28-29 April 2011, JW Marriott Hotel, MUMBAI

“Organizations Reputation, Valuation and Profitability are directly linked to Good Governance, Effective and Real-time Risk Management
and adhering to regulatory Compliance”

Join this interactive, comprehensive, wide ranging and new thought generating forum which discusses
best practices in Governance, Risk Management & Compliance and
process for integrating and harmonizing people and process for a workable, practical
Integrated and Unified GRC Framework
Why GRC Summit 2011?
Good Governance, Effective and Real-time Risk
Management and adhering to regulatory
Compliances have direct impact on your
organizations Reputation, Valuation and Profitability
There is a need to simplify internal processes and not
make them more complex. Ground Reality is that
multiple groups bear responsibility for several
functions and processes; they operate in silos, with
insufficient sharing of information and following
multiplicity of frameworks and systems. Audits,
Finance, Compliance, Risk and Legal have their own
functioning styles and process. Business line
managers and IT bring in their own perspectives,
which complicate adoption.
Understanding and reconciling these disparities and
conflicts is critical to success when driving an
enterprise-wide GRC program.
This inclusive two day conference bring together all
stakeholders on a common discussion platform to
see, hear and determine best practices in inter-
linking people, processes and technology for the
most appropriate GRC framework and a practical
adoption roadmap that will work in today’s work
environment !
Platinum Partners
Conference Chair: Day One
Sunil K Kohli, IDAS, Joint Secretary and Financial Adviser,
National Disaster Management Authority (NDMA) and
National Disaster response Force (NDRF),
Government of India, Ministry of Home Affairs
Speakers Panel
Ajay Kumar Dhir, Executive Director and Group CIO
Rajesh Bagga, Vice President Legal,
TATA Motors Lanco Infratech Limited
Tobias Heine, Head of Internal Audit Volkswagen
T Vinod Kumar, Global Head – Corporate Audit &
Risk Management, Group India & CAE,
Volkswagen India Private Limited
TATA Chemicals
Sanjay Mathur, Sr.VP and Head - Management Pradeep Parakh, Group President (GRC) & Company
Audit, Reliance Communications Secretary,Bajaj Hindusthan Limited
Adarsh Sakhuja, Head-Corporate Risk Management
Ashish Padmanabhan, Director,
& Internal Controls, Larsen & Toubro Limited
Standard Chartered Bank
Arun O Gupta, Customer Care Associate & Group Dr. Soumya Kanti Ghosh , Enterprise Risk
Management, TATA AIG Life
CTO, Shoppers Stop Limited
Ravi Raman, Head Investment Analytics and Abhijit Sanzgiri , Head Internal Audit,
Operation, Infrahedge. Aditya Birla Management Corporate Pvt. Ltd.
Lav Chaturvedi, Chief Risk Officer, Debashis Roy, Senior Director, Head Enterprise Risk
Reliance Capital Management, IDFC
Ranjan Banerji, Senior Vice President, Head of Risk
Suparna Singh, Vice President, Corporate
& Compliance – India,
Governance and Business Development, Chairman's
Commonwealth Bank of Australia
Office, Essar Group
B. Krishnamurthi, Practice Head (KM & Business Rajeev Thakur, Advisor - Risk & Assurance,
Consulting),Strategy and Business Solutions Cairn Energy

Sunil Varkey, Global Security Assessment & B. Sai Chandravadhan, Managing Director,
Remediation, Barclays Technology Centre Sand Legal Private Limited

Anand Tatavarthi, Vice President, Vinod Vasudevan, Co-founder & COO,

CURA Technologies Limited Paladion

Burgess Cooper, AVP Information Security,
Vodafone Essar
Vijay Devnath, IRSEE, CISA, Chief Manager (IT),
Konkan Rly. Corp. Ltd
Anurag Jain, Head of GRC, MetricStream
Sameer Chugh, General Counsel,
Essar Telecom Business Group
Amber Gupta, Head - Compliance, Legal &
Secretarial, Aditya Birla Money

Gold Partner Silver Partners

Conceptualised &
Organised By Official Media Partners Online Media Partner Document Partner

For Registration and more information Contact l 91 22 3067 4205 l 91 22 3065 3262 l

