Program Catalog
Browse sessions and workshops using the filtering options below.
Join us for the premier GRC event in Austin, Texas, or virtually from 12–14 August and earn up to 24 CPE credits.
We are hard at work designing this year’s conference program to ensure you have ample opportunities to gain knowledge, foster connections, and engage with peers. Check back for updates.
7:30 am–5:00 pm Registration
8:30 am–5:00 pm Workshops | In Person Only
7:00 am–5:00 pm Registration
8:15 am–9:30 am General Session
10:00 am–12:15 pm Concurrent Sessions
12:15 pm–1:30 pm Lunch
1:30 pm–5:30 pm Concurrent Sessions
5:30 pm–6:30 pm Welcome Reception | In Person Only
7:30 am–5:00 pm Registration
8:30 am–10:45 am Concurrent Sessions
11:00 am–1:00 pm General Session & Lunch
1:00 pm–5:30 pm Concurrent Sessions
7:30 am–11:30 am Registration
8:30 am–10:00 am General Session
10:30 am–11:30 am Closing Keynotes
Speaker: Mark Thomas
Digital trust is central to every digital interaction. In today's world, people are more connected than ever before. The Internet has brought more opportunities to exchange ideas and information within our neighborhood and worldwide. Customers can purchase goods online and receive them the same day. Technology works in the background to support these interactions and transactions between individuals, enterprises and external parties. The digital trust framework helps guide professionals on their digital transformation journey and encourages them to think about how digital trust needs to be considered at all levels of an enterprise. This workshop will cover the essential components of the framework and how to apply them in various situations in the work environment.
After completing this session, the participant will be able to:
Speaker: Megan Hall
In the wake of escalating adoption of artificial intelligence (AI) and multi-cloud environments, both formally and informally, the urgency to expand your organization's internal audit risk landscape has never been more critical. This interactive, hands-on workshop is designed to equip participants with the knowledge and tools necessary to address the complex risks associated with AI and multi-cloud environments effectively.
Participants will delve into the intricacies of the risks and controls related to increased organizational reliance on AI and multi-cloud strategies. The workshop will cover a broad range of topics, including, but not limited to:
This workshop is tailored for those seeking to proactively navigate the changing risk landscape, ensuring their organizations remain resilient and secure in the face of innovation and technological advancement.
After completing this session, the participant will be able to:
Browse sessions and workshops using the filtering options below.
Digital trust is central to every digital interaction. In today's world, people are more connected than ever before. The Internet has brought more opportunities to exchange ideas and information within our neighborhood and worldwide. Customers can purchase goods online and receive them the same day. Technology works in the background to support these interactions and transactions between individuals, enterprises and external parties. The digital trust framework helps guide professionals on their digital transformation journey and encourages them to think about how digital trust needs to be considered at all levels of an enterprise. This workshop will cover the essential components of the framework and how to apply them in various situations in the work environment.
After completing this session, the participant will be able to:
In the wake of escalating adoption of artificial intelligence (AI) and multi-cloud environments, both formally and informally, the urgency to expand your organization's internal audit risk landscape has never been more critical. This interactive, hands-on workshop is designed to equip participants with the knowledge and tools necessary to address the complex risks associated with AI and multi-cloud environments effectively.
Participants will delve into the intricacies of the risks and controls related to increased organizational reliance on AI and multi-cloud strategies. The workshop will cover a broad range of topics, including, but not limited to:
This workshop is tailored for those seeking to proactively navigate the changing risk landscape, ensuring their organizations remain resilient and secure in the face of innovation and technological advancement.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
As organizations increasingly rely on APIs for seamless data exchange, this study explores the evolving patterns of API communication and scrutinizes the tactics employed by attackers utilizing bots to exploit vulnerabilities. Real-world case studies illuminate the intricacies of these advanced attacks, ranging from data breaches, account takeover and shopping bots nearly buy all the inventories. The discussion delves into the technical nuances of bot-driven attacks, evaluates their impact on organizations, and proposes defensive strategies.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
These days, global supply chains are very important to businesses. However, supply chain risk is like kryptonite. This talk will go into detail about the many aspects of supply chain risk and show why it is such a major weakness for businesses today. We will talk about how these risks can destroy a business, not only by stopping production but also by losing customers' trust, losing money, and putting private data at risk.
