Review SWISS GRC DAY 2022

Love this Blog? Why not share it with the world?

Wer sich für GRC interessiert oder sich spezifisch mit Governance, Risk, IKS, Compliance, Datenschutz, Security, BCM und Audit befasst, war am 4. Mai 2022 am SWISS GRC DAY 2022 im Radisson Blu Hotel in Zürich Flughafen anzutreffen. Die Veranstaltung, bei der die Swiss Infosec AG und Data Governance als Partner auftraten, wurde von Yahya Mohamed Mao, Head Business Development & Marketing der Swiss GRC AG, moderiert. Mit mehr als 220 Personen liessen sich von den Best Practice-Beispielen der Referentinnen und Referenten begeistern und inspirieren. Es sind gerade diese Erfahrungen mit unterschiedlichen Herausforderungen, die den Teilnehmenden echten Mehrwert bringen und die unterstützende Rolle der GRC Toolbox im komplexen Umfeld herausheben. Für interessante Gespräche in der Pause und beim abschliessenden Apero war damit gesorgt.


Yahya Mohamed Mao, Head Business Development & Marketing Swiss GRC AG, welcomes the audience, speakers and event partners to the 5th SWISS GRC DAY. He promises them an interesting journey through exciting topics in the field of government, risk management and compliance and looks forward to interesting presentations and stimulating discussions during the break and over drinks.


“Are you Ransom ready?”, asks Tom Schmidt, Partner Ernst & Young AG, EMEIA FSO Cybersecurity Competency Leader & Switzerland FSO Cybersecurity Leader. He describes current cyber threats and future challenges and what (and how) companies need to prepare for.

Ransomware is the focus of his presentation. In this form of cyber attack, cyber criminals encrypt data and servers. As part of double extortion, they not only demand money for decryption, but also for not publishing the captured data in a way that attracts media attention. The “industry”, which has now formed actual cyber syndicates and operates in a large network, generated around 20 billion US dollars in 2020 alone (compared to around 11 billion in 2019). Ransomware is therefore a highly lucrative business and one of the reasons for the rapid rise in these cyberattacks. Tom Schmidt shows the different steps of a ransomware attack and how companies can arm themselves against it.

> Link to the presentation


Dr. Susanna Lüthi-Walter, Chief Risk Officer ZRe, Zurich Insurance Company, and Eva Severa-Züger, Chief Compliance Officer ZRe, Zurich Insurance Company, know the building blocks, challenges and success factors in setting up a holistic ICS from a risk and compliance perspective.

While the scope of an internal control system (ICS) traditionally focuses on financial reporting, the increasing importance of monitoring systems in today’s environment is leading to a holistic view of the ICS. The speakers shed light on this trend and describe a holistic ICS as an integral part of company-wide risk management, which maps all significant operational and financial company risks and also incorporates compliance risks. From the speakers’ point of view, this requires a pragmatic approach, an integrative ICS strategy (including implementation planning), coordinated instruments and tools and – very importantly – sufficient resources and a strong involvement of the first line.

> Link to the presentation


Dr. Iur. Jean-Pierre Méan, lawyer and former board member of Transparency International Switzerland, will share his experience of compliance management and show how an integral compliance culture can help remedy compliance and integrity risks.

A holistic approach is also the focus of this presentation. Such an approach also proves its worth when it comes to the complex topic of compliance. The very fact that compliance is part of the ISO Governance family of standards shows the close links to governance, anti-corruption, whistleblowing, etc. The anti-corruption standard is used as an example to show how a compliance culture can be implemented, what needs to be taken into account and where the standard is most helpful. In any case, the commitment of top management is crucial to the success of a company’s compliance culture. And it goes without saying that there is still room for improvement when it comes to compliance. Dr. Méan identifies this in the role and positioning of the compliance officer, conflicts of interest and compliance for SMEs, among other things.

Link to the presentation


Tolga Ece, Head of the Risk and Insurance Management Competence Center of the City of Zurich, presents the City of Zurich’s opportunity and risk management and its comprehensive approach to better decision-making – a practical report on the success factors.

