Name: ISC2 GRC Summit Session - Third-Party Risk: What You Don’t Know CAN Hurt You
Start: 2023-08-30T17:00:00Z
End: 2023-08-30T17:00:59.000Z
Location: BrightTALK
Rating: 4.8

AuditBoard’s mission is to be the category-defining global platform for connected risk, elevating our customers through innovation. More than 50% of the Fortune 500 trust AuditBoard to transform their audit, risk, and compliance management. AuditBoard is top-rated by customers on G2, Capterra, and Gartner Peer Insights, and was recently ranked for the sixth year in a row as one of the fastest-growing technology companies in North America by Deloitte.

Generative AI and ML promise to change the way all business functions operate, including GRC. While the potential for productivity gains is clear, the risks associated with their use and ways to address them are still being understood. As technology advances, risk management grows in importance, and requirements continue to increase in number and visibility. In order to encourage the secure use of AI, we need to develop new ways of governing AI risk. 

This session will explore the evolution of traditional governance processes like policies, training and awareness, third-party risk, data governance, access control, and monitoring. We’ll also explore several novel and emerging techniques for mitigating AI risks, such as enforcing security-centric prompts and model guidance, and the opportunity for prompt libraries and enterprise controls that lead to secure AI use within the enterprise. 

Let’s explore the future of this trend and the guardrails to help your organization navigate this next major evolution of technology. 

Learning objectives for this session:
 - Assess the risks that come with generative AI and AIML-based technologies.
 - Explore how to extend your existing governance processes to cover AI risks.
 - Discuss emerging practices for effectively integrating security into AI-enabled use cases.


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

How good governance enables AI innovation

Organizational culture shapes how risks, decisions, and behaviors are managed, yet it is often viewed as an ideal rather than a tangible asset. In this webinar, Richard Chambers, AuditBoard’s Senior Advisor, Risk and Audit will share the findings of AuditBoard’s “2025 Organizational Culture and Ethics Report.” The research disclosed that organizations must deploy a shared culture risk model that aligns the efforts of management, internal auditors, and the risk management and compliance teams for success. Finally, Richard will explore six six core recommendations to help organizations operationalize culture risk within the GRC ecosystem.

Learning objectives for this session:
 - Discuss the roles of audit, risk, and compliance in organizational culture.
 - Identify key culture-related risks and common barriers to effective assessment and management of these risks.
 - Incorporate culture KRIs and guiding principles into their processes to assess and monitor culture at their organizations. 


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

From burning platform to strategic priority: Tackling culture risk in the GRC ecosystem

AI isn’t limited to just large internal audit teams. Even a team of one can do a lot of value-added work with it. In this series, we’ll break down how large and small internal audit teams are using tools such as ChatGPT, Copilot, and purpose-built audit models in their workflows. We’ll also provide a “state of the union” on GenAI in internal audit, talk through the reality vs. the hype, and provide an easy-to-understand, non-technical description of how large language models (LLMs) like ChatGPT work.

In this session, you will learn how to:
 - Explain in plain language how large language models (LLMs) work.
 - Identify at least three high-impact AI use cases.
 - Assess common concerns about AI and AGI (ethics, data privacy, and job displacement).


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

How internal audit uses AI: From the Fortune 100 to the five-person audit team

In the era of AI, are the “8 Ways to Practice the Human Touch of Audit” still valid? Dive into what’s necessary for internal auditors to apply their soft skills today and obtain true trusted advisor status, including psychological safety: the ability to speak up and take risks without fear. We’ll also explore how Domain III of the new Global Internal Audit Standards emphasizes partnership and communication between the CAE, the board, and senior management — requiring essential soft skills to enable the internal audit function to perform its duties effectively.     

Learning objectives for this session:
 - Discuss the soft skills needed today for a successful internal audit function.
 - Describe what psychological safety is — and isn’t.
 - Apply soft skills to fulfill key elements of the updated Standards.


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

The human touch of audit: Cultivating soft skills

Despite billions invested, 95% of organizations see limited returns from generative AI. Our new research shows why: without elite risk management, firms cannot deploy this technology confidently or take the strategic risks that unlock true business value.

Join us for the unveiling of the second edition of our flagship report, Generative AI in Risk & Compliance 2025. Drawing on a global survey of senior risk and compliance leaders, analysis of 600+ use cases, and expert contributions from leading RiskTech vendors, this session delivers clarity on how GenAI is reshaping enterprise risk profiles and where it can genuinely deliver value.

Key questions we’ll address include:
- Which GenAI risks are now dominating the enterprise agenda?
- In what ways is GenAI being leveraged to strengthen compliance programs?
- What areas of risk and compliance are most affected by generative AI?
- Which vendors are emerging with differentiated expertise and tools worth watching?

