IT/Cyber Risk Management for Non-Technology Executives

April 28 – 29, 2020 – Toronto

Risk management is a key component of every financial institution’s governance framework. To identify, assess and manage risk effectively, risk-data must be collected, processed, aggregated and reported in a secure and well-controlled environment.  Additionally, compliance with regulations such as risk-based capital rules, specifically require challenging data quality and modeling standards to be met.



This two-day course will provide an understanding of risk management for cyber and information technology risks.  As many organizations view information technology risks as a technology issue, non-technology professionals are often excluded from the scope of their overall governance, risk and compliance framework.  This silo-oriented approach, combined with the technical knowledge, complexity and terminology challenges, results in many organizations not taking a holistic approach to tackling these critical risks.

The most recent development in cyber blackmail is the creation of web sites posting the names of companies that have been successfully breached but refused to pay ransoms. In addition, they are threatening to publish the stolen information on their web site.  Apart from the obvious reputational and privacy risks presented by this threat, the publication of names also creates regulatory risks if the companies have failed to report breaches as required by applicable legislation.  The risks, and costs, of ineffective risk management are escalating continuously.

It is essential that individuals with direct responsibility over financial controls, regulatory compliance and operational processes (first line of defense) have a working knowledge of cyber risks and incorporate them into their risk management program.  Likewise, corporate groups responsible for policy and oversight (second line of defense) or assurance (third line of defense), need to be adequately trained to achieve their effective challenge and internal audit objectives.

IT/Cyber Risk Management for Non-Technology Executives provides attendees with a comprehensive and practical examination of risk management of technology, data and cybersecurity that has been specifically designed for audit, risk, finance, operations and compliance professionals.

IT/Cyber Risk Management for Non-Technology Executives will provide you with the conceptual foundation and tactical insights you need to successfully execute your risk management strategy and achieve regulatory acceptance in key operational processes by examining the following critical issues and illustrating them through industry specific examples and case studies:

  • Introduction to Information Technology Risk (Including Cyber Security)
  • Application Development and Management
  • Data Management
  • IT Risk Management
  • Service Continuity Management
  • Cyber Security Risk
  • Third Party Risk


March 17, 2020
March 31, 2020
March 31, 2020
IT/Cyber Risk Management  $2,099.00 + HST $2,199.00 + HST $2,299.00 + HST

Our HST Number: R862562543

Group Discount: Fourth Delegate FREE!

If three individuals from one organization register at the same time, a fourth person may also be registered to attend free of charge. The free registration must be of equal or lesser value than the paid registrations. Please contact us to arrange for attendance of larger groups.

Your Registration Includes

Registration fees include all conference materials, continental breakfast, lunch and refreshments. Parking and accommodation are not included.


As a registered delegate, you will receive a complete set of conference materials. These materials will serve as an invaluable guide, both during and after the event. The workbook will be distributed on the morning of the first day beginning at 8:00 a.m.

Cancellation Policy

Substitutions may be made at any time. If you are unable to attend, please make cancellations in writing and fax to (416) 504-6978 prior to 5:00 p.m. on April 14, 2020. A credit voucher will be issued to you for the full amount, redeemable against any other Acumen conference. If you prefer, you may request for a refund of fees paid less $250 administration fee. Registrants who cancel after above date will not be eligible to receive any credits or refunds and are liable for the entire registration fees.

Confirmed delegates who do not cancel before April 14, 2020, and fail to attend will be liable for the entire registration fees.

Acumen Information Services reserves the right to change the date, location and content for the event(s) offered herein without further notice and assumes no liability for such changes.

Early Bird Registration Discount

Register prior to to March 31, 2020 and you will obtain the following additional savings:

Second delegate: $100  Discount
Third delegate: $150  Discount
Fourth delegate: FREE

Please indicate that you are eligible for this offer on the registration page or your registration form if you are mailing in your registration.

Location – Accommodation

The conference will be held at a convenient location in downtown Toronto. Venue information and special conference accommodation pricing details will be provided upon confirmation of the venue.

Delegates can register at the Acumen service desk beginning at 8:00 a.m. on the morning of the first day of the conference. Registration fees do not include hotel accommodation.

