Day 1 - SEP 22nd 2014 | Morning Session

09:00-09:10 Welcome & Introduction to the Conference. Opening Remarks from the Chairman & Co-Chair
09:10-09:30 Governance of Organizations and Financial Institutions? The Why, Where and How Much
Prof. Dr. Jur. Linda Nielsen, University of Copenhagen
09:30-09:50 Determining Acceptable Levels of GRC Tolerance; Integrate, Coordinate & Monitor the Risk Levels in the Compliance Management Platform
Frederik Reumert, Head of Risk, Danske Bank Building a Consistent GRC
09:50-10:15 The Financial Services Regulatory Reforms: Term Trust and Sustainability
Stig Nielsen, Director, Danish Financial Supervisory Authority (Finanstilsynet)


10:15-10:30 Coffee Break
10:30-10:55 When an IT Deal or a Contract Goes Sour
Steffen Pihlblad, Generalsekretær, The Danish Institute of Arbitration
10:55-11:20 How Compliance Requirements should Influence a Corporate Business Impact Assessment
Faruque Sayed, Director Team Consultants, Information Protection & Business Resilience, Prof. University of Aarhus
11:20-11:45 The ABZs of an Corporate Social Responsibility Program
Kim Nøhr Skibsted, Group Vice President, Grundfos Holding A/S
11:45-12:00 Managing legal and commercial risks with cloud computing
Dr. Sam De Silva, LLB, MBS, Penningtons Manches LLP, UK
12:00-12:30 Automating Governance Risk and Compliance (GRC) for efficient processes
Lilliana Grbic CISA, CRISC, Engagement Architect, SAP- AGS

Day 1 - sep 22nd 2014 | Afternoon Session

13:15-13:20 Introduction To The Afternoon Session. Remarks From The Conference Chairman And Co-Chair
13:20-14:00 Doing Business in China,. Compliance with Regulators, Suppliers, and Third Parties
Luka Lu, LLM, Capital Associates PRC Lawyers
14:00-14:45 The challenges and differences that present a natural opportunity for alternative approach to internal controls in China
Signe Elbæk, Corporate Compliance Officer, Legal & IP. Coloplast A/S
14:00 - 16:30


14:45-15:00 Coffee Break
15:00-15:25 Global Challenges and Impact of the 2014 EU Audit Reform on Audit Committees and Investors
Jens Røder, CPA Secretary General, Nordic CPA Association
15:25-15:50 A Review of the Series of Global Corporate Governance Reforms Post Finance and Credit Crisis
Lars Bo Langsted, Professor of law, Aalborg University
15:50-16:10 Technology in the Boardroom
Jesse Thiel, Regional Sales Director, Diligent Boardbooks Limited
16:10-16:25 What if your training or e-learning program goes wrong?
Paula Davis, Director, Compliance Programme Operations, EMEA & APAC
16:25-16:45 Q&A Session on Board Responsibilities and Auditors Independence
Moderators: Jacob Stengel, Cand Jur, CEO Board Network
16:45-17:00 Wrap-up of Today's Conference Sessions
Increasing the Level of GRC Maturity. Inspiration From today's Session
Henrik Frössling, Governance, Risk Management & Compliance, RiskMaturity

Day 2 - sep 23rd 2014 | Morning Session

09:00-09:05 Welcome & Introduction. Review From Yesterday's Sessions, Opening of Today's Session
09:05-09:30 Third-Party Risk Management at Various Levels of the Enterprise and Organisation
Henrik Frössling, Governance, Risk Management & Compliance, RiskMaturity
09:30-10:00 How internal auditors address Business Ethics risks, associated with third party compliance. A case from Novo Nordisk
Tobias Brun Hansen, Manager, Group Internal Audit, Novo Nordisk A/S
10:00 Onwards

Parallel Session on e-Learning Begins

10:00-10:15 Coffee Break
10:15-10:40 Integrating Risk Appetite and Risk Management in the Regulatory Compliance Framework
Bent Poulsen, Chief Risk & Compliance Officer, VP Securities
10:40-11:00 Whistleblower Policies Must be Based on Local Culture
Mariano A. Davies, President and CEO, The British Chamber of Commerce
11:00-11:20 Why does good company misbehave and (occasionally) breaks competition rules
Christian Bergkvist, Ph.D Professor, University of Copenhagen
11:20-11:50 Document creation and Competition Compliance risks . Managing sloppy language and IT Issues
Hanna Danwall, Compliance Officer, Maersk Group
11:50-12:15 Accountability and Binding Corporate Rules (BCR) for IT Compliance
Max Sørensen, LLM, Data Privacy Officer, LEGO, and Michael Hopp, LLM Partner
12:15-12:30 Round Table/Panel Discussion with this Mornings Speakers.

