Arrival and Registration
Welcome and housekeeping

CHAIR: Tichaona Zororo, member of ISACA Board of Directors, president of ISACA South Africa Chapter, and an IT advisory executive with EGIT : Enterprise Governance of ITTichaona Zororo, member of ISACA Board of Directors, president of ISACA South Africa Chapter, and an IT advisory executive with EGIT : Enterprise Governance of IT

Keynote: The newly formed Information Regulator for the Protection of Personal Information (POPI) Act – what to expect and the impact on POPI Compliance

Adv Pansy Tlakula, chairperson, Information Regulator for the Protection of Personal Information (POPI) ActAdv. Pansy Tlakula, chairperson, Information Regulator for the Protection of Personal Information (POPI) Act

The aim is to inform the delegates about how the regulator will work and how it impacts on the POPI Act.

  • Understand the responsibilities of the regulator
  • Demystify enforcement of the POPI Act
  • How to ensure compliance of POPI
What is driving GRC trends globally?

Matimba Simango, IT governance officer, PPC CementMatimba Simango, IT governance officer, PPC Cement

There are three lines of defence to enterprise risk management – governance, risk management and compliance. This presentation will explore the global IT regulatory laws (Europe, Africa, America and Asia), looking at the latest changes and updates. It will also touch on international business investment, growth and mergers, and examine XaaS and cloud consumerisation and how it affects GRC. With the fourth industrial revolution, there are many threats and risks – how do these affect GRC?

An understanding of:

  • Rapid dynamic changes in the IT space and the high velocity progression of advanced cyber threats;
  • Digital crimes and the consequences; and
  • The future of GRC and alignment with technology trends.
Legal perspective: Why 'digital risk' needs a seat on the board

Nerushka Bowan, technology and privacy lawyer, Norton Rose Fulbright Nerushka Bowan, technology and privacy lawyer, Norton Rose Fulbright

Digital risk is not just an IT issue. Not everyone can be a technical cyber security expert, but it is your responsibility to be able to ask the right questions to understand digital risk, so you can make informed decisions for the company.

  • Every business is a digital business
    • Across industries, more devices are becoming sensorised, connected and intelligent. This increases the amount of data collected. In this digital age, can you distinguish between internal and external digital business risks? Do you know what the digital risks specific to your industry are? Do you understand the regulatory framework in which your digital business operates? Do you know the ethical questions that need to be asked when implementing new technologies?
  • Hackers gonna hack
    • Cyber crime statistics are on the rise. It is no longer a matter of 'if' you will be hacked, but when. Do you know what security measures are in place to mitigate this risk? Consequences of a data breach are not only a hefty fine – your business' brand and reputation are at stake. In addition to being hacked, are you aware of the other contributing factors to data breaches, such as employee risk?
  • Ignorance is not a defence
    • King III and IV place increasing digital risk responsibility on the board. Are you up to date with the latest technology trends within your industry as well as generally? Are you aware of the digital risks associated with technology implemented in your business?
Tea break
King IV: The impact, from a technology and information point of view

Michael Judin, senior partner, Judin Combrinck Michael Judin, senior partner, Judin Combrinck

Find out what is new and what has changed in the King IV Code. Hear an analysis of how King IV aims to establish a balance between conformance and performance. Finally, take a look at how technology and information are impacted by the changes in the King IV Code.

  • Understand how the fourth industrial revolution is catered for in King IV;
  • Analyse how King IV differs from King III; and
  • See how King IV recognises IT as a corporate asset and confirms the need for governance structures to protect and enhance this asset.
Corporate governance and cyber risk: Understand the compound effect of good governance in decision-making

Jeanetha Brink, owner, Jeanetha Brink ConsultingJeanetha Brink, owner, Jeanetha Brink Consulting

Poor governance, mostly, occurs due to a lack of awareness. Industries can be regulated, but people's behaviour must be guided. Understanding international perspectives, local guidance and the impact of ignorance will be dealt with in this presentation, with practical, relevant case studies.

  • International trends in corporate governance: focus on the legislative as well as the economic considerations, and the impact for your organisation;
  • King IV – consider the following: how is proof of implementation different to King III? What is required in dealing with cyber risk? What is relevant about the distinction between information and technology? and
  • Some consequences of poor governance, including risks of staff using social media and social networking.
Case study: Using GRC to enable business agility and not inhibit it

Portia SimelanePortia Simelane, group manager: IT Governance & Resilience, Airports Company of South Africa

Even though IT governance, risk and compliance (GRC) is one of the strategic disciplines within any organisation, this function continues to suffer an unfounded reputation of impeding a business's agility. When applied correctly, however, the discipline of GRC actually supports and improves business performance. The speaker will discuss practical ways to inject agility in your IT governance structures, processes and decision-making. Drawing from her experience, Simelane will share the do's and don'ts of effective implementation of the GRC discipline.