Why should you participate in GRC SUMMIT 2011?
GRC is about linking together your business processes, people and technology in an integrated manner.
Consider this:
 Risks are now more diverse and interrelated
 The management of enterprise risk and compliance has become a critical business issue and can provide a strategic competitive
advantage. Reaction to positive risk are often delayed – opportunities missed
 Departments have their individual mandates, but often work is duplicated
 As companies grow, expanding presence across state and international borders, Good Governance is the most effective
measurement criteria for current and future stakeholders
 There are so many regulations, central, state, municipal and also your industry regulator – giving you limited time and resources
to comply
 Even with mature risk management strategies in place, communication of the same to board members or top management is
not effectively done. Adequate mitigation strategies in place – organizations are not ready to adjust to new or emerging risk
 Laws and regulations have become more complicated. Boards and executives are now more accountable
Platinum Partner: SAP
As market leader in enterprise application software, SAP India, a subsidiary of
SAP AG (NYSE: SAP) helps companies of all sizes and industries run better.
From back office to boardroom, warehouse to storefront, desktop to mobile
device – SAP empowers people and organizations to work together more
efficiently and use business insight more effectively to stay ahead of the
competition. Started in 1996, SAP India is one of the fastest growing
companies within SAP worldwide with 5,220 employees and over 4,600
customers.
SAP offers applications and services that enable companies of all sizes and in
more than 25 industries to run better. SAP has emerged as the unquestionable
partner of India Inc.
Gold Partner:
In today's fast paced global economy, with emerging threats, coupled with ever
more regulations, organizations find themselves in a position that necessitates the
active management of Governance, Risk, Opportunity, and Compliance. As there is
substantial overlap across these functions, a co-ordinated approach is required.
Ultimately, these challenges can be reduced to risks and opportunities that the
business faces. It is on this idea that Cura was founded in 2002.
Cura provides smarter software solutions designed to enable businesses around the
world to quickly achieve the bottom line benefits of GRC – Governance, Enterprise
wide Risk Management and Compliance linked to performance management. Cura
does this through faster implementation, easier configurability & true enterprise
architecture.
Cura is used by over 200 amongst Global 1000 enterprises around the world,
partnering with Big Four consulting firms in focused areas of GRC and is recognised
as a Challenger by Gartner and as a Leader by Forrester Research in GRC domain
Cura has achieved impressive revenue and customer growth over the past many
years and today represents a strong team of about 200 people worldwide. The
company has offices in USA, UK, South Africa, Australia Singapore and Hyderabad.
Contact: Anand Tatavarthi, Vice President, CURA Technologies Limited l Email:
anandt@curasoftware.co.in l Website: www.curatechnologies.co.in i
Exhibit Partner:
Secure Matrix is a company 100 % dedicated to e security. It is Product, Technology,
Platform and Vendor Neutral. It can act as a Planner, Architect, Implementer,
Integrator and Monitoring Agency for all e security requirements emanating from
existing or proposed IT infrastructure cutting across geographies and networks.
Secure Matrix plans, implements and manages Internal controls in a computerized
environment ( LAN, WAN and TAN )
Secure Matrix is a specialist IT services company in the IS space and assists enterprises
in implementing several Global Compliances and Best Practices for the e security
space.
Secure Matrix has proprietary trainings for Vulnerability Assessment, Web Security,
Business Continuity, Information Security and Service Delivery. The company works
very closely with Certification bodies worldwide.
Secure Matrix operates globally through its subsidiaries in the UK, USA and through
strong regional partners in the M/ East – KSA, Oman, Qatar and UAE. In Africa – South
Africa and Ghana. In essence, the company aims in bringing “continuity” and
“certainty” to IT operations of all it’s end customers.
Contact: l E-mail : info@securematrix.in l Website: www.securematrix.in
l Tel :+91 22 3073 7579 l Fax :+91 22 3050 7578 l
What Differentiates GRC SUMMIT 2011?
The Summit brings together ALL STAKEHOLDERS involved in
implementing a successful GRC Program in an interactive and shared
learning environment to discuss real time execution paths, way
around practical roadblocks, so that you start applying your
learning’s immediately in your work environment
ITP Publishing India Pvt Ltd. Level 8 Span Centre, Off Linking Rd, Santacruz (W), Mum - 54. India.
Who Should Attend:-
 CFO
 Chief Risk Officers
 Chief Legal Counsel
 Chief Compliance Officer
 Chief Internal Audit
 Chief Information Officer
