BEGIN:VCALENDAR VERSION:2.0 PRODID:-//GRC 20/20 Research, LLC - ECPv6.15.20//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-ORIGINAL-URL:https://www.grc2020.com X-WR-CALDESC:Events for GRC 20/20 Research, LLC REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:Europe/London BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:20230326T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:20231029T010000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:20240331T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:20241027T010000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:20250330T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:20251026T010000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=Europe/London:20240612T100000 DTEND;TZID=Europe/London:20240612T160000 DTSTAMP:20260504T120655 CREATED:20240410T161900Z LAST-MODIFIED:20240423T103935Z UID:10002574-1718186400-1718208000@www.grc2020.com SUMMARY:IT Risk/GRC Management by Design\, LONDON DESCRIPTION:REGISTER\n\n\n\n\nOrganizations are complex: from technological advancements to regulatory changes and global expansions\, ensuring robust information security is a daunting task for any GRC professional. \n\n\n\nIn this workshop with renowned GRC pundit Michael Rasmussen\, you’ll get the blueprint you need to achieve an effective IT risk management strategy in a dynamic business and risk environment. You’ll learn strategies and techniques to apply to your whole organization and as part of your broader GRC strategy. \n\n\n\nHere’s what you can expect to gain:\n\n\n\n\nA comprehensive understanding of IT GRC within the broader context of business performance and strategy.\n\n\n\nKnowledge of how to integrate IT GRC management processes seamlessly into your organization’s operations.\n\n\n\nThe ability to define an information architecture that provides 360° situational awareness of IT GRC in alignment with business objectives.\n\n\n\nA deep dive into the technology components necessary to streamline risk and compliance management across your organization.\n\n\n\n\nWho should come along?\n\n\n\n\nIT GRC managers and officers\n\n\n\nBusiness managers who want to up their game in IT GRC\n\n\n\nExecutives and governance personnel overseeing IT GRC\n\n\n\nAudit personnel providing assurance on IT security and GRC\n\n\n\n\nWorkshop Abstract:\n\n\n\nOrganizations are complex. Exponential growth and change in technology\, vulnerabilities\, regulations\, globalization\, distributed operations\, changing processes\, competitive velocity\, business relationships\, legacy technology\, and business data expose organizations of all sizes. Keeping this complexity and change in sync is a significant challenge for information security professionals. Executives constantly react to risk appearing around them and fail to actively manage and understand the interrelationship of risk across the organization\, particularly information security risk\, as it permeates business operations\, processes\, transactions\, and relationships in the digital world. Risk Management maturity increases as the ability to connect\, understand\, analyze\, and monitor interrelationships and underlying patterns of performance\, risk\, compliance across the business grows. \n\n\n\nOrganizations require complete situational and holistic awareness of information risk management across operations\, processes\, relationships\, systems\, transactions\, and data to see the big picture of risk and its impact on performance and strategy. Risk management fails when risk issues are addressed as a system of parts that do not integrate and work as a collective whole. Information security cannot be managed in isolation. Decentralized\, disconnected\, and distributed processes of the past catch the organization off guard to information risk and expose the organization. The interconnectedness of information and technology underpinning all aspects of an organization’s operations requires the Chief Information Security Officer (CISO) to be a foundational and integrated approach to risk management across the organization. Understanding and managing risk in today’s environment requires a new paradigm in managing the interconnections and relationships of risk\, particularly information risk. CISOs need to stay on top of their game by monitoring information security risk to their organization both internally (e.g.\, operations\, processes\, systems\, data) and externally (e.g.