Day 2 - sep 23rd 2014 | AFTERNOON SESSION

13:30-13:40 Welcome & Introduction. Opening On The Technology And IT Sessions
13:40-14:20 The Role, Responsibility & Power of Boards to Unlock the Value of Corporate Sustainability
Helle Bank Jørgensen, CPA, LLM. CEO, Baccountability

Conducting a Cyber Security Assessment

14:20-14:40 Designing Incorporating and Implementing Digital and Data Security
Birgitte Kofod Olsen, Chairman, Council for Digital Security
14:40-14:55 Assessing Transparency Issues Related to GRC
Knut Gotfredsen, Chairman, Transparency International, Denmark
14:55-15:10 Coffee Break
15:10-15:30 Facing the Challenges of Operational Risks
Anders Søborg, Head of Risk Management, Vice President, ISS World Services A/S
15:30-16:00 Getting the best value and mileage out of IT tools. Focus on project & programme management. The Security Strategy programme at Novozymes.
Tim Clements, Security Project Manager, Corporate Information & Physical Security, Novozymes
16:00-16:20 International Aspects of CSR; Communication: Corporate Identity & Culture, Leadership and CSR Management
Jeffrey Avina, Director Corporate Citizenship, Microsoft
16:20-16:45 How To Develop a Relationship Based Culture of Governance, Risk And Compliance and IT Security Management in the Current Complex Business Environment (Instead of a Transactional or Control Based Environment)
Open Round up Session. All Speakers

    *Conference Program is subject to changes. The Conference Language is English

agenda | 22nd and 23rd September 2014

The final agenda with the latest program update and timings for the 8th annual European GRC Summit on the 22-23rd September 2014 will be announced 30 days prior to the conference. Here is the current preview of some of the great GRC and IT security plenum, parallel and workshop and breakout sessions in the 2014 program

Global Governance Issues

Governance of Organizations and Financial Institutions?
  • The Why, Where and How Much

Prof. Dr. Jur. Linda Nielsen, University of Copenhagen

IT and data security becomes a CSR issue –
(Inspiration from scandals like: Danish Nets, Global NSA Leaks and GSK Corruption and Bribery Scandals)
  • How should companies address the added and increased risk associated with data and IT issues
  • What are the reputation, competition, oversight and regulation issues
  • Who within the governance structure is responsible and accountable and where des the buck stop?

Stine Bosse, Cand Jur. Chairman and Board Member, Adjunct Professor Copenhagen Business School

Corporate Governance rules as legal tools in the post finance and credit crisis?
  • The impact of hard law vs. soft law
  • Corporate Governance rules and the liabilities of board members, auditors and legal advisers
  • Are legislators fit and proper for issuing rules on how to govern corporations?

Lars Bo Langsted, Professor of Law, Aalborg University

International Aspects of CSR; Communication: Corporate Identity & Culture, Leadership and CSR Management
Implementing a practical approach to internationally agreed principles:
  • OECD Guidelines for Multinational Enterprises
  • ILO Tripartite Declaration
  • UN Global Compact

A review of the supply chain issue and corporate and sectoral codes What are international framework agreements (IFAs)? 12

Jeffrey Avina, Director Corporate Citizenship, Microsoft

How internal auditors address Business Ethics risks, associated with third party representatives. A case from Novo Nordisk

The measures needed to protect the company from BE risk associated with third parties can overall be split into below three buckets:
  • Preventive measures (due diligence, training, compliance frameworks programs & procedures
  • Detective measures (Local monitoring, Group monitoring as well as internal audits)
  • Protective measures (contractual protection, adequacy of compliance programme etc.) However this will only protect against legal and financial damaged not perceptive damages.

It is internal audits responsibility to ensure that all three "lines of defense" are up and running to ensure that adequate detective measures are in place.

When performing audits of third parties, gone are the times when auditors just looked for "even amounts" or "money going out of the petty cash", now auditors assess the full- and any 'value transfers' to third parties, as money laundering and bribes are no longer to be found in brown envelopes.

Tobias Brun Hansen, Manager, Group Internal Audit, Novo Nordisk A/S

Assessing Transparency Issues related to GRC
  • Transparency International’s Corruption Perceptions Index
  • Avoiding inconsistent measure on Corruption
  • The effect of transparency in the decision-making process
  • The Role of IT in bridging gaps between Transparency & Accountability

Knut Gotfredsen, Chairman, Transparency International, Denmark

Whistleblower Policies must be based on Local Culture
Global companies must realize that one-size-seldom-complies-all ethics & compliance procedures for reporting misconduct are not always effective. In some countries employees are reluctant, in other culture they are afraid, other consider being a snitch the same as cowardice, or the employees are simply unaware that they can report misconduct of their peers and bosses.
  • When can you require that employees report misconduct?
  • Can there be employee protection laws that contradict corporate whistleblower policies
  • What is the most commonly used whistleblower framework, roadmap and program