Walk away with a clear view of the ROI paradox, and how risk and compliance leaders, together with the right technology partners, are closing the gap.

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Generative AI in Risk and Compliance: Insights from the 2025 Industry Report

Generative AI and ML promise to change the way all business functions operate, including GRC. While the potential for productivity gains is clear, the risks associated with their use and ways to address them are still being understood. As technology advances, risk management grows in importance, and requirements continue to increase in number and visibility. In order to encourage the secure use of AI, we need to develop new ways of governing AI risk. 

This session will explore the evolution of traditional governance processes like policies, training and awareness, third-party risk, data governance, access control, and monitoring. We’ll also explore several novel and emerging techniques for mitigating AI risks, such as enforcing security-centric prompts and model guidance, and the opportunity for prompt libraries and enterprise controls that lead to secure AI use within the enterprise. 

Let’s explore the future of this trend and the guardrails to help your organization navigate this next major evolution of technology. 

Learning objectives for this webinar: 
 - Assess the risks that come with generative AI and AIML-based technologies.
 - Explore how to extend your existing governance processes to cover AI risks.
 - Discuss emerging practices for effectively integrating security into AI-enabled use cases.

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Organizational culture shapes how risks, decisions, and behaviors are managed, yet it is often viewed as an ideal rather than a tangible asset. In this webinar, Richard Chambers, AuditBoard’s Senior Advisor, Risk and Audit will share the findings of AuditBoard’s “2025 Organizational Culture and Ethics Report.” The research disclosed that organizations must deploy a shared culture risk model that aligns the efforts of management, internal auditors, and the risk management and compliance teams for success. Finally, Richard will explore six six core recommendations to help organizations operationalize culture risk within the GRC ecosystem.

Key topics for this session:
 - Discuss the roles of audit, risk, and compliance in organizational culture.
 - Identify key culture-related risks and common barriers to effective assessment and management of these risks.
 - Incorporate culture KRIs and guiding principles into their processes to assess and monitor culture at their organizations. 

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

AI isn’t limited to just large internal audit teams. Even a team of one can do a lot of value-added work with it. In this series, we’ll break down how large and small internal audit teams are using tools such as ChatGPT, Copilot, and purpose-built audit models in their workflows. We’ll also provide a “state of the union” on GenAI in internal audit, talk through the reality vs. the hype, and provide an easy-to-understand, non-technical description of how large language models (LLMs) like ChatGPT work.

Learning objectives for this session:
 - Explain in plain language how large language models (LLMs) work.
 - Identify at least three high-impact AI use cases.
 - Assess common concerns about AI and AGI (ethics, data privacy, and job displacement).

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

As cyber risks continue to evolve in complexity and scale, so too must the standards and practices of internal audit. To remain effective and deliver meaningful value to the business, internal audit teams must adapt — enhancing their approach to risk, controls, and assurance. This transformation is being driven by updates to the Global Internal Audit Standards released by the Institute of Internal Auditors (IIA) in 2024, along with the new IIA Cybersecurity Topical Requirement in 2025. These changes provide a framework for internal audit functions to strengthen their role in cybersecurity oversight and align with emerging expectations. 

In this webinar, we will:
 - Explore the latest developments in the cybersecurity landscape and their implications for internal audit.
 - Examine how audit teams are evolving their strategies to deliver greater impact.
 - Break down key updates from the 2024 IIA Standards revision.
 - Discuss the 2025 IIA Cybersecurity Requirement and what it means for your audit function.
 - Explain how to integrate these requirements into your audit planning process.
 - Share real-world examples of how these standards can be applied effectively.

Join us to gain practical insights and actionable guidance that will help your internal audit team stay ahead of the curve in a rapidly changing risk environment.

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Internal audit at a crossroads: Adapting to cyber threats and new standards

AI is not on the horizon. It is here. It has been here. Generative AI (GenAI) and large language models (LLM) entered the cybersecurity zeitgeist nearly three years ago when ChatGPT became available to the public. Business leaders are clearly interested in using GenAI. They are scrambling to incorporate it in any way that makes sense—and many ways that might not make sense.

This webcast is built on insights from one of our most anticipated cybersecurity surveys of the year—offering an in-depth look at how the community is adopting, adapting to, and defending against artificial intelligence in all its forms.

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

SANS 2025 AI Survey: Measuring AI’s Impact on Security Three Years Later

Join our live product webinar to discover how AuditBoard’s SOXHUB and OpsAudit solutions empower organizations of all sizes to audit with ease.

Attend this session to see how our platform uses AI, customizable forms, and real-time dashboards to centralize your findings, improve collaboration, and ensure faster resolution.

