|11:25 a.m. – 12:20 p.m.
||ARC – 2
Cybersecurity: Why It Is Front of Mind for Boards and Audit Committees
Addressing cybersecurity risk is a key priority for boards and audit committees across the globe due to the nature of the speed and impact of this risk when it strikes an organisation.
This session will provide insights from Australia’s Special Adviser to the Prime Minister on Cyber Security on how an organisation (or nation) should be preparing and protecting itself from cyber risk. Key points to be discussed include:
- Understanding and defining the critical cybersecurity risks.
- Where organisations stand in relation to cyber risk readiness.
- Formulating and defining appropriate responses to cyber risk.
- Gaining assurance from the audit, risk, and other assurance functions over cybersecurity.
- Critical areas of focus that should be on the agenda for all board and audit committees.
Alastair MacGibbon, Special Adviser to the Prime Minister on Cyber Security, Department of Prime Minister & Cabinet
Alastair MacGibbon provides national leadership and advocacy on cybersecurity policy and the implementation of the government's cybersecurity strategy, having been appointed to the role in 2016. His role is to ensure effective partnerships between Australian governments, the private sector, nongovernmental organisations, the research community, and international partners. Working closely with the Ambassador for Cyber Issues and the Australian Cyber Security Centre Coordinator, MacGibbon sets clear objectives and priorities to government's operational cybersecurity agencies and oversees their implementation. MacGibbon was Australia's first children's eSafety commissioner, leading online safety education and protection for the country’s children and young people, and managed complaints about offensive or illegal online content. He worked for 15 years as an agent with the Australian Federal Police, including as the founding director of the Australian High Tech Crime Centre. Along with private sector roles such as senior director of trust, safety and customer support at eBay, MacGibbon was a director of the Centre for Internet Safety at the University of Canberra.
|1:50 p.m. – 2:45 p.m.
ARC – 3
Assessing Organisational Culture: The Role of the Board, Audit and Risk Committee, and Internal Audit
Culture ultimately drives all outcomes from an organisation but it continues to be one of the most challenging things to define and measure. This panel discussion will provide food for thought on this most interesting topic as it becomes a key area of focus for regulators (and media) around the world. Critical questions to be addressed in the discussion include:
- Who determines culture?
- Who is responsible for culture?
- What are the key elements of strong organisational culture?
- What are the board and audit committee looking for in terms of indicators of culture?
- How can internal audit assist in providing meaningful feedback on culture?
- War stories – Examples of good and bad culture at work and why these examples arose.
Panel members include:
Brian Long, Independent Non-Executive Director, Brambles Limited, Cantarella Bros Pty Ltd and Commonwealth Bank
Brian Long retired as a partner of EY in 2010, as chairman of both the EY Global Advisory Council and of the Oceania Area Advisory Council (the EY local partner governing body). He had been an audit partner at EY since 1981 and has primarily served audit clients in the firm’s offices including Perth, Toronto, and Hong Kong, and Sydney. Long was the firm’s most senior audit partner taking responsibility for major clients and specialising in major transactions, initial public offerings, and matters related to governance and risk management. He is widely conversant with the requirements of effective audit and risk committees. Following his career with EY, Long served as a director of Commonwealth Bank Of Australia and still serves as chairman of their audit committee and as a member of the risk committee and the board performance and renewal committee. He is a Director of Brambles Limited, and serves as chairman of the audit and risk committee. Long is also a director of Cantarella Bros. Pty Ltd., and as chair of the audit committee and member of the Council of the University of NSW. Previous leadership roles included serving as director of Ten Network Holdings Limited; chairman of the audit committee and a member of the Council of the National Library of Australia; and chairman of United Way Australia.
