Read more at www.eciiastockholm2016.eu

Governance, Risk and Control6–7 October 2016, Stockholm Waterfront Congress Centre

www.eciiastockholm2016.eu

Conference Partners:

Read more at www.eciiastockholm2016.eu

Chronicle Get the most out of the ECIIA Conference on GRC 2016 In order to customize the conference to your needs, we offer six parallel breakout sessions where you can choose from more than 50 different topics. In this brochure, we present some of the speakers and their topics. To read about all the workshops, seminars and presentations and to create your own, personalized agenda, we recommend you to visit www.eciiastockholm2016.eu

Register todayMake sure to register already today in order to secure your spot at the ECIIA Conference on GRC. We offer a group discount if you register more than one participant from the same organization. Register individually at www.eciiastockholm2016.eu and specify your organization in order to receive the discount.

Questions? If you have any questions about the conference, you are more than welcome to contact the project manager Neda Khezerian at eciia2016@theiia.se

Proper GRC will cure our migraine We can all of us agree, I expect, that Governance, Risk Management, and Compliance are three pillars that support the organization by providing assurance that its objectives are met. Even Wikipedia agrees. Owners, citizens and governing bodies place high standards on our organizations, demanding on the one hand efficiency and effectiveness be delivered, and on the other hand that there shall be no surprises. Media and public authorities also have expectations to this governance framework and are continuously reviewing the way it operates in practice. But to be honest today we are suffering as if from a migraine. The attacks in Brussels once more demonstrate the polarization within this world. They serve as a reminder to us that our efforts to develop our own skills and competencies in the GRC area, also play their part in contributing to the global fight against corruption, crime and poverty – even if only to a limited extent. And then just when we started to believe again that governance in the financial world had found a solid footing and the fog was clearing along come the Panama Papers and give us another headache. The ECIIA Conference on GRC on October 6–7 will cover all these aspects and provide an outstanding arena for networking and sharing experiences. We are proud of the programme and look forward to sharing it together with you in Stockholm!

Peter Funck, Conference Steering Committee Chair

Group discount pricing Person 1 €1250

Person 2 €1218

Person 3 €1186

Person 4 €1154

Person 5-9 €1122

Person 10-14 €1090

Person 15- €1058

VAT not included.

Basic price

€1250

All prices are exclusive of VAT (25%). Group discount is based on the number of participants from each organization. Register individually at www.eciiastockholm2016.eu. The conference will give you up to 13 CPE hours.

Welcome to Stockholm and to the ECIIA Conference on GRC 2016! 6–7 October 2016Each year, the ECIIA Conference is arranged in different European countries and the Institute of Internal Auditors (IIA) in Sweden is proud to be the host for 2016.

We welcome you to a conference in the heart of Stockholm. A conference where you will be able to meet more than 600 colleagues from all over the world, participate in interactive workshops, seminars and presentations and choose from more than 50 speakers covering a wide range of topics allowing you to customize the conference to your needs. Last but not least, by participating you will experience all that Stockholm has to offer, including a Nobel themed gala dinner at the City Hall.

Read more at www.eciiastockholm2016.eu

Plenary Speakers

Challenges of the European Union Fredrik Reinfeldt is a former Prime Minister of Sweden, former member of the European Council and its President for six months. Fredrik Reinfeldt, age 50, has been active in Swedish and international politics for over 25 years. He reinvented the Moderate Party (centre-right) creating “the new Moderates” and entered into an alliance with three other center and center-right parties. The four party alliance won two successive elections and Reinfeldt, as Prime Minister, presided over two coalition governments (2006 until 2014) – the longest non-socialist government period in modern time in Sweden. During his presentation, Reinfeldt will speak about the many challenges faceing the EU, with a focus on the economy and employment.

Opening speaker: Fredrik Reinfeldt

Closing speaker: Alexandra Wrage

What organizations can learn from FIFA’s governance fiascoAlexandra Wrage is a former member of FIFA’s Independent Governance Committee and served on the 2015 B20 Taskforce on Anti-Corruption. She has also participated in anti-bribery working groups with the OECD and UN Global Compact. Currently, Wrange serves as the President of TRACE. During her presentation, Wrage will share lessons learned from FIFA and similarly high-profile cases of bribery wherein compliance has been deficient or absent.

