Governance, Risk & Controls Conference
August 18 - 20, 2025 • New York City & Virtual • Up to 24 CPEs
For the 12th year, The IIA and ISACA will gather the leading minds in governance, risk management, and control (GRC) to provide dedicated professionals with world-class content, innovative ideas, and practical guidance.
Who should attend the GRC Conference?
The GRC Conference is designed for professionals in governance, risk management, and control who are interested in learning about the latest trends, new tools, and fresh techniques in their industry.
What can you expect from GRC?
- Get informed and be inspired in more than 40 educational sessions.
- Hear unique insights from 50+ speakers.
GRC Conference topics
At GRC 2025, attendees will gain critical insights and actionable knowledge across a range of topics designed to meet today’s challenges and opportunities head-on.
This year’s sessions are curated to empower professionals with practical tools, innovative strategies, and forward-thinking ideas to excel in their roles and advance their organizations.
Controls
- Learn how to design, implement, and adapt internal controls that enhance operational efficiency while meeting evolving regulatory requirements.
- Discover innovative frameworks and real-world applications to optimize your control environment.
Cybersecurity
- Delve into cutting-edge strategies to safeguard your organization from emerging cyber threats.
- Gain insights into aligning cybersecurity initiatives with broader risk management goals to protect sensitive data and ensure business continuity.
Data
- Unlock the potential of data as a strategic asset.
- Sessions will focus on leveraging data analytics to inform decisions, improve audit performance, and address critical data governance challenges, from security to ethical considerations.
Governance
- Elevate your understanding of corporate governance with sessions on strengthening organizational structure, fostering transparency, and building trust among stakeholders.
- Explore how governance frameworks adapt to global and industry-specific trends.
Leadership & Career Development
- Enhance your leadership acumen with actionable strategies to inspire teams, drive performance, and build resilient organizations.
- Gain expert guidance on career progression in the evolving fields of audit, risk, and controls.
Risk
- Stay ahead of emerging risks with innovative management approaches.
- Learn to balance risk and opportunity in decision-making while keeping your organization agile in an ever-changing landscape.
Technology Trends
- Prepare for the future by exploring the impact of transformative technologies such as AI, blockchain, and more.
- Discover how these trends are reshaping governance, risk, and control practices, and learn how to adapt for success.
IIA's Pre-Conference Workshop: An Interactive Experience — Navigating Crisis Scenarios as a GRC Professional
Sunday, 17 August 2025 | 8:00 A.M. – 5:00 P.M. ET | 8 CPEs | $650
Overview
This dynamic, simulation-based workshop is designed to immerse GRC, internal audit, and security professionals in a high-stakes, real-time crisis management experience.
Participants will work in teams, role-playing as key stakeholders in a fictitious organization facing a series of crises.
Each scenario will require participants to rapidly assess risks, make governance and compliance decisions, and coordinate a strategic response.
As events unfold, they will need to adapt to new information, handle communication challenges, and address both immediate and long-term risks.
Outline
Morning session: Preparing for the Crisis Simulation
1. Introduction to Crisis Management
- Brief overview of crisis management principles, focusing on risk assessment, compliance-focused decision-making, and governance under pressure.
- Discussion: Participants share their own crisis management experiences and strategies for effective GRC response.
2. Setting the Stage: Meet Your “Organization” and Team
- Participants are divided into small teams, each assigned specific roles within a fictitious organization (e.g., Risk Manager, Compliance Officer, Internal Auditor, etc.).
- Teams review the organizational structure, mission, governance framework, crisis management plan, and key risks of their assigned “company” to set the context for the upcoming simulation.
3. Crisis Scenario Introduction: Initial Briefing
- The facilitator introduces the first crisis scenario (e.g., data breach, compliance violation, product recall) with background information.
- Teams begin initial discussions, identifying immediate risks and mapping out preliminary actions.
Afternoon session: Crisis Simulation and Post-Crisis Analysis
4. Crisis Simulation Part I: Real-Time Decision-Making
- The crisis scenario unfolds through timed “event drops,” each with new information and evolving complications.
- Teams make decisions, document actions, and communicate with other “departments” in response to these developments.
- Facilitator checks in with each group, challenging them with questions or introducing complications (e.g., media scrutiny, regulatory inquiries) to test their response strategies.
5. Crisis Simulation Part II: Managing the Aftermath
- As the immediate crisis winds down, teams focus on containment, damage control, and longer-term responses.
- Teams discuss and implement compliance reviews, stakeholder communication strategies, and governance adjustments to prevent recurrence.
6. Post-Crisis Analysis and Reflection
- Each team presents a brief overview of their actions, rationale, and lessons learned.
- Group discussion: Identify key takeaways from the simulation, sharing effective strategies and common challenges.
7. Update the Crisis Management Plan
- Workshop exercise: Each team drafts a crisis management framework based on what they have learned, including specific steps for risk assessment, decision-making, communication, and post-crisis evaluation.
- Participants share frameworks with the larger group, receiving feedback and insights.
8. Workshop Wrap-Up and Reflection
- Facilitator summarizes key points and encourages participants to think about how they can apply these crisis management techniques in their own organizations.
- Final Q&A and networking opportunity.
ISACA's Pre-conference Workshop: Performing Artificial Intelligence Audit Using ISACA’s AI Audit Toolkit
Sunday, 17 August 2025 | 8:00 A.M. – 5:00 P.M. ET | 8 CPEs | $650
Overview
This workshop will introduce auditors to a structured approach to AI compliance and control assessment using ISACA’s AI audit toolkit.
Auditors will gain the knowledge to develop a robust AI assessment program leveraging the toolkit’s key considerations, including cybersecurity, control families, and control categories that span Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability.
Approach
Provides guidance and a learning experience with real-world use cases, framework, and additional tools for continued learning/exploration.
This workshop also includes breakout and scenario-based application of the toolkit to reinforce concepts.
1. Artificial Intelligence Governance, Risk, and Controls
- Concepts of AI Governance, and Establishing Its Framework
- Importance of AI Governance to AI Auditing
- Auditing AI in the Context of Governance
- Auditing AI Systems in Relation to Global Framework and Regulations
- Applying NIST AI RMF
2. Artificial Intelligence Audit Toolkit/Program
- ISACA AI Audit Toolkit Overview
- Control Families: Adversarial Defense & Robustness, AI Data Privacy & Rights, AI Model Governance, and Ethical AI Governance & Accountability
- Compliance Assessment Guidance
- AI Control Assessment Process, and Explainability Integration
- Building and Implementing an AI Audit Program From the Toolkit
3. Group Exercise
Special hotel rates for GRC Conference attendees
We are thrilled to offer exclusive accommodations at the iconic New York Marriott Marquis, perfectly situated in the heart of Times Square.
Room rate details
- $259 per night (single/double occupancy), plus taxes*.
- Book by 24 July 2025 to secure this special rate, while rooms are available.
New York Marriott Marquis | 1535 Broadway | New York, NY 10036
* Taxes Applied: 5.88% city tax, $3.50 per night occupancy tax, 8.88% state tax, for total of approximately $300.73 per night.
Exceptional ecosystems begin with exceptional sponsors
Everyone plays a critical role in creating strong governance, risk and control frameworks.
Thank you to our sponsors who are a part of this ecosystem.
Join The IIA and ISACA in our mission to bring world-class content to current and aspiring IS/IT professionals around the world.
GRC Conference sponsors
Platinum | Gold | Silver | Bronze | Supporting