Governance Risk and Control Conference 


Opening Keynote

Luke WilliamsLuke Williams, Professor of Marketing at NYU Stern School of Business; Founder and Executive Director of the W.R. Berkley Innovation Labs


General Session Keynote

Paul SobelPaul Sobel, CIA, QIAL, CRMA, Vice President and Chief Risk Officer of Georgia-Pacific, LLC



General Session Keynote

Rob ClydeRob Clyde, CISM, ISACA Board Chair, Executive Chair, White Cloud Security and Board Director, Titus



Closing Keynote

Terry GrafenstineTerry Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA, ISACA Board Chair, 2017-2018, Managing Director, Deloitte & Touche LLP




2018 Governance, Risk and Control Conference
Aug. 13-15, 2018 | Omni Hotel | Nashville, TN

ISACA and The IIA are pleased to once again collaborate to bring you the 2018 Governance, Risk, and Control (GRC) Conference. 

Join more than 600 governance, risk, and control professionals from 40+ countries at the event that draws together the best and brightest minds to embrace challenges, forge solutions, and define the future of global GRC.


GRC 2018 Brochure


IIA and ISACA members and all other savvy governance, risk management, control, and business professionals from around the world.

The conference offers an unrivaled opportunity to expand your network, build on your knowledge, and sharpen your skills. As well as giving you the opportunity to earn up to 18 CPEs.


  • Experience customized learning — Choose the sessions that matter most to you and your enterprise.
  • Interact face-to-face — Gain insights and share ideas with colleagues from around the world.
  • Update your knowledge and skills — Earn valuable CPE credits. Gain techniques, tools, strategies, and leading practices for successful outcomes.


  • Exceptional value for your training dollars — Receive documentation from every session that can be shared with colleagues.
  • Access to industry experts — Discover tested solutions that work for successful professionals and could be adapted for your organization.
  • Meet leading vendors —Visit the exhibit area to discover products that decrease enterprise expenses and increase return on investment. Get answers directly from product representatives.


Countdown to



Earn up to 18 CPE hours by attending this conference.

Browse All ISACA Events 


Stay in the Heart of the Conference Action

The Omni Nashville
250 5th Avenue South
Nashville, TN 37203

See the Venue tab for details.



Follow @ISACANews and join the GRC conversation by using the hashtag #GRCConf.
Like ISACA on Facebook to stay informed.
Join the ISACA (Official) LinkedIn group and start a discussion about GRC today.
Follow @ISACANews on Instagram to see behind the scenes photos of the conference.

Thank you to our 2018 sponsors!







Thomson Reuters



2018 Conference Program

Educational Tracks

Pre-Conference Workshops

General Session Speakers

Paul SobelPaul Sobel, CIA, QIAL, CRMA
Vice President and Chief Risk Officer
Georgia-Pacific, LLC



Rob ClydeRob Clyde, CISM
ISACA Board Chair
Executive Chair, White Cloud Security and Board Director, Titus




Opening Keynote Address

Luke WilliamsLuke Williams
Professor of Marketing at NYU Stern School of Business;
Founder and Executive Director
of the W.R. Berkley Innovation Labs




Closing Keynote Address

Terry GrafenstineTerry Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA
ISACA Board Chair, 2017-2018
Managing Director, Deloitte & Touche LLP



Sunday, August 12


8:30AM – 5:00PM

Workshop 1: COBIT NIST Cybersecurity Framework
Workshop 2: Auditing Technology Disruptors

Monday, August 13


7:30AM – 6:30PM

Exhibit Hall

7:45AM – 8:05AM

Innovation Session 1: You Can’t Manage Risk If You Can’t See It: SAP Solutions for Cybersecurity and GRC

8:30AM – 9:45AM

Opening Keynote: Disruptive Thinking: How to Prepare for What's Coming Next

9:45AM – 10:15AM

Luke Williams’ book signing – Disrupt: Think the Unthinkable to Spark Transformation in Your Business, 2nd Edition

9:50AM – 10:15AM

Innovation Session 2: Presenting to the Board: The Why, How, and What of Effective Risk Reports

10:15AM – 11:15AM

CS 1-1: Auditing Identity Access Management
CS 1-2: How to Design and Implement an Adaptive IT Compliance Function
CS 1-3: Building Your Brand and Exceeding Stakeholder Expectations
CS 1-4: Building and Maintaining a Sustainable ERM Framework, Part 1

