Skip to content


IN-PERSON EVENT

GRC essentials for 2026

As organisations face increasing complexity across AI, cyber, and climate risk, traditional approaches to governance, risk, and compliance are no longer enough.

This practical masterclass revisits the foundations of effective GRC and shows how leading organisations are shifting from risk management to outcome management, ensuring risk practices directly support strategic objectives.

It addresses how to develop a practical working risk appetite which guides your risk management and then focusses on 3 deep dives into AI Risk, Cyber Risk and Climate Risk to bring the principles to life.

Through expert-led sessions and real-world examples, you’ll gain practical tools to strengthen your GRC capability for 2026 and beyond.

Please be advised we have a limit of 5 people per organisation. 

 

Time: 8:30am-1:30pm

Wellington: 19 May 2026
Cliftons, Level 28/100 Willis Street, Wellington Central, Wellington

Auckland: 20 May 2026
Rydges, 59 Federal Street, Auckland

Cost: $100 NZD
An invoice will be issued upon completion of registration.

Register Now!

Why you should attend 

  • Understand how GRC must evolve to stay relevant in 2026  

  • Learn how to define and operationalise risk appetite
  • Explore how to integrate AI, cyber, and climate risks into your ERM framework
  • Gain practical techniques you can apply immediately
  • Network with peers facing similar challenges      

 

What you will learn

By attending this masterclass, you will:  

 

Reframe GRC for outcomes

  • Shift from traditional risk management to objectives-driven (outcome) management
  • Align risk practices with business strategy and performance

 

Build a practical risk appetite

  • Move beyond theory to create a working risk appetite
  • Use risk appetite to guide decision-making and prioritisation

 

Strengthen your GRC foundations

  • Answer the 5 essential GRC questions: Why, What, How, Who, When
  • Understand the key elements of an effective GRC capability

 

Deep dive into critical risk domains

  • AI Risk
    • Understand emerging AI risks and regulatory expectations
    • Integrate AI into your ERM framework

 

  • Cyber Risk

    • Analyse cyber risk using Bow Tie methodology
    • Apply KRIs effectively in a cyber context
    • Identify key cyber priorities for 2026

 

  • Climate Risk 

    • Translating climate risk into business risk within an ERM framework
    • Embedding climate considerations into existing risk, governance, and decision-making

 

Your Presenters

David Tattam 250x150

David Tattam

Co-Founder, Protecht
 

David Tattam is GRC Thought Leader and co-founder of Protecht. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.

David has been the driving force in taking Protecht's risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.

mike-franklin_teal

Michael Franklin

Cyber Security Lead, Protecht
 

Mike Franklin has a long background in cyber security and risk governance. Prior to joining Protecht to lead our cyber risk team, he worked for multiple blue-chip organisations in banking, finance and tertiary education.

Mike’s deep expertise helps Protecht customers to strengthen their cyber security, ISMS and third party/vendor risk management programs.

 

Shivali_blue

Shivali Kukreja

Head of Risk and Compliance, NIB NZ
 

Shivali Kukreja is Head of Risk and Compliance at nib New Zealand, with over 25 years of experience across banking, insurance, and the public sector. She brings a strategic, enterprise wide approach to risk, embedding it into decision making, governance, and culture.

She is known for transforming risk into a driver of value, enabling better decisions, strengthening resilience, and delivering meaningful outcomes for customers and stakeholders.

 

Comparing your options

Move from reactive, spreadsheet-based compliance to a connected, automated governance system - ready for the Aged Care Act 2024.

 

Capabilities   Manual approach using spreadsheets   Protecht

Incident & SIRS management

 

   Incidents tracked manually, inconsistent categorisation, limited visibility, and no automated escalation.   Real-time logging and automated escalation aligned to SIRS, with full audit trails and reporting.

Compliance & governance reporting

 

   Separate spreadsheets per site; time-consuming updates; high audit risk.   Centralised dashboards and reports showing compliance across all facilities, in real time.

Risk & quality oversight

 

   Disconnected risk registers make trend analysis and board reporting difficult.   Integrated risk framework connecting controls, incidents, and actions to deliver organisation-wide visibility.

Audit readiness

 

   Manual evidence gathering across documents and emails - error-prone and stressful.   Pre-configured, auditable registers with one-click reporting and timestamped compliance evidence.

Workflow & accountability

 

   No clear ownership or task tracking; actions often lost in email.   Automated workflows with defined responsibilities, due dates, and escalation paths.

Data security & integrity

 

   Version control issues and risk of accidental data loss or breaches.   Secure, cloud-hosted platform with role-based access, encryption, and complete audit logs.

How Protecht helps

Protecht helps organisations move beyond fragmented, process-heavy risk management toward integrated, outcome-driven GRC.  

 We combine:  

  • Proven frameworks aligned to global best practice  
  • Technology-enabled risk management for real-time visibility and insight  
  • Deep expertise across AI, cyber, climate, and enterprise risk
  • A focus on embedding risk into decision-making, not just reporting    

 

Book a free demo

Protecht ERM - Risk Management Dashboard