Annual Information Technology (IT) Conference Friday, March 13, 2015 – Melville Marriott

8:30 am – 5:00 pm

(8 CPE/CPD Credits)

Event Summary

Technology developments dramatically change the way we all do business. Tremendous opportunities exist – but need to be managed. Daily, we continue to read and hear about the difficulties faced by both businesses and individuals in confronting these challenges. Every business decision today has an IT component and the management of technology risk is core to every initiative. Join us at our annual IT Conference as we discuss, analyze and assess strategies that Internal Auditors can use in counseling their stakeholders in navigating these challenges.

This year’s conference will enable attendees to hear about the latest practices observed by both industry players and expert consultants. This will enable attendees not only to gain the perspective of what they should be doing but also learn what is actually working and happening at metro area New York Internal Audit Departments.

Additionally, as a first for the IT Conference, attendees can submit their IT audit-related questions prior to the Conference. These questions will be answered throughout the day by the Conference speakers or chair.

“Insider Threat: Assessing & Managing ‘People’ Related Risks to Technology”

Governments, as well as commercial organizations, invest billions of dollars each year to manage risks related to cyber security. However, the effectiveness of these investments are in many cases reduced by a lack of attention to human factors. This presentation will provide an overview of insider threats that leverage information technology and also provide an IT auditor’s view on implementing effective internal controls.

Fred Drum, CRISC, PCI-SSC QSA, PCI-SSC, PCI-PSenior Information Systems ConsultantCoalfire

Fred Dunn is an information security and risk professional with over 14 years of experience in all aspects of IT. He has extensive experience in the technical elements of networking, data center, virtual infrastructures, and business process reengineering, and has worked in computing security of government naval bases, financial institutions, service providers and retail services.

Fred has extensive experience in information security policies and procedures, endpoint security and unified threat management solutions. With his deep understanding of compliance and technical experience, he has helped government, financial services, retail and healthcare organizations build their security programs around the compliance requirements in their respective industries.

“Social Media and the Internal Auditor”

In this fast paced session, two practicing internal auditors will share their experiences and perspectives for auditing a significant 21st century risk facing organizations of all sizes. The presentation will include discussions on What is Social Media; Pro and Cons of Social Media; Social Media Risk; Regulatory Requirements and Tools and Tips for Auditing Social Media.

Sumukh Shah, CISAAudit Director, AIG

Sumukh Shah is an Audit Director within AIG’s Internal Audit group responsible for audit coverage for North America (U.S. and Canada) Claims and Operations which is part of the AIG Global Claims & Operations (GC&O) organization. AIG GC&O is a service organization offering a broad range of claims and support services to AIG insured and business partners in support of the commercial and consumer business functions. Prior to this, Sumukh Shah spent more than 12 years in various Operation and IT audit roles for AIG, JPMorgan Chase and PwC. Sumukh has also instructed courses for Mainframe and AS/400 systems focusing on the identification of process risks and controls as they relate to General IT Controls and business processes they support (e.g., trading systems).

Sumukh is a Certified Information Systems Auditor (CISA). He is a graduate of Mumbai University with a B.S. in IT and also received a M.S. in Computer Science from New York Institute of Technology. Sumukh is also an adjunct lecturer at CUNY Baruch teaching a Technology Audit course.

Chris Daly, CISAIT Audit Senior Manager, AIG

Christopher Daly is an IT Audit Senior Manager within AIG’s Internal Audit group responsible for audit coverage of the AIG Business Partners group. AIG Business Partners is a global department providing finance, asset and risk solutions, as well as support services to AIG's Investments, Global Finance and Enterprise Risk Management organizations. Prior to working at AIG, Christopher spent approximately six years working as part of the IT Risk and Advisory team at Ernst & Young with a portfolio including clients in the telecommunications, media & entertainment and publishing industries.

Chris graduated from Lehigh University with both a B.S. in Computer Science & Business and a B.S. in Accounting. Chris is a CISA and a member of the Information Systems Audit and Control Association (ISACA).

“Continuous Monitoring and Data Analytics”

In this data-centric universe, data analytics has emerged as one of the more significant information technology developments over the past decade. The role of Internal Audit has evolved from a purely compliance centric role to that of a business partner adding value to the organization. The use of advanced analytics has helped Internal Audit design more advanced tests, reports and visualization graphs. Many audit shops started the transition several years ago from traditional audit shops to organizations of auditors with enhanced analytic skills and savvy audit management and visualization tools. 

