Tuesday, 20 February 2018

Arrival and registration
Welcome and scene-setting

CHAIR: Max Blecher, chairperson, South African National Standards  (SABS) and MD, Virtual AllianceMax Blecher, managing director, Virtual Alliance

KEYNOTE: The True State of the Nation

Roelof Botha, Adjunct Faculty Member – GIBS (University of Pretoria)Dr Roelof Botha, Economist

South Africa is in the midst of socio-economic uncertainty in its post-democratic era. This is evidenced by the obvious trends such as: volatile exchange rate; huge losses reported from our SOE's; high interest rates, waning business confidence and a lengthy commodity price cycle downturn. Policy uncertainty and the mismanagement of public funds amplify the situation.

  • Dr Roelof Botha renowned economist, management accountant of a listed industrial company, financial editor of a daily newspaper and economic policy advisor in the Department of Finance will journey through the current socio-economic situation facing our country and how this adversely affects and is affected by policy, governance and compliance-related decisions being made on an ongoing basis.
The Knowledge CafĂ© – time for innovation

Peter Tobin, CEO, Peter Tobin ConsultancyDr Peter Tobin, Director, Peter Tobin Consultancy

Participate in a facilitated discussion on a "knowledge cafe" basis - key topics nominated by the audience, speakers and sponsors ahead of the conference will be discussed and debated in small groups with a detailed feedback sessions to follow.
Possible topics for discussion include:

  • What's going to be hottest in 2018: governance, risk or compliance issues?
  • How do we best get Board and executive support for our GRC initiatives?
  • How can risk management be turned into opportunity management where new technology deployment is concerned?

This session has been incorporated to provide you with the opportunity to ask those pressing questions pertaining to the topic of governance, risk and compliance in ICT that were raised during the keynote presentation and provide a holistic overview of the day ahead.

Networking and Refreshments
Governing IT Risk the King IV Way – it's a changing world

Carolynn Chalmers, Corporate governance advisor, Candor GovernanceCarolynn Chalmers, corporate governance and IT governance advisor, Candor Governance (Pty) Ltd

The King IV™ Report has been in effect since 1 April 2017. It has brought with it a new leadership framework, integrated thinking and the quest for governance outcomes. How have organisations approached the application of Principles 11 and 12, the governance of risk and technology and information, in this new context? Join Carolynn in understanding how various organisations have approached this new context and discover the opportunities this has brought to IT functions and their organisations. Learn more about the impact this has had on IT risk managers and the provision of IT assurance and become aware of the surprising reasons behind the increased focus on risk governance.

  • Understand why the current approach to IT risk governance needs to change
  • Learn about the new IT risk governance approach proposed by King IV
  • Acquire the ability to approach assurance from this new perspective
Case study: Implementing solutions that optimise and automate budgeting and procurement for improved governance

Joe Phago, CIO, Department of National Treasury, South AfricaJoe Phago, CIO, Department of National Treasury

This presentation will look at how a decentralised department can benefit from sharing and economies of scale. It will also illustrate how they changed the way information is presented to make it easy to read, easy to understand and easy to act upon to stimulate economic participation. It will demonstrate how the democratisation or information can lead to transparency and better governance in an environment where security is a critical issue due to the sensitive nature of the information the department handles.

  • Identify threats from the external environment
  • Reviewing potential internal weaknesses to prevent people from maliciously leaking data
  • Investing in data to make it more accessible and understandable
  • Introducing collaboration sites to facilitate
Integrated compliance to consolidate divergent compliance requirements and eliminate duplicate controls

Gideon Petrus Bouwer, cyberlaw and criminal law forensics specialist, CYBERLAW FORENSICS (PTY) LTDGideon Petrus Bouwer, cyberlaw and criminal law forensics specialist, Cyberlaw Forensics

FICA, RICA and POPIA compliance can be synchronised. This topic will provide a summary of the overlap of divergent compliance requirements and how to systematically comply by way of an integrated IT solution.

  • Examining a synopsis of overlapping regulatory requirements
  • Obtain a practical guide and understanding of how to implement an integrated IT solution
  • Gain an understanding of what is required and needed to solve a seemingly endless set of new and growing legal regulatory demands


Werner Bornman, head of ICT, StanlibWerner Bornman, head of IT, Stanlib

A business case for the consideration of systemic IT GRC. Since the introduction of King III IT GRC has received more focus as management and governance activity but in order to achieve the full intended governance, risk and compliance benefit it needs to seamlessly be entrenched in the organization in order to deliver on value expectations.