Plenary Sessions

How Swedish Are You? – Cultural Differences in Europe and the Impact On Your Business Colin Moon is an expert in communication skills and is a well sought after speaker. During his presentation, Moon will give introductory and unique insights into all aspects of cross-cultural communication. Moon is from Great Britain and moved to Sweden ten years ago. He has since travelled a lot within Europe and experienced its various cultures. Moon’s presentation will cover how cultural differences may affect the workplace and his presentation style is very entertaining.

Plenary speaker: Colin Moon

Plenary speaker: Philippe Hellich

Developing and integrating Risk Management, Compliance/Controls and Internal Audit at IKEAPhilippe Hellich is in charge of Enterprise Risk management, Compliance/Internal Controls, Safety, Security/Investigations, Internal Audit and Emergency Response/Crisis Management for IKEA Group. During his presentation, Hellich will talk about how to develop a complete Governance, Risk and Compliance agenda in a large multinational company encompassing operating factories, distribution centres, stores and shopping centres. Hellich will illustrate his talk with current working practices and highlights of IKEA’s Risk-Compliance-Audit roadmap to 2020.

Read more at www.eciiastockholm2016.eu

Merope Sylvester, Compliance Forum. Sylvester joined Barclays in March 2008 as Head of Compliance for the European Retail Banking Businesses, which covered operations in France, Spain, Italy and Portugal. She has subsequently worked on the Conduct Risk Programme with specific responsibilities for training, communications and culture and is currently the EME Head of Compliance Assurance. Sylvester is currently the Chairman of the Securities Houses Compliance Officers’ Group (SHCOG) which provides a variety of training for Compliance Officer.

Elisif Elvinsdotter is a Swedish TV and radio journalist with broad experience from some of Sweden’s top news and current affairs programmes. She’s been the anchor for Sweden’s no 1 investigative programme, Uppdrag Gransk-ning, as well as the host of both commercial TV4 and public SVT:s morning show. 2009 she left journalism to become a full time professional MC/moderator. 2011 she received an honorary award for “Best moderator” in Sweden. She´s also been moderating the Swedish IIA/GRC annual conference 4 years in a row, as well as hosting EY risk conferences and the last Swerma conference in Stockholm.

Moderator: Elisif Elvinsdotter

Jo Willaert, Federation of the Euro-pean Risk Management Associa tions (FERMA). Since 2015, Jo Willaert is the President of FERMA. Further, as a Corporate Risk Manager, he is in charge of the design of worldwide enterprise risk management and insurance programmes for imaging solutions group Agfa-Gevaert, which he joined in 2001. Willaert is also a board member of the Belgian risk management associa-tion BERIM.

Plenary Sessions

Zubin Chagpar, ISACA. Chagpar has more than 15 years of expe-rience working in technology and management for Silicon Valley-based companies including Google, VeriSign and Exodus (now CenturyLink). At Google, he was responsible for the deployment of its Global Content Distribution Network, the backbone of YouTube. Beside being the director of the International Board of ISACA, Chagpar is an adjunct professor at IE Business School, where he teaches rapid prototyping and market vali-dation using 3D printers. Further, he also heads up Amazon’s Lean Enter-prise program in EMEA, a program that engages enterprises and startups.

Richard Chambers, Institute of Internal Auditors (IIA). Richard Chambers leverages more than four decades of internal audit and related experience. He serves concurrently on the Committee of Sponsoring Organizations of the Treadway Com-mission (COSO) Board of Direc tors; the International Integrated Reporting Council (IIRC); and the IIA Board of Directors. He has previously served on the U.S. President’s Council on Integrity and Efficiency; the NACD’s Blue Ribbon Committee for Audit Effectiveness; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board.

