Day One : Tuesday, January 21, 2020
08:00
60 minRegistration and Continental Breakfast
09:00
10 min
Welcome and Opening Remarks from the Chair
John Lark, Managing Principal, Coherent Advice Inc.; Co-Founder of Applied AI Canada
09:10
50 min
Communicating The Why: The Utility of Ethics in Risk Culture
Claudine Hebert, Manager, Internal Audit, Innovation, Science and Economic Development Canada
- Strategies for developing an ethical risk culture
- Onboarding new employees
- Effective approaches to communication
- Getting buy-in from leadership
10:00
15 minBreak
10:15
60 min
Moving Beyond the Risk Register: Communicating Risk in the Public Sector
Phil Racco, Senior Manager, Enterprise Risk Services, MNP LLP
Programs always get stuck in the transactional process of updating a risk register – this can result in a risk-management program becoming a compliance exercise motivated by the need to ‘check a box’ instead of generating real discussion around the threats and opportunities that may impact an organization’s strategy.
An organization’s focus should be on creating a Risk Culture that promotes two-way communication about risk and uses tools such as:
- Risk appetite
- Risk measures
- Risk dialogues
Underpinning these tools is ensuring a solid risk governance structure is in place so that an organization can have confidence that they are addressing risk at the right-level.
11:15
60 min
Opportunities in Risk
Wendy Saschenbrecker-Tang, Director, Enterprise Risk Management, Canada Revenue Agency
- Finding opportunity in risk
- Using uncertainty to drive conversation
- Using risk in resource allocation decisions
- Using risk in prioritization models
- Case study
12:15
60 minLuncheon
13:15
45 min
Third Party Cyber Risk: Vendor Due Diligence and Management
- Why do I need a vendor on-boarding and management?
- Key considerations in establishing a program
- Recognizing when a privacy risk assessment is required
- Considerations when dealing with vendors of emerging technologies
- What about off-boarding?
14:00
45 min
Cyber Weapons Proliferation
Jean Loup P. G. Le Roux, Founder, Canadian Consulting Community
14:45
45 min
Data Theft – Fighting Fraud in the 21st Century
Edward Asare-Quansah, Senior Manager, Forensic and Litigation Support Services, MNP LLP
- Understanding modern threats
- Mitigating insider threats
- Working with partners – expanding the scope of internal controls, and sharing standards
- Addressing fraud risk in the short, medium, and long term
15:30
15 minBreak
15:45
60 min
Artificial Intelligence and Risk
John Lark, Managing Principal, Coherent Advice Inc.; Co-Founder of Applied AI Canada
- How AI can reduce risk in complex logistical and service delivery systems
- Case Study: AI-based transaction auditing in federal organizations
- Case Study: A tool to test for algorithmic bias in AI decision-making
- Case Study: Identifying the risks associated with AI solutions
16:45
End of Day One
Day Two : Wednesday, January 22, 2020
08:00
60 minRegistration and Continental Breakfast
09:00
10 min
Welcome and Opening Remarks from the Chair
John Lark, Managing Principal, Coherent Advice Inc.; Co-Founder of Applied AI Canada
09:10
50 min
First and Last Chance: Managing Reputational Risk in the Age of Outrage
- Case study/data on reputational impact
- Identifying reputational threats
- Strategies before, during, and after an event
- How to think about the reputation of your department
10:00
15 minBreak
10:15
60 min
Testing the Breach: Incorporating Cybersecurity Incident Simulations into Risk Assessment and Other Engagements
Darren Budd, Partner, Orbis Risk Consulting
Aron Feuer, Managing Director, Cyber Security, Valencia Information and Infrastructure Protection
In light of the troubling trend of increasingly sophisticated phishing fraud schemes and ransomware cyber-attacks on public sector organization, this presentation will help risk management professionals, auditors and other stakeholder to identify and assess the critical People, Process and Technology risks and controls related to cybersecurity.
Darren and Aron will introduce techniques and practices they have used in working with Canadian public sector organizations conducting audit and advisory work in Privacy and Cybersecurity. Specifically, the presentation will cover:
- Scoping risk assessments, advisory engagements and audits to optimize value and insight, including techniques for conducting cybersecurity risk assessments;
- Using Active Testing (e.g. malware, phishing, ransomware, malware, privacy breaches) to support assessment of cybersecurity risk mitigation strategies and approaches including incident detection & response capabilities; and
- Supporting the strategic and useful management of IT security talent including external subject matter experts.
11:15
60 min
Third Party Cyber Risk: Vendor Due Diligence and Management
Danny Timmins, National Cyber Security Leader, MNP LLP
- Responding to the threat landscape: Technological defenses & Managerial approaches
- Self Check: making sure you aren’t the vulnerability
- Emerging privacy considerations
- Pushing for maturity in public sector cyber and IT security
12:15
60 minLuncheon
13:15
60 min
Innovation & Internal Audit
- How can the auditing function be a friend to innovation
- Opportunities for improvement in the way innovation and audit interact
- Examples and best practices
- What non-auditors and auditees can do
14:15
60 minUnderstanding Blockchain
Nadia Diakun-Thibault, Digital Academy Fellow, Canada School of Public Service
- Develop a mental model of blockchain that will help you make thoughtful, long term decisions regarding the technology
- Understand how blockchain can mitigate risk
- Explore the possibilities of blockchain with a case study
- How to avoid the risk of poor blockchain implementation
- Explore the future potential of blockchain with forward looking theory
15:15
15 minBreak
15:30
60 min
Achieving Integrated Risk Management
Melissa Cohoe, Director of Risk Intelligence, GRC, Iceberg Networks
- How seperate teams can tackle risks together
- The benefits of an integrated risk management effort
- How tools and platforms can help you integrate
- Success Stories: Gaining executive buy-in with small wins
16:30
End of Day Two