Mariano A. Davies, President and CEO, The British Chamber of Commerce

The ABZs of an Corporate Social Responsibility Program
The clear focus from the board of directors, stakeholders and global oversight authorities requires management to face the pressures on global CSR and environmental compliance to avoid sanctions and loss of image. How can organizations achieve accountability and transparency around their CSR activities; what are the current updated mandates and CSR disclosure requirements?
  • What are the current best practices that companies are establishing and placing in force?
  • What actions should be escalated within the organization from the bottom up?
  • How to evaluate the effectiveness of your CSR program.
  • Developing a CSR framework and roadmap
  • Developing a CSR maturity model

Kim Nøhr Skibsted, Group Vice President, Grundfos Holding A/S

How to increase the level of maturity in the area of Governance, Risk management and Compliance
Demands on executives and management teams further down in corporates organisations increase in order to be compliant due to increased number of internal and external requirements, more complex, at the same time when organisations are more slim today. In order to prioritize and focus, it is crucial to understand what does the requirements mean in practice, risks, consequences and how to ensure compliance. It must to be embedded in the corporate culture and structure.
  • How implement tools for an increased level of maturity in the area of GRC and to measure the performance?
  • Finding the right level of and the balance in the Corporate's Culture and Structure.
  • As the business environment and the risk map needs to be re-drawn. Some of the risk areas that has emerged on the Global corporates agenda is the risk of fraud, corruption and CSR failures.
  • The triangulation and combined risks within the area of Fraud, Corruption and CSR violations, to be integrate into a risk based control environment.

Henrik Frössling, Governance, Risk Management & Compliance, RiskMaturity

Automating Governance Risk and Compliance (GRC) for efficient processes
Risk is unavoidable, but the processes can be managed with governance, risk, and compliance (GRC) so that businesses can strategically balance risk and opportunity. As global markets continue to impose new regulations, GRC help businesses:
  • Improved management of compliance and risk
  • Better protect value - proactively avoid risk events; reduce the cost of violations
  • Better perform - active link risk and performance management and objectives

Successful companies manage performance across their enterprise using risk-balanced strategy management, through embedded risk-based controls in their business processes and by managing authorizations and access to information. GRC provides insight into risk and compliance initiatives minimize global trade violations, enable electronic tax invoicing for Brazil, and supply sustainability reporting.

From financials to human resources, environmental concerns to trade management, GRC fosters efficiency. In this session, we will guide you through a theoretical model to assist GRC activities of an enterprise.

Lilliana Grbic CISA, CRISC, Engagement Architect, SAP- AGS

Global Risk Management Issues

Determining acceptable levels of GRC tolerance; integrate, coordinate and monitor the levels in the compliance management platform
The GRC management structure is developed by management and ratified by the board. The GRC management part of the enterprise wide compliance program cannot function if the explicit support and clear guidance from the board (tone-at-the-top) is ambiguous. This session will explore how GRC officers can help management and board achieve their objectives and support with data for risk management compliance comfort.
  • What are the primary components of the sustainable GRC program
  • What are relevant regulatory risks in a GRC program

Frederik Reumert, Head of Risk, Danske Bank

Integrating risk appetite and risk management in the regulatory compliance framework
A case study to emphasize the importance of integrating risk appetite into its risk and compliance process as well as its strategic planning process.
  • What is the right GRC protocol when risk appetite, risk tolerance levels are not monitored
  • What are the fundamental GRC standards by which all enterprise risks are judged either acceptable or unacceptable

Bent Poulsen, Chief Risk & Compliance Officer, VP Securities

Third-Party Risk Management at various levels of the enterprise and organisation
Third parties pose risks to all companies-however the ability to implement GRC policies and controls environments is the answer for regulatory compliance. Corporates are more vulnerable today, brand damages and severe financial consequences are not rare if we fail. Business environment is more complex today and we are more depending on third parties upon our expected deliveries.
  • What are the means and ways to train and monitor third parties?
  • How can we on a global and local level find the right level of faith, control and reasonable assurance in order to be compliant
  • How to ensure that each local business units supply the best oversight and response that covers risk assessments, policy management, and provide GRC disclosure

Henrik Frössling, Governance, Risk Management & Compliance, RiskMaturity

Getting the best value and mileage out of the current IT tools by focusing on project and programme management
Most companies do not fully utilize the full potential of the available tools in connection with their Risk Management Program. How does Novozymes structure and mobilise through agility and pragmatism, their Security Strategy programme.

Tim Clements, Novozymes, Security Project Manager, Corporate Information & Physical Security

Managing legal and commercial risks with cloud computing
  • Approaches to “negotiating” cloud computing contracts
  • Key legal and commercial risks to consider
  • Overview of current state of play with the EU Expert Group on Cloud Computing Contracts

Dr Sam De Silva, LLB, MBS, Penningtons Manches LLP, UK

Global Compliance Issues

Why do good companies misbehave and (occasionally) break rules, mandates and laws
  • What are the temptations and issues related to global and EU competition laws?