Panel DiscussionThe panel discussion will discuss the future of the Governance, Risk and Control functions. The different perspectives are represented by a panel with representatives from the Institute of Internal Auditors (IIA), the Compliance Forum, ISACA and the Federation of European Risk Management Associations (FERMA).

Read more at www.eciiastockholm2016.eu

The Most Current Money Laundering, Corruption and Terrorist Financing risks and the relationship with the parallel (black market)

Transnational EconomyThe rise and expanse of global commerce and the increased interconnectedness of commer-cial enterprise has led to some less intended consequences. Corruption, Money Laundering and financial misconduct has grown more sop-histicated and invaded many aspects of global financial systems, and has give rise to black mar-ket finance. Robert M Appleton’s presentation will address some of the more sophisticated ways corruption has grown in international commerce as well as in the parallel economy, and the response by governments to attempt to address it, through increased regulation and enforcement. The presentation will also address the efforts of international organizations to respond to transnational corruption, and how public monies are at significant risk in the cur-rent climate in aid projects around the world.

Due diligence – a neces­sary and useful process to get to know your partnersDue diligence is often seen as a burden to comply with regulations. Organizations,

however, that manage this process right stand to benefit from a more efficient management of the risks associated with their partners. Topics that will be discussed during Hema Lehocky’s session include• Systematic approach to determine the level

of due diligence• Efficient approaches to information gathering• Supporting and not delaying decision making• Do’s and don’ts from a privacy point of viewLehocky will share learnings from Telia Com-pany’s journey to set standards for partner due diligence and integrating it in the decision making process.

The Development and Challenges of the Audit Profession from a Euro­pean PerspectiveIn his presentation, Henrik Stein will give an overview

of recent developments and achievements of the profession on the European level with a special focus on the relationship with go-vernment bodies, the regulatory environment, especially in the financing sector, and the coo-peration with organisations representing diffe-rent stakeholders and professions concerned by corporate governance. The presentation will also highlight some key aspects of today’s requirements facing a successful internal audit function with a specific focus on the relations-hip with the first and second line of defence as well as with stakeholders like the management and supervisory body. Furthermore, some key aspects of internal audit staffing and career development will be addressed.

Managing Conflicts of Interest (COI)Lina Rollby Claesson

and Maria Karlbom are both working as Compliance Officers, within Intrum Justitia and Skandia. Together they will coordinatean interactive workshop, which will respond to the following:• What are the different categories of COI?• What tools can be used to support the identification of COI?• How can COI be mitigated?• What Compliance activities could we apply?

Fraud – From Old School Cheating to CybercrimeThijs Smit’s presentation will start with the basics of fraud. Further, it will cover and explain fraud schemes,

best practices and fraud awareness. Finally, the presentation will end with several recent cases especially focused on cybercrime.

New Challenges in the Anti­Corruption Land­scape! – What to be aware of!The challenges that organi-zations face in relation to

corruption risks are changing as the organi-zations continue their work with focus on ethics, sustainability and CSR. We also see that the expectations from external stakeholders’ expectations increase when attention is drawn at different levels of society to the importance of working against corruption. New challenges and positive measures taken within different business sectors will be highlighted during Helena Sundén’s presentation.

How to Establish a Proper Compliance CultureA compliance culture in a firm must be lead by top management. The concept of compliance must be

internalized by everybody. An independent compliance department should support senior management in the establishment of such a culture and monitor its observance. This will be the theme for Hans-Peter Bauer’s presentation.

How to Find Fraud B4 it Finds YouNigel Krishna Iyer’s interac-tive session is an appeal to Internal Auditorsand Risk Professionals to

start looking for the Red Flags of Fraud and Corruption – It is THERE and people expect you to be able to fi nd them. In this session you will learn the fundamentals of fraud detec-tion though exercises and interactions.

