|
"Dr. Ron Ross: Sr. Computer Scientist, National Institute of Standards and Technology - Information Technology Laboratory - Computer Security Division" |
 Dr. Ron Ross is a senior computer scientist and information security researcher at the National Institute of Standards and Technology (NIST). His areas of specialization include security requirements definition, security testing and evaluation, and information assurance. Dr. Ross currently leads the Federal Information Security Management Act (FISMA) Implementation Project for NIST, which includes the development of key security standards and guidelines for the federal government, contractors supporting the federal government, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication 800-53 (security controls guideline), NIST Special Publication 800-53A (security assessment guideline), NIST Special Publication 800-37 (security certification and accreditation guideline), and NIST Special Publication 800-39 (risk management guideline). Dr. Ross is also the principal architect of the NIST Risk Management Framework that integrates the suite of FISMA security standards and guidelines into a comprehensive enterprise-wide information security program.
Dr. Ross is a frequent speaker at public and private sector venues including federal agencies, state and local governments, and Fortune 500 companies. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a two-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government. During his military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Program Management School at the Defense Systems Management College and holds both Masters and Ph.D. degrees in Computer Science from the United States Naval Postgraduate School.
Using FISMA (Federal Information Security Management Act) in an Enterprise Governance, Risk, and Compliance Strategy |
 |
"Gary Dickhart, VP, GRC Customer Advisory Office, SAP" |
 Gary Dickhart has 30 years of service with two Fortune 100 firms in senior positions in information security and internal audit implementing and improving governance programs. He has helped more than 50 organizations implement GRC products from 2004 and 2005. As the VP of the SAP GRC Customer Advisory Office he has interacted with more than 80 customers in the last 24 months on implementation approaches for SAP GRC solutions. He has held the Certified Information System Auditor designation since its inception in 1979.
Program Track: BODAC1.7 The Journey from Compliance to Enterprise Risk Management |
|
"From CFO to CEO: Making The Transition" |
 Mr. Mike Harris. The climate at the top is changing as more CFOs are advancing to the CEO position. In recent years, CFOs have been asked to oversee corporate governance, risk and compliance initiatives, making them a well-rounded choice for the top spot. But it takes more than control of the corporate finances and regulatory changes to make the leap.
Mike Harris, founder of Adams Harris, Jefferson Wells, Capital H, Silvertrain and The Novo Group, has successfully made the transition from CFO to CEO, learning many important lessons along the way. During this session, Harris will discuss his personal journey from CFO to CEO, the success he has found, and his advice on handling the intangible challenges of becoming a leader.
About Mike Harris
Mike Harris, a proven entrepreneur, has a reputation for integrity and a record of significant business success. The hallmarks of his companies are a strong emphasis on client service and delivery of the best value proposition among his competitors.
In 1995, Harris founded Jefferson Wells in Milwaukee, Wisconsin. Under his leadership as Chairman and CEO, the firm grew organically to 1,600 employees, 26 offices and annual sales of $131 million in just five years. Between 2001 and 2006, Harris founded several organizations including; Adams Harris, Capital H, The Novo Group and Silvertrain. Mike currently serves as Chairman of the Board of Adams Harris, a professional services firm specializing in the areas of Internal Audit, Accounting & Finance, Corporate Tax and Technology. More details on the firm are availabe at www.adamsharris.com.
Prior to forming Jefferson Wells, Harris was the Chief Financial Officer for Alternative Resources Corporation (ARC) of Barrington, Illinois. Harris helped this IT services firm get started in 1988 and then grow to a national company with multiple branches and hundreds of millions in sales. He also has previous experience with Wind Point Partners, a venture capital firm, where he was the CFO. He started his career with Ernst & Young in the audit division. |
| Back to TOP |
|
GRC Execution Strategies – That Work: |
 Ms. Shellye Archambeau. Organizations today manage their Governance, Risk and Compliance (GRC) initiatives in silos. The prevalence of a myriad of risk and compliance initiatives today – silo approaches and manifold systems cause a significant loss in shareholder value thanks to duplicative & contradictory processes and documentation. In addition redundancy within business processes, the sheer expense of sustaining multiple point software solutions has caused the costs of compliance and risk management to be at a historic high. During this keynote Shelly Archambeau, CEO, MetricStream talks about how your GRC program can be implemented by taking a broader, a more integrated approach. By adopting a best-practices based integrated GRC approach – deploying a single system that supports a federated organizational approach to managing multiple GRC initiatives – companies of all sizes gain significant benefits.
