Tuesday, 20 February 2018

Arrival and registration
Welcome and scene-setting

CHAIR: Max Blecher, chairperson, South African National Standards  (SABS) and MD, Virtual AllianceMax Blecher, managing director, Virtual Alliance

KEYNOTE: The True State of the Nation

Roelof Botha, Adjunct Faculty Member – GIBS (University of Pretoria)Dr Roelof Botha, Economist

South Africa is in the midst of socio-economic uncertainty in its post-democratic era. This is evidenced by the obvious trends such as: volatile exchange rate; huge losses reported from our SOE's; high interest rates, waning business confidence and a lengthy commodity price cycle downturn. Policy uncertainty and the mismanagement of public funds amplify the situation.

  • Dr Roelof Botha renowned economist, management accountant of a listed industrial company, financial editor of a daily newspaper and economic policy advisor in the Department of Finance will journey through the current socio-economic situation facing our country and how this adversely affects and is affected by policy, governance and compliance-related decisions being made on an ongoing basis.
The challenges of moving governance, risk and compliance to the cloud

Brian Pinnock, regional manager of sales engineering, MimecastBrian Pinnock, regional manager of engineering at Mimecast MEA

The move to cloud has become synonymous with efficiency and agility, but also introduces new and increased risks. Governance, risk and compliance (GRC) practitioners are at the centre of a nexus of forces, which include digital transformation, a rise in cyber crime, increasingly onerous regulatory environments and growing client and employee privacy concerns. How do each of these play out when GRC moves to cloud?

  • Find out how digital business transformation is introducing new categories of risks
  • Discover how the rise of cybercrime with many organisations not prepared to secure what is becoming known as the borderless enterprise
  • Learn how you can maintain compliance with mandatory regulations like Sox, GDPR and POPIA, as well as voluntary regulations like ISO standards
  • Ensure that you are protecting the privacy of client and employee data and mitigate the wide implications in terms of potential brand damage and associated business losses
Panel discussion: Using GRC to enable sustainable business operations

Moderator: Sheldon Halgreen, technical director, Noscotek
Panelists: Emma Stander, founder and director, Inbox Filing Solutions Africa
Maeson Maherry, solutions director, LAWtrust
Rian Schoeman, legal advisor, LAWtrust

The panel discussion will share their expertise on using GRC as a framework to ensure operations within a business enforces compliance, mitigates risk and enables good governance, by highlighting:

  • The importance and benefits of practising good governance;
  • The use of technology as a tick-box on how to ensure POPI compliance;
  • The analysing, automating, managing and auditing of business processes to better understand, identify and assess risks; and
  • Future and trends of security within information records management.

Enhancing your brand and reputation with robust risk and compliance controls

Moroke Phajane, head of third party risk management, LibertyMoroke Phajane, third party risk expert

Due to recent corruption scandals most corporate entities are carefully scrutinising their third party suppliers in order to minimise their risk exposure inherent in such relationships. Furthermore, the current economic climate has resulted in corporate entities embarking on various initiatives to save costs. Professional services including Information Communication and Technology services will definitely be on the list of services to be procured at a minimal as companies are beginning to scrutinise the necessity of outsourcing such services to external service providers. Innovative firms that address the business need at a reasonable and lower cost compared to existing service providers stand to benefit from this. This will certainly give firms offering sound business solutions and that have adequate risk and compliance controls and track records the competitive edge.

  • Understand the importance of taking control of your risk status
  • Increase your knowledge of the risk and management controls corporate entities require their third party suppliers to have in place
  • Find out how to demonstrate that they have necessary risk and compliance controls required by corporate entities
Business matchmaking, refreshments and networking
The Knowledge Café – time for innovation

Peter Tobin, CEO, Peter Tobin ConsultancyDr Peter Tobin, Director, Peter Tobin Consultancy

Participate in a facilitated discussion on a "knowledge cafe" basis - key topics nominated by the audience, speakers and sponsors ahead of the conference will be discussed and debated in small groups with a detailed feedback sessions to follow.
Possible topics for discussion include:

  • What's going to be hottest in 2018: governance, risk or compliance issues?
  • How do we best get Board and executive support for our GRC initiatives?
  • How can risk management be turned into opportunity management where new technology deployment is concerned?

This session has been incorporated to provide you with the opportunity to ask those pressing questions pertaining to the topic of governance, risk and compliance in ICT that were raised during the keynote presentation and provide a holistic overview of the day ahead.

Governing IT Risk the King IV Way – it's a changing world

Carolynn Chalmers, Corporate governance advisor, Candor GovernanceCarolynn Chalmers, corporate governance and IT governance advisor, Candor Governance (Pty) Ltd

The King IV™ Report has been in effect since 1 April 2017. It has brought with it a new leadership framework, integrated thinking and the quest for governance outcomes. How have organisations approached the application of Principles 11 and 12, the governance of risk and technology and information, in this new context? Join Carolynn in understanding how various organisations have approached this new context and discover the opportunities this has brought to IT functions and their organisations. Learn more about the impact this has had on IT risk managers and the provision of IT assurance and become aware of the surprising reasons behind the increased focus on risk governance.

  • Understand why the current approach to IT risk governance needs to change
  • Learn about the new IT risk governance approach proposed by King IV
  • Acquire the ability to approach assurance from this new perspective
Third-party risk management delivery models and utilities and what they mean for your organisation

Daniella Kafouris, contract risk and compliance business, Risk Advisory, DeloitteDaniella Kafouris, Contract Risk & Compliance business in Risk Advisory, Deloitte

Across industries, organisations are striving to balance effective risk and compliance practices with cost improvements by exploring the use of utility models to conduct third-party risk assessments. Utilities, in relation to third-party risk management, refers to a platform (people, process and technology) that enables data collection, aggregation and risk assessment of third parties and/or fourth parties. There has been a significant interest across FSI and other industries in developing industry-specific shared utilities. Kambule will provide insights into the trends in industry-specific utilities, as well as an understanding of the utilities landscape, catering for the rising impact of third-party risk management.

