GRC Summit London 2018 Pre-event survey

www.grc-summit.com

Question Title

* 1. Which of the following best describes the principal industry of your organization?

Question Title

* 2. What is the size of your organization

Question Title

* 3. What is your level of experience with the following?

	Beginner	Intermediate	Advanced	Not Applicable
Enterprise risk management	Enterprise risk management Beginner	Enterprise risk management Intermediate	Enterprise risk management Advanced	Enterprise risk management Not Applicable
Operational Risk management	Operational Risk management Beginner	Operational Risk management Intermediate	Operational Risk management Advanced	Operational Risk management Not Applicable
Cybersecurity	Cybersecurity Beginner	Cybersecurity Intermediate	Cybersecurity Advanced	Cybersecurity Not Applicable
IT GRC	IT GRC Beginner	IT GRC Intermediate	IT GRC Advanced	IT GRC Not Applicable
Choosing technologies relevant to GRC	Choosing technologies relevant to GRC Beginner	Choosing technologies relevant to GRC Intermediate	Choosing technologies relevant to GRC Advanced	Choosing technologies relevant to GRC Not Applicable
Integrated GRC management	Integrated GRC management Beginner	Integrated GRC management Intermediate	Integrated GRC management Advanced	Integrated GRC management Not Applicable
Vendor or Third Party Risk Management	Vendor or Third Party Risk Management Beginner	Vendor or Third Party Risk Management Intermediate	Vendor or Third Party Risk Management Advanced	Vendor or Third Party Risk Management Not Applicable
Business continuity management	Business continuity management Beginner	Business continuity management Intermediate	Business continuity management Advanced	Business continuity management Not Applicable
Improving corporate governance	Improving corporate governance Beginner	Improving corporate governance Intermediate	Improving corporate governance Advanced	Improving corporate governance Not Applicable
Managing project risks	Managing project risks Beginner	Managing project risks Intermediate	Managing project risks Advanced	Managing project risks Not Applicable
Using risk management to improve business performance	Using risk management to improve business performance Beginner	Using risk management to improve business performance Intermediate	Using risk management to improve business performance Advanced	Using risk management to improve business performance Not Applicable
Regulatory compliance	Regulatory compliance Beginner	Regulatory compliance Intermediate	Regulatory compliance Advanced	Regulatory compliance Not Applicable
Audit management	Audit management Beginner	Audit management Intermediate	Audit management Advanced	Audit management Not Applicable
Regulatory Change Management	Regulatory Change Management Beginner	Regulatory Change Management Intermediate	Regulatory Change Management Advanced	Regulatory Change Management Not Applicable
Anti-bribery, -corruption, -fraud programs	Anti-bribery, -corruption, -fraud programs Beginner	Anti-bribery, -corruption, -fraud programs Intermediate	Anti-bribery, -corruption, -fraud programs Advanced	Anti-bribery, -corruption, -fraud programs Not Applicable
Supplier Governance	Supplier Governance Beginner	Supplier Governance Intermediate	Supplier Governance Advanced	Supplier Governance Not Applicable
Managing reputation risks	Managing reputation risks Beginner	Managing reputation risks Intermediate	Managing reputation risks Advanced	Managing reputation risks Not Applicable
Reporting to the board	Reporting to the board Beginner	Reporting to the board Intermediate	Reporting to the board Advanced	Reporting to the board Not Applicable
Selecting consultants for risk management and compliance	Selecting consultants for risk management and compliance Beginner	Selecting consultants for risk management and compliance Intermediate	Selecting consultants for risk management and compliance Advanced	Selecting consultants for risk management and compliance Not Applicable
Environmental Health and Safety Compliance	Environmental Health and Safety Compliance Beginner	Environmental Health and Safety Compliance Intermediate	Environmental Health and Safety Compliance Advanced	Environmental Health and Safety Compliance Not Applicable
Product Compliance	Product Compliance Beginner	Product Compliance Intermediate	Product Compliance Advanced	Product Compliance Not Applicable
Quality Management	Quality Management Beginner	Quality Management Intermediate	Quality Management Advanced	Quality Management Not Applicable
Corporate Social Responsibility	Corporate Social Responsibility Beginner	Corporate Social Responsibility Intermediate	Corporate Social Responsibility Advanced	Corporate Social Responsibility Not Applicable

Question Title

* 4. How much of your current responsibilities involve oversight, management or implementation of the following projects?

	Less than 25%	25 to 50%	50 to 75%	More than 75%	Not Involved
Business Continuity (Business continuity and disaster recovery planning.)	Business Continuity (Business continuity and disaster recovery planning.) Less than 25%	Business Continuity (Business continuity and disaster recovery planning.) 25 to 50%	Business Continuity (Business continuity and disaster recovery planning.) 50 to 75%	Business Continuity (Business continuity and disaster recovery planning.) More than 75%	Business Continuity (Business continuity and disaster recovery planning.) Not Involved
IT Security (Align information security practices with enterprise business and risk strategy.)	IT Security (Align information security practices with enterprise business and risk strategy.) Less than 25%	IT Security (Align information security practices with enterprise business and risk strategy.) 25 to 50%	IT Security (Align information security practices with enterprise business and risk strategy.) 50 to 75%	IT Security (Align information security practices with enterprise business and risk strategy.) More than 75%	IT Security (Align information security practices with enterprise business and risk strategy.) Not Involved
Risk Management (Measure, manage and communicate level of risk appropriate for the organization.)	Risk Management (Measure, manage and communicate level of risk appropriate for the organization.) Less than 25%	Risk Management (Measure, manage and communicate level of risk appropriate for the organization.) 25 to 50%	Risk Management (Measure, manage and communicate level of risk appropriate for the organization.) 50 to 75%	Risk Management (Measure, manage and communicate level of risk appropriate for the organization.) More than 75%	Risk Management (Measure, manage and communicate level of risk appropriate for the organization.) Not Involved
Compliance (Manage regulatory and legal compliance.)	Compliance (Manage regulatory and legal compliance.) Less than 25%	Compliance (Manage regulatory and legal compliance.) 25 to 50%	Compliance (Manage regulatory and legal compliance.) 50 to 75%	Compliance (Manage regulatory and legal compliance.) More than 75%	Compliance (Manage regulatory and legal compliance.) Not Involved
Privacy (Ensure data privacy and security.)	Privacy (Ensure data privacy and security.) Less than 25%	Privacy (Ensure data privacy and security.) 25 to 50%	Privacy (Ensure data privacy and security.) 50 to 75%	Privacy (Ensure data privacy and security.) More than 75%	Privacy (Ensure data privacy and security.) Not Involved
Integrated GRC	Integrated GRC Less than 25%	Integrated GRC 25 to 50%	Integrated GRC 50 to 75%	Integrated GRC More than 75%	Integrated GRC Not Involved
Vendor or Third Party Management	Vendor or Third Party Management Less than 25%	Vendor or Third Party Management 25 to 50%	Vendor or Third Party Management 50 to 75%	Vendor or Third Party Management More than 75%	Vendor or Third Party Management Not Involved
Audit Management	Audit Management Less than 25%	Audit Management 25 to 50%	Audit Management 50 to 75%	Audit Management More than 75%	Audit Management Not Involved

Other (please specify)

Question Title

* 5. Which GRC functions do you want to improve at your company or agency?

Enterprise risk management

IT risk management

Integrated GRC management

Operational Risk Management

Compliance

Vendor/Third-party Risk Management

Business Continuity

Financial Audit

Non-financial audit

Privacy and Data Protection

Integrated performance and risk management

Other (please specify)

Question Title

* 6. Considering your entire company or agency, at what stage of the GRC Journey would you assess it?

Have not begun

Investigating the value of integrated GRC

Have set up GRC committees or steering groups, but no active integrated GRC program

Have an active integrated GRC program

Continuously optimizing our integrated GRC program

Question Title

* 7. Which topics would be most relevant or most appealing to you?

Other (please specify)

Question Title

* 8. What is your level of interest in learning more about the following streams in GRC?

	High	Moderate	Low
Enterprise Risk Management	Enterprise Risk Management High	Enterprise Risk Management Moderate	Enterprise Risk Management Low
Operational Risk Management	Operational Risk Management High	Operational Risk Management Moderate	Operational Risk Management Low
Internal Audit Management	Internal Audit Management High	Internal Audit Management Moderate	Internal Audit Management Low
SOX Compliance Management	SOX Compliance Management High	SOX Compliance Management Moderate	SOX Compliance Management Low
Compliance Management	Compliance Management High	Compliance Management Moderate	Compliance Management Low
Policy and Document Management	Policy and Document Management High	Policy and Document Management Moderate	Policy and Document Management Low
Regulatory Change Management	Regulatory Change Management High	Regulatory Change Management Moderate	Regulatory Change Management Low
Incident Management	Incident Management High	Incident Management Moderate	Incident Management Low
Case Management	Case Management High	Case Management Moderate	Case Management Low
Business Continuity Management	Business Continuity Management High	Business Continuity Management Moderate	Business Continuity Management Low
IT Risk Management	IT Risk Management High	IT Risk Management Moderate	IT Risk Management Low
IT Compliance Management	IT Compliance Management High	IT Compliance Management Moderate	IT Compliance Management Low
Threat and Vulnerability Management	Threat and Vulnerability Management High	Threat and Vulnerability Management Moderate	Threat and Vulnerability Management Low
Vendor Risk Management	Vendor Risk Management High	Vendor Risk Management Moderate	Vendor Risk Management Low
Third-Party Management	Third-Party Management High	Third-Party Management Moderate	Third-Party Management Low
Environmental Management	Environmental Management High	Environmental Management Moderate	Environmental Management Low
Health and Safety Management	Health and Safety Management High	Health and Safety Management Moderate	Health and Safety Management Low
Trade Compliance Management	Trade Compliance Management High	Trade Compliance Management Moderate	Trade Compliance Management Low
Regulatory Intelligence and content management	Regulatory Intelligence and content management High	Regulatory Intelligence and content management Moderate	Regulatory Intelligence and content management Low
Cloud Solutions	Cloud Solutions High	Cloud Solutions Moderate	Cloud Solutions Low
Big data management in GRC	Big data management in GRC High	Big data management in GRC Moderate	Big data management in GRC Low
Advanced Analytics in GRC	Advanced Analytics in GRC High	Advanced Analytics in GRC Moderate	Advanced Analytics in GRC Low

Other (please specify)

Question Title

* 9. What are the top business drivers influencing your investments in GRC technologies and services

Need to Improve Risk Oversight

Need to improve Anti-Fraud, -Bribery, -Corruption programs

Regulatory Proliferation making it hard to keep up with new requirements

New business initiatives introducing new risks and regulatory requirements

Privacy and data protection issues

Industrial Level Cyber Threats

Global Business Uncertainty

Political stability concerns

Increasing geo-political risks

Other (please specify)

Question Title

* 10. During the next 6-12 months, do you anticipate your company or agency GRC-related technology spending will increase, remain the same, or decrease in the following categories

	Increase	Decrease	Remain the same	Don’t know
Enterprise risk management	Enterprise risk management Increase	Enterprise risk management Decrease	Enterprise risk management Remain the same	Enterprise risk management Don’t know
IT risk management	IT risk management Increase	IT risk management Decrease	IT risk management Remain the same	IT risk management Don’t know
Integrated GRC management	Integrated GRC management Increase	Integrated GRC management Decrease	Integrated GRC management Remain the same	Integrated GRC management Don’t know
Operational Risk Management	Operational Risk Management Increase	Operational Risk Management Decrease	Operational Risk Management Remain the same	Operational Risk Management Don’t know
Compliance	Compliance Increase	Compliance Decrease	Compliance Remain the same	Compliance Don’t know
Vendor/Third-party Risk Management	Vendor/Third-party Risk Management Increase	Vendor/Third-party Risk Management Decrease	Vendor/Third-party Risk Management Remain the same	Vendor/Third-party Risk Management Don’t know
Business Continuity	Business Continuity Increase	Business Continuity Decrease	Business Continuity Remain the same	Business Continuity Don’t know
Financial Audit	Financial Audit Increase	Financial Audit Decrease	Financial Audit Remain the same	Financial Audit Don’t know
Non-financial audit	Non-financial audit Increase	Non-financial audit Decrease	Non-financial audit Remain the same	Non-financial audit Don’t know
Privacy and Data Protection	Privacy and Data Protection Increase	Privacy and Data Protection Decrease	Privacy and Data Protection Remain the same	Privacy and Data Protection Don’t know
Integrated performance and risk management	Integrated performance and risk management Increase	Integrated performance and risk management Decrease	Integrated performance and risk management Remain the same	Integrated performance and risk management Don’t know

Other (please specify)

Question Title

* 11. During the next 6-12 months, do you anticipate your company or agency GRC-related consulting and services spending will increase, remain the same, or decrease in the following categories

	Increase	Decrease	Remain the same	Don’t know
Enterprise risk management	Enterprise risk management Increase	Enterprise risk management Decrease	Enterprise risk management Remain the same	Enterprise risk management Don’t know
IT risk management	IT risk management Increase	IT risk management Decrease	IT risk management Remain the same	IT risk management Don’t know
Integrated GRC management	Integrated GRC management Increase	Integrated GRC management Decrease	Integrated GRC management Remain the same	Integrated GRC management Don’t know
Operational Risk Management	Operational Risk Management Increase	Operational Risk Management Decrease	Operational Risk Management Remain the same	Operational Risk Management Don’t know
Compliance	Compliance Increase	Compliance Decrease	Compliance Remain the same	Compliance Don’t know
Vendor/Third-party Risk Management	Vendor/Third-party Risk Management Increase	Vendor/Third-party Risk Management Decrease	Vendor/Third-party Risk Management Remain the same	Vendor/Third-party Risk Management Don’t know
Business Continuity	Business Continuity Increase	Business Continuity Decrease	Business Continuity Remain the same	Business Continuity Don’t know
Financial Audit	Financial Audit Increase	Financial Audit Decrease	Financial Audit Remain the same	Financial Audit Don’t know
Non-financial audit	Non-financial audit Increase	Non-financial audit Decrease	Non-financial audit Remain the same	Non-financial audit Don’t know
Privacy and Data Protection	Privacy and Data Protection Increase	Privacy and Data Protection Decrease	Privacy and Data Protection Remain the same	Privacy and Data Protection Don’t know
Integrated performance and risk management	Integrated performance and risk management Increase	Integrated performance and risk management Decrease	Integrated performance and risk management Remain the same	Integrated performance and risk management Don’t know

Question Title

* 12. Please rank the formats according to the value that they deliver for you.

Panels

Workshops

Individual presentations

Hands-on technology labs

Peer roundtables

Case Studies

Question Title

* 13. Please rank the types of presenters that you prefer.

MetricStream subject matter experts

Industry practitioners

Industry analysts

Senior business leaders C-level executives and Board members

Government officials

Academic experts

Question Title

* 14. If the summit includes the content you have prioritized in this survey, please indicate your likelihood of attendance

Question Title

* 15. Please indicate if you would be interested in submitting a speaker proposal for GRC Summit London 2018

Question Title

* 16. If your answer is Yes to the 15th Question on speaking, could you please share a short description of the topic?

Question Title

* 17. Please provide your Name, Title and Contact information

Name

Job Title

Company or Agency

Email ID

Phone No

Country

State/Province/Region

Zip/Postal Code

	High	Moderate	Low
Best Practices for enterprise risk management	Best Practices for enterprise risk management High	Best Practices for enterprise risk management Moderate	Best Practices for enterprise risk management Low
Best practices for Operational Risk management	Best practices for Operational Risk management High	Best practices for Operational Risk management Moderate	Best practices for Operational Risk management Low
Best practices for cybersecurity	Best practices for cybersecurity High	Best practices for cybersecurity Moderate	Best practices for cybersecurity Low
Choosing technologies relevant to GRC	Choosing technologies relevant to GRC High	Choosing technologies relevant to GRC Moderate	Choosing technologies relevant to GRC Low
Best Practices for Integrated GRC	Best Practices for Integrated GRC High	Best Practices for Integrated GRC Moderate	Best Practices for Integrated GRC Low
Cloud risk management strategies	Cloud risk management strategies High	Cloud risk management strategies Moderate	Cloud risk management strategies Low
Choosing technologies relevant to enterprise governance, risk management and compliance	Choosing technologies relevant to enterprise governance, risk management and compliance High	Choosing technologies relevant to enterprise governance, risk management and compliance Moderate	Choosing technologies relevant to enterprise governance, risk management and compliance Low
Vendor or Third Party Risk Management	Vendor or Third Party Risk Management High	Vendor or Third Party Risk Management Moderate	Vendor or Third Party Risk Management Low
Improving business continuity management	Improving business continuity management High	Improving business continuity management Moderate	Improving business continuity management Low
Improving corporate governance	Improving corporate governance High	Improving corporate governance Moderate	Improving corporate governance Low
Managing project risks	Managing project risks High	Managing project risks Moderate	Managing project risks Low
Using risk management to improve business performance	Using risk management to improve business performance High	Using risk management to improve business performance Moderate	Using risk management to improve business performance Low
Best practices for regulatory compliance	Best practices for regulatory compliance High	Best practices for regulatory compliance Moderate	Best practices for regulatory compliance Low
Choosing relevant standards & frameworks	Choosing relevant standards & frameworks High	Choosing relevant standards & frameworks Moderate	Choosing relevant standards & frameworks Low
Improving business resilience	Improving business resilience High	Improving business resilience Moderate	Improving business resilience Low
Integrating GRC into strategic planning	Integrating GRC into strategic planning High	Integrating GRC into strategic planning Moderate	Integrating GRC into strategic planning Low
Creating business value from GRC initiatives	Creating business value from GRC initiatives High	Creating business value from GRC initiatives Moderate	Creating business value from GRC initiatives Low
Improving internal audit	Improving internal audit High	Improving internal audit Moderate	Improving internal audit Low
Regulatory Change Management	Regulatory Change Management High	Regulatory Change Management Moderate	Regulatory Change Management Low
Improving anti-bribery, -corruption, -fraud programs	Improving anti-bribery, -corruption, -fraud programs High	Improving anti-bribery, -corruption, -fraud programs Moderate	Improving anti-bribery, -corruption, -fraud programs Low
Managing reputation risks	Managing reputation risks High	Managing reputation risks Moderate	Managing reputation risks Low
Reporting to the board	Reporting to the board High	Reporting to the board Moderate	Reporting to the board Low
Selecting consultants for risk management and compliance	Selecting consultants for risk management and compliance High	Selecting consultants for risk management and compliance Moderate	Selecting consultants for risk management and compliance Low
Best Practices for Environmental, Health and Safety compliance	Best Practices for Environmental, Health and Safety compliance High	Best Practices for Environmental, Health and Safety compliance Moderate	Best Practices for Environmental, Health and Safety compliance Low
Best Practices for Product Compliance	Best Practices for Product Compliance High	Best Practices for Product Compliance Moderate	Best Practices for Product Compliance Low
Best Practices for Quality Management	Best Practices for Quality Management High	Best Practices for Quality Management Moderate	Best Practices for Quality Management Low
Best Practices for Corporate Social Responsibility	Best Practices for Corporate Social Responsibility High	Best Practices for Corporate Social Responsibility Moderate	Best Practices for Corporate Social Responsibility Low
The impact of disruptive technology on risk management and compliance	The impact of disruptive technology on risk management and compliance High	The impact of disruptive technology on risk management and compliance Moderate	The impact of disruptive technology on risk management and compliance Low