Skip to Content
Press Enter

Governance, Risk & Controls Conference

August 18 - 20, 2025 • New York City & Virtual • Up to 24 CPEs

For the 12th year, The IIA and ISACA will gather the leading minds in governance, risk management, and control (GRC) to provide dedicated professionals with world-class content, innovative ideas, and practical guidance.

Conference audience

Aligning governance and risk management for impact
Registration & pricing Full conference program Hotel accommodations

Who should attend the GRC Conference?

The GRC Conference is designed for professionals in governance, risk management, and control who are interested in learning about the latest trends, new tools, and fresh techniques in their industry.

What can you expect from GRC?

  • Get informed and be inspired in more than 40 educational sessions.
  • Hear unique insights from 50+ speakers.
Earn CPEs Earn up to 24 CPE credits when you attend the conference and a pre-conference workshop. Learn more about Navigating a Crisis Scenario workshop

GRC Conference keynote

Rachel Tobac

Rachel Tobac

CEO

SocialProof Security

Friendly Hacker, Cybersecurity Expert

Shelly Palmer

Shelly Palmer

CEO

The Palmer Group

Professor of Advanced Media in Residence,
Syracuse University
LinkedIn Top Voice in Security

GRC Conference topics

At GRC 2025, attendees will gain critical insights and actionable knowledge across a range of topics designed to meet today’s challenges and opportunities head-on.

This year’s sessions are curated to empower professionals with practical tools, innovative strategies, and forward-thinking ideas to excel in their roles and advance their organizations.

Full conference program

Controls

  • Learn how to design, implement, and adapt internal controls that enhance operational efficiency while meeting evolving regulatory requirements.
  • Discover innovative frameworks and real-world applications to optimize your control environment.

Cybersecurity

  • Delve into cutting-edge strategies to safeguard your organization from emerging cyber threats.
  • Gain insights into aligning cybersecurity initiatives with broader risk management goals to protect sensitive data and ensure business continuity.

Data

  • Unlock the potential of data as a strategic asset.
  • Sessions will focus on leveraging data analytics to inform decisions, improve audit performance, and address critical data governance challenges, from security to ethical considerations.

Governance

  • Elevate your understanding of corporate governance with sessions on strengthening organizational structure, fostering transparency, and building trust among stakeholders.
  • Explore how governance frameworks adapt to global and industry-specific trends.

Leadership & Career Development

  • Enhance your leadership acumen with actionable strategies to inspire teams, drive performance, and build resilient organizations.
  • Gain expert guidance on career progression in the evolving fields of audit, risk, and controls.

Risk

  • Stay ahead of emerging risks with innovative management approaches.
  • Learn to balance risk and opportunity in decision-making while keeping your organization agile in an ever-changing landscape.

Technology Trends

  • Prepare for the future by exploring the impact of transformative technologies such as AI, blockchain, and more.
  • Discover how these trends are reshaping governance, risk, and control practices, and learn how to adapt for success.

IIA's Pre-Conference Workshop: An Interactive Experience — Navigating Crisis Scenarios as a GRC Professional

Sunday, 17 August 2025 | 8:00 A.M. – 5:00 P.M. ET | 8 CPEs | $650

Overview

This dynamic, simulation-based workshop is designed to immerse GRC, internal audit, and security professionals in a high-stakes, real-time crisis management experience.

Participants will work in teams, role-playing as key stakeholders in a fictitious organization facing a series of crises.

Each scenario will require participants to rapidly assess risks, make governance and compliance decisions, and coordinate a strategic response.

As events unfold, they will need to adapt to new information, handle communication challenges, and address both immediate and long-term risks.

Pre-Conference Workshop 2 speakers

Shawna Flanders

Shawna Flanders

Director of Data Governance, Enterprise Risk, Compliance, and Business Resilience

The Institute of Internal Auditors

Chris Stoneley

Chris Stoneley, CCRO, CGEIT, CISA, CRISC

Chief Information Security Officer

Cathay Bank

Outline

Morning session: Preparing for the Crisis Simulation

1. Introduction to Crisis Management

  • Brief overview of crisis management principles, focusing on risk assessment, compliance-focused decision-making, and governance under pressure.
  • Discussion: Participants share their own crisis management experiences and strategies for effective GRC response.

2. Setting the Stage: Meet Your “Organization” and Team

  • Participants are divided into small teams, each assigned specific roles within a fictitious organization (e.g., Risk Manager, Compliance Officer, Internal Auditor, etc.).
  • Teams review the organizational structure, mission, governance framework, crisis management plan, and key risks of their assigned “company” to set the context for the upcoming simulation.

3. Crisis Scenario Introduction: Initial Briefing

  • The facilitator introduces the first crisis scenario (e.g., data breach, compliance violation, product recall) with background information.
  • Teams begin initial discussions, identifying immediate risks and mapping out preliminary actions.

Afternoon session: Crisis Simulation and Post-Crisis Analysis

4. Crisis Simulation Part I: Real-Time Decision-Making

  • The crisis scenario unfolds through timed “event drops,” each with new information and evolving complications.
  • Teams make decisions, document actions, and communicate with other “departments” in response to these developments.
  • Facilitator checks in with each group, challenging them with questions or introducing complications (e.g., media scrutiny, regulatory inquiries) to test their response strategies.

5. Crisis Simulation Part II: Managing the Aftermath

  • As the immediate crisis winds down, teams focus on containment, damage control, and longer-term responses.
  • Teams discuss and implement compliance reviews, stakeholder communication strategies, and governance adjustments to prevent recurrence.

6. Post-Crisis Analysis and Reflection

  • Each team presents a brief overview of their actions, rationale, and lessons learned.
  • Group discussion: Identify key takeaways from the simulation, sharing effective strategies and common challenges.

7. Update the Crisis Management Plan

  • Workshop exercise: Each team drafts a crisis management framework based on what they have learned, including specific steps for risk assessment, decision-making, communication, and post-crisis evaluation.
  • Participants share frameworks with the larger group, receiving feedback and insights.

8. Workshop Wrap-Up and Reflection

  • Facilitator summarizes key points and encourages participants to think about how they can apply these crisis management techniques in their own organizations.
  • Final Q&A and networking opportunity.

ISACA's Pre-conference Workshop: Performing Artificial Intelligence Audit Using ISACA’s AI Audit Toolkit

Sunday, 17 August 2025 | 8:00 A.M. – 5:00 P.M. ET | 8 CPEs | $650

Pre-Conference Workshop 1 is now fully booked and no longer accepting registrations. However, there’s still an opportunity to join the Pre-Conference Workshop 2: Navigating Crisis Scenarios as a GRC Professional, where you'll simulate high-pressure crisis scenarios and learn to respond effectively while maintaining governance and control. Secure your spot and prepare to lead with confidence when it counts!

Overview

This workshop will introduce auditors to a structured approach to AI compliance and control assessment using ISACA’s AI audit toolkit.

Auditors will gain the knowledge to develop a robust AI assessment program leveraging the toolkit’s key considerations, including cybersecurity, control families, and control categories that span Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability.

Zachy Olorunojowon

Zachy Olorunojowon,
MBA, CISA, CGEIT, CISM, CET

Workshop Facilitator

Approach

Provides guidance and a learning experience with real-world use cases, framework, and additional tools for continued learning/exploration.

This workshop also includes breakout and scenario-based application of the toolkit to reinforce concepts.

1. Artificial Intelligence Governance, Risk, and Controls

  • Concepts of AI Governance, and Establishing Its Framework
  • Importance of AI Governance to AI Auditing
  • Auditing AI in the Context of Governance
  • Auditing AI Systems in Relation to Global Framework and Regulations
  • Applying NIST AI RMF

2. Artificial Intelligence Audit Toolkit/Program

  • ISACA AI Audit Toolkit Overview
  • Control Families: Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability
  • Compliance Assessment Guidance
  • AI Control Assessment Process, and Explainability Integration
  • Building and Implementing an AI Audit Program From the Toolkit

3. Group Exercise

GRC Conference registration

In-person

  • $1,595

Virtual livestream

  • $1,595

IIA Workshop: Navigating Crisis Scenarios as a GRC Professional

17 Aug | 8am-5pm ET | 8 CPE
  • $650

Group discounts

  • Save 10% for groups of 5 or more.
Contact Group Sales
Important notice The IIA does not sell conference attendee lists to third parties. Any organization claiming to offer access to IIA conference attendee lists — unless directly from The IIA — is fraudulent. The IIA may share limited contact details only with official sponsors and exhibitors, and only for attendees who opt in during registration. We do not authorize any third party to sell or distribute our attendee information.

Special hotel rates for GRC Conference attendees

We are thrilled to offer exclusive accommodations at the iconic New York Marriott Marquis, perfectly situated in the heart of Times Square.

Room rate details

  • $259 per night (single/double occupancy), plus taxes*.
  • Book by 24 July 2025 to secure this special rate, while rooms are available.

Reserve Your Room

Marriott Marquis

New York Marriott Marquis | 1535 Broadway | New York, NY 10036

* Taxes Applied: 5.88% city tax, $3.50 per night occupancy tax, 8.88% state tax, for total of approximately $300.73 per night.

Exceptional ecosystems begin with exceptional sponsors

Everyone plays a critical role in creating strong governance, risk and control frameworks.

Thank you to our sponsors who are a part of this ecosystem.

Join The IIA and ISACA in our mission to bring world-class content to current and aspiring IS/IT professionals around the world.

Explore sponsorship opportunities

GRC Conference sponsors

Platinum | Gold | Silver | Bronze | Supporting

Platinum GRC sponsors

6clicks logo
Hyperproof logo

Gold GRC sponsors

AuditBoard logo
Drata logo
LogicGate logo
NAVEX logo
Pathlock logo
ProcessUnity logo
Uniqus Consultech Incorporation logo

Silver GRC sponsors

Kainos logo
Level Blue logo
MorganFrankling Consulting logo
Navvia logo
RSM logo

Bronze GRC sponsors

Clarity Security logo
CohnReznick logo
Datasnipper logo
Diligent logo
Fastpath logo
Fieldguide logo
Onspring Technologies logo
Process Bolt logo
Record Point logo
RegScale logo
ReversingLabs logo
Riskonnect logo
Saviynt logo
Tutela Solutions logo

Supporting GRC sponsors

Anecdotes logo
Apptega logo
Cential logo
ContiNube logo
Compyl logo
Crowe logo
Exterro logo
FloQast logo
Ground Labs logo
Kovrr logo
Insight Assurance logo
Paramify logo
Thoropass logo
Truops logo
Zluri logo
Explore sponsorship opportunities

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.