Governance Risk and Control Conference 


GRC 2018 Brochure



Thank you for attending the 2018 GRC Conference in Nashville, TN. We look forward to seeing you next year 12-14 August 2019 in Hollywood, FL. Please check back for future updates.



Countdown to



Earn up to 18 CPE hours by attending this conference.

Browse All ISACA Events 


Follow @ISACANews and join the GRC conversation by using the hashtag #GRCConf.
Like ISACA on Facebook to stay informed.
Join the ISACA (Official) LinkedIn group and start a discussion about GRC today.
Follow @ISACANews on Instagram to see behind the scenes photos of the conference.

Thank you to our 2018 sponsors!







Thomson Reuters



2018 Conference Program

Educational Tracks

Pre-Conference Workshops

General Session Speakers

Paul SobelPaul Sobel, CIA, QIAL, CRMA
Vice President and Chief Risk Officer
Georgia-Pacific, LLC



Rob ClydeRob Clyde, CISM
ISACA Board Chair
Executive Chair, White Cloud Security and Board Director, Titus




Opening Keynote Address

Luke WilliamsLuke Williams
Professor of Marketing at NYU Stern School of Business;
Founder and Executive Director
of the W.R. Berkley Innovation Labs




Closing Keynote Address

Terry GrafenstineTerry Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA
ISACA Board Chair, 2017-2018
Managing Director, Deloitte & Touche LLP



Sunday, August 12


8:30AM – 5:00PM

Workshop 1: COBIT NIST Cybersecurity Framework
Workshop 2: Auditing Technology Disruptors

Monday, August 13


7:30AM – 6:30PM

Exhibit Hall

7:45AM – 8:05AM

Innovation Session 1: You Can’t Manage Risk If You Can’t See It: SAP Solutions for Cybersecurity and GRC

8:30AM – 9:45AM

Opening Keynote: Disruptive Thinking: How to Prepare for What's Coming Next

9:45AM – 10:15AM

Luke Williams’ book signing – Disrupt: Think the Unthinkable to Spark Transformation in Your Business, 2nd Edition

9:50AM – 10:15AM

Innovation Session 2: Presenting to the Board: The Why, How, and What of Effective Risk Reports

10:15AM – 11:15AM

CS 1-1: Auditing Identity Access Management
CS 1-2: How to Design and Implement an Adaptive IT Compliance Function
CS 1-3: Building Your Brand and Exceeding Stakeholder Expectations
CS 1-4: Building and Maintaining a Sustainable ERM Framework, Part 1

11:30AM – 12:30PM

CS 2-1: Cybersecurity Is Not an IT Problem: Creating a Resilient Security Culture Through Human Intervention
CS 2-2: Does Auditing Governance Mean Auditing Culture?
CS 2-3: Leading With Emotional Intelligence
CS 2-4: Building and Maintaining a Sustainable ERM Framework, Part 2

1:45PM – 2:45PM

CS 3-1: Preventing the Next Digital Black Swan: The Auditor, The CISO, and The C-Suite
CS 3-2: Auditing Third-Party Business Partners for Fraud and Corruption Across the Globe
CS 3-3: The War on Talent: Attracting, Developing, and Retaining Top Talent
CS 3-4: Intelligent Information Management: The Created Risk, Part 1

3:00PM – 4:00PM

CS 4-1: For Whom The Web Trolls: Social Media Risk in Your Organization
CS 4-2: Digital Transformation: Is Internal Audit Ready?
CS 4-3: Using Diversity as a Strategic Advantage
CS 4-4: Intelligent Information Management: The Created Risk, Part 2

4:05PM – 4:25PM

Innovation Session 3: Real-time Governance Over 3rd Party Cyber-risk

4:30PM – 5:30PM

CS 5-1: Auditing Mobile Device Management
CS 5-2: Using Data to Perform Corporate Risk Assessments
CS 5-3: Unlocking Team Collaboration
CS 5-4: Auditing the Cloud: A Practical Approach, Part 1

5:30PM – 6:30PM

Welcome Reception in the Exhibit Hall

Tuesday, August 14


7:30AM – 4:30PM

Exhibit Hall

7:45AM – 8:05AM

Innovation Session 4: Building the Foundation for the Next Generation of Audit Management

8:30AM – 9:45AM

General Session 1: COSO ERM: Integrating With Strategy and Performance

9:45AM – 10:15AM

Paul J. Sobel’s Book Signing – Managing Risk in Uncertain Times: Leveraging COSO’s New ERM Framework

9:50AM – 10:10AM

Innovation Session 5: How to Tackle the GDPR: A Typical Privacy & Security Roadmap

10:15AM – 11:15AM

CS 6-1: No Silver Bullets: Cybersecurity in the Cognitive Era
CS 6-2: Breaking Down the Walls: ERM at the U.S. Marshals Service
CS 6-3: Evaluating the Ethical Risks of AI Implementation for Your Organization
CS 6-4: Auditing the Cloud: A Practical Approach, Part 2

11:30AM – 12:30PM

CS 7-1: Increase the Trust in Internet of Things (IoT) Through Auditing
CS 7-2: Business Interruption Study Recommendations: Redundant Capacity vs. Resilience
CS 7-3: The Psychology of Successful Internal Auditing: Navigating Stakeholder Relationships for Optimal Business and Career Results
CS 7-4: Privacy Deep Dive: Regulations, and How Privacy by Design Means Privacy by Default, Part 1

1:45PM – 2:45PM

CS 8-1: Measuring and Improving Your Security Effectiveness
CS 8-2: Meet Multiple Regulatory Requirements and Utilize Best Practices More Effectively and Efficiently With a Common Control Framework
CS 8-3: Storytelling: Improving the Audit Process to Communicate Better
CS 8-4: Privacy Deep Dive: Regulations, and How Privacy by Design Means Privacy by Default, Part 2

3:00PM – 4:00PM

CS 9-1: Advancing IT Audit’s Capabilities to Conduct Cybersecurity Audits
CS 9-2: GDPR: The Deadline Has Passed — How Did You Do?
CS 9-3: Why Don't They Listen? You Aren't Persuading!
CS 9-4: Applying Lean Six Sigma to ERM, Part 1

4:05PM – 4:25PM

Innovation Session 6: The Risk Revolution: The Next Generation of GRC

4:30PM – 5:30PM

CS 10-1: Shedding Light on the Dark Web
CS 10-2: Agile and Compliance
CS 10-3: The Bridge of Integrity: Am I All In?
CS 10-4: Applying Lean Six Sigma to ERM, Part 2

Wednesday, August 15


7:30AM – 10:15AM

Exhibit Hall

8:30AM – 9:45AM

General Session 2: Governance in These Digitally Shifting Times

9:50AM – 10:10AM

Innovation Session 7: Ensuring Continuous Compliance

10:15AM – 11:30AM

Closing Keynote: Governance in the Age of Cyber


Conference Registration Fees

As the program is developed, we will continue to add information to this page – check back frequently for updates!


ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparation and delivery of presentations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.

Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Not a member of ISACA? Join today!

For more information about ISACA membership, visit the web site at or contact the membership department at

Consent Language for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes

I agree irrevocably and free of charge that ISACA or any third party who is acting on ISACA’s behalf may create images, videos and/or sound recordings of me (“works”) at the event for marketing purposes. For these purposes, the granting of rights in the works also includes the rights to adapt, reproduce, distribute, perform, making available to the public, broadcast, retransmit or sublicense the works to ISACA’s affiliates. The granting of rights in the works also includes all current and future media, goes beyond the repetition of an event and is not restricted to time or territory. View ISACA’s Privacy Notice >>


Business casual is appropriate for this and all ISACA conference events.


The Diplomat Beach Resort Hollywood

See you next year at…

2019 Venue and Accommodations

The Diplomat Beach Resort Hollywood
3555 South Ocean Drive
Hollywood, FL 33019

Thank you to our 2018 sponsors! 




RSA Business-Driven Security™ solutions help customers comprehensively and rapidly link security incidents with business context, enabling them to respond effectively and protect what matters most. Our award-winning solutions for threat detection and response, identity and access assurance, consumer fraud protection, and business risk management help RSA customers thrive in an uncertain, high-risk world.



SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their ecosystems through continuous, non-intrusive monitoring. The company’s approach to security focuses on identifying vulnerabilities from an outside-in perspective, the same way a hacker would. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Web, Application Security, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Credentials, DNS Health, Endpoint Security, IP Reputation and Cubit Score. To receive an email with your company’s current score, please visit





As the market leader in enterprise application software, SAP is at the center of today’s business and technology revolution. SAP helps you streamline your processes, giving you the ability to use real-time data to predict customer trends across your entire business. SAP is committed to helping every customer become a best-run business.





LogicManager believes performance is a result of effective risk management. Since 2005, LogicManager's enterprise risk management (ERM) software has empowered organizations to uphold their reputation, anticipate what's ahead, and improve business performance through strong governance.

Today, LogicManager’s SaaS software and included advisory service helps businesses integrate risk, governance, and compliance activities so they can anticipate what’s ahead and protect their employees, customers, and shareholders.

LogicManager was named 2017 GRC Company of the Year by Quadrant Knowledge Solutions, was awarded GRC 20/20’s GRC Value Award in Risk Management, and has been recognized by Forrester Research with a perfect 5.0 in Customer Feedback. With offices in the United States and Europe, LogicManager enables companies around the globe to achieve success.



OneTrust is a global leader in enterprise privacy management software used by more than 1,500 organisations to comply with data privacy regulations across jurisdictions, including the EU GDPR.

Powered by deep privacy research, our comprehensive and integrated platform includes readiness assessments, privacy impact assessments (PIA/DPIA), data mapping automation, website scanning and cookie compliance, subject rights and consent management, incident reporting, and vendor risk management.

OneTrust is co-headquartered in London, UK and Atlanta, GA with a global team of privacy and technology experts. OneTrust is backed by the founders of Manhattan Associates (NASDAQ: MANH) and AirWatch ($1.54B acq by VMware).



Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.


Thomson Reuters

Thomson Reuters Audit Management, a solution on the Connected Risk platform, provides the nimble approach required to serve business leaders, operational management, audit committees, and regulators. With Audit Management you can access the impact of business disruptions, capitalize on change and help business partners through strategic decisions - operating as a trusted advisor.



Contributing Sponsors

NAVEX Global






Supporting Sponsors




Cask, LLC

Center for Internet Security, Inc.


Focal Point Data Risk, LLC

Grant Thornton LLP



Nasdaq Bwise

Onspring Technologies

Pentana Audit

ProBank Austin





Salty Cloud


Society of Corporate Compliance & Ethics

Winterhawk Consulting

Wolters Kluwer - TeamMate



Innovation Sessions

IN1: You Can’t Manage Risk If You Can’t See It: SAP Solutions for Cybersecurity and GRC | Sponsored by SAP
Monday, August 13 | 7:45AM – 8:05AM

IN2: Presenting to the Board: The Why, How, and What of Effective Risk Reports | Sponsored by LogicManager, Inc.
Monday, August 13 | 9:50AM – 10:10AM

IN3: Real-time Governance Over 3rd Party Cyber-risk | Sponsored by SecurityScorecard
Monday, August 13 | 4:05PM – 4:25PM

IN4: Building the Foundation for the Next Generation of Audit Management | Sponsored by Thomson Reuters Risk Management
Tuesday, August 14 | 7:45AM – 8:05AM

IN5: How to Tackle the GDPR: A Typical Privacy & Security Roadmap | Sponsored by OneTrust
Tuesday, August 14 | 9:50AM – 10:10AM

IN6: The Risk Revolution: The Next Generation of GRC | Sponsored by RSA
Tuesday, August 14 | 4:05PM – 4:25PM

IN7: Ensuring Continuous Compliance | Sponsored by Qualys
Wednesday, August 15 | 9:50AM – 10:10AM


For Exhibitor and Sponsorship Opportunities

Please contact: 

Sean Stringer
Director, Sponsorship
Phone: +1.847.660.5729
Fax: +1.847.253.1443

Please check back soon for more information on registration for the 2019 GRC Conference.




Contact ISACA's Customer Experience Team:
Tel: +1.847.660.5670
Fax: +1.847.253.1443
Click here to submit a question.

Media Inquiries

Contact the ISACA Communications Department:
Tel: +1.847.660.5512 or

Please address Sponsorship questions to: