Governance Risk and Control Conference 


Invitation Video

GRC Invitation Video Watch Now >>



2018 Governance, Risk and Control Conference
Aug. 13-15, 2018 | Omni Hotel | Nashville, TN

ISACA and The IIA are pleased to once again collaborate to bring you the 2018 Governance, Risk, and Control (GRC) Conference. Please continue to check back, as additional information is forthcoming!

Join more than 600 governance, risk, and control professionals from 40+ countries at the event that draws together the best and brightest minds to embrace challenges, forge solutions, and define the future of global GRC.

2017 GRC Conference at a Glance

More than 660 attendees gathered at the Gaylord Texan in Dallas-Ft. Worth for the 2017 Governance, Risk, and Control Conference™ (GRC™). This immersive event was another successful IIA and ISACA partnership result that provided internal audit and IT risk professionals with specialized developmental and networking opportunities not found anywhere else.

This year’s opening keynote session — The Cyber Blacklist: Top Threats and Countermeasures for Data Security — was presented by John Sileo, CSP and CEO of The Sileo Group.

Additional keynote speakers included:

  • Larry Harrington, CIA, QIAL, CRMA, CPA, Vice President, Internal Audit, Raytheon Company — Internal Audit in a World of Change
  • Mark Thomas, CGEIT, CRISC, President, Escoute Consulting — Using Multiple Guidance Systems for the Governance of Enterprise IT
  • Dick Finnegan, CEO, C-Suite Analytics — Which Leadership Quality Matters Most... With Stakeholders and Employees

The 45 general and concurrent sessions proved to be beneficial to all attendees, offering greater exploration into the following educational tracks: Deep Dive Interactive Discussion, Privacy/Security in the Technology World, Integrated Auditing of GRC, and Attributes for Professional Improvement and Advancement. Sessions that received exceptionally high marks on participant surveys included: Data Analytics at Xerox: A Journey From Idea to Reality; Stop Fraud Before It Starts: New Guidance for Managing Fraud Risks; Hunting for Hackers: How to Turn the Tables on Attackers; and COSO's Revised ERM Framework: It's Final!

Always a highlight, the welcome reception on Wednesday evening was a great opportunity for delegates to network, forming lasting business relationships, sharing ideas, and learning about new products and services to enable them to do their jobs more efficiently. We thank our sponsors and exhibitors for enabling us to provide this unique opportunity to conference delegates.

The conference came to a close after two and a half days of learning, thoughtful discussions, and beneficial networking opportunities to discover “Where Governance and Risk Management Align for Impact.”

Countdown to




Earn up to 18 CPE hours by attending this conference.

Browse All ISACA Events 


Stay in the Heart of the Conference Action

Omni Hotel
250 5th Avenue S
Nashville, TN 37203

See the Venue tab for details.



Follow @ISACANews and join the GRC conversation by using the hashtag #GRCConf.
Like ISACA on Facebook to stay informed.
Join the ISACA (Official) LinkedIn group and start a discussion about GRC today.

Thank you to our 2017 sponsors!

Navex Global



2018 details to be announced soon. Please check back often.


2017 Conference Program

Educational Tracks

Pre-Conference Workshops

2017 Keynote Sessions

Larry HarringtonGeneral Session Keynote 1

Internal Audit in a World of Change

Larry Harrington, CIA, QIAL, CRMA
Vice President, Internal Audit of Raytheon Company

Change — self-driving vehicles, nano-technology, artificial intelligence, geopolitical changes, etc. — is impacting the world at an accelerating pace which impacts organizations, stakeholders, and internal auditors. Are we adapting? To be relevant and add value requires we audit at the speed of risk, and that means assessing risks in a world of change disrupters will become a new must-have competency.

In this session, participants will:

  • Discuss key disrupters of change affecting internal audit.
  • Identify what to audit and when in a world of change and disrupters.
  • Review competencies needed to adapt to change.
  • Explore strategies to retain those with the needed range of skills to conduct audits at the speed of risk.


General Session Keynote 2

Using Multiple Guidance Systems for the Governance of Enterprise IT

Mark Thomas, CGEIT, CRISC
President of Escoute Consulting

As an internationally known governance, risk, and compliance expert in the areas of Cybersecurity, IT Service Management, Assurance and Audit, and IT Controls, Mark’s background spans leadership roles from CIO to Management and IT Consulting in several Federal and State Agencies, Private Firms, and Fortune 500 Companies. With over 25 years of professional experience, Mark has led large IT teams, conducted information governance/risk activities for major initiatives, managed enterprise applications implementations, and implemented cybersecurity and governance processes across multiple industries. Additionally, Mark has forged a reputable competency as a consultative trainer and speaker receiving exemplary evaluations and earned the ISACA John Kuyers award for Best Speaker.

As GRC activities are increasingly integrated into enterprises, it is critical to ensure a healthy balance between performance and conformance. This session will discuss how it is crucial to use multiple GPS-like systems to effectively steer GRC activities and focus on creating value. Using multiple viewpoints can help improve decision-making and strengthen an enterprise.

In this session, participants will:

  • Recognize the importance of having multiple guidance systems to navigate GRC efforts in a holistic manner.
  • Learn how to leverage multiple perspectives and techniques in balancing performance and conformance when determining GRC priorities.
  • Gain insight into how to implement tactics and apply them to create value for your enterprise.

2017 Keynote Sessions

Introducing 2017 GRC keynote speaker John Sileo!

Opening Keynote Address

The Cyber Blacklist: Top Threats and Countermeasures for Data Security

John Sileo, CSP
CEO of The Sileo Group

John Sileo’s identity was stolen by a business insider and used to embezzle $300,000 from his clients. The exposure destroyed John’s company and consumed two precious years as he fought to stay out of jail. Combining real-world experience with years of study, John became an award-winning author, trusted advisor and leading speaker on managing privacy and reputation in an economy plagued
by digital overexposure.

John leverages his story of transforming risk into reward and the emotional connections it creates to evoke the skills of instinct, inquiry, and initiative that empower his clients to take control of their data exposure before it’s too late. John is the CEO of The Sileo Group, which advises clients on balancing risk, defending privacy and multiplying profits by building a culture of deep trust.

At the heart of most data theft is lax cybersecurity: a broad term that will cease to intimidate you after this presentation. This crash course forges a high-level, non-technical path through the sometimes confusing web of human decision making, computer security, mobile technology, internet connectivity, online privacy, and cloud computing and will leave you with an actionable list of steps to protect your sensitive data, mobile devices, social identity and, ultimately, your wealth and profitability.

In this session, participants will:

  • Learn techniques to overcome or at least deal with the fear of falling behind the digital curve.
  • Discuss why staying vigilant is key in helping you protect the data that underlies your organizational and personal wealth.
  • Hear a real-life case study on the long road to recovery from an unfortunate incident and how to transform risk into reward.

Dick Finnegan
Closing Keynote Address

Which Leadership Quality Matters Most With Stakeholders and Employees

Dick Finnegan
CEO of C-Suite Analytics

We usually hear leadership qualities in bunches with no established top one. Coaching? Career Development? Communication? Or might recognition come in first since we hear so much about it? There IS a clear leader: building trust. Think of it like this. Did your best-boss-ever build trust but your worst-boss-ever did not? And did your best boss have weaknesses you easily accepted? And might your worst boss have had strengths which were invisible to you? This pattern is clear: Once anyone in our lives crosses the boundary to trustworthiness, they can do little wrong. And the opposite is true once they cross the other way. Trust-breakers are hard to forgive.

These same trust-building skills apply to our stakeholders, too, as small-but-strong indicators go a long way to believing in our competence and integrity. And those two words — competence and integrity — are (or should be) in the first sentence of any auditor job description. Leaders who build trust excel at our two most important goals: create respected relationships with stakeholders and produce more work from their teams.

In this session, participants will:

  • Understand why trust is the key leadership attribute in building relationships.
  • Review which trust skills matter most to your stakeholders.
  • Discuss strategies to build and implement these skills.
  • Evaluate the value of trust to your company.