In this webinar, we’ll showcase the core functionality of our Audit Management and Internal Controls Management solutions, along with an overview of our purpose-built capabilities designed to streamline testing and fieldwork

Learning objectives for this session:
 - Discover how to manage audit projects and conduct all of your risk analysis in one single platform.
 - Learn how AI-powered tools can automate manual testing tasks and streamline documentation.
 - Explore how to efficiently track, resolve, and follow up on audit findings and action plans.

Audit Demo Webinar: Efficient fieldwork: How to simplify documentation and testing

With the volatility of today’s business landscape, everyone is running a risky business. In the 2024 Gartner Boards of Directors Survey, nearly one-third of non-executive board members stated risk management is among their top strategic priorities for 2024 and 2025 — up 85% from 2023.**

As technology advances and the risks associated with it rapidly expand, teams must take a proactive approach to bridge the gap between their capabilities and their organization’s risk exposure.

Join AuditBoard’s industry experts as we share learnings and best practices on leveraging our integrated risk solutions to defend and strengthen your business.

In this product walkthrough, we’ll cover how to:
 - Identify key factors contributing to risk exposure gaps.
 - Build and scale an integrated risk management program for your business.
 - Enhance your enterprise risk management to allow for real-time, risk-informed decisions.
 - Extend your operational management from the front lines to the board room, strengthening business resiliency.
 - Include climate-related risks as part of your integrated risk management strategy. 

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

AuditBoard Live: Integrated Risk Management

While the energy and utilities sector faces some of the most complex and high-stakes risk challenges — ranging from critical infrastructure threats to on-site safety and stringent regulatory demands — many of the strategies used to address these challenges offer valuable lessons for any organization. This webinar is designed for audit, risk, and compliance professionals across industries who want to learn from the unique approaches used in energy and utilities to strengthen enterprise-wide resilience.

We’ll explore how organizations in this sector are moving beyond siloed efforts by adopting connected risk strategies that activate the first, second, and third lines of defense. The session will also examine how cross-functional teams collaborate to manage major risk domains — including operational, financial, cyber, and physical safety — and how audit automation and modern GRC tools are driving efficiency and assurance.

Whether you're managing compliance in a regulated environment, leading enterprise risk assessments, or modernizing internal audit processes, this webinar will provide practical insights and proven practices that can be applied in any industry.

Learning objectives for this session:
 - Analyze how connected risk strategies activate all lines of defense within an organization.
 - Describe how cross-functional teams can effectively collaborate to manage key risks.
 - Identify practical applications of audit automation and modern GRC tools for driving efficiency and assurance in risk management.
 - Formulate strategies for adapting risk and compliance practices from the energy and utilities sector to their organization.


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Powering resilience: Audit, risk, and compliance strategies from the energy and utilities sector

In today’s digital-first environment, getting compliance and vendor management right is crucial to achieving strategic business objectives. Managing the scale and complexity of modern IT compliance and risk management requires the right tools and strategy.

Join AuditBoard’s industry experts as we share learnings and best practices on how to leverage our IT compliance, third-party risk, AI governance, and IT risk management solutions to defend and strengthen your business.

In this product walkthrough, we’ll cover:
 - How to build and scale a multi-framework IT risk and compliance program for your business.
 - How to understand your threat landscape, quantify risks, and improve cyber resilience.
 - How to streamline vendor evaluation and onboarding as well as visualize and assess your vendor programs to mitigate third-party risks.
 - How to implement governance to enable responsible AI innovation at scale.
 - What’s new with AuditBoard.

We look forward to an interactive session, so bring your questions!

    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

AuditBoard Live: IT Compliance and Risk Management

As we move further into 2025, banks and financial institutions are grappling with a rapidly evolving regulatory landscape and a surge of both internal and external emerging risks. The challenge is no longer whether organizations should integrate GRC practices, but how they can do so effectively to ensure resilience, accountability, and regulatory alignment. 

In this session, we will delve into how the banking environment is changing, driven by factors such as regulatory developments, macroeconomic shifts, and evolving customer expectations. We will discuss how strengthening internal controls can help organizations identify and mitigate emerging risks more effectively, and highlight the role of robust reporting in maintaining transparency and trust with internal governance and regulators. Tools like AuditBoard will be highlighted as critical enablers, offering a centralized platform for real-time risk tracking, control testing, workflow automation, and compliance reporting. 

Get vital insights into how to build a more adaptable risk and compliance foundation — one that not only supports today's complex requirements but also scales to meet the challenges of tomorrow.

Learning objectives for this session:
 - Describe the evolving regulatory and risk landscape in 2025, including key macroeconomic trends and shifting customer expectations.
 - Apply strategies for integrating GRC practices that enhance organizational resilience, accountability, and alignment with regulatory requirements.
 - Use transparent and robust reporting to foster trust with internal governance bodies and external regulators.