11:30AM – 12:30PM

CS 2-1: Cybersecurity Is Not an IT Problem: Creating a Resilient Security Culture Through Human Intervention
CS 2-2: Does Auditing Governance Mean Auditing Culture?
CS 2-3: Leading With Emotional Intelligence
CS 2-4: Building and Maintaining a Sustainable ERM Framework, Part 2

1:45PM – 2:45PM

CS 3-1: Preventing the Next Digital Black Swan: The Auditor, The CISO, and The C-Suite
CS 3-2: Auditing Third-Party Business Partners for Fraud and Corruption Across the Globe
CS 3-3: The War on Talent: Attracting, Developing, and Retaining Top Talent
CS 3-4: Intelligent Information Management: The Created Risk, Part 1

3:00PM – 4:00PM

CS 4-1: For Whom The Web Trolls: Social Media Risk in Your Organization
CS 4-2: Digital Transformation: Is Internal Audit Ready?
CS 4-3: Using Diversity as a Strategic Advantage
CS 4-4: Intelligent Information Management: The Created Risk, Part 2

4:05PM – 4:25PM

Innovation Session 3: Real-time Governance Over 3rd Party Cyber-risk

4:30PM – 5:30PM

CS 5-1: Auditing Mobile Device Management
CS 5-2: Using Data to Perform Corporate Risk Assessments
CS 5-3: Unlocking Team Collaboration
CS 5-4: Auditing the Cloud: A Practical Approach, Part 1

5:30PM – 6:30PM

Welcome Reception in the Exhibit Hall

Tuesday, August 14


7:30AM – 4:30PM

Exhibit Hall

7:45AM – 8:05AM

Innovation Session 4: Building the Foundation for the Next Generation of Audit Management

8:30AM – 9:45AM

General Session 1: COSO ERM: Integrating With Strategy and Performance

9:45AM – 10:15AM

Paul J. Sobel’s Book Signing – Managing Risk in Uncertain Times: Leveraging COSO’s New ERM Framework

9:50AM – 10:10AM

Innovation Session 5: How to Tackle the GDPR: A Typical Privacy & Security Roadmap

10:15AM – 11:15AM

CS 6-1: No Silver Bullets: Cybersecurity in the Cognitive Era
CS 6-2: Breaking Down the Walls: ERM at the U.S. Marshals Service
CS 6-3: Evaluating the Ethical Risks of AI Implementation for Your Organization
CS 6-4: Auditing the Cloud: A Practical Approach, Part 2

11:30AM – 12:30PM

CS 7-1: Increase the Trust in Internet of Things (IoT) Through Auditing
CS 7-2: Business Interruption Study Recommendations: Redundant Capacity vs. Resilience
CS 7-3: The Psychology of Successful Internal Auditing: Navigating Stakeholder Relationships for Optimal Business and Career Results
CS 7-4: Privacy Deep Dive: Regulations, and How Privacy by Design Means Privacy by Default, Part 1

1:45PM – 2:45PM

CS 8-1: Measuring and Improving Your Security Effectiveness
CS 8-2: Meet Multiple Regulatory Requirements and Utilize Best Practices More Effectively and Efficiently With a Common Control Framework
CS 8-3: Storytelling: Improving the Audit Process to Communicate Better
CS 8-4: Privacy Deep Dive: Regulations, and How Privacy by Design Means Privacy by Default, Part 2

3:00PM – 4:00PM

CS 9-1: Advancing IT Audit’s Capabilities to Conduct Cybersecurity Audits
CS 9-2: GDPR: The Deadline Has Passed — How Did You Do?
CS 9-3: Why Don't They Listen? You Aren't Persuading!
CS 9-4: Applying Lean Six Sigma to ERM, Part 1

4:05PM – 4:25PM

Innovation Session 6: The Risk Revolution: The Next Generation of GRC

4:30PM – 5:30PM

CS 10-1: Shedding Light on the Dark Web
CS 10-2: Agile and Compliance
CS 10-3: The Bridge of Integrity: Am I All In?
CS 10-4: Applying Lean Six Sigma to ERM, Part 2

Wednesday, August 15


7:30AM – 10:15AM

Exhibit Hall

8:30AM – 9:45AM

General Session 2: Governance in These Digitally Shifting Times

9:50AM – 10:10AM

Innovation Session 7: Ensuring Continuous Compliance

10:15AM – 11:30AM

Closing Keynote: Governance in the Age of Cyber


Continuing Professional Education Credits

To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 25.5 CPE credits; 18 by attending the main GRC 2018 Conference and an additional 7.5 CPE credits for attending one of the pre-conference workshops. ISACA conferences are Group Live and do not require any advanced preparation.

ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site:

Please note that the session scanners at the Conference do not track CPE credit hours. You will still need to allocate your CPE hours in “My ISACA” following the conference. Certificates of Attendance will be accessible via your MyISACA account. To view your certificate, log into your account and navigate to the “myDOWNLOADS & CERTIFICATES” tab. There you will find a “MY CPE CERTIFICATES” section where all of your ISACA event CPE Certificates will live.

Your Certificate of Attendance details the maximum number of CPE hours you could have earned by attending this event. CPE policies for each ISACA certification, as well as details on how to report your CPE hours, are available here on ISACA’s website. Reporting can also be done by submitting information on the annual renewal invoice.

Conference Registration Fees

As the program is developed, we will continue to add information to this page – check back frequently for updates!

Registration and Payment Policy

Registration submissions for this conference and any additional workshops are not processed, and a seat is not confirmed or reserved, until full payment is received. All submissions not paid in full will be placed on a waitlist and priority will be given to paid registrants in a payment first-come, first-serve basis. Space is limited, so it is highly recommended that payment is provided at the time of submission to guarantee a seat within the conference and all related events.

It may take 10 or more business days for a wire transfer or mailed check to reach ISACA, so please plan accordingly. Should we receive payment after a registration rate deadline, your account will be adjusted to reflect the current due amount. Entrance to the conference and all related events is contingent upon full payment.

Cancellation Policy

All cancellations must be received by the published deadline to receive a refund of registration fees. A cancellation charge of US $295 will be subtracted from conference refunds, and US $50 per workshop from workshop refunds. No refunds can be given after the cancellation deadline date specified. Attendee substitution is permitted at any time until the conference.

NOTE: Registration is contingent upon full payment of the registration fee. To guarantee registration, conference fees must be received by the published deadline. It may take 10 or more business days for a wire transfer or mailed check to reach ISACA, so please plan accordingly. If, for any reason, ISACA must cancel a course or event, liability is limited solely to the registration fees paid. ISACA is not responsible for other expenses incurred, including travel and accommodation fees. For more information regarding administrative policies, please contact the ISACA conference department.
Phone: +1.847.660.5505
Fax: +1.847.253.1443

Payment Methods

  1. Pay online at
  2. Mail your payment to:
    1055 Paysphere Circle
    Chicago, IL 60674 USA
  3. Bank Wires—send electronic payments in US dollars to: Bank of America
    135 S. LaSalle St.
    Chicago, IL 60603
    ABA #0260-0959-3
    ISACA Account #22-71578
    S.W.I.F.T. code BOFAUS3N
    * Please include attendees name on the Advice of Transfer.


Obtaining a VISA is solely the responsibility of the registrant. Please contact the local government of the host country for details. Once a paid registration is received, a letter of invitation can be provided on request. Please contact ISACA’s Customer Experience team at +1.847.660.5505 or


ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparation and delivery of presentations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.

Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Not a member of ISACA? Join today!

For more information about ISACA membership, visit the web site at or contact the membership department at

Permission to be Photographed

By attending this event, the registrant grants permission to be photographed and videotaped during the event. The resultant photographs and videos may be used by ISACA for future promotion of ISACA’s educational events on ISACA’s web site, in social media and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs and videos will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs or videos now or in the future.


Business casual is appropriate for this and all ISACA conference events.


Nashville Skyline

2018 Venue and Accommodations

The Omni Nashville

250 5th Avenue South
Nashville, TN 37203
Phone: 1.615.782.5300

All conference events will take place at The Omni Nashville hotel unless explicitly stated otherwise.


Extend your stay to check out the top 10 things you can ONLY do in Nashville!

Top 10 Things to do in Nashville >>




Thank you to our 2018 sponsors! 




RSA Business-Driven Security™ solutions help customers comprehensively and rapidly link security incidents with business context, enabling them to respond effectively and protect what matters most. Our award-winning solutions for threat detection and response, identity and access assurance, consumer fraud protection, and business risk management help RSA customers thrive in an uncertain, high-risk world.



SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their ecosystems through continuous, non-intrusive monitoring. The company’s approach to security focuses on identifying vulnerabilities from an outside-in perspective, the same way a hacker would. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Web, Application Security, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Credentials, DNS Health, Endpoint Security, IP Reputation and Cubit Score. To receive an email with your company’s current score, please visit





As the market leader in enterprise application software, SAP is at the center of today’s business and technology revolution. SAP helps you streamline your processes, giving you the ability to use real-time data to predict customer trends across your entire business. SAP is committed to helping every customer become a best-run business.





LogicManager believes performance is a result of effective risk management. Since 2005, LogicManager's enterprise risk management (ERM) software has empowered organizations to uphold their reputation, anticipate what's ahead, and improve business performance through strong governance.

Today, LogicManager’s SaaS software and included advisory service helps businesses integrate risk, governance, and compliance activities so they can anticipate what’s ahead and protect their employees, customers, and shareholders.

LogicManager was named 2017 GRC Company of the Year by Quadrant Knowledge Solutions, was awarded GRC 20/20’s GRC Value Award in Risk Management, and has been recognized by Forrester Research with a perfect 5.0 in Customer Feedback. With offices in the United States and Europe, LogicManager enables companies around the globe to achieve success.



OneTrust is a global leader in enterprise privacy management software used by more than 1,500 organisations to comply with data privacy regulations across jurisdictions, including the EU GDPR.

Powered by deep privacy research, our comprehensive and integrated platform includes readiness assessments, privacy impact assessments (PIA/DPIA), data mapping automation, website scanning and cookie compliance, subject rights and consent management, incident reporting, and vendor risk management.

OneTrust is co-headquartered in London, UK and Atlanta, GA with a global team of privacy and technology experts. OneTrust is backed by the founders of Manhattan Associates (NASDAQ: MANH) and AirWatch ($1.54B acq by VMware).



Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.


Thomson Reuters

Thomson Reuters Audit Management, a solution on the Connected Risk platform, provides the nimble approach required to serve business leaders, operational management, audit committees, and regulators. With Audit Management you can access the impact of business disruptions, capitalize on change and help business partners through strategic decisions - operating as a trusted advisor.



Contributing Sponsors

NAVEX Global






Supporting Sponsors




Cask, LLC

Center for Internet Security, Inc.


Focal Point Data Risk, LLC

Grant Thornton LLP



Nasdaq Bwise

Onspring Technologies

Pentana Audit

ProBank Austin





Salty Cloud


Society of Corporate Compliance & Ethics

Winterhawk Consulting

Wolters Kluwer - TeamMate



Innovation Sessions

IN1: You Can’t Manage Risk If You Can’t See It: SAP Solutions for Cybersecurity and GRC | Sponsored by SAP
Monday, August 13 | 7:45AM – 8:05AM

IN2: Presenting to the Board: The Why, How, and What of Effective Risk Reports | Sponsored by LogicManager, Inc.
Monday, August 13 | 9:50AM – 10:10AM

IN3: Real-time Governance Over 3rd Party Cyber-risk | Sponsored by SecurityScorecard
Monday, August 13 | 4:05PM – 4:25PM

IN4: Building the Foundation for the Next Generation of Audit Management | Sponsored by Thomson Reuters Risk Management
Tuesday, August 14 | 7:45AM – 8:05AM

IN5: How to Tackle the GDPR: A Typical Privacy & Security Roadmap | Sponsored by OneTrust
Tuesday, August 14 | 9:50AM – 10:10AM

IN6: The Risk Revolution: The Next Generation of GRC | Sponsored by RSA
Tuesday, August 14 | 4:05PM – 4:25PM

IN7: Ensuring Continuous Compliance | Sponsored by Qualys
Wednesday, August 15 | 9:50AM – 10:10AM


For Exhibitor and Sponsorship Opportunities

Please contact: 

Sean Stringer
Director, Sponsorship
Phone: +1.847.660.5729
Fax: +1.847.253.1443

2018 GRC Has Reached Full Capacity

Thank you for your interest in attending 2018 GRC. The conference has now reached full capacity. Please provide us with your name and email address and we will contact you if space becomes available.




Contact ISACA's Customer Experience Team:
Tel: +1.847.660.5670
Fax: +1.847.253.1443
Click here to submit a question.

Media Inquiries

Contact the ISACA Communications Department:
Tel: +1.847.660.5512 or

Please address Sponsorship questions to: