Governance in the digital age
Tuesday 21 February 2017 | The Forum, Bryanston
Agenda
Arrival and Registration
Welcome and housekeeping
CHAIR: 
Tshitego Moses Segaetsho, Secretary and Board Member, ISACA South Africa Chapter and Senior Manager: IT GRC and Vendor Relationship Management, Auditor General South Africa
Keynote: Progress made in Establishing the Information Regulator
Sizwe Snail ka Mtuze, part-time member, Information Regulator South Africa
The aim is to inform the delegates about how the regulator will work and how it impacts on the POPI Act.
- Understand the responsibilities of the regulator
- Demystify enforcement of the POPI Act
- How to ensure compliance of POPI
What is driving GRC trends globally?
Matimba Simango, IT governance officer, PPC Cement
There are three lines of defence to enterprise risk management – governance, risk management and compliance. This presentation will explore the global IT regulatory laws (Europe, Africa, America and Asia), looking at the latest changes and updates. It will also touch on international business investment, growth and mergers, and examine XaaS and cloud consumerisation and how it affects GRC. With the fourth industrial revolution, there are many threats and risks – how do these affect GRC?
An understanding of:
- Rapid dynamic changes in the IT space and the high velocity progression of advanced cyber threats;
- Digital crimes and the consequences; and
- The future of GRC and alignment with technology trends.
Legal perspective: Why 'digital risk' needs a seat on the board
Nerushka Bowan, technology and privacy lawyer, Norton Rose Fulbright
Digital risk is not just an IT issue. Not everyone can be a technical cyber security expert, but it is your responsibility to be able to ask the right questions to understand digital risk, so you can make informed decisions for the company.
- Every business is a digital business
- Across industries, more devices are becoming sensorised, connected and intelligent. This increases the amount of data collected. In this digital age, can you distinguish between internal and external digital business risks? Do you know what the digital risks specific to your industry are? Do you understand the regulatory framework in which your digital business operates? Do you know the ethical questions that need to be asked when implementing new technologies?
- Hackers gonna hack
- Cyber crime statistics are on the rise. It is no longer a matter of 'if' you will be hacked, but when. Do you know what security measures are in place to mitigate this risk? Consequences of a data breach are not only a hefty fine – your business' brand and reputation are at stake. In addition to being hacked, are you aware of the other contributing factors to data breaches, such as employee risk?
- Ignorance is not a defence
- King III and IV place increasing digital risk responsibility on the board. Are you up to date with the latest technology trends within your industry as well as generally? Are you aware of the digital risks associated with technology implemented in your business?
Tea break
King IV: The impact, from a technology and information point of view
Michael Judin, senior partner, Judin Combrinck
Find out what is new and what has changed in the King IV Code. Hear an analysis of how King IV aims to establish a balance between conformance and performance. Finally, take a look at how technology and information are impacted by the changes in the King IV Code.
- Understand how the fourth industrial revolution is catered for in King IV;
- Analyse how King IV differs from King III; and
- See how King IV recognises IT as a corporate asset and confirms the need for governance structures to protect and enhance this asset.
Corporate governance and cyber risk: Understand the compound effect of good governance in decision-making
Jeanetha Brink, owner, Jeanetha Brink Consulting
Poor governance, mostly, occurs due to a lack of awareness. Industries can be regulated, but people's behaviour must be guided. Understanding international perspectives, local guidance and the impact of ignorance will be dealt with in this presentation, with practical, relevant case studies.
- International trends in corporate governance: focus on the legislative as well as the economic considerations, and the impact for your organisation;
- King IV – consider the following: how is proof of implementation different to King III? What is required in dealing with cyber risk? What is relevant about the distinction between information and technology? and
- Some consequences of poor governance, including risks of staff using social media and social networking.
Case study: Using GRC to enable business agility and not inhibit it
Portia Simelane, group manager: IT Governance & Resilience, Airports Company of South Africa
Even though IT governance, risk and compliance (GRC) is one of the strategic disciplines within any organisation, this function continues to suffer an unfounded reputation of impeding a business's agility. When applied correctly, however, the discipline of GRC actually supports and improves business performance. The speaker will discuss practical ways to inject agility in your IT governance structures, processes and decision-making. Drawing from her experience, Simelane will share the do's and don'ts of effective implementation of the GRC discipline.
- Learn how to be an agile GRC practitioner; and
- Improve and support business performance.
Governance adhesion: The path to making ICT governance stick
Werner Bornman, head of ICT, Stanlib
ICT governance can be a complex and complicated construct. Implementation and adherence to ICT governance could be overcomplicated without a clear understanding of touchpoints. Perceived views of governance could be negative, due to a lack of understanding the objectives that need to be achieved. Werner Bornman will take you through the adhesion map, looking at which tools to use. He will also look at derived benefits from using the adhesion map.
- Outlining common problems with the adoption and sustainability of IT governance;
- Presenting a consolidated view of ICT governance, on a single page; and
- Derived and proven benefits of the ICT adhesion map.
Lunch
Keynote address: Socio-political impacts on GRC
Bantu Holomisa, MP
Holomisa will explore common hurdles to good corporate governance, as well as examine the current political and economic issues and their implications on companies in South Africa. What does the future hold for South African companies?
- Assessing the socio-political issues and how they impact your organisation; and
- Your role as a GRC practitioner in ensuring your company is agile enough to adopt and survive.
Case study: Know your customer (KYC) – compliance helps you to target the right customer for your product
Victor Mudyanembwa, delivery manager customer onboarding, Barclays Africa
What is the KYC framework, which is used by many companies to meet regulatory requirements? Victor Mudyanembwa will debate whether or not KYC should be a tick-box exercise. He will also look at how KYC affects processes in the financial industry, eg, customer on-boarding, and will address how Absa uses KYC to create a better relationship with its customers.
- KYC should not be a tick-box exercise; and
- Use KYC to target your customers with the right products.
You, Standards and GRC
Max Blecher, chairperson of South African National Standards Body mirror committee on IT Service Management and IT Governance and MD, Virtual Alliance
Fear, uncertainty and doubt (FUD) often lead to a negative perception of standards. But adopting and implementing standards has many benefits for businesses and consumers alike, and can also be of great benefit to the individual. In this presentation we explore relevant GRC standards, whilst taking a behind-the-scenes look at how standards can assist with your professional development.
- Standards are relevant for the entire organisation – from practitioners to governors
- There is a wealth of knowledge and expertise that is readily available and easily leveraged
- Engaging with standards can expand your mindset and unlock great personal rewards
Tea break
The inextricable link between compliance and technology
Candice Holland, director: Risk Advisory Africa, Deloitte South Africa
Muzammil Ebrahim, associate director: Risk Advisory Africa, Deloitte South Africa
It is becoming common knowledge that sustained compliance is driven by the ability of an organisation to proactively identify regulatory requirements and then build and implement the necessary technology to ensure effective utilisation thereof. Once these two aspects are embedded within an organisation, insightful management information pertaining to compliance can be obtained and shortfalls addressed.
- Practical interpretation of regulatory requirements to enable system design
- How data analytics and the right technology can enable regulatory compliance
- Integration of regulatory projects – optimising processes and systems and leveraging off of existing programmes.
Panel discussion: Making GRC a practicality and not a tick-box exercise
Facilitated by: Tshitego Moses Segaetsho, Secreatry and Board Member, ISACA South Africa Chapter and Senior Manager: IT GRC and Vendor Relationship Management, Auditor General South Africa
Panelists:
Malesela Mokonyane, head of the Compliance Function and company secretary, Real People Assurance Company
Jeanetha Brink, owner, Jeanetha Brink Consulting
Portia Simelane, group manager: IT Governance & Resilience, Airports Company of South Africa
This panel discussion will look at how to make GRC a part of the business and how GRC practitioners can drive this. With everyone having access to information, how can GRC practitioners make their roles more agile? This session will examine how digitalisation has affected GRC principles and how GRC practitioners can make themselves more savvy and be alert to new risks.
- Making your role as GRC practitioner more agile;
- Becoming aware of the risk that come with digitisation; and
- Getting buy-in across the business and making GRC a practicality.
Keynote: South African futures
Dr Jacobus Kamfer (Jakkie) Cilliers, chairman, ISS Board of Trustees and head, African Futures & Innovation
This presentation will look at the future predictions of organisation in Africa and what influences them and what risks can GRC practitioners watch out for.
- The latest scenarios and implications of new technologies
- Understanding what the future hold for organisations in Africa and how you can prepare
Closing remarks
Silver Sponsor
Mimecast
Mimecast (NASDAQ: MIME) makes business email and data safer for more than 21,800 customers and their millions of employees worldwide. Founded in 2003, the company’s next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management in a single, fully-integrated subscription service.
Mimecast reduces email risk and the complexity and cost of managing the array of point solutions traditionally used to protect email and its data.
For customers that have migrated to cloud services like Microsoft Office 365TM, Mimecast mitigates single vendor exposure by strengthening security coverage, combating downtime and improving archiving.
Mimecast Email Security protects against malware, spam, advanced phishing and other emerging attacks, while preventing data leaks. Mimecast Mailbox Continuity enables employees to continue using email during planned and unplanned outages.
Mimecast Enterprise Information Archiving unifies email, file and instant messaging data to support e-discovery and give employees fast access to their personal archive via PC, Mac and mobile apps.
Please visit www.mimecast.com
Bronze Sponsor
RubiQ
RUBiQ provides a single cost effective cloud platform for compliance to any International Standard. Best practice implementation approach for a sound GRC (Governance, Risk and Compliance), enterprise wide framework, providing meaningful integrated reporting.
Please visit www.rubi-q.com
Display Sponsors
Deloitte
Regulatory risk, strategic risk, financial risk, legal risk, reputational risk, and evolving governance landscapes creates unique value through intelligent risk-taking.
Deloitte Governance, Regulatory and Risk allows clients to focus not only on risks that can threaten value, but also the risks an enterprise can take to create value. By adopting a consolidated approach to risk, incorporating Internal Audit, Enterprise Risk Management and Governance, organisations are able to provide assurance and insights to the Board and Audit Committee.
Deloitte Legal practices provide holistic business legal advice enabling strategic business decisions and offering cost-effective support for routine legal activities. Deloitte Legal provides businesses with the advice they need to make informed decisions. We offer a broad base of legal services in multiple jurisdictions. Our experience and global reach allow us to provide businesses facing complex legal regulations and challenges with personalized, tailor-made services.
Please visit www.deloitte.co.za
SABS
The SABS forms an important part of the South African technical infrastructure organisations known as Standards Quality Accreditation Metrology (SQAM) and provides standardisation services to facilitate the achievement of economic and developmental objectives of the government. The SABS is mandated to develop, promote and maintain South African National Standards and conduct conformity assessment services related to the standards developed.
The SABS offers a range of conformity assessment services, including; product and systems certification, testing, consignment inspection, calibration and training. The SABS product certification Mark has, for decades, been a trusted and respected symbol reassuring South African consumers that products are safe, fit for purpose and comply with South African National Standards.
Please visit www.sabs.co.za
Sponsor
Xperien
The secure process of IT asset Disposal ITAD is our core business and what we specialise in, our method has been expertly prepared which
includes an effective mobile HDD destruction service, formulated to offer clientèle a superior, secure, complete solution.
Please visit www.xperien.com