A CEO’s perspective on the costs & practical benefits of implementing a GRC program that is focused on increasing shareholder value.
About Shellye Archambeau
As the CEO of MetricStream, Shellye Archambeau is responsible for running all facets of the business – and leading MetricStream’s Governance, Risk and Compliance Programs. Ms. Archambeau has a proven executive management track record and over 20 years of experience driving sales growth in the technology industry. Prior to joining MetricStream, Ms. Archambeau also served as president of Blockbuster, Inc.'s e-commerce division and was recognized by Internet World as one of the Top 25 'Click and Mortar' executives in the country in June of 2000. Ms. Archambeau spent the prior 15 years at IBM, holding several domestic and international executive positions. Ms. Archambeau serves on the board of directors of Arbitron, Inc. and the Forum for Women Entrepreneurs and Executives. She earned a B.S. degree at the University of Pennsylvania, Wharton School of Business. |
| Back to TOP |
|
"Defining a GRC Strategy That Bridges GRC Silos" |
 MR. MICHAEL RASMUSSEN. Michael Rasmussen is the authority in understanding Governance, Risk, and Compliance (GRC). He is a sought-after keynote speaker, author, and collaborator on GRC issues around the world and is noted for being the first analyst to define and model the GRC market for technology and professional services. With more than 15 years of experience, Michael’s objective is to assist organizations in defining GRC processes that are sustainable, consistent, efficient, and transparent. His thought leadership is tuned to:
- Educate GRC professionals within corporations to identify, understand, and analyze GRC strategies, drivers, trends, and best practices;
- Assist technology providers with alignment of their product and marketing strategies to the needs and requirements of GRC professionals; and
- Collaborate with professional services firms on their portfolio of GRC service offerings to better equip them to serve their respective clients.
About This Speaker
A leader in understanding risk and compliance standards, frameworks, regulations, and legislation, Michael aims to improve corporate integrity through advancing GRC initiatives. He has served in leading roles in public policy contributions to US Congressional reports and committees, and currently serves on the Leadership Council and Steering Committee of the Open Compliance and Ethics Group. Michael has been quoted extensively in the press and is respected for his commentary on broadcast news channels.
In June 2007, Treasury & Risk recognized Michael as one of the 100 most influential people in finance with specific accolades noting his work in “Governance and Compliance: Saving the Planet and the Corporation.”
|
| Back to TOP |
|
"The Changing Requirements and Trends of International Compliance – What’s New and Different for the Compliance and Ethics Officer" |
 MR. ROY SNELL. Roy Snell is the CEO of the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), which together now total more than 6,000 members. Roy was a co-founder and the organization’s first President. He has developed numerous partnerships with government, industry, and other professional associations, and he has facilitated collaboration between the compliance/ethics profession and the enforcement community. Roy has a Masters degree in Health and Human Services Administration.
Through his work with the two associations, he has overseen the development of compliance and ethics books, manuals, videos, conferences and audio conferences. He has been a regular speaker in the compliance profession for more than 10 years and has spoken internationally for the United Nations on compliance and ethics. He is a Certified Compliance and Ethics Professional. Roy writes more than 25 compliance articles annually and has written for several international publications, including the European CEO and The European Business Review. Roy is the coeditor of the Health Care Compliance Professional’s Manual and serves as editor, co-editor and advisory board member of several other books, magazines and newsletters. He has served as a source for many media reports, including national publications such as the Wall Street Journal, Forbes Magazine and Business Week. He has been quoted in international publications such as Financial Times and Ethical Corporation.Roy is a former Mayo Clinic administrator, consultant and Compliance Officer. He has participated in the development of compliance program guidance, professional certification programs and the Compliance Professionals Code of Ethics. He has dedicated more than 10 years to the compliance profession and to the development of compliance programs on an international basis.
|
| Back to TOP |
|
"Partnering with the Audit Committee" |
 MR. STEVE GOEPFERT. Corporate responsibility and accountability is the backbone for effective business practices in today’s environment. The audit committee is a pivotal component of the board, which ensures that sound corporate governance is established to protect the interests of the investors and the employees. In this session, Continental Airlines will discuss how the internal audit function is a catalyst for ensuring the committee is educated, informed and kept current to meet its responsibilities, particularly in light of the changes generated from Sarbanes-Oxley. Specifically, the presenter will provide insights on:
- Audit Committee Orientation Process
- Responsibilities involving the External Auditors
- Corporate Code of Ethics
- Ongoing Training & Education
- Whistleblower Process
This informative session will surely provide you with practical applications of how to partner the functions of the internal audit department with the obligations of the audit committee to achieve effective corporate governance.
