If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2019 March 20 Training Session - All Day

2019 March (All Day) Training Session

When: March 20, 2019 - 8:00 AM - 4:00 PM EST
Where:  RTC HQ
Registration: Website
ISACA-RTC Members - $75
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $100
All Others: $125
CPEs: Up to 8
Handouts: Will Be Uploaded When available

Adopting GRC program for digital transformation using COBIT2019

 The primary purpose of using a Governance, Risk and Compliance (GRC) system is to deliver value to stakeholders.  Implementing GRC can yield benefits realization, risk optimization and resource optimization as well as assist in the proper alignment with compliance requirements based on risk.  

 In today’s high velocity and heavily compliant environments, digital transformation is key, and while business goals should be at the center of any digital transformation effort, these initiatives will require new I&T investments.  Adopting advanced technology can be an enabler or distractor, but all have risk.  These include areas such as big data, analytics, cloud computing, APIs, artificial intelligence (AI), internet of things (IoT), and so on.  Therefore, a proven GRC framework will permit the identification of the steps that are needed to perform value delivery and effective balancing of performance and conformance. 

 There are multiple frameworks, models and standards to choose from.  A challenge for most organizations is simply understanding what all of these are, and which ones are applicable or appropriate for them.  In this insightful workshop on adopting a meaningful GRC system, we will explore the many models that are available today:  what they are, how they fit, why choose them, and most importantly, how to create an overall GRC system in your organization that can govern and manage a digital transformation initiative. 


  • Understand what it means to be digital, and recognize the benefits and risks of these technologies.
  • Recognize the various frameworks in the GRC ecosystem and how they can be collectively used to align with enterprise needs in a digital transformation effort.
  • Learn tools and techniques to developing a body of assurance measures (control objectives) to ensure the proper deployment of a GRC system for the various digital technologies and deployment techniques.


  1. 1. Introduction
  2. Digital Transformation
    • Description
    • Trends and technologies
      • Trends (Agile, DevOps, outsourcing/3rd parties)
      • Compliance (privacy, cybersecurity, global standards)
      • Technologies (big data, analytics, cloud computing, APIs, artificial intelligence, internet of things)
    • The need for GRC in digital transformation
  3. GRC Frameworks
    • GRC description and purpose
    • The GRC ecosystem
      • Applicable frameworks, standards and bodies of knowledge
      • The GRC domains: Strategic Alignment, Benefits Realization, Risk Optimization, Resource Optimization, Performance Measurement
  1. COBIT 2019 Primer
    • Background on COBIT
    • Principles, components, governance/management objectives
    • How COBIT 2019 addresses digital transformation
      • Design factors and focus areas
      • Designing a tailored governance system for digital transformation
  1. Providing assurance in digital transformation
    • Applying GRC
    • Understanding risk
    • Key risks and suggested treatments/responses
    • Balancing performance and conformance (risk vs. reward)
  2. Putting it all together – a case study in digital transformation and GRC
  3. Closing and questions


Speaker: Mark Thomas CGEIT, CRISC,  IT GRC and digital transformation expert

Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT risk, IT strategy, service management and digital transformation. As a former Army officer with over 28 years of professional experience, Mark has a wide array of industry experience including government, health care, finance/banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO  standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor of the year. Mark also holds the CGEIT (Certified in the Governance of Enterprise IT) and CRISC (Certified in Risk and Information Systems Control) certifications.
Noted Experience:
Typical engagements include digital transformation governance, maturity assessments, hands‐on implementation, and consultative training and coaching in the service management, enterprise governance/risk and cybersecurity domains. Acted as interim leadership for clients with a specific focus of organizational design, operational processes, risk, cybersecurity and governance models including ITIL, COBIT, NIST and TOGAF.  Provided training services for major training firms and consulting clients in several disciplines including Business Analysis, ITIL, COBIT, MOF, ISO, NIST Cybersecurity and IT strategy areas.

For more information and to register for the training session, please visit the ISACA RTC website.