Where Governance and Risk Management Align for Impact

NASBA Field of Study: Specialized Knowledge 

AI introduces new opportunities not seen before, but they come with new risks. AI evolves at such a rapid pace that not every vendor has gone through a third-party audit yet. Even when they have a SOC 2 report, significant risks are not covered by the report’s Trust Services Criteria. This session will explore what to ask vendors with or without a SOC report, to give you a complete view of AI risks and mitigations.

After completing this session, the participant will be able to:   

• Discover unique risks created by the implementation and use of AI, and determine which ones are applicable to their organization.
• Understand the components of an AI tool that should be included in the scope of a SOC 2 report to ensure sufficient coverage of the report.
• Identify the AI risks not covered by the SOC 2 TSCs and what to ask an AI vendor to determine how and whether the vendor mitigates the risks.
• Learn how to leverage existing frameworks and guidance to ask the right questions and assess AI vendors that have either no SOC 2 report or an insufficient scope coverage in their SOC 2 report.

NASBA Field of Study: Auditing

The Audit profession will change more in the next 5 years that it has change in the last 30, in fact it has already change, new Auditors need to evolve and become proficient in their auditing skills to evaluate new technologies like the cloud, digital assets, blockchain, artificial intelligence and even the metaverse! In this session we will review the challenges of the IT audit of the future and get recommendations that will help us evolve our skills to identify the new abilities needed TODAY for the auditors of the future and become eXtreme auditors!

After completing this session, the participant will be able to:   

• Understand the emerging technologies that not every IT Auditor (or anybody) knows how to audit.
• Apply the resources and recommendations shared with them that will help them secure these new technologies.
• Prepare to audit in 3D what we were prepare to audit in 2D.

NASBA Field of Study: Personal Development 

Emerging technologies will drive improvement in the audit function. The real value will be realized when those technologies are matched with human skills like intuition, experience and critical thinking. Teams that can Humanize Technology will win.

After completing this session, the participant will be able to:   

• Develop tactical ways to step into use of emerging technologies to enhance their audit practices.
• Remind the audience of key auditor characteristics that need continued focus: critical thinking, empathy, intuition, strong partnerships & effective communication.
• Be able to tie the benefit of introducing components of emerging technologies and tying those with developing human soft skills to drive increase client satisfaction and value to your organizations.

NASBA Field of Study: Specialized Knowledge

Join me, as I unveil the secrets of seamlessly integrating compliance and industry standards into groundbreaking information security programmes. Discover how to drive transformative change without disrupting daily operations. Let's explore a journey that marries innovation with security, ensuring your organisation stays ahead in the dynamic landscape of governance, risk, and compliance.

After completing this session, the participant will be able to:   

• Understand the strategic alignment of compliance and industry standards with transformative information security programmes.
• Learn practical approaches to implementing innovative security measures without impacting day-to-day operations.
• Discover the art of leveraging compliance frameworks to foster a culture of security within your organisation.
• Gain insights into navigating the evolving landscape of GRC and staying ahead in the ever-changing world of cybersecurity.

NASBA Field of Study: Auditing

The metaverse is a compelling digital realm which combines elements of virtual reality, and online communities. Gen AI emerges as a powerful force in the metaverse, shaping creativity, user engagement, and economic opportunities. What are some important risks that security leaders and metaverse innovators need to consider? The session will focus on the specific risks in Metaverse with use of Generative AI, such as digital impersonation, algorithmic bias, data misuse, and model vulnerabilities that require vigilance and mitigation.

After completing this session, the participant will be able to:   

• Demystifying the metaverse, its architecture, and emerging trends. Discover how generative AI empowers creators, designers, and developers to craft immersive, life-like virtual environments, characters, and experiences easily available from home.
• Explore a spectrum of use cases where generative AI enriches user interactions, enabling dynamic storytelling, personalized content, and responsive virtual entities in metaverse for adults and teenagers.
• Recognize and appreciate the specific risk vectors associated with the use of Generative AI models in the metaverse.
• Recognize the ethical implications of AI-generated content in virtual spaces and its impact on privacy, consent, data poisoning, and data security.

