AgendaWednesday, 20 February 2019

Arrival and registration
Welcome and scene-setting

Karabo MolokoKarabo Moloko, CEO, CoLAB Project Implementation

KEYNOTE: Ethical leadership and corporate governance in the age of digitisation

Dr Aimee van Wynsberghe, assistant professor of ethics and technology at TU Delft (Netherlands) and president of the Foundation for Responsible RoboticsBusisiwe Mathe, Chairperson of the South African Governing Board and member of the Africa Governance Board, PricewaterhouseCoopers

While technology is rapidly evolving, legislation and compliance cannot catch up quickly enough. How can we, as business leaders, push the boundaries and advance our organisation into Industry 4.0, but remain certain that we are being ethical? Digitisation brings with it a whole new set of opportunities and risks; how do we navigate this? During this session, we will:

  • Link effective leadership to long-term sustainability;
  • Assess how to best govern evolving technology; and
  • Navigate the opportunities and risks that digitisation brings with it.
Case Study: Connecting the pieces of the puzzle: seeing how IT GRC fits into the overall enterprise GRC and strategic business context

Graham BlainGraham Blain, Head: IT Governance, Risk and Compliance, Standard Bank Group

  • Developing your IT GRC framework in conjunction with your enterprise GRC framework to align it with the business processes
  • Performing combined risk assessments for a big-picture approach towards IT and organisational risks
  • Minimising duplication of GRC activities through interdepartmental co-ordination
  • Leveraging technology for better co-ordination and transparency
Networking and refreshments
Confidently manage your data risk and easily prove compliance

Danie MaraisDanie Marais, Director of Product Management, Redstor

Inaccessible and unsecured data is a challenge familiar to many organisations. Today, data is more intrinsically valuable than ever before, as the flow of data now contributes more to world GDP than the flow of physical goods. It's a key asset to business, but companies are unable to leverage the asset if their data isn't readily accessible or properly secured. Businesses are struggling to keep track of what data they have, where it's stored and who has access to it across multiple devices, applications and platforms. During this session, Danie will look at what an on-demand world for data management looks like in the future of POPI and compliance. The future may be closer than you think.

  • How to take control of your data
  • Making data more accessible
  • Data compliance in the age of POPI
Information and Technology Governance, Risk and Compliance

Danie MaraisIsabella Hofmeyr - Pretorius, Legal Advisor, Capitec

Businesses can no longer ignore digital transformation. Technology is now being seen as a means to advance organisations. This is why IT professionals need to take more responsibility for governance and compliance practices within their areas in organisations. Here, we will explore some of the principles and recommended practices set out by King IV and also consider the implementation and related challenges.

  • The importance of technology and information governance, risk and compliance (GRC)
  • King IV and information and technology governance
  • King IV and compliance
  • Data protection as example of technology and information GRC in action
Cyber Governance – the Human Factor

Thembile Sibisi, IT Governance Risk and Compliance Manager, Exxaro Resources

As cyber tools become more evolved and sophisticated, the importance of focusing on the role of human behaviour in cyber security becomes increasingly important. In this session, we’ll explore how the integration of human behaviour, organisational culture and cyber security policy and tool design can assist in preventing the exploitation of human vulnerabilities.

  • Behavioral factors to consider in cyber security
  • Striking a balance between agility, innovation and security
  • Beyond awareness – creating a cyber resilient corporate culture
Lunch and networking
Governing the cloud: how do you protect IT assets when using cloud computing?

Portia Lindiwe SimelanePortia Lindiwe Simelane, Head: IT Governance, Risk & Commercial, Old Mutual Insure

  • Deciding on governance models to enhance the protection of assets in the cloud
  • Defining policies and responsibilities with cloud services providers
  • Creating contingency plans for risks that may arise when migrating to the cloud
    • Audit compliance
    • KPI adherence
    • Security
  • Monitoring and understanding data handling practices of cloud providers to minimise compliance challenges and risks
  • Monitoring how your cloud service evolves to adjust your governance framework accordingly
Panel discussion: Assessing the various frameworks that can be applied to achieve good IT governance

Moderator: Karabo MolokoKarabo Moloko, CEO, CoLAB Project Implementation
Makabongwe Siziba, Director: Government Information Technology, Kwazulu Natal Department of Social Development
Luyanda Ntuane, Chief Information Officer, Imperial - Car Rental Division
Portia Lindiwe Simelane, Head: IT Governance, Risk & Commercial, Old Mutual Insure

  • Pros and cons of each model: COBIT, COSO, ITIL
  • Evaluating the framework that is most effective for your organisation
  • How to practically incorporate your framework into your existing governance frameworks .
Networking and refreshments
Case Study: Integrated risk management: making it clear that IT risks are business risks

Nathan DesfontainesNathan Desfontaines, Group Head: Cyber Security & Governance, Telesure Group Services

  • Understanding integrated risk management from a governance and cultural perspective
  • Selective integrating: modifying and customising integrated risk management practices where it makes sense
  • Knowing when integrated risk management can assist with streamlining business processes in areas like:
    • Risk assessments;
    • Audits;
    • Security breaches; and
    • Data management.
Outsourcing: governing and managing third parties

Rapule Kgalaki, Manager: Governance, Performance, and IT Audits, Department of International Relations and CooperationRapule Kgalaki, Manager: Governance, Performance, and IT Audits, Department of International Relations and Cooperation

Many times, third parties are not appointed by the IT department. Here, we will explore this dynamic and also knowing when too much proprietary information has been shared and how to limit the scope of sensitive information while ensuring that outsourced parties can still perform their duties.

  • Building an oversight framework for third parties to remain within their contractual terms
  • Understanding the scope of responsibility that third parties have and how much information/data to share with them
  • Assessing the possible risks that third parties pose to your data and security
  • Understanding where the ownership of third-party governance lies and stipulating clear governance principle with them
  • Formally stipulating the compliance measures that third parties need to adhere to
  • How to gain visibility and transparency of business partner activities
  • Incorporating extended risk management practices and centralised controls to manage business partner's risks
Interactive discussions

During this discussion, the audience will break into groups and choose which discussion to join. Here, you and your facilitator will discuss each one of the subject matters in detail and look at the practical steps you can take to implement on a day-to-day basis.

Group one:
Linking cyber governance and the Cyber Crimes Bill: putting up controls and auditing them to ensure they are functioning adequately

Group two:
Governance and social media: how customers are keeping businesses in check by holding them accountable online

Group three:
The people side of IT GRC: understanding the types of skills and qualifications your team requires

Close of conference

Gold Sponsor

Silver Sponsor

Bronze Sponsor

Display Sponsors

 

pDBException: [1]: Database not defined