Day 1 - NOV 23rd 2015 | Morning Session

09:00-09:10 Welcome & Introduction to the Conference. Opening Remarks from the Chairman & Co-Chair
Kersi F. Porbunderwalla, Secretary General, Copenhagen Compliance
How can the board of directors help GRC officers to understand, build and manage their GRC, ethics & code-of-conduct programs effectively, for better reporting to the board, stakeholders and oversight authorities?
Andrea Gisle Joosen, Chairman of the Board/Non-Executive Director of ICA Gruppen AB, Teknikmagasinet AB, Dixons Carphone Plc, James Hardie Industries plc.
A practical guide to risk identification, articulation and assessment to ensure easy and effective integration of risk identification process into financial processes
Jesper Lyng Jensen, Chief Risk Advisor, Enterprise Risk Management & Support, DONG Energy
10:45-11:00 Coffee Break


Christina Malmsten, Lawyer, Nordic Underwriter Financial Lines, Zurich Global Corporate
Ralph Bengtsson, Chief Internal Auditor Cematsil, Aalborg Portland
Lady Olga Maitland, Chairman, Copenhagen Compliance UK Ltd.
12:45-13:00 Wrap-up and analysis of the Morning Session
13:00-14:00 Lunch Break

Day 1 - NOV 23rd | Afternoon Session

14:00-14:10 Introduction To The Afternoon Session. Remarks From The Conference Chairman And Co-Chair
Henrik Frøssling, Senior Advisor, RiskMaturity Nordic AB
Luka Lu, LLM, Capital Associates, PRC Lawyers
15:10-15:30 Coffee Break
Hanna Danwall, Head of Competition Law, Legal Director, Carlsberg Breweries A/S
Per Lekwall, Member, Swedish Corporate Governance Board

Day 2 - NOV 24th 2015 | Morning Session

09:00-09:10 Welcome & Introduction. Review From Yesterday's Sessions, Opening of Today's Session
Kersi F. Porbunderwalla, Secretary General, Copenhagen Compliance
Andrew Breakwell, BDM Director EMEA, SAI Global
10:00 Onwards


10:20-10:45 Coffee Break
Judith Canning, Director, Business Ethics Leader, PwC
Bengt Gustavsson, Vice President, Head of Market Network Management and Group Legal Affairs, Saab AB
Hans Henrik Aabenhus Berthing, CPA | CGEIT | CRISC | CISA | CIA
12:30-13:30 Lunch Break

Day 2 - NOV 24th 2015 | AFTERNOON SESSION



13:30-13:40 Welcome & Introduction. Opening On The Technology And IT Sessions
  • Integrating multiple initiatives – think cross silos, but start smart
  • Configure the software yourself
  • Leveraging from best practices; examples of worlds' leading companies
Luc Brandts, Nasdaq - CTO and Founder, BWise
Hans Henrik Aabenhus Berthing, CPA | CGEIT | CRISC | CISA | CIA
15:00-15:30 Coffee Break
Hans Henrik Aabenhus Berthing, CPA | CGEIT | CRISC | CISA | CIA
Open Round up Session. All Speakers

    *Conference Program is subject to changes. The Conference Language is English

Here is the current preview of some of the great GRC and IT security plenum, parallel and workshop and breakout sessions in the 2015 program:

Good Governance Issues


  • What are the biggest challenges that affect the business environment and the business enabling environment in MEA?
  • A review of key challenges that face Companies operating in the region and advances that have been occurring to improve good governance on the public sector side which can build a better enabling environment for existing and potential investors.
  • A highlight of some of the better cases in the MEA region in this regard, including countries affected by the Arab Spring
Jeffrey Avina, LLM, Citizenship and Community Affairs Middle East and Africa, Microsoft

Changing Nature Of Capital Markets

  • Creating Long-Term Corporate Value in a Short-Term Equity Market
  • Institutional Investors and Their Evolving Role in the Capital Markets
  • Activist Investors and Hedge Funds
  • Corporate communications with institutional investors
  • Focus on Engagement in the Shareholder Rights Directive
Dr. Cristina Ungureanu, Head of Corporate Governance Advisory, Sodali

What do CEOs & Non-Executive Directors Expect from the GRC Officers?

  • What's the right level of communication to business stakeholders?
  • What's the Right Level of GRC Communication to Business Stakeholders, Non-Executive Directors and CEOs
  • What's the right level of communication to business stakeholders?
  • What are lessons are learnt from industry and government reports outlining cyber behavior and to improve business performance around cyber risks
Lady Olga Maitland, Chairman Copenhagen Compliance

Building An Efficient Governance Structure At A Diversified Business Operation

Designing the Governance framework in a diversified business operation, as part of a significant reorganization, must balance a variety of factors depending on the nature of the company, risks, the need for control and agility. The GRC complexity is high as a thorough approval framework covers all the commercial activities and considers the decision processes structure and stakeholders. One of the main points is defining the power balance between the board of directors and the managing directors of the legal entities, However the efficiency of the governance depends strongly on how the actions cascade within the organization.

In reality, one-size-fits-all is often not the best solution because the GRC objectivity may get lost in the design process. Company politics, personal ambitions, complexity, tradition & cultures, as well as existing power bases are active players in the design process, and must be managed continuously in a dynamic governance framework.

Ralph Bengtsson, Chief Internal Auditor Cematsil, Aalborg Portland

Global Compliance Issues

Bang for your buck - getting the most from your competition compliance program investment

The presentation will focus on clarifying the requirements for receiving recognition for your competition compliance program and which countries recognizes such programs as a mitigating factor.

The considerable cost of implementing and maintaining an effective competition compliance program is increasing the call for competition authorities to recognize the formal efforts when enforcing breaches of competition law. We can see that more and more competition authorities listen and recognizes competition compliance programs as a mitigating factor when calculating financial penalties. However, in a few cases a company’s competition compliance initiative have actually worked against them.

Hanna Danwall, Head of Competition Law, Legal Director, Carlsberg Breweries A/S

What Are The Major Components of the Current Chinese Reality? A Warning Or An Unprecedented Opportunity

China is currently placing tension in the world markets with fierce price declines, government regulation and restricted growth prospects. With the significant growth of China's household wealth, information management, and E-commerce and E-banking, there is difference in the cultural context compared to the developed countries in the West. What are the various factors and techniques that could create a unique future for business opportunities in China.
  • How will the current decline in prices, housing, stocks and shares affect the Chinese market and consumer and allow China business and industry to flourish?
  • How has the business and management methods evolved over time, and what factors and techniques in the Chinese context distinguish it from the West?
  • How will the current Chinese problems create unique opportunities for growth in this new market?
  • What kind of market and compliance regulations necessary to maintain sustainability and good governance practice in China?
Luka Lu, LLM, Capital Associates PRC Lawyers

How To Develop And Implement A Successful Anti-Corruption Compliance Programme

The workshop focus on practical steps compliance executives can follow when developing, implementing and refining anti-corruption programmes including how to:
  • Gain buy-in for your anti-corruption programme from senior management
  • Conduct effective risk assessments Develop and implement a compliance programme that addresses the specific risks your organisation faces
  • Create a cost-effective and efficient third-party due diligence programme
Andrew Henderson, General Manager, EMEA, The Red Flag Group

What Are The Current Changes In The Market And Capital Structures That Place Greater Demands On Strategy, Communications, And Particularly To The Underlying Performance Of The Company?

The financial and credit crisis has put high demands on the Treasury function and has created a necessity to focus on financial risks. The continued growing uncertainty in the financial markets requires that companies be ready to use alternatives (traditional bank loans vs. bonds vs. other).

Therefore, hoping that the financial crisis is on the verge of ending, and the uncertainty is declining, how can entrepreneurial companies focus on issues like working capital/risk management based on:
  • Scenario planning
  • Reduction of working capital
  • Reduction of investments
During the workshop we will prepare a comprehensive verification on the company's overall risk management measures based on Copenhagen Compliance and Riskability roadmaps and frameworks.
Erik de la Motte will facilitate the seminar that will focus on the advantages of having a diversified capital structure in the world where capital conditions change overnight.

Global Risk Management Issues

The Issue Of Risks Within Basel Committee's Revised Global Corporate Governance Principles For Businesses and Banks

  • Promoting a sound bank corporate culture through reinforcing the "tone at the top"
  • Board oversight of Management and executive compensation
  • Ensuring an appropriate Risk Governance framework through defined organizational responsibilities
Dr. Cristina Ungureanu, Head of Corporate Governance Advisory, Sodali

Corporate Social Responsibility: A Global Review Of Purposes, Strategies, And Implementation Approaches

Corporate Social Responsibility or Citizenship in Microsoft terminology CSR, Global Citizenship and Sustainable development play a critical role in identifying particular elements of a business' most vulnerable activities related to good governance.
  • Enhance strategic thinking, tactical planning, & actionable initiatives on how you can develop in-house CSR, global citizenship, and Sustainable Development risk-based programs
  • How to leverage the guiding principles that promote a high level of awareness that encourages & identifies the 'red flag' indicators of CSR, global citizenship, and Sustainable Development
  • How does CSR, and Sustainable Development mandate the cost of doing business to promote social, ethical & reputational standpoint
  • What are the specific insights on how to develop & implement an action plan for CSR, and Sustainable Development
Learn & benchmark CSR, Citizenship, and Sustainable Development schemes in the control framework including; the participants will be divided into groups to discuss the following CSR, BFC and Sustainable Development dilemmas and issues

Jeffrey Avina, LLM, Citizenship and Community Affairs Middle East and Africa, Microsoft

Doing Business In China Post The Financial Crisis

Foreign companies continue to enter the Chinese market. When doing business in China, it is important to keep in mind the fundamental cultural differences in China and e.g. Scandinavia and other Western countries. The 2 sessions will explore the latest in Risk Management, Governance and compliance challenges on the Chinese sub-continent.
  • How to communicate with regulators, suppliers, and third parties
  • What is the latest news on China's anti-corruption law?
  • How can your standard global controls and compliance program work in China?
  • What are the major components and attributes associated with implementing an effective GRC program in China?
Luka Lu, LLM, Capital Associates PRC Lawyers