NASBA Field of Study: Information Technology

Join us for an insightful exploration into architecting and deploying an effective controls program to elevate technology risk maturity across enterprises. Guided by two experienced GRC experts, this presentation explores the strategic necessities, practical factors, and potential for transformation in crafting and implementing a robust controls program to enhance the maturity of technology risk management practices.  With a robust   controls program, organizations can bolster resilience against evolving threats and safeguard their operations.

After completing this session, the participant will be able to:   

• Understand the essential components of a controls program, including controls framework, controls implementation strategies, governance structures, and continuous monitoring strategies.
• Cultivate skills in designing and implementing targeted controls programs.
• Discover the transformative power of cross-functional collaboration in enhancing technology risk management capabilities across the enterprise. 
• Explore strategies for monitoring and testing controls to continuously assess their effectiveness, detect deficiencies or weaknesses, and take corrective actions promptly, which would bolster their organization's resilience against emerging threats and risk landscape.

NASBA Field of Study: Business Management & Organization

The session explores the significant impact of leadership and diversity, especially the inclusion of women of color, on the effectiveness of Infosec frameworks within organizations. The session posits the strategic importance of addressing underrepresentation in InfoSec roles. It suggests that transformational leadership and diverse perspectives are essential for fostering innovation and resilience against security threats. The research examines the barriers women of color face in InfoSec and how leadership can support diversity and enhance security culture.

After completing this session, the participant will be able to:   

• Learn how transformational leadership can positively impact organizations' development and maintenance of an effective information security (InfoSec) culture.
• Gain insights into the specific challenges women of color face in the InfoSec field and the importance of leadership in mitigating these barriers.
• Learn actionable insights and recommendations for organizations to improve their leadership support mechanisms for diversity in InfoSec roles, aiming to build a resilient, innovative, and inclusive security culture.

NASBA Field of Study: Information Technology

Let's explore the transformative approach of autonomous assurance to address the challenges of scale and complexity in GRC. This session delves into how automating fieldwork and reporting can revolutionize assurance processes.  The value of autonomous assurance is freeing professionals to focus on risk consultation rather than manual checklists. Discover the socio-technical path to enhancing capacity and effectiveness for assurance. The outcome is a path that increases the agility of risk management in dynamic business environments.

After completing this session, the participant will be able to:   

• Gain a deeper understanding into the mechanics of implementing autonomous assurance processes. 
• Cover the socio-technical approaches for structuring teams for autonomous assurance. 
• Gain skills and competencies necessary to effectively automate the two specific aspects of the assurance process: fieldwork and reporting.
• Be able to identify the key steps necessary for a successful transition from manual to automated assurance processes and will learn to structure internal engagements with autonomous assurance teams. 

NASBA Field of Study: Business Management & Organization

Discover how cognitive biases affect cybersecurity decisions in supply chains. This session offers practical insights for enhancing risk management through understanding and countering these biases. Learn strategies to improve your decision-making and strengthen your defenses, making your supply chain more resilient against cyber threats. Join us to empower your cybersecurity approach with informed, strategic actions.

After completing this session, the participant will be able to:   

• Identify and understand the cognitive biases that impact decision-making in supply chain cybersecurity, enabling participants to recognize these biases in their own decision processes.
• Learn to apply effective risk management strategies that address these cognitive biases, enhancing the resilience of supply chains against cyber threats.
• Gain practical skills in evaluating and mitigating cybersecurity risks within supply chains, focusing on improving decision-making accuracy and strategic planning in risk management efforts.

NASBA Field of Study: Auditing

A key focus on ESG in the manufacturing arena is the accuracy of reporting of data from environmental systems.  This can include energy, waste and water systems that can be read in a multitude of ways from manual readings, estimating or fully automated systems. This session shows how to approach all of these and the pitfalls to avoid.

After completing this session, the participant will be able to:   

• Learn about the different methods being used to accumulate environmental data and the risks inherent in each.
• Show how to structure an audit to accommodate each of the data collection methods and to validate the data.
• Understand the extent that automation can help with data collection and the risks in using SACDA, OT and PLCs in data collection.

NASBA Field of Study: Business Management & Organization 

Effectively communicating information to the board is instrumental to the process of budgeting and managing core IT programs. However, sharing critical technology data can become challenging when board members have a variety of experience and understanding.