\, threat\, competitive\, legal\, geographic environments) to stay competitive in today’s economy. \n\n\n\nOrganizations must understand information security risk and make risk-informed business decisions to manage effectively manage risk across the enterprise. This workshop provides a blueprint for attendees on effective IT GRC management strategies in a dynamic business and risk environment. Attendees will learn IT GRC management strategies and techniques that can be applied across the organization and as part of broader GRC strategies. Learning is done through lectures\, collaboration with peers\, and workshop tasks. \n\n\n\nObjectives of the workshop:\n\n\n\nAttendees will take back to their organization’s approaches to address: \n\n\n\n\nIT GRC Management Strategy. Understand IT GRC in the context of business performance\, strategy\, objectives\, culture\, and values.\n\n\n\nIT GRC Management Processes. The IT GRC management processes integrated into the organization and its operations flow from the strategy. Good IT GRC management is done in the rhythm of the business.\n\n\n\nIT GRC Management Information Architecture. Defining an information architecture that enables IT GRC management strategy and processes by providing 360° situational awareness of IT GRC in the context of business strategy and operations\n\n\n\nIT GRC Management Technology Architecture. The necessary technology components are needed to integrate diverse and distributed risk and compliance management roles and IT GRC management into the organization’s operations.\n\n\n\n\nBenefits to attendees:\n\n\n\n\nHolistic awareness of risk. There is defined risk taxonomy across the enterprise that structures and catalogs risk in the context of the organization and assigns accountability. A consistent process identifies risk and keeps the taxonomy current. Various risk frameworks are harmonized into an enterprise risk framework.\n\n\n\nRisk-intelligent decision-making. The organization has what it needs to make risk-intelligent business decisions. Risk strategy is integrated with organization strategy; it is an integral part of business responsibilities. Risk assessment is done in the context of business change and strategic planning\, and structured to complement the business lifecycle to help executives make effective decisions.\n\n\n\nAccountability of risk. Accountability and risk ownership are established features of risk management. Every risk\, at the enterprise and business-process level\, has clearly established owners. Risk is communicated to stakeholders\, and the organization’s track record should illustrate successful risk tolerance and management.\n\n\n\nMultidimensional risk analysis and planning. The organization has a range of risk analytics\, correlation and scenario analysis. Various qualitative and quantitative risk analysis techniques are in place and the organization has an understanding of historical loss to feed into analysis. Risk treatment plans — whether acceptance\, avoidance\, mitigation or transfer — are working and monitored for progress.\n\n\n\nVisibility of risk as it relates to performance and strategy. The enterprise views and categorizes risk in the context of organization objectives\, performance and strategy. KRIs are implemented and mapped to key performance indicators (KPIs). Risk indicators are assigned established thresholds and trigger reporting that is relevant to the business and effectively communicated. Risk information adheres to information quality\, integrity\, relevance and timeliness.\n\n\n\n\nWho should attend?\n\n\n\n\nIT GRC managers and officers responsible for leading and managing IT GRC and information security\n\n\n\nBusiness managers whose job responsibilities include IT GRC responsibilities\n\n\n\nExecutives and governance personnel who have to oversea and govern IT GRC\n\n\n\nAudit personnel that provide assurance on IT security and GRC\n\n\n\n\nTypical Agenda:\n\n\n\nPart 1: What is IT GRC Management?\n\n\n\nUNDERSTANDING IT GRC IN THE CONTEXT OF THE ORGANIZATION\n\n\n\n\nDifferent views of IT GRC and information security throughout the organization\n\n\n\nWho owns IT GRC?