Global IT Security Issues

The Cybersecurity Challenge

The proper corporate response to the Cybersecurity threats is becoming more and more complex. Contrary to other business areas, the regulatory guidelines are rather vague. For instance, that the board should be informed of risks and is responsible for policies to be in place. However, how do you stay aware and maintain policies in an area, which changes constantly? In an area where you could invest in new knowledge and technology every day to follow the latest developments?
  • Changing circumstances - the threat picture is developing.
  • Different approaches towards planning, prioritisation and managing Cyber security activities.
  • Is your Cyber security strategy sufficient?
Peter Laustsen, IT Manager, Carlsberg

Data Security, Data Breaches and Security Alerts

Data security controls are crucial to ensure that customer and business information is always protected. IT Risk-management programs with configured operating environments, healthy and multi-factor authentication and other strategies that provide flexible controls and solutions.
  • How to safeguard against the risks associated with groups that are either employed, associated or business partners that have access to data and systems.
  • A review of updated controls, user access, separation of system infrastructure, limits and restrictions and proactive system monitoring
  • How to monitor periodic risk assessments of information security programs
Hans Henrik Berthing, Partner, Verifica

The Results Of Regulatory Overreach On Business Initiatives & Data Management And IT Strategy

Starting the Regulatory Compliance Journey.
  • The typical approaches to addressing the regulatory IT initiatives in financial services
  • Approach compliance from being an check-the-box exercise to an integrated & proactive part of IT/business alignment and strategy
  • What are the components of a holistic financial regulatory compliance approach that service KPI's and satisfy the oversight authorities and all stakeholders
Kersi F. Porbunderwalla, Secretary General, Copenhagen Compliance

In the world of readily available cloud-based file sharing, the IT department's biggest challenge is to control the flow of information, documents and archives.

Starting the Regulatory Compliance Journey.
  • What are the typical GRC issues to address the cloud and big data challenges.
  • How can IT regain control of the information trail and deliver integration, confidentiality, integrity and availability of all documents at all times?
Owe Lie-Bjelland, CEO, Xait

How to implement an Information Security Management System based on ISO27001:2013 and ISO27002:2013.

Information security is becoming more and more essential and should be part of good business practice and corporate management. In a Governance, Risk Management, and Compliance world, a solution for all GRC components is a well structured and documented ISMS execution, with high management involvement and stakeholder awareness in the organization.

During this presentation, you get facts, do’s and don’t in connection with establishing a balanced, controlled and standardised ISMS. We will provide some ideas on what management and business need to be aware of in an ISO certification process. An ISO 27001 certification may not be the objective for the ISMS, however, there will be many valuable benefits in the preparedness process of the certification, that will help the IT and other departments of the organisation.

Hans Henrik Aabenhus Berthing, CPA | CGEIT | CRISC | CISA | CIA

Workshop: Cybersecurity is not just an IT Problem

The proper corporate response to the Cybersecurity threats is becoming more and more complex. Contrary to other business areas, the regulatory guidelines are rather vague. For instance, the board should be informed of risks and is responsible for policies to be in place. However, how do you stay aware and maintain policies in an area, which changes constantly? In an area where you could invest in new knowledge and technology every day to follow the latest developments?

The workshop discusses:
  • Changing circumstances - the threat picture is developing.
  • Different approaches towards planning, prioritisation and management of Cybersecurity activities.
  • Business Management / IT Management cooperation. How to align priorities successfully?
Speaker introduction: Peter Laustsen, IT Manager, Carlsberg
Peter has an international management background with experience of security management in both the IT industry and large corporate organisations.


Are you ready for the future digitalization?

The current digital transformation serves as the focal point for new opportunities and challenges that arise from latest technological developments and trends from the digitalization of business and society. Digitalization is one of the most fundamental components of the current period of transformation.

For the companies that are prepared, It provides a unique opportunity to shape the sustainability of the future business processes. Therefore, it adds to the significant responsibilities of the board, senior and IT management shoulders.

Digital transformations will have a positive impact on both business and society. At the 9th annual European GRC Summit, we focus on the implications of digitalization and discuss the future corporate IT, Digitisation and Cyber opportunities.
  • How to address, structure & integrate IT compliance and data privacy functions.
  • How to navigate between the new EU Privacy Directives and other global mandates.
  • Imposing entity-level IT controls across multi-jurisdictions
    • How to ensure reporting accuracy across multiple IT systems
  • Matching your IT controls to implement and address the cloud and third-party data storage
    • How to assess the impact of business processes, internal control, and training.
    • What parts of regulatory change management can be automated?

Workshop Agenda.

IT related security and business risk, with a focus on Cloud Governance and Cyber Risk Management.

During the workshop, we will discuss solutions on the following topics.
  • Have you experienced Cyber Attacks lately? We review some of the latest Cyber Attacks.
  • What should the board of directors and executive management ask about Cloud issues
  • How can the board and executive management ensure that IT and Cloud governance in updated and optimised?
  • How should board and executive management and IT department respond to Cyber Attacks

Workshop Coordinator: Hans Henrik Aabenhus Berthing, CPA | CGEIT | CRISC | CISA | CIA

Long form Conference Agenda and Program

Our annual two-day Governance, Risk Management, Compliance and IT-Security GRC) conference will bring together compliance, risk, and audit executives from corporations primarily from The Nordics and Europe. Global GRC experts keynote speakers, and C-level officers will provide guidance and deliver high-quality content in Q&A sessions, panel discussions, workshops, and parallel sessions.