Learn why this is so important today:

Company expectations: Maximizing the use of technology to increase coverage, quality and business impact while managing a finite audit budget

Value Relationship: Insights open the door for deeper discussion on issues and developing/ strengthening relationships

Talent development and appeal: Effective integration of analytics will strengthen the business skills of auditors

Audit-Business Partnership: Innovation and resulting methods could be ultimately transitioned into the business

Regulatory Expectations: Audit need to get stronger assurance and quantifiable results

Rob ZanellaVice President, Internal Audit - CA

Rob Zanella joined CA Technologies in September 2005 and leads the IT practice within CA’s Internal Audit Department. He led several practices within GIS prior to joining Internal Audit, including Service Management, Security, Continual Service Improvement and IT Compliance. Prior to joining CA, Rob was an Internal Audit Director at the New York Stock Exchange. Previously, Rob served as both a systems integrator and an IT auditor at Deloitte for seven years as well as a software developer for Savings Bank Trust Company and Union Savings Bank.

Rob earned a master’s degree in finance from Adelphi University and a bachelor’s degree in computer science from Hofstra University. He earned ‘book of the year’ honors (2011) for “Cloud Security and Governance: Who’s on Your Cloud?” He has published several ISACA journal articles for the Information Systems Audit and Control Association and served on the board of directors for the Metro New York ISACA Chapter.

Abbasali Tavawala, CISA, CFE Senior Internal Auditor, CA

Abbasali joined CA Technologies in August 2011 and is currently a Senior Internal Auditor. Prior to joining CA, Abbasali was a Systems Engineer at TATA Consultancy Services (TCS) Ltd. At TCS, he was responsible for maintaining and optimizing the online trading system of the National Stock Exchange of India. He has developed specialized skills in software programming, information systems management, auditing operational and strategic business processes and audit analytics.

Abbasali is a CISA and a Certified Fraud Examiner (CFE). He has earned an MBA in Finance and Information Systems from Stony Brook University and a Bachelor’s in Electronics Engineering from University of Mumbai. He is a member of Institute of Internal Auditors (IIA), Association of Certified Fraud Examiners (ACFE) and ISACA.

Vikas Dutta, CISA, CRISC, CIPP/IT, ISO.Principal Internal Auditor, CA

Vikas is responsible for worldwide operational, compliance and IT risk audits. Prior to CA, Vikas held senior audit and risk management positions at Pearson, Inc., Protiviti, AIG and Thompson Financial. He has over 15 years of experience in a variety of industries including software development, financial services, publishing, insurance, management consulting and dot com startups. Vikas holds a BBA in Operations Management from Zicklin School of Business at Baruch College.

“The Evolving Cyber-Threat Landscape & Counter Control Measures: an Internal IT Audit Perspective”

The cyber-threat landscape is an important concern for every organization. Daily occurrences demonstrate the risk posed by cyber attackers—from individual, opportunistic hackers to professional and organized groups with strategies for systematically stealing intellectual property,

personal information and money, as well as for disrupting business and or nation’s critical infrastructure.

Chances are, your company's computers will come under cyber-attack sometime soon or are already under attack without your knowledge. An attacker can succeed very easily against most companies today. Even the best-prepared organizations continue to suffer security breaches. Breaches are inevitable if you are sufficiently large and valuable as a target but the impact of a breach is not. Winning in cyber-security against an attacker means identifying attacks before they succeed, detecting when they do breach your defenses and eliminating them from your systems before they can cause lasting harm. While you can’t prevent every breach, you can avert the worst consequences.

Neil LudenSenior Vice President and Director of IT Audit at New York Community Bancorp, Inc.

Neil brings extensive experience in Audit, Technology, Finance, Compliance, Risk Management, Information Security and IS Governance. Prior to joining New York Community Bancorp, Inc., Neil held several positions, including serving as Director of Electronic Systems Audit, Security & Control at the Federal Reserve Bank of New York, and Vice President of IT Audit & Information Systems at Prudential Securities and Prudential Trade Finance Corp. Neil was Founding President of CompLink Ltd. (NASDAQ), a New York based pioneer in the early electronic messaging, control and workflow marketplace.

Neil has also served as a management, business development and risk mitigation consultant to numerous firms, including financial organizations and security, compliance and threat management product and consulting firms, software transformation and control consulting firms, and the Department of Defense (’Trusted Architecture’), and has served as a consultant in support of physical and cyber-anti-terrorism initiatives.