The City of Zurich has had risk and insurance regulations in place since 2011. As a result, risk management has become widespread, but there was a lack of a common system and a consolidated view. The CHARM project (from opportunity and risk management), which aims to identify and manage opportunities as well as risks, is intended to change this. The aim is to create a comprehensive opportunity and risk policy that will, for example, ensure the performance and functionality of the city administration, which has almost 30,000 employees, and promote awareness of opportunities and risks among employees. Tolga Ece describes the specific procedure in the project (workshops, bottom-up), names success factors (simple approach, clear boundaries), stumbling blocks (risk consolidation and quantification) and steps for further development (early warning indicators, cross-cutting risks).

Link to the presentation


Angela Hunziker, Head of Corporate Risk Management, SBB CFF FFS, shows what integrated assurance looks like in practice and the challenges of cooperation between different assurance functions.

Assurance is understood as the entirety of the existing monitoring and control functions in a company, while combined assurance is the coordinated and integrated cooperation of all functions that are directly or indirectly related to risk and can contribute to improving the governance structure. Angela Hunziker shows approaches in connection with integrated assurance (ISO 37000, three-line model of the IIA), names advantageous framework conditions and current obstacles. In the second part of her presentation, she will take a practical look at integrated assurance (IA) at SBB by outlining the company’s corporate objectives, the organizational embedding of IA and cooperation. Finally, she reveals where SBB stands in terms of the regular exchange of information, joint processing of topics, coordinated processes, a consistent tool landscape and a holistic management system, and where there is potential for improvement.

Link to the presentation


René Schüttel, Risk Manager, fedpol, explains current and new (intelligent) approaches to situation and risk assessment and poses the question “What is the future and what is already reality?”.

New technologies open up new opportunities, but also bring new (digital) risks that need to be managed. The changes to risk management (RM) in the age of digitalization are explained using a graphic. On the other hand, the results of a survey conducted in 2018 provide indications of changes expected in the short term (e.g. increasing degree of automation, improved data processing) and in the long term (e.g. increasing use of big data and AI, growing threat of cyberattacks). These changes mean that strategic and business considerations must be made in connection with RM, as well as operational and procedural ones. Management/leadership considerations are also an issue. There is no lack of concrete approaches for the further digital development of fedpol risk management. Risk quantification and an early warning system are just two of them.


Rely on the GRC TOOLBOX, your risk management software

Contact us for a non-binding initial consultation or for an online or live demonstration at your premises and rely on the GRC software from Swiss GRC AG. +41 41 220 75 00,

Would you like more information about the solutions from Swiss GRC AG? Contact us for a non-binding initial consultation or for an online or live demonstration at your premises. We will get in touch with you as soon as possible. Thank you very much!

    Picture of Yahya Mohamed Mao

    Yahya Mohamed Mao

    Yahya Mohamed Mao is a certified GRC Professional (GRCP) and heads the Marketing & Communications department at Swiss GRC. He is a regular contributor to industry publications and provides insights and expertise on current trends and innovations in Governance, Risk & Compliance (GRC), AI, Marketing and Branding.

    All about the GRC Toolbox

    Would you like more information about our solutions or do you want to experience the GRC Toolbox in a free demo?


    Swiss GRC Blog

    When hearing the acronym GRC, practitioners familiar with the term, which stands for Governance Risk and Compliance, intuitively associate a heavy regulatory burden, formal and rather cumbersome compliance procedures and deadlines, painful internal and external audits, and huge costs.
    The tension between innovation and regulation presents the EU with a difficult task. It must find a way that both exploits the enormous potential of AI and protects the safety and rights of its citizens. The future of AI in Europe depends on how well this balance is achieved.
    With the Swiss Federal Council's decision to bring the Information Security Act (ISG) and the corresponding ordinance into force on January 1, 2024, Switzerland is sending a clear signal for increased information security and cyber security. In this context, Swiss GRC organized a webinar.

    Get the latest news & updates

    Subscribe to our newsletter now

    Stay up to date on news trends in Governance, Risk & Compliance (GRC) with our newsletter. We inform you monthly about current topics, events such as the SWISS GRC DAY and exciting professional articles.