 Chief Information Security
Vice Presidents, General Managers,
Head, Functional Managers
& Consultants of:-
 Finance
 Corporate Governance
 Treasury
 Controllers
 Compliance
 Accounts
 Enterprise Risk Management
 Legal and Regulatory
 Ethics
 Operational Risk
 Audit & Internal Controls
 Information Technology
 Information Security
 Management Assurance
Platinum Partner: Greenlight Technologies
Greenlight Technologies is one of the leading providers of governance, risk, and
compliance (GRC) software enabling integrated or stand alone REAL TIME analysis of
a company's compatible and incompatible enterprise solutions. Greenlight
Technologies delivers the highly efficient and high speed tools to achieve sustainable
compliance for their critical business applications with reduced audit/compliance
costs."
Silver Partner: Sand Legal Services Private Limited
Sand Legal provides legislative, contractual and litigation Compliance and allied services through
a blend of an in house team and a consortium of legal experts. It comprises of a core team with
more than two hundred man-years of extensive expertise and experience in Compliance services
supported by partners in automation, legal expertise and engineering processes.
It partners with a leading US law firm based in Beverly Hills, Los Angeles in the US for its
onshore/ offshore Litigation Support services in the US. Sand Legal’s teams of experts have
experience in a variety of industrial verticals including, Automobile, Copper, Cement, Oil,
Pharmaceutical, IT and ITES among other industries.It provides Corporate Compliance training
programs to law students, legal managers and functionaries.
In association with an international institute on e-discovery, Sand Legal is shortly going to
commence a certification course for Indian Lawyers on e-discovery and electronic evidence, a
program that prepares Indian Lawyers to be globalized service providers.
Contact:
Website: www.sandlegal.in l Phone: 044 - 42114224 l U.S. contact: +1 713 876 9243
Silver Partner : MetricStream
MetricStream is the market leader for integrated Governance, Risk, and Compliance (GRC)
Management Solutions for global enterprises enabling them to deliver better business
performance. It's customer portfolio spans across all verticals with world-leading companies
in each industry.
The MetricStream GRC Platform provides solutions for audit management, regulatory
compliance, risk management, policy management, IT GRC, supplier/vendor governance and
quality management.
Silver Partner: Paladion
Paladion is the largest pure-play information security player in AsiaPAC and the fastest
growing in Asia (as ranked in Deloitte Technology Fast 500 Asia Pacific & Technology Fast
50 India - 2006, 2007, 2008 & 2009, 2010). Gartner too has included Paladion in its rating of
“MarketScope for Managed Security Services in Asia Pacific” – 2008 & 2009 as ‘Promising’
player and as a ‘Positive’ player in 2010.
With a global footprint across 15 countries and decade of experience in the information
security domain, Paladion today is actively managing security for over 450 customers. It
provides security assurance, compliance, governance, monitoring and management services
to large and medium sized organizations.
Paladion also offers solutions for communication interception to law enforcement agencies
and service providers. Paladion’s security solutions have been awarded by Asian Banker,
Red Herrings, and Financial Insights. Paladion is involved in several security research forums
and has authored books on security management.
Document Partner: Keane – an NTT DATA Company
Keane’s Global Governance, Risk, and Compliance (GRC) practice offers comprehensive,
integrated solutions designed for legislative and regulatory compliance in a performance
optimized environment. Our deep, cross-industry regulatory expertise and acute product
knowledge complemented with 40 years of SAP global implementation and support
experience, enable our resources to rapidly transition organizations from narrowly-focused,
rigid compliance systems to a global, continuous control management solution that adapts to
the dynamic world marketplace.
Keane’s dedicated GRC vertical with an exemplary COE and R&D set up, provides solutions for
Access Controls, Process Controls, Environment Health and Safety and Global Trade Services
implementation, review and support.“
 CONFERENCE DAY ONE: THURSDAY, 28 April 2011
08.30 Registration and morning refreshment
09.10 Mainstreaming GRC into the Business Process
Keynote address by session chair
Sunil K Kohli, IDAS, Joint Secretary and Financial Adviser,
National Disaster Management Authority (NDMA) and
National Disaster response Force (NDRF),
Government of India, Ministry of Home Affairs
09.30 Road Map for Initiating Governance, Risk and Compliance
Program in an Enterprise risk management and compliance
strategies
 What are the best practices in developing interdependence,
strong reporting and transparent communication between
functions, key management, committees, and the board
 Governance vulnerabilities that make GRC relevant