About This Speaker
Steve is the Staff Vice President - Internal Audit (Chief Auditor) for Continental Airlines in Houston, Texas. He has been the Chief Auditor since June 1989.
He was the 2006-2007 Chairman of the Board for the Institute of Internal Auditors, Inc. (IIA). He previously served as Senior Vice Chairman and Vice Chairman – Professional Services and is a past President of the Houston Chapter (1999-2000), and served on its Board since 1994. Steve has held industry audit posts including Chairman of the International Association of Airline Internal Auditors (IAAIA) in 1996 and Chairman of the Air Transport Association of America (ATA) Audit Panel in 2003.
Steve also serves on the Texas A&M and Southern Illinois University at Carbondale Accounting Advisory Councils, and previously served on a similar Council at the University of Texas at Austin.
A CIA and CPA, Steve graduated with highest honors from Southern Illinois University. He started his career with the Big 8 firm of Coopers & Lybrand, where he worked for over 5 years. |
| Back to TOP |
|
"Trends 2008: The Changing Landscape for Governance, Risk and Compliance Professionals" |
 MR. CHRIS MCCLEAN. Corporate governance, risk, and compliance (GRC) professionals must stay ahead of the rapidly changing business environment caused by internal and external fluctuation: changes across emerging markets, new technologies, business relationships, regulations, and competitive pressures. They must specifically understand how key market trends will impact the company's ability to do business successfully within the boundaries of applicable regulations, governing principles, and appropriate risk thresholds. The top trends in 2008 will put further pressure on GRC professionals by increasing what is expected of them and exposing more details of their performance.
About Chris McClean:
Forrester Research Coverage: 
"Corporate Governance, Governance, Risk, & Compliance, Manufacturing, Security & Risk, Financial Services, Healthcare & Life Sciences, IT Management, Consumer Packaged Goods, High-Tech, Transportation & Logistics, Agriculture, IT Strategy, Planning, & Governance, Corporate Social Responsibility, Professional Services"
As a Forrester Research Analyst, Chris serves Security & Risk professionals. His primary coverage areas include corporate governance, risk management, and compliance, with a focus on corporate social responsibility and environmental health and safety.
Chris' background is in marketing for risk management and information security vendors representing a broad range of market segments, such as compliance management, vulnerability management, digital forensics, and security information management. His experience also includes helping organize and launch the Information Systems Security Association's CISO Executive Forum program and the association's initial efforts to publish the Generally Accepted Information Security Principles. |
| Back to TOP |
|
"A Comprehensive Enterprise Risk Management Strategy" - What's Missing In Yours?
|
 MR. JAMES SAYLES. Enterprise Risk Management is an important aspect of GRC and Internal Audit, however most organizations fail to incorporate such a comprehensive ERM strategy and Board of Directors are often left with decreased oversight of enterprise risks. James discusses and focuses on the detail aspects of Enterprise Risk Management and will cover selected ERM frameworks in detail. Executives will understand ERM strategies based on a real use case and how to design a comprehensive ERM framework that encompass the essential elements for mitigating business and information risks, while improving audit outcome. Additionally, this discussion will focus on how to have proper IT representation at the BOD level. This session is a must for CIO and CSOs.
About James Sayles:
Enterprise Risk Management, Governance, Risk, & Compliance, Internal Audit, Information Security, Compliance and Regulation, Business Process Engineering, Healthcare, Energy, Oil & Gas, Software and Professional Services.
James Sayles is Vice President, Chief Risk and Compliance Officer for Favored Solutions and thought leader in Governance, Risk, and Compliance. Mr. Sayles has worked with more than two dozen of the world's largest banks and financial institutions as well as some of the largest global oil and gas companies implementing strategic corporate governance frameworks and strategies. With over 12 years experience, Mr. Sayles is a proven leader in working with Board of Directors, Audit Committee Members, Chief Audit Executives and Chief Information Officers in building effective corporate governance frameworks that includes enterprise risk oversight and management, internal audit and compliance programs. Mr. Sayles is an expert in regulatory compliance and risk management frameworks, including Sarbanes-Oxley, Basel II, GLBA, HIPAA, PCI Data Security, FISCAM/FISMA, SAS 70, FFIEC, COSO, ISO, and the PCAOB Auditing Standards, as well as other international regulations and frameworks. Mr. Sayles has also helped hundreds of enterprise customers discover and mitigate information security vulnerabilities through comprehensive IT security assessments, IT audits, penetration tests, and information risk management frameworks. |
| Back to TOP |
|
|
|