Our presentation will offer insight into the reports your board finds most valuable such as security, overall IT risk, and IT projects as well as how to represent IT nuances to non-IT Board members.

After completing this session, the participant will be able to:  

• Understand which reports your board finds most valuable such as security, overall IT risk, and IT projects.
• Understand how to present information in a concise and useful way.
• Understand how to represent IT nuances to non-IT Board members.

NASBA Field of Study: Specialized Knowledge

Organizations often obtain cyberinsurance policies to address portions of their residual cybersecurity risk. Two of the major challenges in those efforts are obtaining and reporting an accurate assessment of your organization’s cybersecurity risks and maturity of related processes, and then finding the resources and time to accurately respond to multiple cyberinsurance questionnaires and assessments. We will demonstrate a method to address these concerns in efficient manner, that also supports an organization’s GRC objectives.

After completing this session, the participant will be able to:   

• Understand that there is significant overlap between the various questionnaires used by cyberinsurance providers and brokers, and most include elements that align with known cybersecurity risk and control concepts.
• Realize that information security and risk management personnel should be actively involved in responding to any cyberinsurance questionnaires, and such activity is part of the overall cybersecurity governance, risk, and compliance efforts for your organization.
• Obtain an insight into how a well-designed and answered cyberinsurance questionnaire will also assist in understanding an organization’s overall cybersecurity maturity.
• Identify a means of improving an organization’s cybersecurity risk management effectiveness and efficiency, by integrating a cybersecurity risk assessment mindset when applying for cyberinsurance.

NASBA Field of Study: Auditing

AI is everywhere and has the potential to impact the global economy by billions of dollars. However, there are risks involved, as seen with self-driving cars and biased algorithms. The same applies to internal controls as well. When AI executes controls, it can greatly affect financial reporting and business operations. Testing the effectiveness of AI-executed controls is crucial to mitigate these risks and unlock the potential of AI.

After completing this session, the participant will be able to:   

• Understand the potential risks associated with using AI to execute controls.
• Develop an understanding of the key components of a responsible AI model.
• Learn better practices and strategies to test controls executed by AI.

NASBA Field of Study: Auditing 

It's no secret that disappointment and conflict can rear their heads when our assessment of issues and risk don't quite hit the mark with our business partners. Cold, hard facts, data, and logical arguments just aren’t enough. The challenge lies in the limited connections between the brain areas that deal with logic, thinking, and language, and those that drive behavior and decision-making. The real missing piece? Knowing what it takes to truly succeed in persuading others.

After completing this session, the participant will be able to:  

• Understand the role of brain science and its impact on effective communication.
• Identify the key challenges arising from the disconnect between the brain's logical processing and decision-making centers in professional interactions.
• Apply brain research insights to enhance persuasion skills and foster better alignment with business partners.
• Develop strategies to build stronger working relationships, increase confidence, and improve communication proficiency.

NASBA Field of Study: Information Technology

Does your organization struggle with building policies and standards to meet the needs of multiple security and regulatory frameworks? Let us share our journey:

•             Right sizing our policies and standards to meet the needs of our internal organization, and external assessors.

•             How we identified where to start – what frameworks came first, who needed to be involved, and our communication campaign.

•             How we brought the organization along.

•             How we continue to evolve with lessons learned.

After completing this session, the participant will be able to:   

• Identify frameworks that matter to their organization to understand the why we must do something, what we are doing, to get to the how we are doing it.
• Streamlined foundational approach to simplify their policies and standards for their organization. Effectiveness of the policy is not based on word count.  
• Understand approaches to bring everyone to the table. Policies impact everyone from individual contributors to middle management to executive leadership. Provide the opportunity for them to have a voice.
• Recognize polices are ever evolving in order to respond to the demanding security landscape. Continue to seek/ingest feedback and input to iterate on the policies - we'll share how!

NASBA Field of Study: Information Technology

1) Deep dive into Large Language Models (LLMs), including their diverse applications across industries (healthcare, finance, legal). 2) Understand the complex training process of LLMs from initial pretraining to fine-tuning and optimization for specific domains or tasks. 3) Explore Encoder-Decoder Framework and various transformer-based language models. 4) Through a live demonstration, participants will see the functionality of a pretrained transformer available in Hugging Face ecosystem, showcasing its ability to summarize text or dialogue effectively.