Christian Bergkvist, Ph.D, Professor, University of Copenhagen

What are The Global Challenges and Impact of the 2014 EU Audit Reform on Audit Committees and Investors
The European Commission has adopted a wide range of audit reforms that will bring unprecedented change to the EU audit market and significantly affect businesses and their relationships with their auditors, CFo's Audit Committees and Investors.

Jens Røder, CPA, Nordic CPA/Auditors Association

How can compliance departments add value to the business?
How to document and monitor the Strategic Compliance KPIs That management and Board of Directors have recognized to be the effective components of an ethics & compliance program. This session will discuss what metrics are used to can demonstrate that the key components of the compliance program is working.
  • How to resolve the value of the Key Performance Indicators to monitor?
  • How do you ensure that compliance disclosures report the relevant data and not a fairy tale?

Lady Olga Maitland, Chairman, Copenhagen Compliance

Doing business in China, Part I, II and III
Foreign companies continue to enter the Chinese market. When doing business in China, it is important to keep in mind the fundamental cultural differences in China and e.g. Scandinavia and other Western countries. The 2 sessions will explore the latest in Risk Management, Governance and compliance challenges on the Chinese sub-continent.
  • How to communicate with regulators, suppliers, and third parties
  • What is the latest news on China's anti-corruption law?
  • How can your standard global controls and compliance program work in China?
  • What are the major components and attributes associated with implementing an effective GRC program in China?

Luka Lu, LLM, Capital Associates PRC Lawyers

The challenges and differences that call for an alternative approach to compliance risks and internal controls in China

We review the challenges and differences that present a natural opportunity for alternative approach to internal controls, than in the rest of the world.
  • A brief overview of the differences and the inherent challenges
  • The current business environment for foreign companies in China
  • How do the differences impact anti-corruption initiatives?
  • What can a foreign company do to remedy the compliance risks in China?
  • Business set-up
  • Internal controls the Chinese style.
Signe Elbæk, Corporate Compliance Officer, Coloplast A/S

How can global businesses avoid cultural and compliance issues and breaches in China
  • The key and primary concerns and remediation in cross-cultural situations without overcompensation
  • To mitigate compliance risks by recognizing the cultural realities
  • Training and dialogue for improved trust and cooperation

Karsten Ankjær, Ambassador, Ministry of Foreign Affairs, ex Royal Danish Consul General to Shanghai

The statement to achieve GRC success what are the factors by eradicating interdepartmental GRC inconsistencies.

  • Building a culture of trust
  • Enhanced employee dedication to the GRC process administration
  • Improved GRC quality and productivity
  • Decreased compliance risk
    • Winning the support of compliance officers
    • A compliance program that suits all departments
  • How to effectively communicate these GRC breaches

Kersi F Porbunderwalla, Secretary General, Copenhagen Compliance

How compliance requirements should influence a corporate Business Impact Assessment (generic for all trades & sectors).
Faruque Sayed, Director Team Consultants, Information Protection & Business Resilience, Prof. University of Aarhus

Document creation and Competition Compliance risks – Managing sloppy language and IT Issues

  • What are the key compliance issues a JV's or merger for the business.
  • How can GRC and IT officers integrate new business units into the fold
  • How to harmonize the different cultures and understandings of GRC, data integrity, values into IT compliance
  • How to focus on 'measuring' a new business unit's culture, finding compliance risks, and building e-learning and training programs to reduce those risks.

Hanna Danwall, Compliance Officer, Maersk Group

The Financial Services Regulatory reforms: capital market efficiency for the long tem trust and sustainability
The global financial crisis has resulted in widespread criticism of public markets and a flow of new European regulations. Will the new enacted directives foster confidence and trust amongst the stakeholders?
  • How does the European financial regulatory oversight differ from reform initiatives in other jurisdictions?
  • Which reforms are particularly effective as seen from the oversight glasses
  • How are principles-based EU initiatives functioning in the Banking and Insurance industry (e.g. Stewardship Codes
  • Will the EU Corporate Governance Codes, complement these oversight authorities in their efforts to help ensure long term financial stability

Stig Nielsen, Vice President, Danish Financial Authority (Finanstilsynet)

Global IT Security Issues

Accountability and Binding Corporate Rules (BCR) for IT Compliance
The initiation of a global BCR-project also includes a resolution on accountability, dealing with the implementation of a top-down approach, specifically responsible for the processing of personal data.

How to creating and implementing a range of Binding Corporate Rules ("BCR") to ensure that the company's internal rules are designed to ensure a consistent and high level of data security at the group and subsidiary level. BCR is a compliance tool; if correctly implemented can be a process instrument that provides practical and legal benefits. Get an update on the new rules, regulations and mandates from the European data protection authorities for the transfer of personal data. What are some of the practical challenges for ensuring IT Governance and data protection compliance within a global business? What are some of the lessons that LEGO has had in the rollout of their BCR implementations and practices.

