We are delighted to confirm that compliance, audit, and governance expert, Matt Kelly will speak at PrivSec & GRC Connect Chicago, this month.

 Taking place April 16 and 17 at Crowne Plaza Chicago West Loop, PrivSec & GRC Connect Chicago provides a platform for organizations to address the cumulative nature of risk.

PrivSec & GRC Connect Chicago’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Matt Kelly is editor and CEO of RadicalCompliance.com, a blog and newsletter that follows corporate governance, risk, and compliance issues at large organizations.

Matt will be attending PrivSec & GRC Connect Chicago to discuss the governance principles and practices that businesses should adopt when implementing AI technologies.

Learn more about Matt and his discussion topic in the Q&A below:

Could you outline your career pathway so far?

I’ve been a reporter following the GRC “beat” for about 20 years. Originally, I was a newspaper reporter, and then drifted into writing about business and technology. In 2004, I started writing for Compliance Week, and ended up editor of the magazine from 2006 to 2016.

Since 2016, I’ve been publishing my own newsletter, Radical Compliance; and I speak often about trends in corporate governance, compliance, audit, and cybersecurity. It’s a fascinating field! Compliance professionals really do have a Rubik’s cube of challenges, where you think you’ve solved one headache and then another comes into view.

I love following and talking about compliance news, and consider it a great privilege that I’ve come to know so many compliance officers around the world. Great group, very friendly and super smart.

What does best practice look like when it comes to navigating the AI adoption journey?

Best practice would be for management teams to slow down and think their AI plans through. My fear is that too few companies are doing that, and they have pockets of AI adoption happening in various ways without management’s awareness.

If I had to capture best practice in a word, that word would be “governance.” That is, senior leaders shouldn’t micro-manage all the ways the enterprise is trying to adopt AI; they should be spelling out several basic principles that business units must follow while those teams tinker with AI. Then the compliance team can follow up more closely to confirm that those basic principles are being enforced. 

For example, say you’re a retailer that wants to use facial recognition technology to identify customers who might actually be known shoplifters. You’d want controls over the quality of images uploaded into your database; and you’d want testing to be sure that the AI doesn’t return a high rate of false positives (innocent customers identified as shoplifters by mistake).

Well, who develops those technical controls for the image database? Who performs that testing of results? Who assesses whether false positives affect minority groups at such a high rate as to be discriminatory? How does management assemble the right team to put those principles into practice, and get those questions answered?

That’s the sort of oversight that needs to happen. And given the seemingly endless potential use-cases for AI, it’s going to be a bumpy learning curve.

What are the biggest pitfalls that exist for compliance, legal and governance professionals as organizations push to harness AI to best effect?

The biggest pitfalls are likely to be:

  • Lack of personnel who can easily navigate the IT, audit, and legal issues that all coalesce into one knotty risk management problem with AI.
  • Failure to structure roles and responsibilities to tackle AI issues in the right way

Don’t get me wrong; we’ll have a lot of regulatory uncertainty around AI too, and lots of risk management frameworks to adopt, and so forth. But you can hire lawyers to interpret regulations and use technology to manage frameworks and control mapping and remediation.

But if you don’t have the right people on your team, or they’re not managing work in smart, efficient ways, then all that outside help won’t solve your problems.

You can hear Matt Kelly exploring these issues in depth at PrivSec & GRC Connect Chicago in the session: The Governance Principles and Practices You Need for AI

Artificial intelligence is already racing into the corporate enterprise; the question for compliance, risk, audit and governance professionals is how you can assure that AI races wisely into your enterprise.

This session will explore the IT governance practices that organizations should already have in place so that as employees experiment with AI’s possibilities, they do so in alignment with your risk profile, without inviting regulatory infractions, security breaches, stakeholder discontent, or other threats.  

  • What regulations or enforcement actions have we already seen that suggest the best practices you should have for AI?
  • What challenges exist for compliance, legal, and governance professionals to put those guardrails in place?
  • What is the correct amount of oversight from the board, management, and the compliance team?

Also on the panel:


The Governance Principles and Practices You Need for AI

Time: 11:00am – 11:30pm CST

Date: Wednesday 17 April 2024

The session sits within a packed agenda of insight and guidance at PrivSec & GRC Connect Chicago taking place April 16 and 17, 2024.

Discover more at PrivSec & GRC Connect Chicago

GRC, Data Protection, Security and Privacy professionals face ongoing challenges to help mitigate risk, comply with regulations, and help achieve their business objectives - they must…

  • Continually adopt new technologies to improve efficiency and effectiveness.
  • Build a culture of compliance and risk awareness throughout the organisation.
  • Communicate effectively with stakeholders and keep them informed of GRC activities.

PrivSec & GRC Connect Chicago takes you to the edge of the debate, uniting the most influential GRC, Data Protection, Privacy and Security professionals, to present, debate, learn and exchange ideas.

This dynamic and content-rich experience takes place over April 16-17 at the Crowne Plaza Chicago West Loop.

Click here to register for free to PrivSec & GRC Connect Chicago