After completing this session, the participant will be able to:   

• Understand the basics of Large Language Models (LLMs), including how they are built, what they can do, and where they are applied in various industries like HealthCare, Finance, and Legal.
• Gain insights into the training process of foundational large language models, where vast amounts of data are utilized in the initial pretraining phase and then the pretrained model is fine tuned and optimized for the target domain or task(s).
• Acquire an overview of Encoder-Decoder Framework and explore various types of language models based on transformer architectures.
• Demonstrate a pretrained transformer freely available in the Hugging Face ecosystem, capable of summarizing text/dialogue, through a live demonstration.

NASBA Field of Study: Information Technology

This session will cover 20+ common security and compliance terms that customers ask of their vendors and make recommendations on which the CISOs can safely accept. The session will offer practical advice on how to negotiate in various scenarios and cover best practices for implementing controls to support the agreed requirements, such as privacy and data breaches, open-source, vulnerabilities, and more.

After completing this session, the participant will be able to:   

• Become experts in the often-overlooked, but critical area of customer contractual negotiations and obligations. 
• Gain practical insights into the most riskiest cybersecurity provisions that can show up in customer contracts and ways to handle them, as well as the most common terms and requirements that may come up in customer contract negotiations.
• Understand how their audit experience and knowledge of the existing corporate cybersecurity controls can enable participants to influence internal stakeholders to eliminate risky contract provisions.
• Better advocate for themselves and highlight their value to their company by significantly reducing corporate risk and enabling a smoother sales experience and a faster sales cycle.

NASBA Field of Study: Information Technology 

In this session, we will explore strategies and best practices for harmonizing the languages of Compliance and IT Security, enabling professionals to communicate more effectively across these domains. Participants will be empowered to confidently navigate compliance and IT risk and equipped with practical strategies for effective communication, program evaluation, and reporting.

After completing this session, the participant will be able to:   

• Understand risk and compliance terminology, including how organizations evaluate these concepts, the nuances of risk disposition, and the distinction between inherent and residual risk.
• Understand the importance of accurately gauging the maturity of risk and compliance programs. Attendees will evaluate their programs' maturity levels and understand the implications, exploring the relevance of maturity scales to their current organizational needs.
• Understand the criticality of assessing risks and controls across all facets of the business, including third-party risk management and cross-functional communication strategies internally.
• Provide insights into crafting compelling reports for executive teams and board directors, translating IT risk insights into compelling narratives for CEOs.

NASBA Field of Study: Cybersecurity

Discover the latest advancements in the field of AI controls and comprehensive insights into the multi-dimensions of an AI Research project during this presentation. Our journey will be distilled into 4 key phases, providing a roadmap that aligns GRC innovation with responsibility. Ours is a journey that links innovation with ethical responsibility, security, and strategic growth.

Our journey’s roadmap introduced key phases of the AI possibilities, provided sample steps in this process. To remain viable and capable of continuing secure business operations, organizations need to upgrade their capabilities without unnecessary exposure to the threats and chaos the new technological revolutions periodically introduce.

After completing this session, the participant will be able to:    

• Understand about AI Ethics and Regulations, Security Protocols they need to consider, examples of misuse, new enhancement opportunities in regards to GRC.
• Understand about technical tips at a very high level to integrate AI products on-boarding and integration within GRC processes
• Understand about ongoing best practices in policy, documentation and reporting to senior leadership

NASBA Field of Study: Information Technology

California Consumer Privacy Act, GDPR, HIPAA, and other privacy laws require sensitive data elements to be protected, masked, and secured. Corporations transmit large chunks of data to third parties via file transfer, we interface, and other means. It is essential to detect these sensitive elements in large data sets via Regex pattern and if necessary take protective measures. In this presentation we show how to d protect data with Regex patterns using AI, & machine learning.

After completing this session, the participant will be able to:   

• Understand data privacy requirements for California Consumer Privacy Act, GDPR, HIPAA, and other privacy laws.
• Understand the process of detecting sensitive privacy data with Regex patterns.
• Understand  the process of masking privacy data with Fixed Format Encryption.
• Understand  the process of making sure data privacy for file transfers and web interfaces are maintained.

