Discover key insights from the 2025 conference, including what corporate compliance programs will look like in the future, how to make continuous assurance effective, and how to mature a third-party risk management program.
Sessions explored what audit committees want and need to hear from their audit leaders, as well as the latest regulatory impacts on artificial intelligence risks.
Join us at the Gartner Enterprise Risk, Audit & Compliance 2026 Conference, September 15 - 16, in Grapevine, TX.
Embed Compliance Guidance: Move away from standalone training and communications by integrating compliance guidance directly into employee workflows. This approach has been shown to significantly reduce non-compliance and employee burden.
Localize Liaison Programs: Create more localized accountability for compliance through your compliance liaison networks. Local liaisons can better tailor messaging, track regulations, and gather employee feedback to improve program effectiveness.
Make Speak-Up Culture Employee-Centric: Reframe reporting misconduct from a company-centric value to one that highlights personal and team benefits for employees, including explicit leniency for self-reporting.
Three pillars support an actionable framework for continuous assurance: 1) an agile governing framework, 2) engaged people with the right skills, 3) the appropriate technology.
A proactive data strategy is key to success, and forming a cross-functional data council to put this in place is essential.
Assurance executives should consider the entire third-party risk management lifecycle as they build and scale their TPRM programs.
The three most common barriers to building and scaling TPRM are (1) siloed ownership of third-party risk, (2) inefficient and redundant processes, and (3) delayed implementation of TPRM technology.
Facing mounting pressures such as increased scrutiny, a complex regulatory environment, and evolving risks, audit boards need to improve risk oversight reporting.
Because of the limited time available to engage with audit committee members, CAEs should mindfully prioritize what to review and discuss in audit committee meetings.
CAEs must focus on what the audit committee itself is prioritizing, areas where the audit committee wants more information, and supporting risk oversight.
Legislators are enacting AI regulation at breakneck speed: for example, by 2028, more than 50% of developed countries will have enacted regulations to govern generative AI, up from less than 1% today.
The majority of new AI regulations are motivated by the same principles: the importance of transparency, the need for risk management, and the need to ensure fairness.
Instead of trying to catalog every single AI use case in an organization to weed out the highest risk ones that are most pertinent to AI regulation, it’s more efficient to work out a common set of use cases that will identify the AI systems most in need of controls.
Gartner Enterprise Risk, Audit & Compliance conference returns to Grapevine on September 15-16, 2026.
Join us to uncover the latest enterprise risk, audit and compliance insights and solutions with experts, peers and service providers to accelerate your business.
The quote and lead gen form below are optional and can be removed if needed.
*This note will only show in the editor and will be hidden on the preview and live page. Feel free to delete this note if you would like.
“Gartner Enterprise Risk, Audit & Compliance conference provided abundant opportunities to network with peers across industries who are facing similar challenges and opportunities.”
Secure your space now.