Parallel sessions Parallel sessions

Mobile Payment Techno­logy – New Models for the Payment IndustryTwo fundamental changes in traditional payment methods are changing the landsca-

pe of spending: Emerging block chain based currencies and alternative payment channels are disrupting time honoured cash and credit card based transaction service providers. Enabling cheap transactions where traditional banking services are expensive is critical for supporting business growth (especially in the developing world where banking services are not always cheap or available). At the same time, ensuring appropriate privacy, security as well as the disclosure level that customers are demanding mandates innovation in a very con-servative industry. Kaya Kazmirci’s session’s goal is to both describe emerging currencies as well as their strengths and weaknesses re-lated to traditional payment means. These new currencies enable new payment channels and require a new set of controls to ensure that they are both secure and convenient to use.

Integrated Risk Manage­ment – A Modern Risk Framework for Gover­nanceDuring this presentation, Johan Hansen will speak

about an integrated risk management based on a case from the Swedish Transport Ad-ministration, which has developed a modern high quality risk framework. This framework is integrated into all management, planning and monitoring in this complex organization. It is innovative by integrating risk, business continuity, incident and crisis management and also supports the assessment of appropriate capability within these areas. The framework is comprehensive covering all the way from the Board to the project and line operations.

How to Build a Virtual Organization and Process for Crisis ManagementIn recent years, crisis management and crisis communication has become

an important part of managers’ work. We face potential crisis situations and we have to be prepared. In the presentation, Zsuzsanna Tamásné Vóneki will show how a company can build up a virtual organization and process for crisis management; which are the main requirements of the crisis communication. Through some case studies Tamásné Vóneki will discuss the implementation of the crisis management system.

Integrated Thinking (Reporting)The IIA has been conducting a widespread consultation on enhanced external reporting (such as integrated

reporting or strategic reporting) and the necessary integrated thinking that underpins this. There is an important role for internal auditors to play in supporting their organi-zations as they make their own “integrated thinking journey”. Anton van Wyk’s session is intended to provide background information to this important topic and to continue the dialogue by sharing first hand experiences, thereby contributing to the IIA’s formulation of a global position.

Compliance – from a burning platform to a burning desire? During her presentation, Viktoria Aastrup will speak about how to change Com-

pliance from a burning platform to a burning desire. A change journey in many dimensions – practical experiences and take-aways esta-blishing and strengthening compliance culture in Retail Banking. How to tell the story behind WHY compliance, to motivate, engage and change perception of compliance in a large organisation. What does it require to take out complexity out of Compliance by using communication as an important tool.

Just Do It – Why Culture Matters The well known manage-ment guru, Peter Drucker, once commented that‘culture eats strategy for

breakfast’: people ‘buy’ culture in a way they don’t buy business plans. Yet, why do so many organisations flounder on the rocks of poor cultural understanding, and what does this mean for growing cultural, ethnic and religious diversity here in Europe? Steve Fowler’s pre-sentation explores how a good understanding of culture, and the interplay between risk and culture, can help ensure organisational success.

Auditing CultureThe focus on culture and ethics has never been more prominent than today. Topics for this master class led by Mark Carawan include key

considerations for designing and implementing an effective audit program for culture and ethics, including:• Developing the audit universe for culture

and ethics• Identifying challenges to the development of

a program to audit culture and ethics• Reviewing principles for comprehensive

coverage• Quantitative and Qualitative measures for

assessment• Discussing emerging best practice

Internal Control – The Perspective of the Swedish Financial Super­vision Agency Expectations for bank directors have rightly incre-

ased post-crisis, but the range of practices regarding the expected time commitment and level of engagement is very broad, varying by jurisdiction and governance structure, as well as by institution and even by individual di-rectors. Supervisors acknowledge that super-visory guidance and requests from supervisors can contribute to a lack of clarity regarding expectations of the board in some key areas. When supervisors ask boards to “review,” “approve,” or “ensure,” something, what do they mean? What does providing “credible challenge,” entail? How can boards be deeply engaged but retain independence? This will be touched upon during the presentation by Christer Furustedt.

All speakers can be found at www.eciiastockholm2016.eu

Get a glimpse of some of our speakers …

Read more at www.eciiastockholm2016.eu

Venue and gala dinner Conference venue The ECIIA Conference on GRC will be hosted in the Stockholm Waterfront Congress Centre, which is located in the heart of Stockholm. The venue is located next to the Stockholm Central Station (regular and fast train service to and from the Stockholm Arlanda airport) and therefore, you can easily reach the conference by public transportation. Detailed directions to the venue can be found on www.eciiastock-holm.eu.