Max Sørensen, LLM, Data Privacy Officer, LEGO, Michael Hopp. LLM Partner

Designing incorporating and implementing digital and data security
  • Executing data privacy and IT compliance issues in Business Practices
  • Implementing EU Data priivacy and protection issues
  • What are the privacy obligations?
  • How to improve business practices to ensure that IT processes support privacy compliance

Birgitte Kofod Olsen, Chairman, Council for Digital Security

When an IT deal or a contract goes sour
The Danish Institute of Arbitration and the Association of Danish IT Attorneys have in 2013 adopted new Rules on Legal/Technical Opinions in IT-cases. The Rules are tailor-made for the special requirements in IT disputes.
  • Hear about the purpose of the Rules and how to implement them in a contract.
  • What are the legal implications of the Rules and the costs in stake?
  • How do the parties appoint the right expert?
  • What are the alternatives to the Rules on Legal/Technical Opinions when an IT deal goes sour?

Steffen Pihlblad, Secretary General, The Danish Institute of Arbitration

Parallel session on Financial Services Compliance

Building Effective Database and Programs for Know-Your-Customer and AML Compliance
There is a global focus on money-laundering, tax avoidance, human trafficking, and terrorism. From FATCA tax compliance to anti-money laundering regulations and rules compliance requires that all financial services businesses have to make a dedicated effort to know-the-customer.

  • How to revamp your current KYC programs and expand them to include improved policies and controls into the IT systems
  • What are the important mechanisms in new regulations on the importance of KYC efforts?
  • How to train employees to spot KYC failures and misbehaviors

Jolanta Gazutiene, LLM

Parallel Session on Working Capital Management Part

Companies are involved in surveys on the corporates' approach to improving working capital, as well as their approach to dynamic discounting and reverse factoring. Improving working capital is high on the agenda for many organizations, however few of them have implemented a supply chain finance programs.
Workshop facilitator: Jens Faarup, CEO/CFO, Grønttorvet, Copenhagen

Achieving Higher Performance in Working Capital Management Part I

The concept and context of an efficient working capital organization
Working capital is required to finance company growth and increase competitiveness. The financial and economic crisis has overhauled the manner in which companies handle the working capital. Most companies have picked the low-hanging fruits of streamlining the working capital processes. Now the time has come to review the core business of dealing with working capital issues with a more integrated way of improving working capital.
  • Several surveys have shown that less than 10% of the businesses perform a working capital strategy to optimise the working capital utilisation.
  • Focus on working capital is enhanced if the tone-at-the-top requires a direct involvement from the entire value chain.
  • How to implement an exacting working capital strategy.
  • Taking stewardship and ownership of working capital.
  • How to develop your own working capital benchmark analysis
  • How can key working capital improvements can be initiated from each value chain component

Workshop facilitator: Stefan D. Buch, LLM, BA in accounting, MBA. Ex. VP Finance, Maersk Lines

Achieving Higher Performance in Working Capital Management Part II

Obtaining superior results in working capital management means maintaining and improving controls to keep costs down. How has improved working capital generated funds to invest internally regardless of current economic condition of the business.
  • What are the different ways to maintain a more stringent working capital standards, through internal process improvements
  • Can the use of cloud-based software tools permit a more efficient, cost-effective procurement, inventory management and accounts payable automation?

Key takeaways
  • A methodological approach to reflect and monitor continuous improvements
  • Decentralised ownership of improvements that are based on centralised policies on all business transactions; from sales to delivery
  • How to unravel the tied capital needed for continued growth.
  • How to uproot and identify problems in working capital management
  • How to develop Days Inventory Outstanding (DIO) + Days Sales Outstanding (DSO) – Days Payable Outstanding (DPO) to = cash conversion or the operating cycle (CCC) performance metrics that permit degrees of flexibility
  • How to restrict unconventional high flyer spending without hurting the bottom line
  • Why does it makes sense to leverage cloud-based technology tools to manage company spending, suppliers, contracts, sourcing, inventory and accounts payable more efficiently

Workshop facilitator: Stefan D. Buch, LLM & CPA, ex CFO Maersk Lines

Parallel session CSR Workshop

Current historic times need a fresh set of Corporate Social Responsibility and Environment Social Governance standards to create stakeholder value and sustainable business happiness solutions. The CSR workshop consists of presentations, business cases, & breakout session, divided into the following 7 categories. Strategic Issues, Case Studies, Panel Sessions, workshops and Q&A Roundtables are some of the specialties of the 8th annual GRC Summit.
  1. CSR Strategy Implementation
  2. CSR field project management
  3. CSR operations and performance improvement
  4. CSR business process reengineering
  5. Change management issues
  6. CSR in cloud and data protection (incl. IT-security)
  7. Combining GNH to a sustainable and cohesive CSR model

The global CSR issues will deliver a 360° course for charting the global CSR culture and perspectives in view of the aftermath of the global financial crisis. We focus on the Gross National Happiness (GNH) model to further provide the CSR depth and to integrate, embed and link your CSR business processes together with people and technology.