The 9th annual European GRC Summit has developed into a premier GRC, Regulation and IT Security Congress that will bring together over 150 attendees. Moreover, hear from 25+ CFO's, Heads of Risk/Compliance representing major companies from across the Nordics, Europe, the Middle East, and USA. A broad outline of the topics to be addressed and discussed are described below, including intensive and interactive panel, Q&A, and parallel sessions.

Plus - register two colleagues and the third goes for free!

All Conference participants will;
  • Identify barriers and challenges to implementing effective GRC programs
  • Parallel sessions on core GRC components will further enhance knowledge, insight and provide guidance on practical issues.
  • Break out of silos and examine, integrate, embed and automate the GRC best practices
  • Address the urgent demand for high-level expertise on specific issues that is most relevant to your department or business
  • Define education, training, and career development need to enhance knowledge and develop succession planning
  • Set an aggressive and wide-ranging research agenda relevant to GRC issues
The conference will be conducted as four seminars that together provide updated and timely knowledge on GRC topics and current issues:

The participant can either attend all four sessions and join facilitated, small group discussion on predetermined topics in each seminar. Participants are also welcome to join a particular session, parallel session, half day or a full day. At the conclusion of each session, all participants can join the next panel discussion.

The Four Sessions Are: 1. Updating The Future Of Global Good Governance 2. Risk Management 3. Compliance And 4. IT-Security (GRC) Demands To Create Business Value

The 9th European GRC Summit focuses on a wide range of ethics and compliance risks specifically in the current European business environment. The summit will focus on the European underlying issues and deep-Rooted problems and provide sustainable solutions.

The concept of each GRC Summit is to provide a remarkable and prodigious number of short speeches that cover a variety of GRC issues with the following Q&A session. However at the parallel sessions, we will go deeper in the subject matter and gather knowledge with dialogs, questions and comments along the way so that the participants are truly involved.

Some of the specific GRC issues and questions global experts will discuss are:
  • Each speaker will address how GRC can facilitate Europe to be on the move to growth and creating sustainable value
  • What are the global GRC issues with the oversight authority and regulators?
  • How to perform an effective due diligence to comply with the 3rd party?
  • What are the current political issues in Europe that affect the business climate and create instability?
  • Developing Effective Privacy & Data Protection Strategies for global compliance
The final agenda with the latest program update and timings will be announced 60 days prior to the conference. Here are some of the highlights and a present-day preview of some of the great GRC and IT security plenum, parallel sessions, workshops and breakout sessions in the 2015 program.

Key Highlights for the 2015 GRC Agenda.


*The current agenda details are subject to change

Good Governance Issues

Establishing The Right GRC Oversight Structure

  • What GRC and audit functions can be merged
  • How to demonstrate sufficient independence in the functions
  • When should boardroom governance intersect with these functions

How Integrate Enterprise-Wide GRC Processes And Develop Seamless Silos?

GRC managers, functions and teams are spread across the organisation and business n each department focussing on environmental, tax, health & safety, and other GRC issues.
  • How does senior management combine multiple and duplicate GRC efforts together into one corporate compliance program
  • What are the enterprise-wide GRC processes and techniques to centralize oversight and improve reporting?
  • How to take an annual silo inventory to avoid duplication and improve efficiency.

Managing Cross-Border Investigations

Privacy concerns for data transfer, interviewing witnesses
  • Juggling parallel probes from multiple regulators
  • Judging materiality and disclosure to various audiences

Bringing Global GRC Standards To Emerging Markets

For many companies, growth comes from emerging markets, that pose new challenges as compliance officers explain and enforce, global compliance expectations to diverse audiences;
  • Explore the front end tasks to achieve
  • Third party and business partners in the global operations
  • Developing compliance communication without compel employees
  • Crafting compliance policies that relate and correspond to local culture and practices

Nordic and Global Compliance Issues

Compliance Officer's Role In Investigations And Organisational Discipline

The role of the GRC investigating officer as the front figure in managing whistleblower hotline and reviewing allegations of misconduct, and addressing a series of suspected misconduct are daily routines.
  • What is the GRC officers correct and proper role in carrying out prevention, culture and discipline issues to enforce global GRC compliance?
  • How to determining the GRC facts and liability issues to impose necessary discipline, and helping to ensure that business operations continue in departments after the disciplinary effect.

