GOVERNANCE, RISK & COMPLIANCE SUMMIT
INTRODUCTION
GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity. GRC as an acronym denotes governance, risk, and compliance and is a shorthand reference to the critical capabilities that must work together to achieve Principled Performance, i.e the capabilities that integrate the governance, management and assurance of performance, risk, and compliance activities. This includes the work done by departments like internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite, and the board itself.
A Governance, Risk and Compliance Framework is viewed as an integrated collection of all capabilities necessary to support Principled Performance. The intention of this framework is not to burden the business but to support and improve it. Organizations must address today’s challenging business climate. Even small businesses, nonprofits, and government agencies are facing issues that only large companies had to face in the past,
Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the board of directors that are reflected in the organization’s structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty. Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company’s policies, procedures, etc.)
GRC is a discipline that aims to synchronize information and activity across governance, and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps. Although interpreted differently in various organizations, GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.
Organizations reach a size where coordinated control over GRC activities is required to operate effectively. Each of these three disciplines creates information of value to the other two, and all three impact the same technologies, people, processes, and information.
Substantial duplication of tasks evolves when governance, risk management and compliance are managed independently. Overlapping and duplicated GRC activities negatively impacts both operational costs and GRC matrices. For example, each internal service might be audited and assessed by multiple groups on an annual basis, creating enormous cost and disconnected results. A disconnected GRC approach will also prevent an organization from providing real-time monitoring executive reports. GRC supposes that this approach, like a badly planned transport system, every individual route will operate, but the network will lack the qualities that allow them to work together effectively.
If not integrated, if tackled in a traditional “silo” approach, most organizations must sustain unmanageable numbers of GRC-related requirements due to changes in technology, increasing data storage, market globalization and increased regulation.
It is against this backdrop that ICPAK has organized a Governance Risk and Compliance Summit to focus on the following key topics:
- Understanding GRC: Overview of the GRC Framework and the GRC Maturity Model
- Ethical and integrity principles for leaders who are charged with governance responsibilities
- Strengthening the Governance and Internal Control Frameworks within organizations in the public sector and private sectors
- Development and implementation of anti-corruption policies and reporting frameworks
- Implementation of board level reporting on critical risks and organizational compliance practices
- A review of the book- Good to Great, by Jim Collins: Why some organizations make the leap and others do not
- Practicing agility: A road map towards agile monitoring and compliance reviews for organizations
- Governance Risk & Compliance automation
- Overview of ISO 37301:2021- Compliance Management Systems (Previously ISO 19600) and ISO 31000:2018- Risk Management
- Differences between GRC Framework and ERM
- Business Continuity Plans and Disaster Recovery- Important considerations for nationwide sustainability during and post the pandemic.
- Overview of critical milestones towards the development and implementation of data privacy policies and tools
- Managing information security breaches
FINANCIAL COMMITMENT:
| Category | Seminar Fees |
| Kenyan based Members/ACCA | Kshs. 170,000 |
| Non-members | Kshs. 180,000 |
| International Delegates | USD 1810 |
Note: Delegates are required to make their own travel and accommodation arrangements.
TARGET AUDIENCE
Board Members, Members of Board Committees, CEOs, GM, Managing Directors, Heads of Government Units and Parastatals, Governors of County Governments and Senators, Company Secretaries and Board Liaison Officers, Internal Audit and other Assurance Professionals, Heads of IT and Security, Lawyers, Heads of Risk & Compliance, and other professionals dealing with Governance, Risk & Compliance matters.
CONTINUOUS PROFESSIONAL DEVELOPMENT UNITS
Members of ICPAK and those from other reciprocating professional bodies will earn 20 CPD units upon successfully attending all seminar sessions.
TRAVEL REQUIREMENTS
For non-Kenyan delegates, please enquire with your embassy on the travel requirements. ICPAK shall avail invitation letters to support delegates VISA processing. To request for one, email: [email protected]
NITA REIMBURSEMENT
The Institute is registered as a trainer with National Industrial Training Authority. The Institute’s registration number is DIT/TRN/47. Participants who are registered levy contributors should apply to NITA for reimbursement of their fees. Please note that this is applicable for Kenyan citizens only and subject to NITA regulations. Remember that to qualify you should apply to NITA for approval prior to the date of the conference. Further details can be obtained from their website (www.nita.go.ke).
