Gartner Enterprise Risk, Audit & Compliance Conference - Day 1 Highlights

We are bringing you news and highlights from the Gartner Enterprise Risk, Audit & Compliance Conference, taking place this week in Grapevine, TX. Below is a collection of key announcements and insights coming out of the conference.

On Day 1 of the conference we are highlighting sessions on what a corporate compliance program will look like in the future, how to make continuous assurance work, building critical skills and expertise in an audit team and how to mature a third-party risk management program. Be sure to check this page throughout the day for updates.

Gartner Says Organizations Must Develop a “Risk Reflex” to Handle Today’s Fast-Moving, Interconnected and Unpredictable Risk Environment 

Presented by Mara Lindokken, Director, Advisory,  Gartner

With employees increasingly burdened by complex workdays, rising expectations, and rapid technological change, compliance leaders need to rethink how their programs interact with and support staff. In this session,  Mara Lindokken, Director, Advisor at Gartner, outlined practical strategies for reducing compliance burden and improving employee engagement, at five key employee-compliance touchpoints.

• Embed Compliance Guidance: Move away from standalone training and communications by integrating compliance guidance directly into employee workflows. This approach has been shown to significantly reduce non-compliance and employee burden.

• Localize Liaison Programs: Create more localized accountability for compliance through your compliance liaison networks. Local liaisons can better tailor messaging, track regulations, and gather employee feedback to improve program effectiveness.

• Make Speak-Up Culture Employee-Centric: Reframe reporting misconduct from a company-centric value to one that highlights personal and team benefits for employees, including explicit leniency for self-reporting.

• Build Trust in Investigations: Increase transparency and fairness in misconduct investigations by clarifying processes, communicating a range of possible consequences, and actively measuring employee trust and experience through feedback tools.

• Expand Ethics Incentives: Broaden compensation structures and consequence management beyond senior leaders to all employees, ensuring that ethical conduct is recognized and incentivized throughout the organization.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com

Presented by Devanshu Mehrotra, Senior Director Analyst, Gartner

Assurance leaders must keep pace as modern organizations operate in real-time facing an evolving regulatory environment, intense market pressures, and rapidly changing business conditions. In this session, Devanshu Mehrotra, Senior Director Analyst at Gartner, explained how to build continuous assurance that ensures compliance while turning the audit function into a value creator for the organization.

• Continuous assurance is a broad term encompassing activities by all three lines of defense to proactively monitor and respond to risk and control information on a real-time or near-real-time basis.

• Although the idea has been around for some time, many functions struggle to realize continuous assurance in their organizations.

• Three pillars support an actionable framework for continuous assurance: 1) an agile governing framework, 2) engaged people with the right skills, 3) the appropriate technology.

• A proactive data strategy is key to success, and forming a cross-functional data council to put this in place is essential.

• Various technology enablers exist ranging from developing specialized data analytics to using the capabilities embedded in GRC and ERP tools. For most organizations, a hybrid approach is likely to work best.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com

Presented by Gisele Antunes, Senior Principal Advisor, Gartner

As the range of risks and subject-matter areas continues to grow, most CAEs find that their teams need new expertise more than ever. In this session, Gisele Antunes, Senior Principal Advisor at Gartner, shared how leading organizations are embracing a “learning architect” approach to build critical skills from within.

• To help meet a growing need for subject matter expertise in their teams, audit leaders should move away from one-size-fits-all training, instead architecting learning journeys that are purposeful and tailored to specific business challenges.

• Linking learning to actual audit scenarios and organizational priorities ensures that skill development is immediately relevant and applicable.

• Implementing gamification, peer collaboration, and real-time feedback will help to ensure auditors are motivated and that learning sticks.

• Building expert networks and a platform for knowledge sharing enables auditors to access just-in-time expertise and contextual support, helping to embed expertise within teams.

• Continuously adapting learning strategies that are flexible and responsive to emerging risks and business needs helps teams stay relevant and prepared for future challenges.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com

Presented by Antonia Donaldson, Director Analyst, Gartner

As Third-party risk management (TPRM) becomes increasingly complex, regulators and other stakeholders are focused on how organizations are managing their TPRM activities.  In this session, Antonia Donaldson, Director Analyst at Gartner, shared how assurance leaders can overcome common barriers and mature TPRM programs to improve efficiency and better identify, escalate and mitigate third-party risk.

• Almost two-thirds of legal and compliance leaders surveyed last year said that TPRM was one of their top five legal priorities for 2025, and three quarters noted it was a critical compliance priority.

• Assurance executives should consider the entire third-party risk management lifecycle as they build and scale their TPRM programs.

• The three most common barriers to building and scaling TPRM are (1) siloed ownership of third-party risk, (2) inefficient and redundant processes, and (3) delayed implementation of TPRM technology.

• Organizations are experiencing increased complexity and pressure within their third-party ecosystems. 

• If assurance leaders take a 5-step approach to maturing their third-party risk management programs, they can better mitigate the inherent risks of working with an increasing number of third-parties.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com