Assessing The Risks In Competition Law And Anti-Trust Compliance

Competition Law and Antitrust compliance issues are a prime concern for the board, senior management, and compliance officers. Competition Law and Antitrust mandates are not only relevant for the giant corporations but also for small companies involved in mergers.
  • How do you analyse the current business model and processes for antitrust risks, and re-assemble an enterprise-wide antitrust exposure across the organisation?
  • What are the global antitrust regulations and conflicting legal concepts behind mergers?
  • How to apply anti-trust compliance wisdom to new mergers and acquisitions

Measuring Managing And Monitoring And Documenting The Compliance Effort

A central and critical part monitoring the compliance program is to demonstrate the effectiveness of the program from an operations perspective.
  • How to control, manage and measure progress on various GRC compliance goals, and document effectiveness of management, oversight, and regulators.
  • How to ensure the right amount of staff, budget, and other resources


  • Deciding where in the organization to place a review control
  • How to ensure you get the correct data for review
  • What are the different considerations for ICFR controls and compliance controls

Compliance Key Performance Indicators For Board Of Directors And Senior Management

Global mandates require transparency and accountability in a practical ethics & compliance program.
  • How to document and decide the central tracking of the vital Key Performance Indicators?
  • How do you monitor, disclose, communicate and report them to reflect an accurate picture of what is going on?
  • What are the metrics that demonstrate that the compliance program functions at all levels?
  • How can compliance departments add value to the organization in Europe when this is a major global problem?

Updating Compliance, Governance And Related Issues When Expanding Or Doing Business In The Emerging Markets Of Europe

  • What are the key ethics and compliance risks specifically in the EU?
  • Which regulators and oversight are the most prominent in the region?
  • What are the most effective ways to perform due diligence here?
  • How have recent political developments in Europe affected the business climate?

Understanding, Implementing And Monitoring Compliance Key Performance Indicators

This Key Note will address the metrics and measurements that compliance officers can use to manage the company's risks and compliance activity.
  • How to use GRC metrics to monitor the requirements of the board of directors, regulators, oversight and others.
  • Can the GRC Metrics monitor and measure compliance that adds to the company's overall performance?

Nordic and Global Governance Issues

Re-Invigorating The Merits Of Sox And EuroSox Compliance Via Project Management

  • How to incorporate PCAOB inspections and warnings into SOX compliance
  • Re-assessing your controls amid corporate growth
  • Using project management skills to execute a testing & remediation program

Building Governance Proograms At A Diversified Business Conglomorate

Governance implementation can be difficult to maintain when the focus is on line of business.
  • How to you manage the Governance components in a conglomerate sort of enterprise
  • What are the key Governance activities, risks, and compliance that create a burdens
  • How can conglomorates track risks and compliance activity in a diverse and disparate workforce

Whistleblower Policies That Respect Culture And Promotes Representativeness

Global experience document that reporting misconduct is crucial to ensure adequate ethics & compliance.
  • What are the idiosyncrasies that compliance departments face to earn Whistleblower respect so that reluctant employees that are afraid of repercussions.
  • How is the European culture to report misconduct progressing?
  • Are there employee protection schemes that contradict with whistleblower policies?
  • Implementing a sensible whistleblower program that employees can use.


Experiences from a compliance program roll out, across multiple countries:
  • Tracking local regulatory requirements
  • What are the operational functions to overcome resistance from reluctant unions and workforces?
  • Does Europe require extra attention to complying?
  • What are the compelling issues in Europe that European compliance officers often oversee?

Compliance With GRC EU Directives: What Will Be The Future Direction In Enforcement?

How will The GRC Compliance Problems in the EU affect the global business environment?
  • What is the potential of local enforcement agencies in securing compliance?
  • Due to the different legislative cultures, there are different approaches to compliance?
  • Is there a GRC uniformity issue in the EU

Understanding, Implementing And Monitoring Key GRC Performance Indicators

This Key Note will address the metrics and measurements that compliance officers can use to manage the company's risks and compliance activity.
  • How to use GRC metrics to monitor the requirements of the board of directors, management, regulators, oversight and others.
  • Can the GRC Metrics monitor and measure compliance that adds to the company's overall performance?

Building Global Compliance Programs At Multi-National Companies

Many new European businesses operate in many countries-but the compliance programs are not implemented or are still new. This Key Note session is based on research and survey to explore how to launch a new compliance program.
  • Explaining to employees the essential components of compliance.
  • How to build the right reporting systems, business conduct, and issues that require attention to markets in Asia, Africa, and Middle East for global compliance officers

Nordic and Global Risk Management Issues

Risk Culture & Conduct

Hear from the Global Head of Conduct Risk on 'Building An Effective Risk Compliance Culture And Risk Mentality on corporate integrity

Well-Designed Interchanges In Monitoring Fraud Risk Assessment

Mitigating the risk of fraud risk is probably one of the most important tasks of the C-level officers. The globalised and complex processes and transactions make fraud compliance monitoring a difficult task. In today's world of accelerated business operations scattered across the extended enterprise;
  • The three pillars of identifying fraud risk
  • Finding gaps in fraud controls
  • Moving to continuous monitoring of fraud controls
  • Improving timely analytics of financial transactions to raise fraud concerns

Redesigning The Corporate Risk Map Due To Moving Business Environment And Climate Changes

  • Some of the risk areas that has emerged on the Global corporates agenda is the likelihood of fraud, corruption, and CSR failures.
  • The triangulation and combined risks within the area of Fraud, Corruption and CSR to be integrated into a risk-based Control environment.
  • Managing climate change controls and issues

The experiences of a newly appointed CXO Officer.

