DAY 1 - MARCH 15TH 2017 | Morning Session

09:00-09:10 Welcome & Introduction to the Conference.
Opening Remarks from the Chairman & Co-Chair
09:10-09:30 The development of corporate governance in financial regulation – how can it add value?
Prof. Caspar Rose, LLM, Board Member in Financial Institutions, Copenhagen Business School
09:30-10:10 Unification of GRC - Vision or reality?
  • How to Enhance Compliance and Business Performance thru Disruption and Innovation.
Samuel Brandstätter, CEO, Avedos Business Solutions
10:10-10:30 Coffee Break
10:30-11:10 Prepared For Governance, Risk Management & Compliance Challenges In Emerging Markets
Asger S. B. Lauritsen, Chief Procurement Officer at F.L. Smidth
11:10-11:50 Cases And Experiences Form GDPR Projects Including Some Useful Tools And Techniques That Will Assist In:
  • Pinpointing GDPR impacts to your business
  • Defining the deliverables in your GDPR project
  • How to map data flows
  • The key elements of the governance framework needed to ensure ongoing GDPR compliance

Tim Clements, CIPP/E, CIPM, CGEIT, CRISC. GDPR Project Manager
11:50-12:30 The New Role And Responsibility Of The Audit Committee
Victor Kjær, Deputy Director General, Danish Business Authority

DAY 1 - MARCH 15TH 2017 | Afternoon Session

13:15-13:20 Introduction To The Afternoon Session. Remarks From The Conference Chairman And Co-Chair
13:20-13:55 The complexity of GDPR – Do we need to rethink how we implement and document GDPR compliance?
Erik Warberg, Chief Compliance & Legal Adviser, Computas
13:55-14:25 Demystifying Cloud Computing, IT- And Cyber Security: The Convergence Of Cyber And Compliance Risks, And Threat Environment
  • The technical and organisational measures that organisations need to adopt to comply with The Network and Infrastructure Directive
  • Cyber resilience, the role of international standards and the Cyber Essentials Scheme

Jiri Kram, MSc, Advanced IT & Management, MIT, Consultancy Services, Silicon Wharf
14:25-15:05 Why do good companies misbehave and break competition law?
Christian Bergqvist, Ph.D. Associate Professor, University of Copenhagen
15:05-15:25 Coffee Break
15:25-15:45 Do we always know who we do business with?  The preventive actions and ethical standards to avoid being victims
Henrik Frössling, Senior Manager, RiskMaturity
15:45-16:15 The good, the bad and the ugly - Pitching compliance projects internally
  • Practical examples of good selling points and compliance project pitfalls
Hanna Danwall, LLM, Head Of Competition Law, Carlsberg Group
16:15-16:45 Combatting endemic corruption in the emerging markets.
  • Case on the EU-funded anti-corruption program in Ukraine.
  • Danish approaches to the eastern European corruption jungle.
Uffe A. Balslev, Head of Department, Ministry Of Foreign Affairs
16:45-17:00 Wrap-up of Today's Conference Sessions
Increasing the Level of GRC Maturity. Inspiration From today's Session

DAY 2 - MARCH 16TH 2017 | Morning Session

09:00-09:05 Welcome & Introduction. Conference Chairman
Review From Yesterday's Sessions, Opening of Today's Session
09:05-09:45 Bribery and Corruption Issues; Third Party Due Diligence in FLSmidth
  • Practical experiences with managing third parties and conducting due diligence screenings, as well as recent developments in international sanctions regimes.
Jeppe Kromann Haarsted, Group Compliance Manager at F. L. Smidth
09:45-10:10 Ethics & Integrity Solutions to Organisations In Crisis: What Went Wrong At Volkswagen, FIFA...
  • The impact of GRC Values for Lasting Change In Corporate Culture, Ethics & Integrity
Kersi Porbunderwalla, Secretary General Copenhagen Compliance
10:10-10:25 Coffee Break
10:25-10:50 No Quick Fix: Corruption Issues in Emerging Markets
Bersant Hobdari, Associate Professor, Copenhagen Business School
10:50-11:10 Governance and Risk management In the Public Sector
What are the current issues and priorities; concrete examples from the health sector – where fortunes are spent on new hospitals and doctors
Anne Ehrenreich, Chief Adviser, Ministry of Foreign Affairs, Denmark
11:10-11:30 Is compliance enough - Lessons learned from the Danish Government approach
Annemarie Vitoft, Senior Risk Manager, Black Swan Institute
11:30-12:00 The risk and reward of a compliance audit.
Mariano A. Davies, President and CEO, BOSS Certification UK Limited
12:00-12:25 Are our business partners mature in the areas of GRC regarding Code of Conducts & Business Ethics?
Henrik Frössling, Senior Manager, RiskMaturity
12:25-12:50 Panel Discussion On Managing Strategic Risks as a Board of Directors concern
Prof. Caspar Rose, LLM, Copenhagen Business School


