Gartner Enterprise Risk, Audit & Compliance Conference - Day 2 Highlights

We are bringing you news and key takeaways from the Gartner Enterprise Risk, Audit & Compliance Conference, taking place this week in Grapevine, Texas. Below is a snapshot of key insights and approaches shared by presenters at the conference.

On Day 2 of the conference, we are highlighting sessions on what the audit committee wants and needs to hear from their audit leaders, the latest regulatory impacts on artificial intelligence risks, and risk reporting that drives action. Be sure to check this page throughout the day for updates.

Gartner Says Organizations Must Develop a “Risk Reflex” to Handle Today’s Fast-Moving, Interconnected and Unpredictable Risk Environment 

Gartner Hype Cycle Highlights Rise in Gen AI and Automation as Legal, Risk, and Compliance Leaders Tackle Global Regulatory Complexity

Presented by Brian Andersen, Senior Director, Gartner

Chief audit executives (CAEs)have limited time to communicate with their audit committees. In this session, Brian Andersen, Senior Director at Gartner, shared insights on how to optimize audit committee reporting to meet board expectations and make the time as efficient and helpful as possible.

• Facing mounting  pressures such as increased scrutiny, a complex regulatory environment, and evolving risks, audit boards need to improve risk oversight reporting. 

• Because of the limited time available to engage with audit committee members, CAEs should mindfully prioritize what to review and discuss in audit committee meetings.

• CAEs must focus on what the audit committee itself is prioritizing, areas where the audit committee wants more information, and supporting risk oversight.

• It’s imperative for CAEs to  put risk oversight ahead of function oversight when engaging with the audit committee.

• CAEs should structure their communications around core directional elements such as system governance mechanisms, thematic analyses across the organization, trends in root causes of audit findings, and the health of the risk management culture — while also providing more detailed data in the read-ahead or supplemental materials.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com

Presented by Viktoria Boyle, Vice President, Gartner

Between 1Q24 and 1Q25, countries and jurisdictions across the globe proposed over 1,000 legislative actions relating to the development and use of AI. In this session, Viktoria Boyle, Vice President at Gartner, showed how it’s possible to address the plethora of new regulations with a consistent approach and one set of controls.

• Legislators are enacting AI regulation at breakneck speed: for example, by 2028, more than 50% of developed countries will have enacted regulations to govern generative AI, up from less than 1% today. 

• The majority of new AI regulations are motivated by the same principles:  the importance of transparency, the need for risk management, and the need to ensure fairness.

• Instead of trying to catalog every single AI use case in an organization to weed out the highest risk ones that are most pertinent to AI regulation, it’s more efficient to work out a common set of use cases that will identify the AI systems most in need of controls.

• Once the high risk AI systems have been identified, a common set of base obligations, that are present in around 80% of existing legislation in this area, can be used to formulate  processes and controls.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com

Presented by Elliott Long, Director, Advisory, Gartner

Actionable risk reporting is becoming an increasingly important priority for heads of enterprise risk management (ERM). Yet, with almost half of the workday spent consuming information, ERM faces  challenges. In this session, Elliott Long, Director, Advisory at Gartner, explained how to ensure risk reports are consumable, relevant, aligned and actionable for users. 

• The Gartner ERM agenda poll for 2025 found that actionable risk reporting is the second most cited priority for heads of ERM.

• Although it is a high priority, it is getting harder to drive action on risk reporting. Risk leaders agree that since 2019 there are more risks, more complexity, and more information is needed to guide business decisions.

• To influence decisions, ERM leaders need to make risk reports intuitive to consume, relevant to upcoming business decisions, and aligned with other information decision makers receive. 

• Make risk reports are easier to consume by differentiating the level of detail to each audience’s remit.

• To make risk reports more relevant, anchor risks to strategic priorities and upcoming business decisions.

Journalists can receive additional information and/or request an interview with the Gartner expert by contacting Rob van der Meulen at rob.vandermeulen@gartner.com