  • The link between Corporate Happiness-, Natural Capital- and Shareholder Value
  • How can Responsible Corporations Sustainable Consumption make us happy?

The new disclosure requirements demand that CSR processes are integrated because CSR risks are now more complex, diverse and interrelated. By combining the various CSR risk components to good Governance and Compliance, an enterprise approach will be formed and that will provide the company with strategic competitive advantage to critical business issues.

Based on the information from the conference you will be proactive in your reaction to positive risk and let your competitors miss the business opportunities.

The primary attention of the CSR conference is also to a value proposal on how to be prepared for additional disclosure requirements and protect the quality of the CSR reports:
  • Take a closer look at the implications on the mindset caused by the regulatory CSR tsunami that companies have experienced
  • The experts focus on the CSR processes that need to be changed in the corporate engine room and organizational cultural change issues
  • Address the issues caused by the predominant use multiple excel spread sheets to monitor and control CSR projects and how to start on the journey to automate CSR processes, controls, exposure and disclosures
  • How to secure strategic wins and at the same time optimise the CSR business workflow
  • Recognize the broader context of global CSR regulation across the organization, processes and functions.

- Jeffrey Alvina, Director Corporate Citizenship, Microsoft
- Kim Nøhr Skibsted, Group Vice President, Grundfos Holding A/S


Any form of IT or data breach can impair your business transactions, from business interruption to business disruption. At the 8th annual GRC Summit, a variety of topical IT issues will be on the agenda: focus on the significant costs and risks, lack of up to date knowledge on technology, trends in global IT governance, cloud computing, retooling IT Systems for better risk analysis and ensuring data security, data breaches and security alerts will be treated.

Introduction of new technologies offers a wealth of attractive business solutions and opportunities that are essential for business growth and development. We focus on the associated risks and dangers.

Against a backdrop of data fatalities, all of the above IT issues should raise awareness amongst CFO, IT Managers and compliance officers. What are the steps your business should embark on protect data and information Management. Addressing the human element is another critical as part of that defense strategy

We start the afternoon by placing the spotlight on the technological trends that are common in Global Governance issues related to gathering, reporting and analysing the quality of your corporate data.

Response of an IT compliance failure
In this connection, it is vital to see how companies can communicate this information internally, with Third Party Service Providers, and to their Board of Directors. It is the quality of the data that is instrumental in adding value to your Governance, Risk & Compliance strategy by supporting IT tools.

If there are gaps in the above or if you are not satisfied with the quality or the 'abundance' of data, retooling of your IT Systems for better risk analysis is probably the answer to your prayers. Therefore you need to figure out:
  • How to do a better job of assuring compliance, what is the missing link(s)
  • How to be able to spot IT risks before they metastasize into an issue that threatens the entire IT department?
  • Assess the need for an overhaul of IT structures? How to revamp IT systems to manage that new world of cyber crime, digital forensics and IT Security.

The goal is to leverage technology and data analytics across borders to drive compliance and risk monitoring throughout the organization. Finally, we will look into the proper response if an IT compliance failure occurs while managing the associated data privacy and security risks frequently created through these efforts

Data Security, Data Breaches and Security Alerts
Data security controls are crucial to ensure that customer and business information is always protected. IT Risk-management programs with configured operating environments, healthy and multi-factor authentication and other strategies that provide flexible controls and solutions.
  • How to safeguard against the risks associated with groups that are either employed, associated or business partners that have access to data and systems.
  • A review of updated controls, user access, separation of system infrastructure, limits and restrictions and proactive system monitoring
  • How to monitor periodic risk assessments of information security programs

Digital Forensics:
How to understand and maintain electronic evidence when digital forensics is the answer to an investigation. It takes a variety of expertise and discipline to run a successful business analysis. One of the foremost international experts will introduce you the concepts of computer forensic investigation and analysis and respond to the following.
  • How to structure a forensics/fraud examination.
  • What are the proper procedures for seizing and securing digital evidence?
  • What should your response to a suspicious "possible virus" detected on the computer be?
  • What are the forensic artifacts, webmail history, deleted files and encrypted volumes techniques
  • How to analyze digital evidence in fraud examinations
  • A review of updated controls, user access, separation of system infrastructure, limits and restrictions and proactive system monitoring
  • How to monitor periodic risk assessments of information security programs

Smart, safe and secure Identification.
Organizations are increasingly inter-connected to the global digital world. More and more of the operations are conducted online. This creates a need to make sure your intellectual assets remain secure and safe from data breaches.

While, it has never been more valuable to protect all this information, it has also never been more challenging. So, how do you trust the identity of users and efficiently manage their access to business assets?