\n\n\n\nUnderstanding IT GRC and its role in assurance to business strategy\, objectives\, performances\, and operations\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nPart 2: IT GRC Management\n\n\n\nBLUEPRINT FOR IT GRC MANAGEMENT COLLABORATION AND STRATEGY\n\n\n\n\nDeveloping an IT GRC committee (or herding cats)\, bringing together the range of GRC roles with a stake in IT GRC across the organization\n\n\n\nDefining an IT GRC management charter\n\n\n\nDeveloping a collaborative and enterprise view of IT GRC and how it relates to performance\, risk\, and compliance\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nPart 3: IT GRC Management Process Lifecycle\n\n\n\nINTEGRATED PROCESSES TO IDENTIFY\, ANALYZE\, MANAGE\, AND PROVIDE ASSURANCE ON IT GRC\n\n\n\n\nIdentification – Collaborative process to identify IT GRC risks and controls from both the bottom and the top\n\n\n\nAnalysis – Defining effective and operational controls to provide assurance while mitigating risk\n\n\n\nManagement – Strategies to manage IT GRC risk and controls in context of performance\, risk\, and compliance\n\n\n\nCommunication – Assign and manage IT GRC ownership and accountability\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nPart 4: IT GRC Management Information & Technology Architecture\n\n\n\nPROVIDING AN INTEGRATED VIEW OF IT GRC TO THE ENTERPRISE\n\n\n\n\nDeveloping an IT GRC taxonomy and attributes of risks and controls\n\n\n\nMapping IT GRC to objectives\, risk\, policy\, and compliance\n\n\n\nMonitoring IT GRC in a changing environment\n\n\n\nTechnology capabilities and considerations to support IT GRC management\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nGRC 20/20 Analyst will be facilitating this workshop . . .\n\n\n\n\n\n\n\nMichael Rasmussen is an internationally recognized pundit on governance\, risk management\, and compliance (GRC) – with specific expertise on enterprise GRC strategy and processes supported by robust information and technology architectures.  With 30+ years of experience\, Michael helps organizations improve GRC strategy and processes supported by the correct GRC technology architecture. This enables organizations to align GRC with the business and deliver effective\, efficient\, resilient\, and agile capabilities to the organization.  He is a sought-after keynote speaker\, author\, and advisor and is noted as the “Father of GRC” — the first to define and model the GRC market in February 2002 while at Forrester. \n\n\n\nAbout Event Host . . .\n\n\n\n\n\n\n\nSureCloud is a leading provider of cloud based\, Integrated GRC (Governance\, Risk & Compliance) products and Cybersecurity services\, which reinvent the way you manage risk. SureCloud\, and our Aurora platform\, enable organizations to make better decisions and achieve their desired business outcomes. SureCloud is underpinned by Aurora\, a highly configurable no-code platform\, which is simple\, intuitive\, and flexible. Unlike other GRC Platform providers who force organizations to adapt their processes\, our solutions are highly configurable. Aurora can be easily customized to fit a wide range of operating models\, meaning that our clients get immediate and sustained value from the outset. \nShare this:\n Email a link to a friend (Opens in new window)\n Email\n \n Print (Opens in new window)\n Print\n \n Share on LinkedIn (Opens in new window)\n LinkedIn\n \n Share on X (Opens in new window)\n X\n \n Share on Facebook (Opens in new window)\n Facebook URL:https://www.grc2020.com/event/it-risk-grc-management-by-design-london/ CATEGORIES:20/20 Workshops ATTACH;FMTTYPE=image/jpeg:https://www.grc2020.com/wp-content/uploads/2024/04/1713793311651.jpeg END:VEVENT BEGIN:VEVENT DTSTART;TZID=Europe/London:20240621T093000 DTEND;TZID=Europe/London:20240621T133000 DTSTAMP:20260504T120655 CREATED:20240524T182847Z LAST-MODIFIED:20240524T183008Z UID:10002589-1718962200-1718976600@www.grc2020.com SUMMARY:A.I. Governance & Risk Management Workshop\, LONDON DESCRIPTION:This invitation only event is taking place on June 21st\, 2024\, at the IBM Client Innovation Centre in London. \n\n\n\nThis exclusive event is designed for senior executives and professionals who are interested in exploring the integration of AI Risk management into their Enterprise Risk Management (ERM) and Governance\, Risk Management (GRC) frameworks and operations. Our primary host and facilitator for this engaging design and best practice session is Michael Rasmussen\, the renowned GRC thought leader\, often referred to as “The Godfather of GRC.” \n\n\n\nThe event will commence at 9:30 AM and conclude at 1:30 PM\, providing ample opportunities for insightful discussions\, knowledge sharing\, and networking with like-minded individuals. During the session\, Michael Rasmussen will share his extensive expertise and insights on how to effectively manage AI risks within the broader context of ERM & GRC. \n\n\n\nTo ensure an intimate and productive environment\, we have limited seating available for this exclusive event and is invite only \n\n\n\nThe event agenda includes: \n\n\n\n\nWelcome and introductions\n\n\n\nPresentation by Michael Rasmussen on AI Risk and ERM\n\n\n\nInteractive design and discovery session on best practices and approaches for integrating AI Risk management into ERM\n\n\n\nOpen Q&A session\n\n\n\nNetworking lunch\n\n\n\n\nGRC 20/20 Speaker\n\n\n\nMichael Rasmussen\n\n\n\nMichael Rasmussen is an internationally recognized pundit on governance\, risk management\, and compliance (GRC) – with specific expertise on enterprise GRC strategy and processes supported by robust information and technology architectures.  