 How do you define scope and framework of GRC which is right
for your organisation?
Senior Representative, SAP
10.00 Case Study:
Best practices in compliance and risk management
• What are the best practices in compliance training and creating
awareness across your organization
• Practical risk and compliance models for local and cross border
conditions
• Linking your compliance, audit and risk programmes
Rajesh Bagga, Vice President Legal, TATA Motors
10.30 GRC Strategy:
Key steps for uniting risk management across the business
• What should be your main motivation for unifying risk
management across business units and departments?
• Learning’s from failed ERM strategies – evaluating the paper
failures instead of helping in the business decision process?
• Gaining board buy-in in a meaningful way
• Defining risk without aided technology driven solutions
• Quantifying culture in your risk management programmes
• Managing risk for subsidiaries and new business units
Ajay Kumar Dhir, Executive Director and Group CIO
Lanco Infratech Limited
11.00 Refreshment and networking break
11.30 GRC International Perspectiv: Observations on the
development of GRC in global companies
 Learning’s from GRC implementation in leading companies
 What are the main drivers for GRC and the cost benefit analysis?
 How do we leverage the current experience to a unified GRC
framework which adds value?
 Technology and information management in GRC
Ravi Raman, Head Investment Analytics and Operation,
Infrahedge.
12.00 GRC Convergence: Establishing practical Governance, Risk
Management and Compliance organizational structures that
work
• Challenges for a unified GRC framework? Common blocks?
• Siloed risk function and impact on your GRC strategy
• State of future play in GRC for fast growth companies
• GRC key trends in international markets
• Accommodating stakeholder requirements and harmonizing
function for a unified GRC framework
Panel Moderated by:
Ashish Padmanabhan, Director,
Standard Chartered Bank
Panel Members:
Lav Chaturvedi, Chief Risk Officer,
Reliance Capital
Sunil Varkey, Global Security Assessment & Remediation,
Barclays Technology Centre
Suparna Singh, Vice President, Corporate Governance and
Business Development, Chairman's Office,
Essar Group
ITP Publishing India Pvt Ltd. Level 8 Span Centre, Off Linking Rd, Santacruz (W), Mum - 54. India.
13.00 Networking lunch
14.00 Case Study: Elements of a good Corporate Governance
structure – towards building a sustainable future
 Moving from a siloed structure to a well-integrated framework
 Criticality of positioning the GRC structure right in the
organizational hierarchy
 Challenges in creating a sustainable structure
 Importance of good communication in getting the right message
across to all stakeholders
T Vinod Kumar, Global Head – Corporate Audit & Risk
Management, TATA Chemicals
14.30 GRC Integration with Governance: Instilling a culture of good
corporate governance for GRC success
• Changing approaches to corporate governance
• Involving senior management and drive from the top
• Ethics and corporate governance, Education and enforcement
• Integrating corporate governance with CSR
• Integration with internal and external stakeholders and extending
it to third-party business partners
• Linking good governance to your GRC strategy?
Panel Moderated by
B. Krishnamurthi, Practice Head (KM & Business Consulting)
Strategy and Business Solutions
Panel Members:
Sanjay Mathur,
Sr. VP and Head - Management Audit
Reliance Communications
Ranjan Banerji, Senior Vice President, Head of Risk & Compliance –
India, Commonwealth Bank of Australia
Ravi Raman, Head Investment Analytics and Operation,
Infrahedge.
15.30 Expert View: Evaluating the return on your GRC Investment
The key for implementing a new process or program in organization
is to have a very clear view on advantages it offers, monetary, short
term and long term benefits. This presentation analyses the benefit
of GRC program on
 Enterprise’s brand and reputation
 Stakeholders and share price
 Resources utilization
 New business strategies
 Competitive differentiation
Anand Tatavarthi, Vice President, CURA Technologies Limited
16.00 Evaluating Enterprise GRC Platforms: Evaluation One
16.10 Refreshment and networking break
16.30 GRC Enabler: Information Governance and its role in a
successful GRC strategy
• Developing an enterprise-wide information governance strategy.
• Target states on Information Governance Maturity Model
• Information Management maturity curves
• Significant forces affecting the governance of IT
• How are organizations governing IT in order to manage the
business imperatives of the economy?
• What is the new organizing logic for IT governance
• What are best practices for Information Governance?
Panel Moderator
Burgess Cooper, AVP Information Security,
Vodafone Essar
Panel Members:
Ajay Kumar Dhir, Executive Director and Group CIO
Lanco Infratech Limited
Arun O Gupta,
Customer Care Associate & Group CTO
Shoppers Stop Limited
Vijay Devnath, IRSEE, CISA, Chief Manager (IT),
Konkan Rly. Corp. Ltd
17.30 Summation and end of day one
 CONFERENCE DAY TWO:, FRIDAY 29 April 2011