After completing this session, the participant will be able to:
NASBA Field of Study: Personal Development
Emotional intelligence (EI) is a vital skill for effective leadership in today's complex and dynamic work environments. This session explores the key principles of leading with emotional intelligence and provides practical insights and strategies for enhancing EI in leadership roles. Participants will gain a deep understanding of EI, its components, and its significance in leadership, enabling them to apply these principles to drive better team dynamics, communication, and organizational success.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
Generative AI is having its spotlight moment. But along with promise, there are also concerns about the potential risks to organizations. How do you ensure, as you scale up an AI strategy and usage, you keep it secure, risk managed, and compliant? Listen to insights on how to build a framework to incorporate AI into your organization’s risk management program in order to unlock its full potential.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
In this session, you will learn how to use machine learning and root cause analysis to improve your internal audit quality and impact. You will discover how machine learning can help you with risk assessment, data analysis and fraud detection. Moreover, you will explore the mindset of internal auditors who are going to use machine learning in their work, and deploying machine learning into root cause analysis process .plus, gain a deeper understanding of automated root cause analysis software.
After completing this session, the participant will be able to:
NASBA Field of Study: Personal Development
Simply put, you represent your own personal brand. In today’s demanding and fiercely competitive global economy, people across all industries need to understand the criticality of understanding their core to develop and leverage their personal brand in order to orchestrate a progressive and successful professional journey. This interactive session explores how you can recognize and embrace your core to establish and nurture your personal brand towards the quest for professional development and achievement of organizational goals and objectives.
After completing this session, the participant will be able to:
NASBA Field of Study: Business Management & Organization
This session will explore the forefront of thought leadership in automating compliance and risk management within modern tech stacks, especially in environments subject to stringent regulations. We will delve into the integration of cutting-edge technologies—such as AI and ML—to enhance compliance processes and risk assessment, reducing manual toil and increasing efficiency. Attendees will gain insights into leveraging these technologies for a strategic advantage in compliance and risk management, with a focus on practical applications and real-world examples.
After completing this session, the participant will be able to:
NASBA Field of Study: Specialized Knowledge
AI introduces new opportunities not seen before, but they come with new risks. AI evolves at such a rapid pace that not every vendor has gone through a third-party audit yet. Even when they have a SOC 2 report, significant risks are not covered by the report’s Trust Services Criteria. This session will explore what to ask vendors with or without a SOC report, to give you a complete view of AI risks and mitigations.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
The Audit profession will change more in the next 5 years that it has change in the last 30, in fact it has already change, new Auditors need to evolve and become proficient in their auditing skills to evaluate new technologies like the cloud, digital assets, blockchain, artificial intelligence and even the metaverse! In this session we will review the challenges of the IT audit of the future and get recommendations that will help us evolve our skills to identify the new abilities needed TODAY for the auditors of the future and become eXtreme auditors!
After completing this session, the participant will be able to:
NASBA Field of Study: Personal Development
Emerging technologies will drive improvement in the audit function. The real value will be realized when those technologies are matched with human skills like intuition, experience and critical thinking. Teams that can Humanize Technology will win.
After completing this session, the participant will be able to:
NASBA Field of Study: Specialized Knowledge
Join me, as I unveil the secrets of seamlessly integrating compliance and industry standards into groundbreaking information security programmes. Discover how to drive transformative change without disrupting daily operations. Let's explore a journey that marries innovation with security, ensuring your organisation stays ahead in the dynamic landscape of governance, risk, and compliance.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
The metaverse is a compelling digital realm which combines elements of virtual reality, and online communities. Gen AI emerges as a powerful force in the metaverse, shaping creativity, user engagement, and economic opportunities. What are some important risks that security leaders and metaverse innovators need to consider? The session will focus on the specific risks in Metaverse with use of Generative AI, such as digital impersonation, algorithmic bias, data misuse, and model vulnerabilities that require vigilance and mitigation.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
Join us for an insightful exploration into architecting and deploying an effective controls program to elevate technology risk maturity across enterprises. Guided by two experienced GRC experts, this presentation explores the strategic necessities, practical factors, and potential for transformation in crafting and implementing a robust controls program to enhance the maturity of technology risk management practices. With a robust controls program, organizations can bolster resilience against evolving threats and safeguard their operations.
After completing this session, the participant will be able to:
NASBA Field of Study: Business Management & Organization
The session explores the significant impact of leadership and diversity, especially the inclusion of women of color, on the effectiveness of Infosec frameworks within organizations. The session posits the strategic importance of addressing underrepresentation in InfoSec roles. It suggests that transformational leadership and diverse perspectives are essential for fostering innovation and resilience against security threats. The research examines the barriers women of color face in InfoSec and how leadership can support diversity and enhance security culture.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
Let's explore the transformative approach of autonomous assurance to address the challenges of scale and complexity in GRC. This session delves into how automating fieldwork and reporting can revolutionize assurance processes. The value of autonomous assurance is freeing professionals to focus on risk consultation rather than manual checklists. Discover the socio-technical path to enhancing capacity and effectiveness for assurance. The outcome is a path that increases the agility of risk management in dynamic business environments.
