register today! www.theiia.org/GRCWhe

re G

over

nanc

e an

d R

isk

Man

agem

ent

Alig

n fo

r Im

pact

2016GR

Ca

n I

IA a

nd

IS

AC

A c

oll

ab

ora

tio

n

Aug.

22–

24, 2

016

|

Ft. L

aude

rdal

e, F

la.,

USA

Regi

ster

by

June

20,

201

6 an

d sa

ve U

S$20

0!

www.th

eiia.org/GRC

3701

Alg

onqu

in R

oad,

Sui

te 1

010

Rol

ling

Mea

dow

s, IL

600

08, U

SA

370

EDUCATIONAL SESSIONS

Monday, Aug. 22EDUCATIONAL SESSIONS

Tuesday, Aug. 23PRE-CONFERENCE WORKSHOPS

Sunday, Aug. 21EDUCATIONAL SESSIONS

Wednesday, Aug. 24

Track 1: Cyber: Risks, Controls, and Probabilities

Cyber (In)Security

Mandatory Convergence of IT Audits and Operational Audits

Information Security From a Criminal Perspective

Five Practical Steps Toward Managing Cyber Risks

Cybersecurity First Aid Kit: Steps to Recover From a Data Breach

Biting Off More Than the Enterprise Can Chew— Is Cyber Security Assurance Achievable: Smart City as Context

Track 2: IT Audit Core Principles

Information Security, not just an afterthought

The Intersection of IT and Audit by Leveraging COBIT 5

Using the COBIT 5 Assessment Program to Improve the Work Process Capability

COTS Acquisition: Buyers Are From Mars, Suppliers Are From Venus

Continuous Control Monitoring at SAP

What Is Blockchain and What Are the GRC Implications?

Track 3: Internal Audit: Personal Brand Enhancement Strategies

Transforming Internal Audit: The Digital Journey

Getting the Truth

Measuring Success: How to Show You Are Winning at Security (or Need More Money)

Rebranding Your Internal Audit Department

The Five Tiers of Auditor Competency: How Do You Measure Up?

Managing Your Personal Brand

Track 4: Internal Audit Core Skills Refinement

What’s Trending Now? A Look at the Top Challenges Facing the Profession

Models, Computing Tools, and Data: An Internal Audit Approach

Third-party Oversight

How to Implement a GRC Solution

The Rise of the Machines: Impact of AI on Audit and Assurance

Highly Effective Compliance Shops: Yes, They Really Can Support Internal Audit Strategy and Success

Track 1: Cyber: Risks, Controls, and Probabilities

NIST Cybersecurity Framework Assessment

Security Awareness: What Compliance Should Look Like

De-identification, Re-identification, and Anonymization of Personal Data

Digitization: What Is It? Why Is It Important to Internal Audit?

What Did We Learn From the Sony Hack Last Year? Improve Your Cybersecurity Paradigm Without Sacrificing Operational Expediency

Social Engineering: Is the Threat Real to Your Organization?

Track 2: IT Audit Core Principles

A Three Dimensional View of the GRC Universe: Aligning GRC With the Business

Using Analytics to Drive Better Ownership of Risks, Controls, and Issue Management

Are You Effectively Performing Segregation of Duties (SoD) and Sensitive Access Assessments Over Your ERPs?

Cloud Security and Privacy Audits: A 360 Degree Crash Course

Protecting Databases From Unauthorized Access

Achieving Operational Integrity in the Automated Advisory and Trading Environment, Responding to Global Regulations Through Harmonization

Track 3: Internal Audit: Personal Brand Enhancement Strategies

Influence Without Authority: The Impact of Your Actions

Marketing the Audit Function

Building Your Personal Brand

Moving the Needle From Police to Partner: Solutions to Help the Business Help Itself When the Auditor Can’t Be Present

People-Centric Skills: Crisis Management

Step Up and Stand Out: Put Your Professional Brand on Display

Track 4: Internal Audit Core Skills Refinement

COSO’s Revised ERM Framework: What’s Up?