With 30+ years of experience\, Michael helps organizations improve GRC strategy and processes supported by the correct GRC technology architecture. This enables organizations to align GRC with the business and deliver effective\, efficient\, resilient\, and agile capabilities to the organization.  He is a sought-after keynote speaker\, author\, and advisor and is noted as the “Father of GRC” — the first to define and model the GRC market in February 2002 while at Forrester. \n\n\n\nWebinar Sponsor\n\n\n\n\n\n\n\nAt IBM\, we do more than work. We create. We create as technologists\, developers\, and engineers. We create with our partners. We create with our competitors. If you’re searching for ways to make the world work better through technology and infrastructure\, software and consulting\, then we want to work with you. \n\n\n\n\nShare this:\n Email a link to a friend (Opens in new window)\n Email\n \n Print (Opens in new window)\n Print\n \n Share on LinkedIn (Opens in new window)\n LinkedIn\n \n Share on X (Opens in new window)\n X\n \n Share on Facebook (Opens in new window)\n Facebook URL:https://www.grc2020.com/event/a-i-governance-risk-management-workshop-london/ CATEGORIES:20/20 Workshops ATTACH;FMTTYPE=image/jpeg:https://www.grc2020.com/wp-content/uploads/2024/05/Slide1.jpeg END:VEVENT BEGIN:VEVENT DTSTART;TZID=Europe/London:20240625T100000 DTEND;TZID=Europe/London:20240625T180000 DTSTAMP:20260504T120655 CREATED:20240403T165521Z LAST-MODIFIED:20240403T165721Z UID:10002572-1719309600-1719338400@www.grc2020.com SUMMARY:Third-Party Risk Management by Design\, LONDON DESCRIPTION:REGISTER\n\n\n\n\nWhat you can expect\n\n\n\nIn this workshop\, participants will gain a holistic perspective on third-party management\, mastering both top-down and bottom-up strategies. We’ll delve into integrating third-party management seamlessly into your business strategy\, processes\, and operations\, ensuring a cohesive approach. You’ll explore diverse third-party management architecture models tailored to your organization’s unique needs\, enabling you to make informed decisions. Discover a range of assessment and monitoring techniques designed to safeguard your business effectively. We’ll guide you in developing a structured third-party information architecture that aligns seamlessly with your business operations\, enhancing efficiency. Moreover\, you’ll learn the art of clear and persuasive communication\, essential for gathering attestation and fostering strong partnerships across your entire organization. Join us to empower your business with comprehensive\, strategic third-party management skills. \n\n\n\nAgenda\n\n\n\n\nThird Party Management by Design\n\n\n\nThe Blueprint for Effective Third Party Management\n\n\n\nFrom onboarding to offboarding; managing third parties\n\n\n\nEnabling information and technology management of third party relationships\n\n\n\nThe strategic evolution of TPRM landscape\n\n\n\n\nObjectives: \n\n\n\nThe objective of this workshop is to leave attendees with the ability to effectively manage due diligence and third-party risk. Participants will gain a deep understanding of the challenges and pitfalls associated with managing third-party risk\, achieving success by capitalizing on these relationships while ensuring compliance. The workshop will facilitate ongoing monitoring of third-party partners\, helping attendees define a structured third-party management lifecycle for managing and monitoring relationships. \n\n\n\nOwnership and accountability for third-party management will be established\, ensuring process consistency and effective communication with partners on matters of risk and compliance. Attendees will also learn to track critical workflows and tasks internally and with third-party relationships. Furthermore\, the workshop will equip participants with the skills to deliver effective third-party governance and assurance to the board of directors\, regulators\, and stakeholders. Metrics will be monitored to establish the effectiveness of third-party management\, and attendees will become adept at identifying and resolving issues with third parties. \n\n\n\nThe workshop will also cover mapping third-party relationships to objectives\, risks\, controls\, issues\, and other GRC areas. \n\n\n\nDetailed