NASBA Field of Study: Personal Development

In today's digitally interconnected world, organizations face ever-evolving cybersecurity threats that require robust defense strategies. While technological solutions are essential, the human element remains paramount. Research indicates that fostering a culture of psychological safety and trust is fundamental to achieving effective cybersecurity outcomes. This proposal aims to explore the pivotal role of leadership in cultivating such a culture within organizations, particularly in the context of cybersecurity initiatives.

After completing this session, the participant will be able to:   

• Understanding the Concept of Psychological Safety in the Context of Cybersecurity.
• Exploring the Leadership's Role in Building Trust and Transparency.
• Implementing Strategies for Cultivating Cybersecurity Accountability.
• Empowering Employees Through Comprehensive Cybersecurity Training and Support.

NASBA Field of Study: Information Technology

This session will explore how cutting-edge technologies like blockchain and artificial intelligence (AI) are fundamentally changing the landscape of risk management through real-world use cases. I'll discuss how blockchain's immutability, transparency, and distributed ledger technology can bolster security and combat fraud; we will discover how AI-powered analytics can identify and assess risks faster and more accurately, allowing for quicker responses. And also, we will discuss potential roadblocks to adopting these technologies.

After completing this session, the participant will be able to:   

• Analyze existing risk management strategies and identify areas where blockchain and AI can offer significant improvements.
• Develop a basic understanding of blockchain and AI technologies in the context of risk management, including their key features and potential applications.
• Evaluate real-world use cases of blockchain and AI in risk management across various industries, identifying relevant lessons for their own organization.
• Craft an initial action plan outlining key steps to integrate blockchain and AI into their risk management strategy, considering existing resources and potential challenges.

NASBA Field of Study: Auditing

Modern organizations are driven by data, processing vast amounts every day. However, breaches and compliance violations resulting from poor data security continue to increase, impacting business performance, brand reputation and customer trust. This talk explains how organizations can build a robust data security strategy using a practical data discovery-led approach — providing a stronger foundation for continuous data governance, compliance and risk management — and avoid common pitfalls when selecting discovery and remediation solutions.

After completing this session, the participant will be able to:   

• Understand why their organization needs a clear and comprehensive understanding of the business’s data assets — their location, sensitivity and threat exposure — as a foundation for a robust data security strategy that supports effective governance, risk management and compliance.
• Understand how data discovery supports the identification of information assets, particularly sensitive and personal data, and be able to articulate this in the context of broader asset discovery and asset management.
• Understand about the major pitfalls of common approaches to data discovery and identification, and what their limitations are. Participants will also learn about what makes for effective data discovery, and the criteria to look for when selecting and implementing discovery and identification solutions.
• Explain how visibility of data delivered by a continuous process of data discovery and identification informs and underpins a robust data security strategy, driving effective risk management and data governance, and supporting new data-driven project initiatives such as cloud migration, digital transformation and AI programs.

NASBA Field of Study: Personal Development

The need for Internal Audit (IA) functions to adapt and re-direct quickly has exponentially intensified in remote work and hybrid environments. Apprenticeship and learning have been severely impacted over the past several years as organizations navigate the post-COVID world and struggle to develop effective methods and structures to engage the workforce.

After completing this session, the participant will be able to:   

• Understand the concepts behind developing a Culture of Coaching, proposed methods, and how it can help solve some of the learning and cultural challenges that impact the engagement and resiliency of today’s IA workforce. 
• Understand the critical role of a coaching culture in unlocking collective capabilities and individual strengths of internal audit teams in the era of hybrid and remote work and an ever-changing technological landscape.
• Understand how to actively promote individual and team resilience and responsibility, within an Internal Audit function and develop a culture that contributes to an engaged, agile, and growth mindset workforce.
• Explore the necessity of integrating coaching principles into daily operations and innovative delivery models to create a resilient, confident, and adaptable audit workforce.
• Recognize the importance of nurturing a culture that values both the individual auditor and the collective audit team, viewing inevitable changes as opportunities for growth and evolution.

NASBA Field of Study: Information Technology

An organization’s “Crown Jewel Data.” It could be a hedge fund’s algorithm, Nike’s next shoe release, or Coca-Cola’s famous recipe. In other words, intellectual property, trade secrets, patents, copyrights, trademarks, and any other protected information that contributes to a company’s competitive advantage. It takes only one successful attempt to steal an organization’s Crown Jewel Data, so organizations need to get it right every time just to prevent these external threats.