GOVERNANCE, RISK & COMPLIANCE SUMMIT
INTRODUCTION
GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity. GRC as an acronym denotes governance, risk, and compliance and is a shorthand reference to the critical capabilities that must work together to achieve Principled Performance, i.e the capabilities that integrate the governance, management and assurance of performance, risk, and compliance activities. This includes the work done by departments like internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite, and the board itself.
A Governance, Risk and Compliance Framework is viewed as an integrated collection of all capabilities necessary to support Principled Performance. The intention of this framework is not to burden the business but to support and improve it. Organizations must address today’s challenging business climate. Even small businesses, nonprofits, and government agencies are facing issues that only large companies had to face in the past,
Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the board of directors that are reflected in the organization’s structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty. Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company’s policies, procedures, etc.)
GRC is a discipline that aims to synchronize information and activity across governance, and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps. Although interpreted differently in various organizations, GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.
Organizations reach a size where coordinated control over GRC activities is required to operate effectively. Each of these three disciplines creates information of value to the other two, and all three impact the same technologies, people, processes, and information.
Substantial duplication of tasks evolves when governance, risk management and compliance are managed independently. Overlapping and duplicated GRC activities negatively impacts both operational costs and GRC matrices. For example, each internal service might be audited and assessed by multiple groups on an annual basis, creating enormous cost and disconnected results. A disconnected GRC approach will also prevent an organization from providing real-time monitoring executive reports. GRC supposes that this approach, like a badly planned transport system, every individual route will operate, but the network will lack the qualities that allow them to work together effectively.
If not integrated, if tackled in a traditional “silo” approach, most organizations must sustain unmanageable numbers of GRC-related requirements due to changes in technology, increasing data storage, market globalization and increased regulation.
It is against this backdrop that ICPAK has organized a Governance Risk and Compliance Summit to focus on the following key topics:
- Understanding GRC: Overview of the GRC Framework and the GRC Maturity Model
- Ethical and integrity principles for leaders who are charged with governance responsibilities
- Strengthening the Governance and Internal Control Frameworks within organizations in the public sector and private sectors
- Development and implementation of anti-corruption policies and reporting frameworks
- Implementation of board level reporting on critical risks and organizational compliance practices
- A review of the book- Good to Great, by Jim Collins: Why some organizations make the leap and others do not
- Practicing agility: A road map towards agile monitoring and compliance reviews for organizations
- Governance Risk & Compliance automation
- Overview of ISO 37301:2021- Compliance Management Systems (Previously ISO 19600) and ISO 31000:2018- Risk Management
- Differences between GRC Framework and ERM
- Business Continuity Plans and Disaster Recovery- Important considerations for nationwide sustainability during and post the pandemic.
- Overview of critical milestones towards the development and implementation of data privacy policies and tools
- Managing information security breaches
FINANCIAL COMMITMENT:
| Category | Seminar Fees |
| Kenyan based Members/ACCA | Kshs. 170,000 |
| Non-members | Kshs. 180,000 |
| International Delegates | USD 1810 |
Note: Delegates are required to make their own travel and accommodation arrangements.
TARGET AUDIENCE
Board Members, Members of Board Committees, CEOs, GM, Managing Directors, Heads of Government Units and Parastatals, Governors of County Governments and Senators, Company Secretaries and Board Liaison Officers, Internal Audit and other Assurance Professionals, Heads of IT and Security, Lawyers, Heads of Risk & Compliance, and other professionals dealing with Governance, Risk & Compliance matters.
CONTINUOUS PROFESSIONAL DEVELOPMENT UNITS
Members of ICPAK and those from other reciprocating professional bodies will earn 20 CPD units upon successfully attending all seminar sessions.
TRAVEL REQUIREMENTS
For non-Kenyan delegates, please enquire with your embassy on the travel requirements. ICPAK shall avail invitation letters to support delegates VISA processing. To request for one, email: [email protected]
NITA REIMBURSEMENT
The Institute is registered as a trainer with National Industrial Training Authority. The Institute’s registration number is DIT/TRN/47. Participants who are registered levy contributors should apply to NITA for reimbursement of their fees. Please note that this is applicable for Kenyan citizens only and subject to NITA regulations. Remember that to qualify you should apply to NITA for approval prior to the date of the conference. Further details can be obtained from their website (www.nita.go.ke).