The OCEG IT Forum is gathering steam in its pursuit to establish a recurring annual curriculum of connected conferences and publications for IT and GRC professionals. OCEG has combined with The Integrity Institute , The Institute for Internal Auditors and the CERT/CC to produce a series to address the complex issues surrounding the application of technology to the rapidly evolving discipline of governance, risk and compliance management. The conference is being co-chaired by Michael Rasmussen, VP of risk management and compliance at Forrester Research and myself and is being supported by a growing number of sponsors led by diamond sponsor Deloitte Consulting LLC.

A short FAQ follows
What is OCEG?
OCEG is a not-for-profit organization with a clear public mission: to help organizations align their governance, compliance and risk management activities to drive business performance and promote integrity. Founding members include Fortune 100 companies, leading business and audit firms and technology companies.
What is the OCEG IT Forum charter?
To enhance the role and increase the value of IT through the validation and dissemination of GRC best practices, technologies and architectures.
What are the 2006 events?
1) The OCEG IT Forum Spring Session on May 9th & 10th at the Harvard Club in Boston, MA. This conference will include two days of sessions focused developing a common framework for defining and measuring the requirements, benefits, risks and TCO of adopting an IT-enabled GRC program. The format will include plenary and track sessions with plenty of time for networking.
2) GRC 360º: Technology Edition with a scheduled publication date of August 1. The format will be a glossy, 24 page magazine and will be dedicated to the OCEG IT Forum agenda. With a circulation of 40,000 corporate executives and professionals, we expect that this will serve as an excellent follow-up to the Spring session as well as a “stage setter” for the Fall.
3) The OCEG IT Forum Fall Session scheduled for November 14th & 15th at the Marine Club in San Francisco CA. The Format will be similar to the spring session but will also include an exhibition area. The agenda will build on the spring session and the summer publication and will concentrate on practical strategies, practices and technologies to execute on the guidance developed and presented throughout the year.
How are these activities connected into “a single curriculum?”
Napoleon wrote that a two-front war cannot be won, yet, in today’s world, that is exactly where many IT organizations find themselves.
First, IT organizations have a clear mandate to get their own houses in order. IT governance is top of mind as existing technologies, practices and policies must be rapidly aligned with governing regulations and guidance.
Second, IT organizations must extend and evolve their existing portfolio of technology, applications and services to better serve the business as a whole. Finance, human resource, manufacturing, et al, are undergoing process and policy evolution and are dependent on IT to be responsive and flexible.
IT’s mandate to ensure effective IT governance and to manage potentially disruptive change in support of equally material changes in virtually every corner of their business are two distinct but entirely connected challenges that must be met head on and in an integrated fashion.
The overarching theme for the 2006 IT Forum is the transformation of IT’s “two front war” into a coherent and sustained operational approach to governance, risk and compliance.
The Spring ConferenceThe Spring conference focuses on defining, organizing, scoping and measuring the challenges that IT organizations face as they work to be compliant and to automate and sustain broader governance, risk and compliance initiatives underway across their organizations and their partner/supplier networks. The latest guidance, counsel and recommended practices will be presented in the context of OCEG’s overarching GRC framework. Attendees will leave better armed with tools, vocabularies, relevant benchmarks and potential partners to most efficiently overcome the shared challenges that they face.
The Fall Conference
The Fall conference will build on the foundation laid out in the Spring, the supporting summer GRC360 publication, and recently completed benchmarking studies and guidance to provide concrete and actionable information, templates and architectures. Specific attention will be given to applying the concepts presented, accounting for special requirements within industries and recent case studies and precedent. This event should be especially useful as attendees will have had 6 months to assess and organize their own requirements into the common framework outlined in the Spring event.
For more detail on these topics or to submit a presentation request, please contact me at

Organizational support

The Integrity Institute, Inc.’s mission focuses upon the belief that the sustainability of an organization is based upon integrity and the evidence that companies that have a higher standard of integrity offer greater long-term shareholder value. The focus of The Integrity Institute, Inc. is to establish a single standard of measurement where the integrity of companies can be measured.
The Institute of Internal Auditors (IIA) is an international professional association of more than 111,000 members recognized as the internal audit profession’s leader in certification, education, research, and technological guidance.
The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
A sampling of speakers includes
Julia Allen, senior researcher, Carnegie Mellon University’s Software Engineering Institute, the CERT program
Lynn Brewer, Author – “Confessions of an Enron Executive”, Founding Chairman – The Integrity Institute, Inc
Lee Ditmar, Principal, Deloitte Consulting LLP
Theodore Frank, President, Axentis and co-chair of the OCEG Technology Council
Sebastian Holst, Director, OCEG and SVP, PreEmptive Solutions
Lane Leskela, Senior Product Marketing Director, Oracle Corporation
Scott Mitchell, CEO, OCEG
Michael Rasmussen, VP Research, Forrester Research
Heriot Prentice, MIIA, FIIA, QiCA, Director Technology Practices, The Institute of Internal Auditors