Agenda

Day One : Tuesday, January 21, 2020

08:00

60 min

Registration and Continental Breakfast

10:00

15 min

Break

10:15

60 min
Phil Racco

Moving Beyond the Risk Register: Communicating Risk in the Public Sector

Phil Racco, Senior Manager, Enterprise Risk Services, MNP LLP

Sarah Dionne, Manager, Enterprise Risk Services, MNP LLP

Programs always get stuck in the transactional process of updating a risk register – this can result in a risk-management program becoming a compliance exercise motivated by the need to ‘check a box’ instead of generating real discussion around the threats and opportunities that may impact an organization’s strategy.

An organization’s focus should be on creating a Risk Culture that promotes two-way communication about risk and uses tools such as:

  • Risk appetite
  • Risk measures
  • Risk dialogues

Underpinning these tools is ensuring a solid risk governance structure is in place so that an organization can have confidence that they are addressing risk at the right-level.

12:15

60 min

Luncheon

13:15

45 min
Vanessa Henri

Third Party Cyber Risk: Vendor Due Diligence and Management

Vanessa Henri, Associate Attorney, Fasken Martineau

  • Why do I need a vendor on-boarding and management?
  • Key considerations in establishing a program
  • Recognizing when a privacy risk assessment is required
  • Considerations when dealing with vendors of emerging technologies
  • What about off-boarding?

15:30

15 min

Break

16:45

End of Day One

Day Two : Wednesday, January 22, 2020

08:00

60 min

Registration and Continental Breakfast

10:00

15 min

Break

10:15

60 min
Darren Budd Aron Feuer

Testing the Breach: Incorporating Cybersecurity Incident Simulations into Risk Assessment and Other Engagements

Darren Budd, Partner, Orbis Risk Consulting

Aron Feuer, Managing Director, Cyber Security, Valencia Information and Infrastructure Protection

In light of the troubling trend of increasingly sophisticated phishing fraud schemes and ransomware cyber-attacks on public sector organization, this presentation will help risk management professionals, auditors and other stakeholder to identify and assess the critical People, Process and Technology risks and controls related to cybersecurity.

Darren and Aron will introduce techniques and practices they have used in working with Canadian public sector organizations conducting audit and advisory work in Privacy and Cybersecurity. Specifically, the presentation will cover:

  1. Scoping risk assessments, advisory engagements and audits to optimize value and insight, including techniques for conducting cybersecurity risk assessments;
  2. Using Active Testing (e.g. malware, phishing, ransomware, malware, privacy breaches) to support assessment of cybersecurity risk mitigation strategies and approaches including incident detection & response capabilities; and
  3. Supporting the strategic and useful management of IT security talent including external subject matter experts.

12:15

60 min

Luncheon

15:15

15 min

Break

16:30

End of Day Two