Building a compliance function is a challenge in itself, however starting as a chief compliance officer can be a daunting task.
  • How to decide on the GRC priorities?
  • Who sets the GRC compliance goals and strategies
  • How to effectively assess the GRC progress
The newly appointed GRC officer explains what he did, and how he did it.

Connect Regulatory Requirements To Your Training Curriculum For Efficiently And Effectively Building And Monitoring An Active GRC Training Program

The tree key principles of successful GRC training programs are.
  1. Stay current with changing regulation
  2. Deliver the GRC training as part of a broader learning program including HR, workforce development, and employee improvements.
  3. Provide practical examples from highly regulated businesses with complex compliance needs in the training program

Assessing The GRC Risks Of Business Process Re-Engineering

  • Dissecting the risks of outsourcing
  • Examining the risks of centralization
  • How to connect those risks to financial reporting consequences

Case-Studies. 1. The overall GRC Case Management:

A systematic approach to managing and integrating GRC issues. We review the GRC cases from calls to whistleblower hotline to conducting fraud investigations.
  • How to demonstrate competence to management, regulators, auditors, and business partners
  • How to improve the GRC program that provides valuable insights to all stakeholders

Updating Risk Analysis In The Era Of Big Data, Cloud, and Analytics

The sheer volume of corporate big data and the company's ability to analyse the content is a science in itself. The explosion in the cloud has a profound implication for management trying to identify possible fraud, weak spots in supply chains and/or evidence for an investigation.
  • Are there new and smarter ways to employ Big Data Analytics for sharper insight into GRC risk areas
  • Why is it important for a business to improve analytic capabilities to satisfy the requirements of regulatory compliance?

Global IT-Security Issues

Data Privacy And It Compliance

How IT compliance and data privacy functions should be addressed and structured so that they work together.
  • The new EU Privacy Directive components so that global companies can navigate between the various mandates.

From Entity-Level Controls To Erp Systems

  • Imposing entity-level control at a global company
  • How to do that across jurisdictions where laws might conflict
  • How to ensure reporting accuracy across multiple IT systems

Lifecycle Management For Your Data

  • Developing policies for retention & destruction
  • Matching your IT controls to implement those policies
  • How to address the cloud and third-party data storage

Regulatory Compliance Change Management in Practice

From financial services to healthcare global corporations continue to face new and changing regulatory requirements.
  • How to track these changes for overreach and duplication of efforts.
  • How to assess the impact of business processes, internal control, and training.
  • What parts of regulatory change management can be automated?
  • How to address the process impact of the assessment and put a remediation plan?

The complications of As Is and To Be in Change Management

  • Finally, the management had gone from the manual processes and decided to implement an enterprise-wide GRC IT system.
  • What are questions and issues to be considered prior to implementation
  • Changing business processes as you automate GRC functions requires a change management focus that surpasses all disciplinary input from business unit leaders?

Practical Incident Reporting Systems

  • Building large-scale systems that don't discourage reporting
  • Building large systems that do allow for aggregate analysis
  • Piecing together how mistakes & accidents might suggest culture flaws

Proportionate And Adequate Procedures In Era Of Big Analytics

  • What regulators do for risk analytics, what they expect of you
  • Moving from manual processes to automated workflow
  • Tying analytic processes to particular types of risk (fraud, bribery, import-export)

How To Increase The Level Of Maturity In GRC Management And Compliance

Demands on executives and management teams further down incorporates organizations grow in order to be compliant due to increased number of internal and external requirements, more complex, at the same time when organisation structures are slimmer today. In order to prioritize and focus, it is crucial to understand what does the requirements mean in practice, risks, consequences and how to ensure compliance, embed in the corporate culture and structure.
  • How implement tools for an increased level of maturity and measure the performance?
  • Finding the right level of and the balance in the Corporate Culture and Structure.

Third-Party Risk Management At A Large-Scale

Third parties pose risks to all companies, however, the ability to implement GRC policies and controls environments is the answer for regulatory compliance. Corporates are more vulnerable today, brand damages and severe financial consequences are not rare if we fail. The business environment is more complex today, and we are more depending on third parties upon our expected deliveries.
  • What are the means and ways to train and monitor third parties?
  • How can we on a global and local level find the right level of faith, control and reasonable assurance to be compliant?
  • How to ensure that each local business unit's supply the best oversight and response that covers risk assessments, policy management, and provide GRC disclosures.

Integrating The Three Lines Of BFC Defense-Business Unit, Compliance Team, Audit Function.

  • How to avoid the annoyance in the field and duplication of efforts in the bribery and corruption processes.
  • How to embed the bribery and corruption practices in daily routines
  • How to assign roles and responsibilities to each line of defense
  • How to ensure that the bribery and corruption enforcement activity is monitored
  • How to develop a single, comprehensive and integrated management plan (Roadmap and Framework).

Parallel session on Financial Services Compliance

Building Effective Database and Programs for Know-Your-Customer and AML Compliance
There is a global focus on money-laundering, tax avoidance, human trafficking, and terrorism. From FATCA tax compliance to anti-money laundering regulations and rules compliance requires that all financial services businesses have to make a dedicated effort to know-the-customer.