Tuesday, Aug. 15 2017


8:00AM – 8:30AM

Workshop Registration

8:30AM – 5:00PM

Workshop 1: COBIT NIST Cybersecurity Framework SOLD OUT!
Workshop 2: ERM Can Now Work! Putting the Updated COSO ERM Framework and ISO 31,000 Standards Into Practice

4:00PM – 6:00PM

Conference Registration and Customer Relations

Wednesday, Aug. 16 2017


7:00AM – 5:00PM

Conference Registration and Customer Relations

7:00AM – 8:30AM

Continental Breakfast and Networking

8:30AM – 9:45AM

Opening Keynote: The Cyber Blacklist: Top Threats and Countermeasures for Data Security

9:45AM – 10:15AM

Networking Break

10:15AM – 11:15AM

CS 1-1: The Need for Change Enablement in Adopting Governance and Management Practices
CS 1-2: NIST Cybersecurity Framework Assessment
CS 1-3: How Risk Culture Affects Compliance and Internal Controls
CS 1-4: Data Analytics at Xerox: A Journey From Idea to Reality

11:15AM – 11:30AM

Session Change

11:30AM – 12:30PM

CS 2-1: Chutes and Ladders of Internal Audit - How to Rise and Fall Due to Meeting or Failing to Meet Stakeholder Expectations
CS 2-2: Auditing the Cloud Environment: An Introduction
CS 2-3: GRC IQ: How Intelligent Is Your ERP Environment?
CS 2-4: Measuring Effectiveness of a Risk-focused Third-party Risk Management Program

12:30PM – 1:30PM

Lunch followed by dessert in the Exhibit Hall

1:30PM – 2:30PM

CS 3-1: Establishing and Maintaining an Effective Internal Audit Quality Assurance and Improvement Program: Tips, Tricks, and Tools
CS 3-2: A Real-life Practical Internal Audit Approach to Cyber Security
CS 3-3: Best Practices for Proactive IT Governance
CS 3-4: Auditing the Cloud Environment: Advanced

2:30PM – 2:45PM

Session Change

2:45PM – 3:45PM

CS 4-1: Critical Thinking for Results
CS 4-2: Hunting for Hackers: How to Turn the Tables on Attackers
CS 4-3: Integrated Audits for Business Processes
CS 4-4: Implementing ERM in a Small to Medium Enterprise

3:45PM – 4:05PM

Networking Break

4:05PM – 5:05PM

CS 5-1: Voice of the Customer: Stakeholders Messages From the CBOK Global Internal Audit Study
CS 5-2: Operationalizing Cybersecurity with Risk-based Governance
CS 5-3: Stop Fraud Before It Starts: New Guidance for Managing Fraud Risks
CS 5-4: How Vanguard's Fund Process Excellence Team Is Building an Effective Controls Culture

5:15PM – 6:30PM

Welcome Reception in the Exhibit Hall

Thursday, Aug. 17 2017


7:30AM – 5:00PM

Conference Registration and Customer Relations

7:30AM – 8:30AM

Continental Breakfast and Networking

8:30AM – 9:45AM

GS 1: Internal Audit in a World of Change

9:45AM – 10:10AM

Networking Break

10:10AM – 11:10AM

CS 6-1: External Quality Assessments: The Benefits of and Leading Practices to Exceed Stakeholder Expectations
CS 6-2: Cloud Computing Controls: Managing Risk
CS 6-3: COSO's Revised ERM Framework: It's Final!
CS 6-4: Change Management Best Practices for ERP Systems: A Case Study From Audits of Oracle E-Business Suite Installations

11:10AM – 11:25AM

Session Change

11:25AM – 12:25PM

CS 7-1: Adding Value by Managing the Perception Gap
CS 7-2: Auditing Network Security
CS 7-3: Collaborative Risk Management: Audit and the 2nd Line of Defense
CS 7-4: FCPA: Are You Risk Focused and Audit Ready?

12:25PM – 1:25PM

Lunch followed by dessert in the Exhibit Hall

1:25PM – 2:25PM

CS 8-1: Activate Your Internal Auditing Awesomeness™
CS 8-2: Cyber Resilience Framework for the 21st Century Executive
CS 8-3: Auditing Business Continuity
CS 8-4: When Life Gives You Lemons: Five Ways to Turn GRC Struggles Into Success

2:25PM – 2:40PM

Session Change

2:40PM – 3:40PM

CS 9-1: Why Emotional Intelligence and Critical Thinking Skills Are Essential
CS 9-2: Ransomware in the Enterprise
CS 9-3: The Transformational Internal Auditor: Improving Compliance by Improving Process
CS 9-4: Utilize the STAR Model in Auditing Governance