  • Gauge third party industry trends
  • Understand Third Party delivery models and utilities
  • Discover How to effectively reduce risk, increase agility and resilience
Lunch, Business matchmaking and Refreshment
Interactive discussion: Data governance is a key aspect of effective GRC – knowing where you stand

Edward van der Walt, director: Technical Services and Governance and Analytics, SSAEdward van der Walt, director: Technical Services and Governance and Analytics, SSA
Alan Raubenheimer, director at Strategic Solution Architects, SSA

Data governance is the hottest topic on the GRC spectrum, with organisations scrambling to meet minimum requirements for compliance in respect of GDPR, POPI and more. Understanding your organisation's capabilities and needs, coupled with a modern approach to managing and governing your data, is essential in order to meet these challenges and create a platform for the digitisation of data to ensure your business is future-ready.


Werner Bornman, head of ICT, StanlibWerner Bornman, head of IT, Stanlib

A business case for the consideration of systemic IT GRC. Since the introduction of King III IT GRC has received more focus as management and governance activity but in order to achieve the full intended governance, risk and compliance benefit it needs to seamlessly be entrenched in the organization in order to deliver on value expectations.

  • Unpack ICT GRC in the financial sector of South Africa – culture vs. product
  • Concerns and Considerations of ICT GRC implementation and maintenance
  • Approach and focus on embedment
CASE STUDY: Enforcing and conducting an effective and efficient third-party due diligence

Lonette Genis, IT security manager, ComairLonette Genis, IT Security Manager, Comair

What does "effective and efficient third-party due diligence" mean in 2018? What are the key drivers to perform third party due diligence and where do I start with my third party due diligence program? These are just a few questions I will try to answer during today's session. Why is third party due diligence suddenly in the spotlight. Not too long ago, a handshake used to be good enough to seal a deal and keep the parties involved accountable for whatever was agreed on, so what has changed? Are we wasting time, money and resources by performing third party due diligence?

  • Why is Third-Party Due Diligence so important?
  • Comair's Journey
  • Is it worth the effort
CASE STUDY: POPI Act implementation for the airport

Portia  SimelanePortia Lindiwe Simelane, group manager: IT governance and resilience, Airports Company South Africa

ACSA, just like many companies in South Africa, is currently embarking on implementing the Protection of Personal Information Act. This compliance initiative is run as a project led by Portia Simelane. Portia is going to share with you the journey undertaken by ACSA in complying with the act, the challenges encountered and steps they have undertaken to overcome the challenges.

  • POPIA Implementation Quik wins
  • No go areas
  • Must Have
  • Positioning of Information Officer
  • POPIA Governance Structures
Business matchmaking, refreshments and networking
Regulatory update on global data protection regulation

John Giles, legal services provider, MichalsonsJohn Giles, legal services provider, Michalsons

This presentation will provide invaluable insight into the practical impact these new laws will have on organisations and their data.

  • New rules that will control the processing of data around the world.
  • How they will impact all industry sectors in all countries.
  • The concept of "by design" regarding any advanced technology, looking at robot law as an example.
CASE STUDY: The role of GRC as a means of organisational intelligence

Maiendra Moodley, Head of department for financial Systems and Processes, SITAMaiendra Moodley, head of department: financial systems and processes, SITA

Making better decisions requires an organisation and its leadership to have a means of being able to measure the pulse of the organisation and to gain deeper and more profound insights into the organisation's health, challenges and unlock potential opportunities which can be leveraged. Governance, risk and compliance (GRC) has often focused on ensuring that the implementation and integration of these disciplines as opposed to identifying the strategic intelligence value of GRC. In this presentation, Mr Moodley will demonstrate the practical strategic intelligence value of GRC.

  • Strategic value of GRC, and how to use GRC as an organisational intelligence tool
  • GRC as a decision making tool
Bitcoin is a treasure – the solution to manging risk when it comes to government regulations and smart contracts

Dr Neil Croft, senior lecturer, University of PretoriaDr Neil Croft, senior lecturer, University of Pretoria

This presentation provides direct insight into the relatively unexplored concept of crypto currency, nearly four years in the making, debunked. It will provide personal experience in the mining sector - i.e. government regulations, smart contracts, embedded IoT next generation wave and more
A basic understanding of crypto currencies, how the blockchain works, bitcoin developments and the future

  • Gain a basic understanding of crypto currencies and the way they work.
  • Discover insight into the relatively unexplored concept of crypto currency.
  • Explore the Government regulations
Integrated compliance to consolidate divergent compliance requirements and eliminate duplicate controls

Gideon Petrus Bouwer, cyberlaw and criminal law forensics specialist, CYBERLAW FORENSICS (PTY) LTDGideon Petrus Bouwer, cyberlaw and criminal law forensics specialist, Cyberlaw Forensics

FICA, RICA and POPIA compliance can be synchronised. This topic will provide a summary of the overlap of divergent compliance requirements and how to systematically comply by way of an integrated IT solution.

  • Examining a synopsis of overlapping regulatory requirements
  • Obtain a practical guide and understanding of how to implement an integrated IT solution
  • Gain an understanding of what is required and needed to solve a seemingly endless set of new and growing legal regulatory demands

Cocktail function sponsored by Kyocera

Diamond Sponsor

Silver Sponsors

Bronze Sponsor

display Sponsors