08.30 Registration and morning refreshment

13.15 Networking lunch
09.15 Opening remarks by session chair
14.15 GRC Integration with Compliance
Best practices for managing compliance and linking it to your GRC
09.30 GRC Integration with Enterprise Risk Management
strategy
Panel Discussion: Developing integrated strategy for Enterprise
risk management and linking it to a unified GRC strategy • What are the best practices for driving compliance programmes across
• Lessons from early adaptors of ERM frameworks your company?
 Importance of good governance and ERM strategy– directors’ • Establishing policies and processes for compliance
duties, legislation & expectations • Compliance training and awareness across your organization! What
 Organisation’s risk appetite – link to stakeholders’ expectations works best?
 Committing to a risk Management programme • Monitoring compliance by business partners and suppliers
 Understand the modern ERM process: linking units and functional • Adapting regional or global risk and compliance models for local
departments conditions
 How do you create a common RM communication language? • Achieving connectedness between compliance, audit and risk
 Linking your ERM to a unified GRC strategy programmes
 Case study: Case analysis on successful ERM from industry sectors • Developing a principles based risk & compliance approach
and key factors in successful implementation • Proactive compliance monitoring
• Compliance risk management
Panel Moderator:
Sunil Varkey, Global Security Assessment & Remediation, Panel Members
Barclays Technology Centre Sameer Chugh, General Counsel,
Panel Members Essar Telecom Business Group
Adarsh Sakhuja, Head-Corporate Risk Management & Internal Amber Gupta,
Controls, Larsen & Toubro Limited Head - Compliance, Legal & Secretarial,
Aditya Birla Money
Dr. Soumya Kanti Ghosh , Enterprise Risk Management,
TATA AIG Life B. Sai Chandravadhan, Managing Director,
Sand Legal Private Limited
Debashis Roy, Senior Director, Head Enterprise Risk Management
IDFC
15.30 EXPERT VIEW
Abhijit Sanzgiri , Head Internal Audit, GRC Quantification, Accountability, Reporting, Disclosures &
Aditya Birla Management Corporate Pvt ltd Maturity Models
• What are the metrics and measurement to check the success and
10.30 Guidelines on Evaluating GRC Solution
progress of your GRC plan
Anurag Jain, Head of GRC, MetricStream • What to track? Why? and how?
• How do you establish and track GRC goals
11.00 Networking and refreshment break • GRC accountability
• Creating collaborative accountability across business function and roles
11.15 GRC Strategy Tools: Implementing continuous auditing & • GRC Maturity Models
continuous monitoring techniques to support your GRC Pradeep Parakh, Group President (GRC) & Company Secretary,
Strategy Bajaj Hindusthan Limited

Tobias Heine, Head of Internal Audit Volkswagen Group India & CAE 16.15 Networking and refreshment break
Volkswagen India Private Limited
16.45 Summit Spotlight
11.45 How to fast track an IT GRC initiative?
This session will look at mechanisms to quickly establish a meaningful GRC Implementation & Integration Discovery ‘knowledge café’
IT GRC program. Discovery Focus
 Key drivers for IT GRC Discussion which focus on questions and issues which lie between the line,
 IT Governance scope & areas are in the back of everybody minds, but are not brought forward in public
 Role of risk & compliance management discussions
 Leveraging available standards & processes
SUMMIT SPOTLIGHT

GRC and Impact on Mergers and Acquisitions – will it help you in the
 Establishing IT Governance roles & relationships
negotiating and price valuation? Will GRC ensure a successful
 Performance Metrics & Measurement
amalgamation?
 Automation using the right technologies
GRC and its role in influencing your stakeholders? Does it drive up your
Vinod Vasudevan, Co-founder & COO, Paladion stock valuation? Does it help when your stock prices are being driven
down by market manipulators?
12.15 Five effective steps for fortifying your Legislative Compliance How do you use GRC as an effective reputational tool building block for
Management as part of Governance and risk Management. up scaling company valuation and stakeholders perceptions
GRC – what are the common issues which will result in this being one
• Orientation and training in implementation of compliances more buzz word and practice which is just on paper?
• Legislative content Will GRC help in managing your organizational exposure to fraud from
• Audits external sources and fraudulent behaviors from internal employees?
• Automated Systems
• Managing Compliance. Ideation Focus: How can departments contribute positively in a unified
GRC Strategy?
B. Sai Chandravadhan, Managing Director,
Sand Legal Private Limited Thoughts: How do you create harmony between business roles?
Views: Change Management
12.45 Best practices for ensuring effective identification, assessment How do you managing transition from silo assurance and compliance
and mitigation of Enterprise wide risks. functions to an integrated GRC - addressing concerns of stakeholders at
 Myths associated with Risk Management various levels, socializing GRC and creating GRC aware culture in
 Addressing these myths and other associated issues enterprise...
 Governance issues linked to risk management
17.30 Summation and end of day two
Rajeev Thakur, Advisor - Risk & Assurance, Cairn Energy
‘*’ – awaiting formal confirmation

ITP Publishing India Pvt Ltd. Level 8 Span Centre, Off Linking Rd, Santacruz (W), Mum - 54. India.