3:40PM – 4:00PM

Networking Break

4:00PM – 5:00PM

CS 10-1: Getting the Boss to Listen to You: Becoming a Trusted Strategic Advisor
CS 10-2: Post-merger Cyber Considerations
CS 10-3: Outsourcing: Who Is Responsible for the Risk?
CS 10-4: Diamond in the Rough: Maximizing Synergies of Global Governance and Investigation

Friday, Aug. 18 2017


7:30AM – 11:30AM

Conference Registration and Customer Relations

7:30AM – 8:30AM

Continental Breakfast and Networking

8:30AM – 9:45AM

GS 2: Using Multiple Guidance Systems for the Governance of Enterprise IT

9:45AM – 10:15AM

Networking Break

10:15AM – 11:30AM

Closing Keynote: Which Leadership Quality Matters Most With Stakeholders and Employees


Continuing Professional Education Credits

When you attend this conference, you are eligible for up to 18 continuing professional education (CPE) credits. Additional CPE credits are available by attending available pre-conference sessions. The number of credits you receive is contingent on the number of sessions you attend. Attendance will be tracked via session scanners at the door. The IIA’s educational programs are acceptable for fulfilling CPE requirements. The IIA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website at

Your CPE certificate will be e-mailed to you four to six weeks post-conference.

To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. ISACA conferences are Group Live and do not require any advanced preparation.

2018 Conference Registration Fees

Pricing to be announced shortly. Please check back soon.

Your registration includes:

  • All general and concurrent sessions.
  • Welcome networking reception on Wednesday night.
  • Continental breakfast daily.
  • Lunch on Wednesday and Thursday.
  • Conference app with presentations uploaded (when available from speaker).


Obtaining a VISA is solely the responsibility of the registrant. Please contact the local government of the host country for details. Once a paid registration is received, a letter of invitation will be provided, on request. Please contact The IIA Customer Relations team at +1.407.937.1111 or

Terms and Conditions

ISACA is pleased to co-host this event with The IIA. Please see The IIA’s Registration Terms and Conditions for information regarding the event and The IIA’s privacy policy for details on how The IIA stores and uses personal information that is collected by or provided them.

Cancellation Policy

Cancellations must be made in writing and may be emailed to at least four (4) weeks before the event start date to receive a full refund. Cancellation notifications submitted via social media are not acceptable. A per-person cancellation fee of US $495 is assessed for cancellations received from four (4) to two (2) weeks before the event start date. No refunds will be given for cancellations received two (2) weeks or less before the start of the event. You may substitute another individual for the same event date and location without incurring the cancellation fee.

Permission to be Photographed

By attending this event, the registrant grants permission to be photographed and videotaped during the event. The resultant photographs and videos may be used by ISACA for future promotion of ISACA’s educational events on ISACA’s web site, in social media and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs and videos will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs or videos now or in the future.


2018 Venue and Accommodations

Omni Hotel
250 5th Avenue S
Nashville, TN 37203


Thank you to our 2017 sponsors! 


  Welcome Reception

  Lunch Sponsor

  Lanyard Sponsor


  Exhibit Hall Passport



Navex Global




  Media Partners

CIO Applications

CIO Applications is a new generation print magazine focusing on the applications of technology in medium to large enterprises. We focus on the ways in which businesses are leveraging technology to efficiently run their operations, offer new products, and services to their customers and how they maximize their return on investments on their technology spend. Published from the hub of technology, Silicon Valley, we bring to our subscribers collective expertise, experiences and insights of thousands of business oriented senior technologists working in all industry verticals in the U.S. This knowledge base from industry insiders is augmented by our experienced and strong research team to keep our subscribers up to date on how established and new technologies can be leveraged to provide an engine for growth for their businesses.




2020 Control


Archon Meridian



Center for Internet Security



Compliance Week


Focal Point Data Risk

Grant Thornton


Logic Manager

Lynx Technology Partners

Morgan Kai Group

Nasdaq BWise

Navex Global


Pathmaker Group











Security Weaver





For Exhibitor and Sponsorship Opportunities

Please contact: 

Sean Stringer
Director of Sponsorship
Phone: +1.847.660.5729
Fax: +1.847.253.1443




Contact ISACA's Learning Solutions Department:
Tel: +1.847.660.5670
Fax: +1.847.253.1443
Click here to submit a question.

Media Inquiries

Contact the ISACA Communications Department:
Tel: +1.847.660.5512 or

Please address Sponsorship questions to: