I attended the first Governance, Risk and Compliance Conference 2009, held last week, on August 4 in Washington DC. It replaced the annual Program Management summit held by the same organizers. CA co-sponsored the day-long event, which included two tracks and a variety of government practitioners and industry experts.

The first track covered Technology Solutions. I participated as a panelist in a session on "Governance in a Web 2.0 World" along with experts from the Intelligence Community, AIIM, and the Department of Education.

The panel convened with a real-life example of a mashup by a mashup evangelist for the US Intelligence Community. He showed a presentation about Intellipedia, which is essentially a Wiki environment that enables the 12 disparate intelligence agencies to collaborate and approve entries of topical interest, such as North Korea or Iran. The discussion also centered on the reasons that organizations get involved in Web 2.0 strategies, including the ability for the Department of Education to interact with students via social media and other Web 2.0 strategies.

Other sessions on the Technology Solutions track included a presentation of Spacebook, NASA's internal Facebook site, and a very interesting session on how the Army leverages cloud computing while remaining within (and creating) Federal IT security regulations.

The second track focused on Regulations and Compliance, including sessions on new Consensus Audit Guidelines (CAG) for Federal IT Security, False Claims Act, and Waste Fraud and Abuse acts regarding government contracting regulations.

The last session of the day I found to be particularly interesting. The topic was regarding spending Federal stimulus dollars while remaining in compliance with relevant regulations for financial processes, e.g. OMB A-123. This session covered how the Department of Justice and the Department of Energy are managing over $700 billion in Federal stimulus spending. It was an interesting case study on the intersection of grants management and program management, where the grants qualification process is directly linked in to performance metrics regarding the management of the grant program, all of which is reported up into a central application from various programs in the field.

This was a great conference to be involved with, with excellent speakers and topics. There were three key messages that I took away from the event:

1. Governance, Risk and Compliance is a major focus now for the Federal government, with agencies discovering that they are subject to a vast web of risks and compliance mandates, and they must also ensure that GRC processes keep agency and citizen information both accessible and secure.




2. Web 2.0 strategies such as social media, cloud computing, and mashup applications are being explored by Government agencies just as within private industry. To a certain extent, one can see this is partially due to the success of the Obama campaign utilizing these forums.




3. These strategies, as well as the massive stimulus funding and increasing cybersecurity needs for government agencies, all require innovative governance strategies.

Did you attend the event last week? What did you learn? Feel free to share your thoughts in comments to this post.