  • How to revamp your current KYC programs and expand them to include improved policies and controls into the IT systems
  • What are the important mechanisms in new regulations on the importance of KYC efforts?
  • How to train employees to spot KYC failures and misbehaviors

Parallel session CSR Workshop

Current historic times need a fresh set of Corporate Social Responsibility and Environment Social Governance standards to create stakeholder value and sustainable business happiness solutions. The CSR workshop consists of presentations, business cases, & breakout session, divided into the following 7 categories. Strategic Issues, Case Studies, Panel Sessions, workshops and Q&A Roundtables are some of the specialties of the 9th annual GRC Summit.
  1. CSR Strategy Implementation
  2. CSR field project management
  3. CSR operations and performance improvement
  4. CSR business process reengineering
  5. Change management issues
  6. CSR in cloud and data protection (incl. IT-security)
  7. Combining GNH to a sustainable and cohesive CSR model

The global CSR issues will deliver a 360° course for charting the global CSR culture and perspectives in view of the aftermath of the global financial crisis. We focus on the Gross National Happiness (GNH) model to further provide the CSR depth and to integrate, embed and link your CSR business processes together with people and technology.

  • The link between Corporate Happiness-, Natural Capital- and Shareholder Value
  • How can Responsible Corporations Sustainable Consumption make us happy?

The new disclosure requirements demand that CSR processes are integrated because CSR risks are now more complex, diverse and interrelated. By combining the various CSR risk components to good Governance and Compliance, an enterprise approach will be formed and that will provide the company with strategic competitive advantage to critical business issues.

Based on the information from the conference you will be proactive in your reaction to positive risk and let your competitors miss the business opportunities.

The primary attention of the CSR conference is also to a value proposal on how to be prepared for additional disclosure requirements and protect the quality of the CSR reports:
  • Take a closer look at the implications on the mindset caused by the regulatory CSR tsunami that companies have experienced
  • The experts focus on the CSR processes that need to be changed in the corporate engine room and organizational cultural change issues
  • Address the issues caused by the predominant use multiple excel spread sheets to monitor and control CSR projects and how to start on the journey to automate CSR processes, controls, exposure and disclosures
  • How to secure strategic wins and at the same time optimise the CSR business workflow
  • Recognize the broader context of global CSR regulation across the organization, processes and functions.


Any form of IT or data breach can impair your business transactions, from business interruption to business disruption. At the 9th annual GRC Summit, a variety of topical IT issues will be on the agenda: focus on the significant costs and risks, lack of up to date knowledge on technology, trends in global IT governance, cloud computing, retooling IT Systems for better risk analysis and ensuring data security, data breaches and security alerts will be treated.

Introduction of new technologies offers a wealth of attractive business solutions and opportunities that are essential for business growth and development. We focus on the associated risks and dangers.

Against a backdrop of data fatalities, all of the above IT issues should raise awareness amongst CFO, IT Managers and compliance officers. What are the steps your business should embark on protect data and information Management. Addressing the human element is another critical as part of that defense strategy

We start the afternoon by placing the spotlight on the technological trends that are common in Global Governance issues related to gathering, reporting and analysing the quality of your corporate data.

Response of an IT compliance failure
In this connection, it is vital to see how companies can communicate this information internally, with Third Party Service Providers, and to their Board of Directors. It is the quality of the data that is instrumental in adding value to your Governance, Risk & Compliance strategy by supporting IT tools.

If there are gaps in the above or if you are not satisfied with the quality or the 'abundance' of data, retooling of your IT Systems for better risk analysis is probably the answer to your prayers. Therefore you need to figure out:
  • How to do a better job of assuring compliance, what is the missing link(s)
  • How to be able to spot IT risks before they metastasize into an issue that threatens the entire IT department?
  • Assess the need for an overhaul of IT structures? How to revamp IT systems to manage that new world of cyber crime, digital forensics and IT Security.

The goal is to leverage technology and data analytics across borders to drive compliance and risk monitoring throughout the organization. Finally, we will look into the proper response if an IT compliance failure occurs while managing the associated data privacy and security risks frequently created through these efforts

Data Security, Data Breaches and Security Alerts
Data security controls are crucial to ensure that customer and business information is always protected. IT Risk-management programs with configured operating environments, healthy and multi-factor authentication and other strategies that provide flexible controls and solutions.
  • How to safeguard against the risks associated with groups that are either employed, associated or business partners that have access to data and systems.
  • A review of updated controls, user access, separation of system infrastructure, limits and restrictions and proactive system monitoring
  • How to monitor periodic risk assessments of information security programs

Digital Forensics:
How to understand and maintain electronic evidence when digital forensics is the answer to an investigation. It takes a variety of expertise and discipline to run a successful business analysis. One of the foremost international experts will introduce you the concepts of computer forensic investigation and analysis and respond to the following.
  • How to structure a forensics/fraud examination.
  • What are the proper procedures for seizing and securing digital evidence?
  • What should your response to a suspicious "possible virus" detected on the computer be?
  • What are the forensic artifacts, webmail history, deleted files and encrypted volumes techniques
  • How to analyze digital evidence in fraud examinations
  • A review of updated controls, user access, separation of system infrastructure, limits and restrictions and proactive system monitoring
  • How to monitor periodic risk assessments of information security programs

Smart, safe and secure Identification.
Organizations are increasingly inter-connected to the global digital world. More and more of the operations are conducted online. This creates a need to make sure your intellectual assets remain secure and safe from data breaches.