Agenda\n\n\n\nPart 1: Third Party Management by Design\n\n\n\n\nWhy Third Party Management Matters\n\n\n\nThird Parties in Disarray: how organizations mismanage third parties\n\n\n\nThird Party Exposure: how mismanaged third parties expose the organization to risk\n\n\n\nCurrent drivers & trends pressuring organizations in third party management\n\n\n\nDifferent ways organizations approach third party management\n\n\n\nWhat Effective Third Party Management Achieves: third party management’s role in governance\, risk management\, and compliance\n\n\n\n\nPart 2: Third Party Governance\n\n\n\n\nBlueprint for Effective Third Party Management\n\n\n\nThird Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization\n\n\n\nThird Party Management Charter: defining a structure to govern third party relationships\n\n\n\nHow to Develop a Third Party Management Strategic Plan\n\n\n\n\nPart 3: Third Party Management Lifecycle\n\n\n\n\nManaging Third Parties from Onboard to Offboarding\n\n\n\nThird party identification & onboarding\n\n\n\nOngoing context monitoring\n\n\n\nThird party communications & attestations\n\n\n\nThird party monitoring & assessment\n\n\n\nThird party forms & approvals\n\n\n\nThird party metrics & reporting\n\n\n\nThird party re-evaluation and offboarding\n\n\n\n\nPart 4: Third Party Management Architecture\n\n\n\n\nEnabling Information & Technology Management of Third Party Relationships\n\n\n\nThird Party Management Information Architecture: Blueprint for Managing Third Party Content and Related Data\n\n\n\nTypes of third party management information and how it integrates into third party processes\n\n\n\nComponents and requirements for a third party information architecture\n\n\n\nThird Party Management Technology Architecture: Blueprint for Enabling Third Party Management Processes with Technology\n\n\n\nKinds of third party management technologies and what best serves the organization\n\n\n\nCapabilities and requirements of third party management platforms\n\n\n\nThird Party Management Business Case: Articulating the Value of Effective Third Party Management\n\n\n\nDefining a business case and value of third party management platforms\n\n\n\n\nGRC 20/20 Analyst will be facilitating this workshop . . . \n\n\n\n\n\n\n\nMichael Rasmussen is an internationally recognized pundit on governance\, risk management\, and compliance (GRC) – with specific expertise on enterprise GRC strategy and processes supported by robust information and technology architectures.  With 30+ years of experience\, Michael helps organizations improve GRC strategy and processes supported by the correct GRC technology architecture. This enables organizations to align GRC with the business and deliver effective\, efficient\, resilient\, and agile capabilities to the organization.  He is a sought-after keynote speaker\, author\, and advisor and is noted as the “Father of GRC” — the first to define and model the GRC market in February 2002 while at Forrester. \n\n\n\nAbout Event Host . . .\n\n\n\n\n\n\n\nAravo delivers the market’s smartest third-party risk and resilience solutions\, powered by intelligent automation. For more than 20 years now\, Aravo’s combination of award-winning technology and unrivaled domain expertise has helped the world’s most respected brands accelerate and optimize their third-party management programs\, delivering better business outcomes faster and ensuring the agility to adapt as programs evolve. With solutions built on technology designed for usability\, agility\, and scale\, even the most complex organizations can keep pace with the high velocity of regulatory change. As a centralized system of record for all data related to third-party risk\, Aravo helps organizations achieve a complete view of their third-party ecosystem throughout the lifecycle of the relationship\, from intake through off-boarding and all stages in between and across all risk domains. Aravo is trusted by the world’s leading brands\, helping them manage their risk and improve the performance of more than 6 million third parties\, suppliers and vendors across the globe. \n\n\n\n \nShare this:\n Email a link to a friend (Opens in new window)\n Email\n \n Print (Opens in new window)\n Print\n \n Share on LinkedIn (Opens in new window)\n LinkedIn\n \n Share on X (Opens in new window)\n X\n \n Share on Facebook (Opens in new window)\n Facebook URL:https://www.grc2020.com/event/third-party-risk-management-by-design-london-2/ CATEGORIES:20/20 Workshops ATTACH;FMTTYPE=image/png:https://www.grc2020.com/wp-content/uploads/2024/04/Screenshot-2024-04-03-at-11.53.03 AM.png END:VEVENT END:VCALENDAR