Finally a panel discussion and respond to the Q&A session with all speakers to end this session where we have attacked the issues related to IT governance, security, digital forensics, cyber-crime and cloud issues from several angles.

Workshop Facilitators:
- Owe Lie-Bjelland, CEO, Xait
- Kim Aarenstrup, NC3 Head, National Cyber Crime Center
- Dr Sam De Silva, LLB, MBS, Penningtons Manches LLP, UK
- Gunnar Kappel, IT Security Manager, Eik Bank

Xait will demonstrate how to address security and compliance among other benefits by introducing a Managed Collaborative Authoring Process. Speaker: Owe Lie-Bjelland, CEO, Xait

Workshop On The Financial Regulation Program And The Framework Of The EU Banking Union

The EU governing bodies have now reached a consensus for implementing the financial reforms that followed the credit and financial crisis throughout the EU. We need to fully understand what the oversight authorities in the EU are doing to bring the crisis to an end and get an objective analysis as well as a practical plan for how we should move forward.

The workshop will focus on the financial regulation reforms proposed by the EU Commission for the Financial markets, Banks, Insurance and other financial undertakings for the coming years to provide the knowledge and recommendations for implementing the program and framework including the integrated IT tool required to achieve the processes and systems.

The Financial Regulation Programme is the focal point of reference for the principles, procedures, framework, structure and organization to support the supervision for governing the formation of the EU Banking Union and the implementation of systems, processes, controls and IT tools for the financial regulation program.

However with the proposed/adopted reforms by the EU Commission provides a fairly straightforward answer on how the financial industry must run the Governance, Risk Management, Compliance and IT security processes and controls so that we can set the financial and regulatory systems back on track

Therefore, the directors , managers and employees including outside stakeholders in the financial services industry must understand and accurately assess the consequences of the EU reforms for their business or organization. The timeframe is an issue, therefore start learning and understanding the process now. The deadlines are tough, and the complexities need undivided attention on how the key players will implement the new reforms and regulations without damaging the operations.

There are several action plans that financial institutions need to address to comply with the proposed/adopted reforms by the EU Commission. Agilent financial services institutions will promote actions that will embed, integrate and automate the current GRC and IT security processes and controls so that we can set the financial and regulatory systems once and for all are not are both siloed and departmentalised.

Therefore, we have designed and planned the workshop to focus on disseminating the EU Financial directives, information and guidelines to create a modern legal framework for a regulatory financial compliance, European company law and recommendations for a more engaged shareholders and sustainable corporate governance must be a priority for all.

  • The financial regulation and the Banking Union. - Description/Overview of framework, Exercise of Oversight and Controls
  • The financial regulation and the Banking Union. - Reporting and Disclosures, IT Platform, Reporting and Follow-up
  • MiFID II, CRD 4, Solvency II, Insurance Mediation and UCITS Frameworks - Status & possible consequences for compliance
  • A single Supervisory Framework – Consequences for the financial industry
  • The future of EBA, ESMA and FSA. Their role & the legal status
  • Data protection, security and Privacy issues - the new directive & consequences in practice
  • The IT tool for legal and compliance risks - a substantial input from outside
  • Whistleblowing, transparency and accountability issues in the financial sector – the consequences, updates, experience & reflections that need to be accommodated.
  • Best practices guidelines - a new role of oversight. The centralised and decentralized functions
  • The optimal scope of compliance functions for your organisation – The what and the why
  • Oversight requirements and expectations of the compliance function.

Parallel Session: Conducting a Cyber Security Assessment

The damage cyber problems can cause, make them intricately linked to regular monitoring and internal controls considerations. That is why the cyber security is on top of the company’s agenda for the board, committees and management, regardless of size and industry. The preparedness and robustness decides the plan to deal with a cyber-crisis.

Annual Assessment plays a vital role in monitoring Digital Forensics and IT security activities to protect the company against cyber threats.
  • What are the IT critical risks and critical assets to be protected and how to avoid the exposure and liabilities?
  • What are the critical demands on the IT infrastructure and compliance?
  • What is the overall strategy and plan to protect the company’s assets from cyber-attacks?

Workshop Facilitators:
- Owe Lie-Bjelland, CEO, Xait
- Sam De Silva, LLB, MBS, Penningtons Manches LLP, UK
- Gunnar Kappel, IT Security Manager, Eik Bank
- Bent Poulsen, Chief Risk & Compliance Officer, VP Securities

According to a report from Checkpoint in 2013, file sharing is the cause for 70% of information leakage. As enterprises are introducing BYOD and experiencing a wider use of cloud based file sharing services, your digital assets are at risk. How can you ensure compliance and security for your business critical document production processes while, at the same time, reducing cost? Speaker: Owe Lie-Bjelland, CEO, Xait

Parallel Session: The Challenges and Benefits of E-Learning

What are the skills that compliance training needs to impart and the key indicators that will allow you to measure how effectively has the training been transferred as skills into day-to-day working practices.