“Cybersecurity: A Risk Management and Audit Perspective”

Since the advent of the information age, investors, entrepreneurs, and their hired managers have continually sought to gain business advantages and opportunities through the use of IT. As with the advent of all types of technology throughout the history, those who capitalized on the benefits of technology developments found cost-effective ways to manage the new risks that came with the new technology. Yet, judging by today’s headlines, and recommendations provided by various pundits, it would appear that businesses are confronting the same family of threats and recommended controls as they did over 40 years ago. Some may believe that concerns over cybersecurity are exaggerated and as in the past, cost-effective threats can be easily managed – and that management of the problem can be relegated as in the past to the IT Department.

Others, including professional associations, reputable consultancies, think tanks and the media believe that this time it is different.

Cybersecurity is a significant business issue that dramatically impacts the organization’s relationship with its customers, profitability, and reputation.

Because technology is so embedded into the business – from sourcing customers to receiving and making payment – and to maintaining financial records that no longer have paper support, management of cybersecurity risks can no longer be delegated to someone other than the person or group primarily responsible for the business.

Many board members and executives have come to the conclusion that it is a business issue. This session will discuss how expectations of board members are evolving to address the business risk that cybersecurity is.

Joel Lanz, CPA, CISA, CISM, CISM, CISSP, CFEPrincipalJoel Lanz, CPA, P.C.

Joel Lanz is the founder and principal of Joel Lanz, CPA, P.C., a niche CPA practice focusing on technology governance, risk management, IT audit, cyber and information security and computer facilitated fraud. Prior to starting his practice in 2001, Joel was a Technology Risk Consulting Partner at Arthur Andersen and was a Manager at Price Waterhouse. His industry experience includes Vice President and Audit Manager at The Chase Manhattan Bank and senior IT auditor positions at two insurance companies. Joel was recently appointed as a Reference Member (non-voting member) of a $1.2 billion non-profit organization’s Audit Committee.

Joel currently chairs the American Institute of Certified Public Accountants (AICPA), and Certified Information Management and Technology Assurance Executive Committee (IMTAEC). Executive committees are the standing parent group responsible for Policy-setting in an area of activity at the AICPA. Joel serves on the Editorial Board of “The CPA Journal” and formerly served on the Editorial Board of “Bank Accounting and Finance.” Since May of 2012, Joel has instructed the graduate Internal Controls and IT Auditing courses at NYU’s Stern School of Business. He is also an Adjunct Professor in the School of Business at The State University of New York – College at Old Westbury.

Friday, March 13, 2015Full-Day Program

Check-in and breakfast begin at 8:00 a.m. Program begins at 8:30 a.m.Lunch will be served at approximately 12:00 p.m. Dress is business casual.

How to Register:Please use the following on-line registration link: http://www.cvent.com/d/grqlsk/4W

If you are having trouble with the link, notify Jared Greco at jagreco@deloitte.com. Cancellations must be made at least 24 hours prior to the event by contacting Robert McNair at mcnair@bnl.gov.

For making payments offline: You should register on-line (see above) and in the payment section, select “check” or "other." If not registering on-line, please contact us at LongIslandIIA@yahoo.com, or call Robert McNair at (631) 344-5921 at least 24 hours before to reserve your seat. Then complete and enclose this registration form along with your check made payable to the IIA Long Island Chapter and mail to: Institute of Internal Auditors LI, P.O. Box 442, Smithtown, New York 11787 or bring it the day of the seminar.

Name(s) IIA Member$175 Each

Non Member$225 Each

Student $30 Each

No. of Prepaid Subscriptions

Applied

CPEY/N

CPDY/N

Total $ $ #

Company Name: _______________________________________

Address: ________________________________________

Phone Number: ________________________________________

E-Mail Address: ________________________________________

Directions to the Melville Marriott:From New York City: Take the Long Island Expressway (Route 495) to Exit 49 South. Take the Ramp (right) onto the South Service Road. Turn left (North) onto Old Walt Whitman Road (Walt Whitman Road).

From Eastern L.I.: Take the Long Island Expressway (Route 495) to Exit 49 North. Take the Ramp (right) onto the North Service Road. Turn right (North) onto Old Walt Whitman Road (Walt Whitman Road).

The Melville Marriott phone number in case of weather emergency: (631) 423-1600