Organizational Governance: Internal Audit’s Role

Don’t Go Topless on Risks

Keeping Good Company: Third-party Risk Management

Transforming the Fraud Risk Assessment: Assessment to Testing Model

Finding the First Domino: The Key to Root Cause

2016 Governance, Risk, and Control Conference (an IIA & ISACA collaboration)

8:30 – 9:45 a.m.

Panel Discussion: COSO ERM Framework UpdateOriginally issued in 2004, the COSO ERM framework has now been updated and released for public comment. Entitled Aligning Risk with Strategy and Performance, this revised framework builds on key foundational concepts developed in the 2004 framework but makes some new and important distinctions, improvements, and additions. Key leaders involved in the update will present this panel with a Q&A session.

GENERAL SESSION: 8:30 – 9:45 a.m.

Big Data and the Internet of Things: Boon or Bust for Your Cyber Security Efforts?Marketing databases, customer analytics, and behavioral patterns are easier to manage with big data—but will these data elements be safe from hackers? And what is the impact of the Internet of Things? Theresa Payton will explain how to harness the power of big data and build your big data to achieve business goals while adding safeguards to fight cybercriminals. She will also explain how the Internet of Things may be the ultimate driver of global change.

GENERAL SESSION: 8:30 – 9:45 a.m.

The Influence of Culture on GRCSession description still being finalized. Please visit www.theiia.org/GRC for details.

8:30 a.m. – 5:00 p.m.

COBIT® NIST Cybersecurity Framework Limited capacity: only 50 seats available!

This course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps, and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.

Pre-requisites: Basic knowledge of COBIT and security concepts

After completing this workshop, you will be able to:

• Understand the goals of the CSF

• Know and discuss the content of the CSF and what it means to align to it

• Understand each of the seven CSF implementation steps

• Be able to apply and evaluate the implementation steps using COBIT 5

8:30 a.m. – 5:00 p.m.

Fraud Cases And Their Impact on Internal Auditors Limited capacity: only 50 seats available!

Using a facilitated case study approach, participants will learn how to:

• Identify fraud exposures and risks

• Detect fraud and misconduct

• Manage fraud cases – both large and small

• Document fraud for presentation to management and external parties

• Work effectively and efficiently with legal, human resources, and security specialists

• Build a fraud resource guide and investigative checklist

• Avoid common case handling mistakes

• Assist management with fraud prevention and detection efforts

Facilitator Mark Thomas, CGEIT, CRISCPresidentEscoute Consulting

Facilitator John J. HallPresidentHall Consulting, Inc.

ModeratorRobert B. HirthChairmanCOSO

PanelistJennifer BayukManaging DirectorEnterprise Risk ManagementCITI

PanelistFrank Martens Senior ManagerDirector Advisory ServicePricewaterhouseCoopers

PanelistRichard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, President and Chief Executive OfficerThe IIA

Keynote Speaker Theresa PaytonFounder, Fortalice, LLC and Former White House CIO

Keynote Speaker Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, President and Chief Executive OfficerThe IIA

10:15 – 11:30 a.m.

Agile Leadership: How to Lead Up, Across, and Down in a VUCA WorldChange is constant and today’s leaders need to think on their feet, leverage their teams’ strengths, and lead with confidence. At stake is close to a trillion dollars in lost productivity. In a world that is Volatile, Uncertain, Complex, and Ambiguous, Andrew Tarvin has helped more than 100 organizations increase efficiency through humor. Hear Andrew’s approach to using humor in the workplace to be more productive, less stressed, and happier.

Learn:

• Five traits of strong leaders

• The dangers of leadership

• How to lead anyone

Keynote Speaker Andrew Tarvin International Project Manager and Best-selling Author, Humor The Works

10:15 a.m. – 5:10 p.m. 10:15 a.m. – 5:00 p.m.

REGISTER BY JUNE 20 AND SAVE US$200!

REGISTER BY JUNE 20 AND SAVE US$200! Visit www.theiia.org/GRC to learn the latest and register.

Some sessions are still to be determined. Speakers and session titles are subject to change without notice.