  • Learn how to be an agile GRC practitioner; and
  • Improve and support business performance.
Governance adhesion: The path to making ICT governance stick

Werner Bornman, head of ICT, StanlibWerner Bornman, head of ICT, Stanlib

ICT governance can be a complex and complicated construct. Implementation and adherence to ICT governance could be overcomplicated without a clear understanding of touchpoints. Perceived views of governance could be negative, due to a lack of understanding the objectives that need to be achieved. Werner Bornman will take you through the adhesion map, looking at which tools to use. He will also look at derived benefits from using the adhesion map.

  • Outlining common problems with the adoption and sustainability of IT governance;
  • Presenting a consolidated view of ICT governance, on a single page; and
  • Derived and proven benefits of the ICT adhesion map.
Keynote address: Socio-political impacts on GRC

Bantu Holomisa, MP Bantu Holomisa, MP

Holomisa will explore common hurdles to good corporate governance, as well as examine the current political and economic issues and their implications on companies in South Africa. What does the future hold for South African companies?

  • Assessing the socio-political issues and how they impact your organisation; and
  • Your role as a GRC practitioner in ensuring your company is agile enough to adopt and survive.
Case study: GRC implications and maturity in SA's public sector to enable accelerated service delivery

Monelo Nxozi, senior manager: Information Security, IT Risk and Governance, Road Accident Fund Monelo Nxozi, senior manager: Information Security, IT Risk & Governance, Road Accident Fund

The public sector is tasked with accelerating delivery of quality services to the South African public in an efficient and caring manner; it is also not immune to the challenges that face private sector organisations in implementing GRC. It is therefore important to examine the public sector environment and identify the adequacy of the attempts made to implement the GRC, and the opportunities that still exist to mature the use GRC to enable the public sector in delivering on its core mandate.

  • The GRC framework and landscape within the public sector;
  • Opportunities that exist for improvement;
  • Partnering with industry to use GRC to enable the public sector to deliver on its core mandate.
Case study: Know your customer (KYC) – compliance helps you to target the right customer for your product

Victor Mudyanembwa, delivery manager customer onboarding, Barclays Africa Victor Mudyanembwa, delivery manager customer onboarding, Barclays Africa

What is the KYC framework, which is used by many companies to meet regulatory requirements? Victor Mudyanembwa will debate whether or not KYC should be a tick-box exercise. He will also look at how KYC affects processes in the financial industry, eg, customer on-boarding, and will address how Absa uses KYC to create a better relationship with its customers.

  • KYC should not be a tick-box exercise; and
  • Use KYC to target your customers with the right products.
Tea break
Panel discussion: Making GRC a practicality and not a tick-box exercise

Malesela Mokonyane, head of compliance, Real People Assurance Company

Sizwe Snail, director, Snail Ka Mtuze Attorneys at Law

Tshitego Moses Segaetsho, Secreatry and Board Member, ISACA South Africa Chapter and Senior Manager: IT GRC and Vendor Relationship Management, Auditor General South Africa

This panel discussion will look at how to make GRC a part of the business and how GRC practitioners can drive this. With everyone having access to information, how can GRC practitioners make their roles more agile? This session will examine how digitalisation has affected GRC principles and how GRC practitioners can make themselves more savvy and be alert to new risks.

  • Making your role as GRC practitioner more agile;
  • Becoming aware of the risk that come with digitisation; and
  • Getting buy-in across the business and making GRC a practicality.
Keynote: Innovation in Africa: what does the future hold

Dr Jacobus Kamfer (Jakkie) Cilliers, chairman, ISS Board of Trustees and head, African Futures & InnovationDr Jacobus Kamfer (Jakkie) Cilliers, chairman, ISS Board of Trustees and head, African Futures & Innovation

This presentation will look at the future predictions of organisation in Africa and what influences them and what risks can GRC practitioners watch out for.

  • The latest scenarios and implications of new technologies
  • Understanding what the future hold for organisations in Africa and how you can prepare
Closing remarks

Silver Sponsor