  • Unpacking ICT GRC in the financial sector of South Africa – culture vs. product
  • Concerns and Considerations of ICT GRC implementation and maintenance
  • Approach and focus on embedment
Lunch and networking opportunity
CASE STUDY: Enforcing and conducting an effective and efficient third-party due diligence

Lonette Genis, IT security manager, ComairLonette Genis, IT Security Manager, Comair

What does "effective and efficient third-party due diligence" mean in 2018? What are the key drivers to perform third party due diligence and where do I start with my third party due diligence program? These are just a few questions I will try to answer during today's session. Why is third party due diligence suddenly in the spotlight. Not too long ago, a handshake used to be good enough to seal a deal and keep the parties involved accountable for whatever was agreed on, so what has changed? Are we wasting time, money and resources by performing third party due diligence?

  • Why is Third-Party Due Diligence so important?
  • Comair's Journey
  • Is it worth the effort
CASE STUDY: POPI Act implementation for the airport

Portia  SimelanePortia Lindiwe Simelane, group manager: IT governance and resilience, Airports Company South Africa

ACSA, just like many companies in South Africa, is currently embarking on implementing the Protection of Personal Information Act. This compliance initiative is run as a project led by Portia Simelane. Portia is going to share with you the journey undertaken by ACSA in complying with the act, the challenges encountered and steps they have undertaken to overcome the challenges.

  • POPIA Implementation Quik wins
  • No go areas
  • Must Have
  • Positioning of Information Officer
  • POPIA Governance Structures
CASE STUDY: The role of GRC as a means of organisational intelligence

Maiendra Moodley, Head of department for financial Systems and Processes, SITAMaiendra Moodley, head of department: financial systems and processes, SITA

Making better decisions requires an organisation and its leadership to have a means of being able to measure the pulse of the organisation and to gain deeper and more profound insights into the organisation's health, challenges and unlock potential opportunities which can be leveraged. Governance, risk and compliance (GRC) has often focused on ensuring that the implementation and integration of these disciplines as opposed to identifying the strategic intelligence value of GRC. In this presentation, Mr Moodley will demonstrate the practical strategic intelligence value of GRC.

  • Strategic value of GRC, and how to use GRC as an organisational intelligence tool
  • GRC as a decision making tool
Networking and refreshments
Enhancing your brand and reputation with robust risk and compliance controls

Moroke Phajane, head of third party risk management, LibertyMoroke Phajane, third party risk expert

This presentation talks to the recent corruption scandals that have caused most corporate entities to carefully scrutinise their third party suppliers in order to minimise their risk exposure inherent in such relationships. Furthermore, the current economic climate has resulted in corporate entities embarking on various initiatives to save costs. Professional services including Information Communication and Technology services will definitely be on the list of services to be procured at a minimal as companies are beginning to scrutinise the necessity of outsourcing such services to external service providers. Innovative firms that address the business need at a reasonable and lower cost compared to existing service providers stand to benefit from this. This will certainly give firms offering sound business solutions and that have adequate risk and compliance controls and track records the competitive edge.

  • Understanding the importance of taking control of your third party providers risk status
  • Gaining knowledge of the risk and management controls corporate entities require their third party suppliers to have in place
  • Illustrating that third party providers have the necessary risk and compliance controls required by corporate entities
Regulatory Update on the Global Data Protection Regulation

John Giles, legal services provider, MichalsonsJohn Giles, legal services provider, Michalsons

This presentation will provide invaluable insight into how an organisation can remain defensible so that they can maintain a comprehensive approach to data management and information governance.

  • The new rules that will control the processing of data around the world
  • How they will impact all industry sectors in all countries
  • The concept of "by design" regarding any advanced technology
  • Looking at robot law as an example.
Bitcoin is a treasure – the solution to manging risk when it comes to government regulations and smart contracts

Dr Neil Croft, senior lecturer, University of PretoriaDr Neil Croft, Senior Lecturer, University of Pretoria

This presentation provides direct insight into the relatively unexplored concept of crypto currency, nearly four years in the making, debunked. It will provide personal experience in the mining sector - i.e. government regulations, smart contracts, embedded IoT next generation wave and more
A basic understanding of crypto currencies, how the blockchain works, bitcoin developments and the future

  • Gain a basic understanding of crypto currencies and the way they work.
  • Discover insight into the relatively unexplored concept of crypto currency.
  • Explore the Government regulations
Close of conference

display Sponsor