While, it has never been more valuable to protect all this information, it has also never been more challenging. So, how do you trust the identity of users and efficiently manage their access to business assets?

Finally a panel discussion and respond to the Q&A session with all speakers to end this session where we have attacked the issues related to IT governance, security, digital forensics, cyber-crime and cloud issues from several angles.

Xait will demonstrate how to address security and compliance among other benefits by introducing a Managed Collaborative Authoring Process.

Parallel Session: Conducting a Cyber Security Assessment

The damage cyber problems can cause, make them intricately linked to regular monitoring and internal controls considerations. That is why the cyber security is on top of the company’s agenda for the board, committees and management, regardless of size and industry. The preparedness and robustness decides the plan to deal with a cyber-crisis.

Annual Assessment plays a vital role in monitoring Digital Forensics and IT security activities to protect the company against cyber threats.
  • What are the IT critical risks and critical assets to be protected and how to avoid the exposure and liabilities?
  • What are the critical demands on the IT infrastructure and compliance?
  • What is the overall strategy and plan to protect the company’s assets from cyber-attacks?

According to a report from Checkpoint in 2013, file sharing is the cause for 70% of information leakage. As enterprises are introducing BYOD and experiencing a wider use of cloud based file sharing services, your digital assets are at risk. How can you ensure compliance and security for your business critical document production processes while, at the same time, reducing cost?

Parallel Session: Challenges of Audit and Fraud Management

Audit Management - At a time when many organizations are struggling to do more with less, it's imperative to understand not only their new challenges, but as well comprehend options and opportunities for improvements. Ever-growing demand to monitor and manage risk and compliance for the enterprise operations, production, processes and financials is still predominantly an overall manually exercised effort. This session is designed as an introduction how IT products supports the enterprises shaping organization-wide risk strategies and policies in shared governance structure for auditing, risk management, compliance review, and formal disclosure reporting. Participants will gain an introduction into proven, effective design to ensure real-time, enterprise-wide risk management, audit and compliance with regulations and standards.

Fraud Management - More than 50% of fraud cases are detected by accident after loss has occurred. Many tools require excessive effort by fraud analysts to generate useful information, or the tools generate too many false alarms. The cost of using these tools is high, and the return is low. For effective fraud management, you need an approach that detects and prevents fraud - as it happens. The right solution will help your organization keep pace with ever-changing, increasingly sophisticated criminal tactics. Then if fraud occurs, your analysts can investigate it efficiently and thoroughly check transactions without negatively impacting operational productivity.

As regulatory pressure grows, for example, the implement anti-bribery and anticorruption programs, you need to detect and investigate various types of suspicious transactions to achieve compliance and protect your company's reputation. The typical organization loses an estimated 5% of their annual revenues to fraud. How can your organization use fraud management technology to reduce financial loss, protect revenue and reputation, and limit disruption to your business processes?

Parallel Session: Bribery Corruption

  1. The Bribery Act/FCPA – What is it all about?
  2. The Bribery Act – Why is it relevant for companies?
  3. The Bribery Act - How can you protect yourself?
  4. Cases
Our experience with various Bribery, Fraud and Corruption workshops and consulting assignments is that many companies want, in relation to guidance on the UK Bribery Act of the FCPA, practical help to establish "adequate procedures". Additional requests are for implementing appropriate measures to counter corruption. The primary purpose of this parallel session is to ensure the company's liability against and under the provisions of The UK Bribery Act and the FCPA rules; implementation, evaluation and control of the Bribery Act or FCPA processes and procedures:

Cases will illustrate the following:
  1. Analysis of a company's risk in relation to the Bribery Act;
  2. Preparation of a new/revised anti-bribery policy taking into account the company's risk in relation to the FCPA/Bribery Act;
  3. Review of training to employees on FCPA/Bribery Act and a review of introductory material for new employees
  4. Review of due diligence procedures in relation to third parties and partners

Parallel Session: Financial Compliance and The effect of the EU banking Union in the Nordic Financial Services Division

Operational Risk

Despite the fact that Risk Management is heavily featured throughout the conference agenda including a panel discussions and Q&A sessions, we will focus on the Financial services Industry specifically to address the issues relating to global Investment Management to assess the Global Operational Risk Survey.
  • Risk Models
  • Effectively Measuring, Managing And Monitoring Risk Models
  • Fundamental Review of the Trading Book & Liquidity
  • Dedicated session on the Fundamental review of the Trading Book and Liquidity.
    • Treasury Priorities
  • Stress Testing
    • Gathering insights on Analysing, Stress Testing Results, Reverse Stress Testing, and CCAR.
  • Cyber Crime and Fraud Risk Management as an intensive and highly interactive session.