Gala dinnerThis years Gala dinner will be hosted in the beautiful City Hall, also famous for hosting the Nobel Prize Dinner. The Gala dinner will take place on the evening of the 6th of October. The City Hall is located in the heart of Stockholm within walking distance from the Waterfront Congress Centre.

Descriptions Descriptions

Level of difficultyAre you new to the field or are you a senior professional? The ECIIA Conference on GRC has sessions for all levels of experience and knowledge.

EntryNew professionals, no prior experience or know-ledge on the topics needed.

Intermediate Professionals with some experience and knowledge. The sessions will only briefly touch on the basics of the topics.

Advanced Senior professionals. No background on the topics will be given and the participants need prior know-ledge in order to comprehend the sessions.

Master classSenior professionals who are or have been in leadership positions.

Customize the conference to your needs In order to create an agenda that matches your previous experiences and interests, the various breakout sessions have been sorted and graded. Below you will find information on the various levels of difficulty and the topic areas. Visit www.eciiastockholm2016.eu to create your own agenda today.

Six parallel breakout sessions In addition to the plenary speakers, the agenda has been divided into six parallel breakout sessions. Select the breakout session that best suits your interest!

Governance Internal audit Risk Ethics and fraud Cyber security Compliance

Three sectorsNo matter if you work within the private, public or financial sector, the ECIIA Conference on GRC has something to offer you! In the agenda on the website, you can sort the agenda items based on the sector you are most interested in. However, many agenda items are suitable for more than one sector.

Financial Private Public

Create your own agendaVisit www.eciiastockhom2016.eu and create your own agenda. Some sessions have a limited number of parti-cipants and hence we recommend you to create your agenda already today!

The institute of internal auditors (IIA) Sweden is the local chapter of an inter-national professional association with over 180 000 members worldwide. The purpose of IIA Sweden is to promote and develop the internal audit profession in Sweden. This is primarily done through participation in the development of standards and code of ethics as well as through support to members in the applications of these. Every year, IIA Sweden arranges about 30 courses, seminars and conferences. The largest and most comprehensive event is the annual conference, which this year has grown even bigger as IIA Sweden is the host for the ECIIA Conference.

The ECIIA is the European Confederation of Institutes of Internal Auditing. The mission of the ECIIA is “To be the consolidated voice for the profession of internal auditing in Europe by dealing with the European Union, its Parli-ament and Commission and any other appro-priate institution of influence and to present and develop the internal audit profession and good corporate governance in Europe”.

A non-profit and non-political professional organization of and for Compliance Officers working in financial or other regulated busi-nesses. Compliance Forum allows members to connect with each other and to define and develop the role of Compliance in Sweden, as well as broaden and develop skills in this area. Compliance Forum arranges meetings, seminars and training on common issues and topics for its 250 members. A Compliance function works proactively with expectations and rules regarding Con-duct risk (Customer Protection and Market Conduct), Prevention of Money Laundering and Financing of Terrorism and Regulatory/licence issues.

ISACA® helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and care-er development. Established in 1969, ISACA is a global non-profit association of 140 000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise

technology. ISACA Sweden Chapter is the local chapter in Sweden with about 650 members.

The Swedish Risk Management Association (Swerma) was founded as an organisation among professionals working within the risk management and the insurance area. Risk management has a large strategic importan-ce in order for any association to ascertain the goals set. This goes for the performance, results, flexibility and long time sustainability of any organization. Swerma is a member of the Pan-European international organization Ferma and is supporting the society, corpo-rations, other organizations and individuals conducting risk management activities. Swerma is providing its members continuous views, information and training as well as a professional network where members can share experiences and knowledge.

Webpages: www.theiia.se www.eciia.eu www.complianceforum.sewww.isaca.org www.swerma.se

Organizations