Key takeaways from this workshop
  • Practical examples of the kinds of skills your workforce will require in order to deal with risky situations confidently, consistently and in compliance with your policies and procedures
  • An understanding of the stages of engagement a learning programme has to go through to bring about sustained, positive behavioural change throughout your organisation – and the contribution that e-learning can make throughout that process
  • Specific indicators that will allow you to measure the impact of your training programme and how efficiently learning objectives have been translated into skills that are being applied in the workplace
  • The role of technology in providing a compliance system of record which enables you to monitor and measure the effectiveness of your compliance training programme

Paula Davis, Director, Compliance Programme Operations, EMEA & APAC

What if your GRC/BFC/CSR training program goes wrong?
The current complex business environment demands ethics & compliance training based on an employee's role and the risks associated with it. This session will review best practices on how to align roles, risks, and priorities strategically, to make the most efficient use of limited training time and resources. The discussion will consider what key statistics a compliance officer needs to drive training decisions and determine program effectiveness.

Paula Davis, Director, Compliance Programme Operations, EMEA & APAC

Parallel Session: Scenario planning

Scenario planning can be a powerful tool that leverages the GRC expertise through a process that culminates in the building of possible and plausible scenarios and making their consequences relevant to the present.

The application of scenario planning is spreading to organizations of all types and sizes who want to be proactive in determining what the future encompasses for them in business terms. The problem with the future is that it is different, and if you are unable to think differently, the future will always arrive as a surprise. -Prof. Gary Hamel

Workshop variations are commonplace, depending on the availability of participants and ambition of the director. In addition, the facilitator will be available post-workshop to help conceptualize, design, and develop follow-through activities, e.g. playbooks, training, and communication materials. This introductory session will be offered in a 2-hour session.

During the workshop, we will go thru the following processes/stages in the introductory scenario planning process:
  • Scenario-based process theory
  • Hot Topics in GRC scenarios
  • Small Group: Scenario axis development
  • Small Group: Scenario impact assessment
  • How to communicate through scenarios

Facilitator: Matthew Spaniol, M.Sc, Ph.D fellow, Executive Advisor for Scenario Planning

Parallel Session: Challenges of Audit and Fraud Management

Audit Management - At a time when many organizations are struggling to do more with less, it's imperative to understand not only their new challenges, but as well comprehend options and opportunities for improvements. Ever-growing demand to monitor and manage risk and compliance for the enterprise operations, production, processes and financials is still predominantly an overall manually exercised effort. This session is designed as an introduction how IT products supports the enterprises shaping organization-wide risk strategies and policies in shared governance structure for auditing, risk management, compliance review, and formal disclosure reporting. Participants will gain an introduction into proven, effective design to ensure real-time, enterprise-wide risk management, audit and compliance with regulations and standards.

Fraud Management - More than 50% of fraud cases are detected by accident after loss has occurred. Many tools require excessive effort by fraud analysts to generate useful information, or the tools generate too many false alarms. The cost of using these tools is high, and the return is low. For effective fraud management, you need an approach that detects and prevents fraud - as it happens. The right solution will help your organization keep pace with ever-changing, increasingly sophisticated criminal tactics. Then if fraud occurs, your analysts can investigate it efficiently and thoroughly check transactions without negatively impacting operational productivity.

As regulatory pressure grows, for example, the implement anti-bribery and anticorruption programs, you need to detect and investigate various types of suspicious transactions to achieve compliance and protect your company's reputation. The typical organization loses an estimated 5% of their annual revenues to fraud. How can your organization use fraud management technology to reduce financial loss, protect revenue and reputation, and limit disruption to your business processes?

Facilitator: Lilliana Grbic CISA, CRISC, Engagement Architect, SAP- AGS

Parallel Session: Bribery Corruption

  1. The Bribery Act/FCPA – What is it all about?
  2. The Bribery Act – Why is it relevant for companies?
  3. The Bribery Act - How can you protect yourself?
  4. Cases
Our experience with various Bribery, Fraud and Corruption workshops and consulting assignments is that many companies want, in relation to guidance on the UK Bribery Act of the FCPA, practical help to establish "adequate procedures". Additional requests are for implementing appropriate measures to counter corruption. The primary purpose of this parallel session is to ensure the company's liability against and under the provisions of The UK Bribery Act and the FCPA rules; implementation, evaluation and control of the Bribery Act or FCPA processes and procedures:

Cases will illustrate the following:
  1. Analysis of a company's risk in relation to the Bribery Act;
  2. Preparation of a new/revised anti-bribery policy taking into account the company's risk in relation to the FCPA/Bribery Act;
  3. Review of training to employees on FCPA/Bribery Act and a review of introductory material for new employees
  4. Review of due diligence procedures in relation to third parties and partners
Moderators: Claus K. Andersen and Judith Canning