After completing this session, the participant will be able to:
NASBA Field of Study: Business Management & Organization
Discover how cognitive biases affect cybersecurity decisions in supply chains. This session offers practical insights for enhancing risk management through understanding and countering these biases. Learn strategies to improve your decision-making and strengthen your defenses, making your supply chain more resilient against cyber threats. Join us to empower your cybersecurity approach with informed, strategic actions.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
A key focus on ESG in the manufacturing arena is the accuracy of reporting of data from environmental systems. This can include energy, waste and water systems that can be read in a multitude of ways from manual readings, estimating or fully automated systems. This session shows how to approach all of these and the pitfalls to avoid.
After completing this session, the participant will be able to:
NASBA Field of Study: Business Management & Organization
Effectively communicating information to the board is instrumental to the process of budgeting and managing core IT programs. However, sharing critical technology data can become challenging when board members have a variety of experience and understanding.
Our presentation will offer insight into the reports your board finds most valuable such as security, overall IT risk, and IT projects as well as how to represent IT nuances to non-IT Board members.
After completing this session, the participant will be able to:
NASBA Field of Study: Specialized Knowledge
Organizations often obtain cyberinsurance policies to address portions of their residual cybersecurity risk. Two of the major challenges in those efforts are obtaining and reporting an accurate assessment of your organization’s cybersecurity risks and maturity of related processes, and then finding the resources and time to accurately respond to multiple cyberinsurance questionnaires and assessments. We will demonstrate a method to address these concerns in efficient manner, that also supports an organization’s GRC objectives.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
AI is everywhere and has the potential to impact the global economy by billions of dollars. However, there are risks involved, as seen with self-driving cars and biased algorithms. The same applies to internal controls as well. When AI executes controls, it can greatly affect financial reporting and business operations. Testing the effectiveness of AI-executed controls is crucial to mitigate these risks and unlock the potential of AI.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
It's no secret that disappointment and conflict can rear their heads when our assessment of issues and risk don't quite hit the mark with our business partners. Cold, hard facts, data, and logical arguments just aren’t enough. The challenge lies in the limited connections between the brain areas that deal with logic, thinking, and language, and those that drive behavior and decision-making. The real missing piece? Knowing what it takes to truly succeed in persuading others.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
Does your organization struggle with building policies and standards to meet the needs of multiple security and regulatory frameworks? Let us share our journey:
• Right sizing our policies and standards to meet the needs of our internal organization, and external assessors.
• How we identified where to start – what frameworks came first, who needed to be involved, and our communication campaign.
• How we brought the organization along.
• How we continue to evolve with lessons learned.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
1) Deep dive into Large Language Models (LLMs), including their diverse applications across industries (healthcare, finance, legal). 2) Understand the complex training process of LLMs from initial pretraining to fine-tuning and optimization for specific domains or tasks. 3) Explore Encoder-Decoder Framework and various transformer-based language models. 4) Through a live demonstration, participants will see the functionality of a pretrained transformer available in Hugging Face ecosystem, showcasing its ability to summarize text or dialogue effectively.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
This session will cover 20+ common security and compliance terms that customers ask of their vendors and make recommendations on which the CISOs can safely accept. The session will offer practical advice on how to negotiate in various scenarios and cover best practices for implementing controls to support the agreed requirements, such as privacy and data breaches, open-source, vulnerabilities, and more.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
In this session, we will explore strategies and best practices for harmonizing the languages of Compliance and IT Security, enabling professionals to communicate more effectively across these domains. Participants will be empowered to confidently navigate compliance and IT risk and equipped with practical strategies for effective communication, program evaluation, and reporting.
After completing this session, the participant will be able to:
NASBA Field of Study: Cybersecurity
Discover the latest advancements in the field of AI controls and comprehensive insights into the multi-dimensions of an AI Research project during this presentation. Our journey will be distilled into 4 key phases, providing a roadmap that aligns GRC innovation with responsibility. Ours is a journey that links innovation with ethical responsibility, security, and strategic growth.