13:50-13:55 Welcome & Introduction. Opening On The Technology And IT Sessions
13:55-14:25 Why do certain Enterprise Risk Management systems achieve adoption while most do not?
(Case Study) Carlos Moreno, Configit, MSc Management Engineering, Risk and IT
14:25-14:50 Focus On Cybersecurity Compliance to Operationalise the Risk Program
Hans Henrik Aa Berthing, CPA, CRISC, CGEIT, CISA, CIA. Verifica
14:50-15:20 System Architecture And Security Issues In The New World Of Blockchain Technology
Jiri Kram, MIT Certified Cloud Professional, Tata Consultancy Services, Silicon Wharf
15:20-15:35 Coffee Break
15:35-16:00 Practical GDPR, legal status and lessons learned (so far..); thinking, utilising and avoiding silos
Per Mejer, DK tech-lawyer, specialized IT-attorney
16:00-16:30 The Regulation and Best Practice Developments in Cybersecurity Compliance
Panel: Jiri Kram, Hans Henrik Berthing, Carlos Moreno
16:30-17:00 How To Develop a Relationship Based Culture of Governance, Risk And Compliance and IT Security Management in the Current Complex Business Environment (Instead of a Transactional or Control Based Environment)
Open Round up Session. All Speakers

    *Conference Program is subject to changes. The Conference Language is English

Event Changes

From time to time it may be necessary to amend the event programme and the details of those participating. Therefore, GRC Assembly and Copenhagen Compliance® reserve the right to alter the scheduled event at any time. We endeavour to communicate any changes to both delegates and speakers. We recommend regular checking of the event website for up-to-date developments. If you have any specific queries or questions to the speakers, please do not hesitate to contact us – we are here to help you and your GRC and IT-Security interests.

This is an overall general preview of the 2017 conference agenda, curriculum and program, with inspiring Governance, Risk Management, Compliance and IT-Security (GRC) topics and issues during the plenum, parallel, workshop and breakout - sessions, at the 10th annual Nordic GRC Summit on the 15th -16th March 2017

The Copenhagen Compliance® Annual Nordic GRC conferences are known for an abundance of expert speakers, attendee participation, productive debate and knowledge sharing During the sessions, we will conduct a series of surveys with interactive voting on some GRC issues for table discussions on the spontænous results.

The two-day conference attracts the participation of governance, compliance, risk, audit, IT and legal executives from corporations around Europe Besides plenum and keynote speakers, we have concurrent panel discussions, workshops, parallel sessions and presentations that deliver high-quality GRC content to suit all trades.

At the conference 30 + speakers will put their expertise on display and offer analysis, views and predictions on what might lie ahead for the enforcement and regulatory climate related to governance, risk management, compliance and IT security officers and their teams.

(in-between keynote speech)

Are You Caught With Your Hand In the Compliance Cookie Jar?
The company has self-disclosed a bribery allegation to regulators, and the investigation is underway
  • What are the cooperation lessons learnt from an oversight probe
  • What are the compliance challenges between a disclosure and the final settlement
  • How should the remediation begin and the communication and documentation with the supervisory, controlling and monitoring authorities?

What is Efficiency?
Management, articles, auditors, stakeholders are always preaching effectiveness
  • Are we defining Efficiency correctly?
  • How can "Effectiveness" be the cornerstone of modern corporate compliance and ensure the quality of our GRC programs?
  • Why is effectiveness so elusive?

Assessing the Investigations Process
  • What are the pitfalls in best practices in conducting internal investigations?
  • What are the metrics that determine effectiveness, consistency, resources and support, in communicating the inquiry process
  • The handling attrition and protocol of a bad internal investigation
  • Do we need the right standards to prove effectiveness?

The New Buzzwords of IT, Data And Cloud
  • Are the different types of data (such as insufficient or absent data) in Big data a needle in the haystack syndrome?
  • Is it possible to apply metrics/data insights for cyber and IT security effectiveness

Positioning the GRC Program in the Real World
  • Is GRC a merely "paper program" with check-the-box compliance as the tone at the top?
  • Is GRC integration possible in a compliance program and business operations
  • How to harmonise the GRC pillars in branding, training, communications, risk assessments, monitoring, business processes and strategy

Must We Abandon the GRC Jargon?
  • Policies and procedures are often covered in legal jargon with defined terms, acronyms, cross-references, regulatory quotes because they are often written by lawyers for the board or regulators, not for employees
  • Management, on the other hand, has a commitment to corporate culture, values-based ethics programs, and has invested significant efforts in simplifying their policies and automating processes
  • Develop a common platform to combine the above.

How to Jumpstart Compliance
  • Employees on the other hand want transparency, simplification and clear direction
  • What are the far-reaching, values-driven, business-focused actions needed to simplify the path to better compliance and communication between the above stakeholders?