    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Building strong foundations: Key takeaways for regulatory compliance and effective audit assurance

Operational risk management should be a critical early warning system, enabling boards and senior executives to take proactive action. Yet, many enterprise risk management programs fall short of their promise to manage risks enterprise-wide. How can risk leaders ensure the first line of defense is engaged, empowered, and impactful?

In this session, we’ll explore strategies to strengthen collaboration across the three lines, leveraging insights from PRMIA and AuditBoard research. Panelists will explore how to create a culture where risk assessments, key risk indicators (KRIs), and other metrics drive meaningful action. We’ll discuss best practices to effectively report back to risk owners in the business, foster engagement, and enhance operational risk management to deliver real value. Whether you’re refining your approach or building from the ground up, this session will provide practical takeaways to elevate your operational risk program.

Learning objectives for this session:
 - Discuss how operational risk management can act as an early warning system to help organizations take action.
 - Apply strategies to cultivate a collaborative and proactive risk culture that strengthens operational risk management and business resilience.
 - Effectively report to risk owners to ensure transparency, accountability, and actionability.


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Keep first (line) things first: Fostering operational excellence

The roles of audit, risk, compliance, and information security teams are rapidly evolving as organizations face a more complex and interconnected risk environment. No longer confined to siloed responsibilities, these teams must now collaborate strategically and expand their expertise to address top priorities like third-party risk management (TPRM), AI, and cybersecurity, while also navigating regulatory compliance in an increasingly demanding landscape.


This session will explore best practices for fostering effective collaboration across these critical functions to mitigate emerging risks, as well as take advantage of opportunities. We’ll discuss how leaders in these areas can adapt to new board directives, regulatory expectations, and evolving threats, and develop, retain, and recruit the right talent to build an agile GRC team. By aligning their efforts, these teams can take a more proactive, strategic approach to risk management that not only mitigates potential issues but also strengthens organizational resilience and drives better business outcomes.

Learning objectives for this session: 
 - Identify the evolving roles and responsibilities of audit, risk, compliance, and information security teams in today’s complex risk landscape.
 - Discuss the importance of breaking down silos to enhance collaboration across GRC functions.
 - Develop actionable strategies for building an agile, future-proof GRC framework that adapts to a dynamic regulatory landscape while supporting business growth.


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Connected risk: The AI-driven convergence of audit, risk, and compliance

In today’s digital landscape, organizations face increasing pressure to manage who has access to what information, when, and why. With the rise of AI, this task has become even more complex, as AI systems generate and process data in ways that are harder to track, making it difficult to control where sensitive information is going and who has access to it. Strong identity and access management (IAM) ensures that only the right individuals have access to the right resources at the right time, minimizing the risk of security breaches, data leaks, and unauthorized access. 

But IAM’s role doesn’t stop at securing access. When integrated with GRC frameworks, IAM helps organizations build resilience by enabling proactive risk management and ensuring compliance with regulatory standards.

This session will explore how IAM strengthens resilience by providing secure access to organizational systems while reducing risk and ensuring compliance. We’ll discuss how IAM systems help manage access in dynamic environments, adapt to evolving threats, and ensure that access to sensitive data is always controlled. 

Learning objectives for this session:
 - Describe the role of IAM in securing access to sensitive information in today’s dynamic digital and AI-driven environments.
 - Explore how IAM integrates with GRC frameworks to support proactive risk management.
 - Apply best practices for managing access rights to reduce the risk of data breaches, leaks, and unauthorized access.
 - Discuss how IAM systems enhance organizational resilience by adapting to evolving threats and ensuring compliance with regulatory standards.


    * CPE: This is a webinar recording. Credits are not offered for on-demand viewing.

Building resilience with IAM: Unifying access, risk, and compliance

Who has access to your company’s data and what risks do they pose to your organization? While these questions seem basic, most organizations cannot confidently answer them, despite an accelerating trend of third-party threats and incidents. Building a robust third-party risk program is complex and takes time. Building a program that allows information security teams to be strategic in managing third-party risks is even more challenging. 

During this session at the recent ISC2 GRC Virtual Summit, we explored how to successfully implement a strategic and technology-enabled third-party risk program to manage this emerging source of risk.

CPE: This is a session recording. Credits are not offered for on-demand viewing by AuditBoard or ISC2.

ISC2 GRC Summit Session - Third-Party Risk: What You Don’t Know CAN Hurt You

Risk Mitigation

Risk Management

Risk Assessment

Risk Based Security

Risk Framework

IT Compliance

vendor risk

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

ISC2 GRC Summit Session - Third-Party Risk: What You Don’t Know CAN Hurt You

Presented by

About this talk

AuditBoard