Naohiro Mouri, Executive Officer, Chief, AIG
Naohiro Mouri oversees more than 50 auditors. Previously he was with MetLife Alico Japan where he served as statutory executive officer, senior vice president, and chief auditor. Naohiro also held chief auditor positions for JP Morgan/Asia Pacific Shinsei Bank, Morgan Stanley Japan, and Deutsche Bank Japan. He started his audit career at Arthur Andersen in the U.S. Mouri has served on the Board of IIA‒Japan and The IIA’s global board in several positions, as well as serving five years as the ACIIA’s first president. Naohiro is a frequent lecturer for universities and trade organisations and co-authored a book on auditing financial institutions.
Carol Holley, Chair of Audit and Risk Management Committees in NSW Government, Department of Finance, Services and Innovation, Property and Housing Group; NSW Parliamentary Services; and Service NSW
Carol Holley has an extensive involvement with corporations, both listed and unlisted, and their audit committees and with audit and risk committees in NSW and in the federal sphere. Currently she is a non-executive director of the Australian Nuclear and Science Organisation. Holley chairs several audit and risk committees of the NSW government, including NSW Department of Parliamentary Services and the Legislature; Service NSW; NSW Department of Finance, Services and Innovation; NSW Property; and the National Health Funding Body. Previously she has served as a non-executive director of Australian Pharmaceutical Industries Ltd, Cochlear Limited, Resource Pacific Holdings Limited, Job Futures Limited, and Defence Housing Australia. These directorships came as an adjunct to partnership in and the building of a successful medium sized accounting practice – Hill Rogers, a position she held for 25 years.
Facilitator: Gary Anderson CIA CRMA, Managing Director, Asia Pacific, Protiviti
|3:25 p.m. – 4:20 p.m.
||ARC – 4
Setting the Risk Appetite
To be and stay in business, all organisations must take risks to achieve their goals. Organisations are faced with getting the balance right between taking too much risk or not enough risk, both of which can have severe adverse effects. To get this balance right, organisations must have clear, defined risk appetite statements to assist with clarity of decision making.
Setting and articulating the risk appetite can be challenging and even more so to implement across the organisation. This session will explore the process of setting the risk appetite, focusing on:
- How to engage organisations about the importance of setting risk appetite.
- How risk appetite statements are formulated (what to do, what not to do).
- What needs to be quantitative and what is qualitative?
- How it fits into the organisational framework (e.g. strategy, risk management, delegations, finance, HR, operations).
- The role of internal audit in monitoring whether the business is operating within risk appetite (and where the level of risk taken is too low).
- How to balance risk appetite with investment (i.e., is appetite backed up with organisational training, policy, and processes that support people operating within risk appetite?).
- Setting plans and discussing scenarios to deal with the hopefully hypothetical breach of risk appetite.
Saskia Goedhart, Chief Risk Officer, AMP
Saskia Goedhardt joined AMP as chief risk officer in July 2015 with a 20-year career in senior-level risk and financial management. Prior to relocating to Australia, she was a partner at EY based in Toronto leading the risk management in financial institutions practice in Canada and risk management in insurance practice in the U.S. She has served as chief risk officer for the North America region at Aviva Plc and at Munich Re Life. Whilst at Aviva, she led the region's risk management strategy, including the implementation of Aviva's risk management transformation plan. Prior to Munich Re, she worked for 10 years at ING as head of asset liability management and capital management in the U.S, CRO of the annuity business in the U.S., CFO of the ING Life company in Japan. She has also consulted for PricewaterhouseCoopers and Van Den Boom Groep in corporate financial and risk management.
Mike Wilkins, Independent Director, AMP
Michael Wilkins was appointed to the AMP Limited Board and as a member of its Audit and Risk Committees in September 2016, and became chairman of the Risk Committee in February 2017. He was also appointed to the AMP Life Limited and The National Mutual Life Association of Australasia Limited Boards in October 2016 and as a member of their Audit and Risk Committees in November 2016. Wilkins has more than 30 years’ experience in financial services in Australia and Asia, including life insurance and investment management. He has more than 20 years’ experience as CEO for ASX100 companies. Most recently, Wilkins served as managing director and CEO of Insurance Australia Group Limited (IAG). He is the former managing director and CEO of Promina Group Limited and Tyndall Australia Limited.