Our journey’s roadmap introduced key phases of the AI possibilities, provided sample steps in this process. To remain viable and capable of continuing secure business operations, organizations need to upgrade their capabilities without unnecessary exposure to the threats and chaos the new technological revolutions periodically introduce.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
California Consumer Privacy Act, GDPR, HIPAA, and other privacy laws require sensitive data elements to be protected, masked, and secured. Corporations transmit large chunks of data to third parties via file transfer, we interface, and other means. It is essential to detect these sensitive elements in large data sets via Regex pattern and if necessary take protective measures. In this presentation we show how to d protect data with Regex patterns using AI, & machine learning.
After completing this session, the participant will be able to:
NASBA Field of Study: Personal Development
In today's digitally interconnected world, organizations face ever-evolving cybersecurity threats that require robust defense strategies. While technological solutions are essential, the human element remains paramount. Research indicates that fostering a culture of psychological safety and trust is fundamental to achieving effective cybersecurity outcomes. This proposal aims to explore the pivotal role of leadership in cultivating such a culture within organizations, particularly in the context of cybersecurity initiatives.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
This session will explore how cutting-edge technologies like blockchain and artificial intelligence (AI) are fundamentally changing the landscape of risk management through real-world use cases. I'll discuss how blockchain's immutability, transparency, and distributed ledger technology can bolster security and combat fraud; we will discover how AI-powered analytics can identify and assess risks faster and more accurately, allowing for quicker responses. And also, we will discuss potential roadblocks to adopting these technologies.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
Modern organizations are driven by data, processing vast amounts every day. However, breaches and compliance violations resulting from poor data security continue to increase, impacting business performance, brand reputation and customer trust. This talk explains how organizations can build a robust data security strategy using a practical data discovery-led approach — providing a stronger foundation for continuous data governance, compliance and risk management — and avoid common pitfalls when selecting discovery and remediation solutions.
After completing this session, the participant will be able to:
NASBA Field of Study: Personal Development
The need for Internal Audit (IA) functions to adapt and re-direct quickly has exponentially intensified in remote work and hybrid environments. Apprenticeship and learning have been severely impacted over the past several years as organizations navigate the post-COVID world and struggle to develop effective methods and structures to engage the workforce.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
An organization’s “Crown Jewel Data.” It could be a hedge fund’s algorithm, Nike’s next shoe release, or Coca-Cola’s famous recipe. In other words, intellectual property, trade secrets, patents, copyrights, trademarks, and any other protected information that contributes to a company’s competitive advantage. It takes only one successful attempt to steal an organization’s Crown Jewel Data, so organizations need to get it right every time just to prevent these external threats.
After completing this session, the participant will be able to:
NASBA Field of Study: Information Technology
Zero Trust Architecture (ZTA) is considered a highly effective strategy for elevating organizations cybersecurity, yet many organizations struggle with the adoption of Zero Trust architecture and concepts. In this session we’ll explain key ZTA approaches, Zero Trust principles and perceived shortcomings of ZTA, and we’ll focus on Zero Trust implementation best practices - The Commandments. We’ll review examples of how organizations implemented ZTA elements, challenges they faced and mistakes they made.
After completing this session, the participant will be able to:
NASBA Field of Study: Business Management & Organization
Organizations have some control over their own risks, but mush less control over third-party risks, not to mention risks from their third parties (4th, 5th, Nth parties). Most, if not all, organizations have been impacted by disruptions including the pandemic, natural disasters, geopolitical events, cyberattacks, fraud, human error, or a combination of causes.
Organizations should focus on strengthening their own resilience by implementing preventive measures, processes, and controls so they can focus on mitigating the residual impacts their third parties can have on their organization.
After completing this session, the participant will be able to:
NASBA Field of Study: Auditing
From Blade Runner, The Terminator, Her, and numerous other films, Hollywood has portrayed a bleak outlook on how AI will affect our lives. As auditors, we often question, 'Will AI take our jobs? If so, when? What should I be doing?'
This engaging and interactive session will leverage popular movies to delve into what exactly AI is, explore different types of AI currently available, and examine the skills auditors will need in the future.
After completing this session, the participant will be able to:
NASBA Field of Study: Regulatory Ethics
In the dynamic landscape of technology, business, and governance, AI is a transformative force. For IT Auditors and Risk Practitioners, grasping the responsible use of AI is crucial in this era of rapid advancements. This presentation aims to comprehensively explore the implications, challenges, and benefits for professionals. Tech companies lead AI innovation, and interactive discussions, case studies, and a Q&A session will facilitate active participation, addressing specific audience concerns, creating an enriching learning experience.
After completing this session, the participant will be able to:
More Information Coming Soon!