Program - April 28

Course Agenda

Introduction to Information Technology Risk (Including Cyber Security)

  • Overview of IT organization and its major components
  • Key terms and industry buzzwords
  • IT governance framework, including risk management and compliance
  • Common industry standards
    • COBIT
    • ISO 20000

Application Development and Management

  • Systems Development Life Cycle (SDLC)
  • Analysis/Feasibility
  • Planning/Requirements
  • Design/Systems Development/Testing
  • Maintenance/Evaluation
  • Disposition/End of life
  • End User Computing Solutions
    • Minimum standards
    • Inventory and risk assessment
    • EUC controls
  • Change Management Process

Data Management

  • Data governance framework
    • People and technology
    • Governance, policies, standards and guidelines
    • Data ownership and quality
    • Privacy and compliance
    • Information architecture
    • Classification and metadata
    • Reporting and analytics
  • Data driven decisions and measurable outcomes
  • Data management and tools
  • Reporting practices

IT Risk Management

  • IT risk management framework
  • Risk and Control Self-Assessment (RCSA)
  • IT Key Risk Indicators (KRIs)
  • Incident analysis and reporting
  • Scenario analysis/bowtie assessments
  • Cyber insurance
  • Developing a cyber risk register


This two-day course runs from 9:00 a.m. – 4:30 p.m. each day including lunch as well as morning and afternoon breaks.





End of Day 1


Program - April 29

Course Agenda

Service Continuity Management

  • Risk analysis and Business Impact Analysis (BIA)
  • Design and implementation of a resilient IT service delivery process
  • Development of the IT service continuity and recovery plans
  • Emergency Plan, Crisis Management and Communication Plan
  • Incident and Emergency Management

Cyber Security Risk

  • Overview of recent incidents – the underlying risk/threat profile in play
  • Essential cyber/tech security functions typically in place
  • Assessing organizational readiness to prevent, detect and respond to risks/threats
  • Understanding cybersecurity business targets by key areas and related exposures to threats
  • Specific internal controls to implement/consider
  • Insider threats
  • Incident response
  • Effective Challenge

Third Party Risk

  • Overview of third party and vendor risk management
  • IT outsourcing agreements
  • Cyberattacks against third parties
  • Analytics, framework and processes
  • Cloud Security
  • Artificial intelligence



Program – April 28 - 29, 2020

9:00 a.m. –  4:30 p.m.

Ramirez 3-43Course Leader

Mario Mosse has 40 years of experience in operational risk management, internal audit and regulatory compliance at financial services companies. President of MMosse Consulting, LLC,  he provides risk management advice and training to the financial services industry. Previously, he was the head of Operational Risk Management at Prudential Financial, Inc.  Prior to joining Prudential, Mr. Mosse was with The Chase Manhattan Bank, where he held several senior positions in Internal Audit and Risk Management, including South America Regional Audit Executive and Head of Risk Management for the Corporate Finance Sector.




Who Should Attend

This conference has been specifically designed for, and in consultation with, experts in accounting for financial institutions as well as standard setters. The event has been developed with the professional responsibilities of our audience as our focus. As well, auditors, financial advisors, analysts, lawyers and other advisory professionals would benefit from staying current on the information provided at this timely event. In particular, our experience indicates that individuals in the following positions would mostly likely be in attendance:

  • Chief Financial Officers
  • Chief Risk Officers
  • VPs, Directors and Managers
    • Risk Management
    • Financial and Regulatory Reporting
    • Finance
    • Regulatory Compliance
  • Risk Managers
  • Actuaries
  • Internal Auditors
  • Audit Committee Members
  • Audit and Assurance Professionals
  • Industry Regulators and Standard Setters

To obtain a copy of the brochure, please send a request to the email below or click on the image of the brochure on this page.

e-mail at info@acumeninformation.com

Comments From Participants  Attending Acumen Conferences –Information You Can Work With

“Top class expertise on the issues from a good variety of backgrounds. They are excelent speakers and made a difficult subject understandable. Very well organized and the topic was well covered”

Assistant Treasurer

“Best conference I’ve ever attended.”

Senior Manager, Enterprise Hedge Accounting and Derivative Reporting
Royal Bank of Canada

“Suffice it to say that the conference delivered on my expectations…A lot has been taken away from this conference…$ well spent…”

V.P. Risk Management Advisory
New Brunswick Credit Union Stabilization Board

“This seminar was fantastic - very informative and has some extremely interesting and knowledgeable speakers”

Manager, Corporate Accounting
Brascan Power

“The (2) days were eye opening. It definitely gives me a better idea of the areas to focus more of my time”

Supervisor Finance & IS
Highland Valley Copper

“Excellent presentation of new standards and how the various concepts relate/come together”

Manager, External Reporting
Potash Corporation of Saskatchewan Inc.

“Speakers were very knowledgeable, materials were current…examples and materials were relevant and well presented.”

Derivatives Accountant
Agrium Inc.

“Well rounded. Good flow.”

Manager, Capital Risk

To submit questions to be answered at the conference, please send us an email at this address at  info@acumeninformation.com

Limited sponsorship and exhibition options are available for this event, including

• Cocktail reception
• Luncheon sponsorship
• Breakfast sponsorship
• Booth/exhibit space

For more information, or to check availability,
please contact us by phone at (416) 504-6952
or by e-mail at  info@acumeninformation.com