Advertise on ITWeb         Sun, 05 Apr, 19:31:26 PM
AGENDA DAY 1 Register your seat now!
Conference Day 1 -
4 March
Conference Day 2 -
5 March
6 March
Tuesday, 4 March: Conference - Day 1
07h30 Arrival & Registration
Welcome & housekeeping
Paul Booth, an independent IT commentator
Paul Booth
Paul Booth
A CIO’s perspective on King III and the responsibilities to the Board
In this session, Len de Villiers will expand on:
King III, the seven IT principle and examples of company compliance
The IT risk universe – 12 broad risk categories
Key success factors in IT governance
A Board scorecard for IT
Len de Villiers, Group CIO, Telkom
Len de Villiers
Len de Villiers
Governance for value, not for compliance
Mike Jarvis is passionate about ensuring governance is focussed on delivering real value to the organisation. His session will unpack how to achieve this, and will cover, among other considerations, the following:
Changing the approach to corporate and I & T governance
Outlining I & T Value
Building I & T business services (linked to corporate services)
Determining the key value drivers
Establishing 'Appropriate metrics: Measures that matter'
Mike Jarvis, CEO, OverSight Solutions
Mike Jarvis
Mike Jarvis
10h10 Tea Break
Developing an IT GRC strategy - establishing an 'assess once, test once, satisfy many' programme
Business dependence on IT has not gone unnoticed by regulators and law makers who have set forth numerous obligations directed at the IT environment. This has placed a heavy burden on the CIO, IT governance executives and the CSO, who are facing questions from many quarters - the Board, audit, regulators and investors – about IT's alignment with best practices, laws and regulations and corporate policies.
This proliferation of compliance requirements presents IT with serious challenges often resulting in 'over- control', never-ending audit cycles and the extension of already stretched resources into activities not directly linked to service delivery. Additional unintended consequences include inconsistency in reporting, lack of trend and pattern analysis, and a control focus instead of a risk mitigation approach to governing IT. This presentation, we will explore opportunities to ease the burden of compliance, governance and risk management through the establishment of an integrated IT GRC programme.
Kris Budnik, managing director, Slva Information Security
Kris Budnik
Kris Budnik
IT governance and risk related to cloud security, interception and monitoring in the wake of PRISM
In his presentation, Francis Cronjé will expand on the following:
The impact of PRISM on the cloud
The relevance of King III
Whether PoPi will effect current practises
The way forward
Francis Cronjé, founder and MD at ᶲ, CEO at InfoSeal
Francis Cronjé
Francis Cronjé
Corporate governance and IT governance - To converge or not to converge? A King III challenge
While in the past IT governance was mainly driven by frameworks and relegated to management level responsibility, it now sits at Board level as as a corporate governance issue. King III Chapter 5 identified seven corporate governance principles required to achieve IT governance.
This presentation will explore the following:
Is there a convergence of IT governance and corporate governance?
How are companies aligning their corporate governance practices to accommodate King III IT governance requirements?
What 'gaps' are arising and what are the recommended approaches?
Sonny A M Ako-Nai, IT business management consultant, and lecturer at UKZN
Sonny A M Ako-Nai
Sonny A M
12h40 Lunch
Enterprise architecture - The linchpin between corporate governance and IT governance
King III and COBIT® 5 make enterprise architecture the CEO's accountability. The importance of enterprise architecture as a strategic business capability and even as a source of competitive advantage is becoming increasingly well understood. This presentation examines how a synergistic approach between corporate and IT governance, and enterprise architecture can increase an organisation's value while reducing cost. It will cover:
The business motivation for applying King III, COBIT® and TOGAF® and the potential business value to be derived
An understanding of how enterprise architecture supports both corporate and IT governance
Case studies on how leading organisations are applying enterprise architecture in support of governance, risk and compliance
What is needed to make enterprise architecture both business-relevant and sustainable
Stuart Macgregor, CEO of Real IRM and The Open Group - South Africa
Stuart Macgregor
Stuart Macgregor
Case study: Reinventing the internal control framework for a sustainable competitive edge – financial systems and processes 2.0 at SITA
Many organisations treat governance, risk and compliance (GRC) as being necessary to ensuring stakeholder confidence in mitigating against sanctions that would result from not complying with legislation or listing requirements. The result is that GRC is often undertaken as a checkbox activity, with practitioners struggling to demonstrate why it is necessary to go beyond the minimum requirements. This challenge is exacerbated during difficult economic times, when funds spent on GRC have to compete with investments elsewhere in the business. Reflecting on his own experiences in developing a business transformation strategy for a finance department at SITA, Maiendra Moodley discusses how the internal control framework can be unlocked to deliver a competitive advantage. Using the internal control framework as a means of driving a roadmap, it is possible to link GRC together in a seamless manner that generates a competitive edge and produces sustainable results.
Maiendra Moodley, divisional head (GM) for financial systems and processes, State Information Technology Agency (SITA)
Maiendra Moodley
Maiendra Moodley
15h00 Tea Break
Case study: Big data governance - challenges faced by CIOs
Technology roadmaps are likely to change in 2014 with the widespread adoption of cloud solutions by organisations, and a shift of focus by cyber attackers to cloud service providers, especially where big data solutions are offered. In this presentation, Heino Gevers will address the challenges this poses to CIOs, with regards to the governance of big data. He will be joined by a CIO from a large enterprise customer, who will unpack how his company rose to the challenge.
Heino Gevers, security specialist, Mimecast and Caesar Tonkin, CEO of GRCBizassurance
Heino Gevers
Heino Gevers
Caesar Tonkin
Caesar Tonkin
Case study: Tiger Brands - IT risk changes shape in the cloud
This case study looks at some of the challenges experienced by Tiger Brands during the recent change of its key IT infrastructure services provider. Different perspectives emerged between Tiger Brands and the service provider on a number of key issues, including: what constituted intellectual property, who owned it, how this impacted IT service transition responsibilities, and who had rights to control.
The lessons learned from this transition provide good insights into the potential IT risks that businesses could face in the cloud, as well as what companies should be doing to prevent these risks from materialising.
Max Blecher, IT governance and risk officer, Tiger Brands
Max Blecher
Max Blecher
16h50 Closing remarks
Conference Day 1 -
4 March
Conference Day 2 -
5 March
6 March


About our speakers
About our sponsors
View picture gallery
View the post-event video


Hard copy data poses serious security risk
13 Feb 2014
Max BlecherHard copy data can present a significant security threat, says Duncan Waugh, founder and CEO of Document Security Solution Specialists.

Cloud demands risk mindset change
5 Feb 2014
Max BlecherIntellectual property ownership, contractual divorce clauses and root password control are critical risk factors to consider as enterprises move into the cloud.

GRC buy-in needs right mindset
30 Jan 2014
Axel RittershausIf governance, risk and compliance (GRC) initiatives are perceived as 'policing', people will always find a way to get around rules and regulations.

Getting proactive with GRC
24 Jan 2014
Paul BoothTightening legislation and regulations, as well as an increase in security threats and the volume of data moving through and within the enterprise, are driving the need for a more proactive approach to governance, risk and compliance (GRC).

GRC event assists practitioners to deliver value
14 Jan 2014
Mike JarvisIT governance can bring real value to local organisations, if it is approached as a business driver rather than an exercise in 'ticking the boxes' when it comes to compliance.

Call for papers issued for GRC event
29 Nov 2013
Governance, risk and compliance (GRC) experts, industry analysts and practitioners have until 10 December to respond to the call for papers to present at the third annual ITWeb Governance, Risk and Compliance Conference.


Follow us on twitter and join the discussion at #ITWebGRC2014