2023 IIA/ISACA GRC Conference Recap

2023 IIA/ISACA GRC Conference Recap
Presenting a session titled "Transform Your Audit Practices through Auditing with Agility" at the 2023 IIA/ISACA GRC Conference

For the past decade, the Institute of Internal Auditors (IIA) and ISACA have co-hosted the GRC Conference. This year the conference was held in Las Vegas, NV. One thing that makes this conference unique is its target audience: auditors and GRC professionals. GRC professionals are often audit clients and can play a similar role to auditors at times. I'm a big fan of bringing auditors and audit clients together at conferences and other event. This even provided an opportunity for these two groups to learn together and get to know each other, strengthening their partnerships.

The event was well-organized and included sessions centered on a wide range of topics. Many sessions addressed Artificial Intelligence (AI), which reflects the high level of importance and relevance of AI right now. As AI continues to scale, it may begin to replace the "checklist auditing" that's consistent and repeatable and doesn't require human thought. With that, Auditing with Agility will become even more and more relevant. Aside from AI-centered topics, here are some of my highlights from the event:

Reunion Time!

This conference was also somewhat of an informal and impromptu reunion with people I've worked with in years past. Catching up with these talented individuals, seeing how they've grown in their careers, and how they're influencing their organizations in positive ways was certainly a highlight.

Joseph Ohemeng and me at the GRC Conference

In-Person Connections

Another highlight was meeting Trent Russell in person and watching him excel as Master of Ceremonies for the event. Trent is the founder of Greenskies Analytics and the host of the Audit Podcast. He has been a strong supporter for me, encouraging me to pursue opportunities to share my knowledge and message with others. Not only that, but his podcast continues to provide great thought leadership that helps me stay on top of the important topics in internal auditing. I'm very grateful to have Trent's support and to have finally met him in person!

Trent Russell and me at the GRC Conference

Instacart's Story of Bringing Compliance and Engineers Together

Tim Nagle and Spencer Sheehan shared Instacart's experience in getting Engineers and compliance teams to work more closely together, which is one of the key concepts of Integrated Auditing (covered in Beyond Agile Auditing). Instacart's success factors included:

  • When speaking with clients, use the clients' terminology, not audit lingo.
  • Leverarge teh tools people already use, instead of making them use a new tool or something they don't already use.
  • Make sure your work is aligned iwth the company's objectives.
  • Undertand your Clients' motivation.

These practices led to the following results:

  • Happy engineers
  • Solution-oriented approaches
  • Fewer surprises
  • Faster and easier audits
  • Earlier, risk-based discussions (the engineers consult with the complaince team early and often)

This is a great example of agility in practice in a risk group. Auditing with Agility isn't just for auditors. Compliance and risk management, as well as other second line functions, should experiment with it as well.

Monday's Keynote

Shawn Kanungo gave an energetic opening keynote session. One thing I took away from this session was that the most valuable job in the world is a value creator. In the context of an audit, we create value for the organization when our work is driven by what's most important to our organization. We create and deliver value to our clients by providing assurance and advice related to the organization's highest priorities and risks. This is what Value Driven auditing (a core component of Auditing with Agility) is all about.

Career Pathway Tools

On Tuesday, Allan Boardman shared his knowledge about career path tools available through ISACA and the IIA. ISACA's career pathway tool includes paths for both IT audit and cybersecurity careers. This is available on ISACA's website. You can click here for direct access. This is something I want to share with my team, as they figure out what's next for them and their development goals. As a leader and hiring manager, it is also helpful as a comparison to see an industry benchmark on the experience and skills recommended for each job level.

Presenting on Auditing with Agility

The best highlight for me, personally, was presenting my session on Auditing with Agility. Helping other auditors and audit clients experiment with better ways of working to strengthen relationships between these two (historically adversarial) parties and deliver more value to their organizations is so rewarding. The audience was engaged and attentive. They asked thought-provoking questions (and even laughed at my attempted jokes!). It was wonderful to have some familiar faces in the audience to support me during the session, and it was equally wonderful to meet new people at the end of the session. I thoroughly enjoyed the experience and appreciate the audience for their interest in advancing the profession I love so dearly.

Bringing it Home

Outside of the conference, I enjoyed what Las Vegas had to offer: great food, adventures playing blackjack, and lots of interesting sights. Although the event is over and I'm back home, I'm looking forward to putting what I've learned into practice. I'm also looking forward to the next opportunity to share Auditing with Agility with others.

For those of you who attended, what were your key takeaways, and what are you going to put into practice first? Leave your reply in the comments.

Happy Auditing!