Vancouver, British Columbia · November 26, 2019
8:00 - 9:00
||Registration and Continental Breakfast
9:00 - 9:10
Welcome and Opening Remarks from the Chair
Leon Bloom, Consultant, Deloitte
9:10 - 10:00
Leveraging ERM and internal control to Support Achievement of Business Strategies and Objectives
Leon Bloom, Consultant, Deloitte
- ERM as a capability framework to support achievement of business strategies and objectives and performance management
- Control assurance frameworks, regulation and common threads
- Governing principles
- Where are control frameworks heading?
- Continuous alignment of ERM and internal control with the 'extended enterprise'
- Sound practices and insights
|10:00 - 10:15 Networking Break
10:15 - 11:15
Increase the probability of successful innovation outcomes
Franco Oboni, President & Principal Consultant, Oboni Riskope Associates Inc.
- Studying success stories is of no use to increase success.
- We are better off studying failures, as they teach us what not to do and they are by far more numerous.
- However, focusing on failures can lead to fear-induced paralysis.
- Convergent quantitative, rational risk analysis allows us to use:
- “past-failures” information
- avoid fear-induced paralysis,
- avoid excessive audacity and thus increase the chances of success.
- We will review real-life cases and draw useful, general conclusions
11:15 - 12:15
Cyber Control Integration
Mark E.S. Bernard, Founder, Secure Knowledge Management
The Cybersecurity program will control costs while improving employee and customer engagement by reducing interruptions to services created by the loss of information confidentiality, integrity, or availability in addition
to mitigating the risk of a breach the would lead to reputation damage and unplanned expenses.
- Governance and risk management of Cybersecurity
- The crazy 8s of Cybersecurity threats and vulnerabilities
- Compliance risks associated with Cybersecurity regulation
- The integration between internal control frameworks and Cybersecurity
- The relationship between operational risk and Enterprise risks
12:15 - 1:15
1:15 - 2:15
Developing a Cyber Security Program: First 100 Days
Dominic Vogel, Founder & Chief Strategic, CyberSC.
- Learn about developing an effective and efficient enterprise security program
- Tips on how to build a cyber security program playbook
- Understand the foundational pillars of building an effective cyber security program
- Learn how to develop a positive security culture, how to make secure business processes easy
- Pragmatic tips for fostering enduring business relationships and how to effectively communicate cyber risk to executives
2:15 - 3:15
Updating risk governance to strengthen internal control effectiveness
- Risk governance objectives
- Growing risk governance, control requirements and expectations
- Guiding principles for risk governance and control effectiveness
- Shortcomings in the traditional risk governance and control model
- Updating and evolving risk governance and control
- Management and Board oversight
- Key questions
|3:15 - 3:30 Networking Break
3:30 - 4:30
Establishing Organizational Buy-In to Internal Audit and Internal Controls
Suzanne Dunn, Manager, Internal Audit, Pacific Blue Cross
- How do you shift the paradigm away from “police officer” to “strategic partner”
- Common pitfalls that cause an Internal Audit & Internal Controls department to lack organization buy-in
- Ways to create, deploy and provide “value” to business functions
- How to bridge the gap between compliance and operational improvement
||Closing Remarks from the Chair