After completing this session, the participant will be able to:   

• Understand more about privacy compliance.
• Understand more about data governance roles and responsibilities.
• Understand how to design business processes with privacy and security in mind.

NASBA Field of Study: Information Technology 

Zero Trust Architecture (ZTA) is considered a highly effective strategy for elevating organizations cybersecurity, yet many organizations struggle with the adoption of Zero Trust architecture and concepts. In this session we’ll explain key ZTA approaches, Zero Trust principles and perceived shortcomings of ZTA, and we’ll focus on Zero Trust implementation best practices - The Commandments. We’ll review examples of how organizations implemented ZTA elements, challenges they faced and mistakes they made.

After completing this session, the participant will be able to:   

• Understand key ZTA principles like: never trust, always verify; why networks should not be trusted - why assume networks are breached; why device ownership should not elicit trust and why ongoing verification of access authentication and authorization is a must. 
• Understand consequences of not using Zero Trust Architecture and Zero Trust principles correctly and how adversaries can take advantage of implementation mistakes, that can disable Zero Trust capabilities, and how to avoid those mistakes. 
• Understand the perceived shortcomings of ZTA e.g. limits of ZTA for legacy applications, privileged management, 3rd party services, IoT, new technologies and apps … and how to overcome concerns around those perceived shortcomings, how to address lack of modern controls with modern technologies and architectural designs.
• Understand value of key Zero Trust best practices, key commandments like explicit trust validation, asset-centricity and data driven decision making, and how they provide Return On Security Investment (ROSI), and why they are key success factors for Zero Trust Architecture adoption. 

NASBA Field of Study: Business Management & Organization 

Organizations have some control over their own risks, but mush less control over third-party risks, not to mention risks from their third parties (4th, 5th, Nth parties). Most, if not all, organizations have been impacted by disruptions including the pandemic, natural disasters, geopolitical events, cyberattacks, fraud, human error, or a combination of causes.

Organizations should focus on strengthening their own resilience by implementing preventive measures, processes, and controls so they can focus on mitigating the residual impacts their third parties can have on their organization.

After completing this session, the participant will be able to:   

• Understand the steps to Building a Resilience Culture and define What is Most Important to Make Resilient.
• Map the Interdependencies between third parties and your organization.
• Set Impact Tolerance.
• Benefits to Scenario Testing and a Communication Plan.

NASBA Field of Study: Auditing

From Blade Runner, The Terminator, Her, and numerous other films, Hollywood has portrayed a bleak outlook on how AI will affect our lives. As auditors, we often question, 'Will AI take our jobs? If so, when? What should I be doing?'

This engaging and interactive session will leverage popular movies to delve into what exactly AI is, explore different types of AI currently available, and examine the skills auditors will need in the future.

After completing this session, the participant will be able to:   

• Understand the historic Hollywood view of AI and how it has shaped our views as auditors.
• Explore common themes and misconceptions about AI, while addressing concerns auditors may have about potential job displacement.
• Differentiate between Hollywood fantasy and the realistic trajectory of AI in the context of auditing, fostering a more informed and nuanced perspective on the potential impact of AI on their careers.
• Learn about the current state of AI in the Audit profession, the tools that are available, and how organizations are utilizing AI.

NASBA Field of Study: Regulatory Ethics

In the dynamic landscape of technology, business, and governance, AI is a transformative force. For IT Auditors and Risk Practitioners, grasping the responsible use of AI is crucial in this era of rapid advancements. This presentation aims to comprehensively explore the implications, challenges, and benefits for professionals. Tech companies lead AI innovation, and interactive discussions, case studies, and a Q&A session will facilitate active participation, addressing specific audience concerns, creating an enriching learning experience.

After completing this session, the participant will be able to:   

• Develop a comprehensive understanding of responsible AI practices, specifically tailored for IT auditors and risk practitioners. 
• Be equipped with the skills to identify potential risks associated with AI implementation in IT Audits and Risk Management. 
• Gain insights into the benefits and opportunities that AI brings to the field of IT auditing. 
• Be well-informed regarding the current and upcoming regulatory landscape related to AI.

More Information Coming Soon!