2013 All Star Conference - The Institute of Internal Auditor Documents... · 2013 All Star...

2013 All Star Conference

Sunday October 13, 2013 3:00 – 6:00 PM

Workshop – 1 Board Driven/Objective-Centric ERM and Internal Audit: Next Generation Assurance

Tim J. Leech, CIA, CCSA, CRMA Managing Director, Global Services Risk Oversight, Inc.

Learn the new risk oversight expectations for boards of directors.

Identify ways internal auditing can play a key role helping boards meet these new

expectations.

Find out why traditional ERM and internal audit methods have often failed to deliver

what boards need to oversee management's risk appetite and tolerance.

Learn practical techniques to implement a board driven/objective-centric approach

to ERM and internal audit that delivers better results.

Tim Leech helps companies more effectively manage risk and assurance to meet escalating board risk oversight due diligence expectations. He has more than 25 years of experience in the risk and assurance fields, including global experience helping clients with ERM and internal audit transformation initiatives and litigation support work on officer/director due diligence actions. He is considered by many to be one of the world's top ERM/IA transformation trainers and consultant.

All particpants will receive a complimentary copy of the Conference Board article “Setting

Risk Appetite and Tolerance Levels” from the 2013 compendium for boards titled “Risk Matters” Why and How Boards Should Become Inolved”

Learning Level: Intermediate Learning Field: Auditing

Monday October 14, 2013 8:30 – 9:45 AM

GS 1 Change is Good ‒ You Go First: Embracing Change for the Internal Auditor

Karen McCullough Motivational Speaker


McCullough & Co.

Discuss the combination of new technologies, regulations, economics, high expectations, team engagement, and employee attitudes that are changing the landscape of work.

Explore appropriate ways to respond to change situations out of our control.

Learn to respond to, live with, and ultimately take advantage of change.

Set the course to find, communicate, and execute a strong vision in a high-change environment.

Before becoming a business keynote speaker and consultant, Karen McCullough spent many years in fashion retail, gaining more than 20 years of experience in marketing, brand building, driving sales, leadership development, building customer loyalty, and managing a diverse team as owner and CEO of a small retail chain. For the past 10 years, McCullough has worked with some of the world’s leading organizations presenting customized programs on change, personal branding, customer service, emerging leadership development, sales, team building, productivity and generational management. Her clients have included Procter & Gamble, JPMorgan Chase, Symantec, The InterCon Group, HelmsBriscoe, McGraw-Hill, National Homebuilders, Shell Oil, Exxon, Fluor, The World Bank, The U.S. Department of Justice, State Farm, Humana, HP, Oracle, United Way, American Heart Association, and MD Anderson.

Learning Level: Intermediate Learning Field: Personal Development

Monday October 14, 2013 10:15 – 11:30 AM

CS 1-1 Internal Audit’s Role in Enhancing the Organization’s Ethical Climate

Urton Anderson, CIA, CCSA, CGAP, CFSA Director of the Von Allmen School of Accountancy Gatton College of Business and Economics The University of Kentucky

Gain the know-how and learn about the tools needed to assess an organization’s

ethics and compliance program (how to meet Standard 2110.A1).

Appreciate the need for an organization to establish an ethical climate and effective

compliance system.


Understand internal audit’s role in assisting the organization to establish and to

maintain a healthy ethical climate and effective compliance system.

Review helpful tools and develop a sample audit work program for conducting an

assessment.

Urton Anderson has conducted research addressing numerous issues in internal and external auditing, particularly corporate governance, compliance, enterprise risk management, and internal control. He has written four books and co-authored Internal Auditing: Assurance and Consulting Services. Anderson served as Chair of The IIA’s Board of Regents and twice chaired the Internal Auditing Standards Board. In 1997, he was named Leon R. Radde Educator of the Year by The IIA. Anderson has also been recognized for his outstanding contributions to the field of internal auditing with The Bradford Cadmus Memorial Award. He currently serves as the chair of The IIA’s Committee of Research and Education Advisors and is on the Board of Trustees for The IIA Research Foundation. Anderson serves on the board of directors for the Health Care Compliance Association and the advisory board of the Society of Corporate Compliance and Ethics. He recently completed a year as an Academic Fellow in the Office of the Chief Accountant of the U. S. Securities and Exchange Commission.


CS 1-2 Top 5 Mistakes Audit Departments Make

Robert L. Mainardi, CFSA, CRMA President and Founder Mainardi & Associates

Identify, discuss, and address the top 5 mistakes.

Participate in an individual assessment of each mistake.

Examine internal audit and business management assumptions.

Create a custom action plan to increase audit performance.

Robert Mainardi started his own company after 21 years of working in the internal audit profession in the financial services industry. The company develops and facilitates custom internal audit training as well as evaluates, creates, and implements formal audit methodologies. Previously, Mainardi was the vice president of internal audit for the Penn Mutual Life Insurance Co. He is an active member of The IIA and has been a distinguished


faculty member for almost 20 years. As a professional speaker, Mainardi leads programs to help clients develop and maintain world-class internal audit functions.

Learning Level: Advanced Learning Field: Auditing

CS 1-3 Time to Get Real — Refocusing Controls to Fight Modern Threats

Daimon Geopfert National Leader, Security & Privacy Consulting McGladrey LLP

Vincent J. Schira IT Audit Program Leader Domino’s Pizza Inc.

Learn about real-world hacking demonstrations that show controls bypass methods.

Discuss the topic of cracking and re-using "strong" passwords.

Hear about bypassing intrusion detection systems.

Ask whether evading anti-virus can compromise "protected" systems.

Find out how social engineering methods abuse social media.

Gain recommendations on how to implement more robust controls.

Daimon Geopfert is the national leader of security and privacy consulting for McGladrey. He specializes in penetration testing, vulnerability and risk management, security monitoring, incident response, digital forensics and investigations, and compliance frameworks within heavily regulated industries. Daimon has over 17 years of experience in a wide array of information security disciplines. He serves as the firm’s national leader for the security and privacy practice, responsible for the development of the firm’s overall strategy related to security and privacy services and applicable methodologies, tool kits and engagement documentation.

Vincent Schira is a seasoned professional with experience in financial and IT audit and joined Domino’s Pizza Inc. in April 2010. Prior to working for Domino’s Pizza he held leadership positions in accounting, materials & logistics management, and internal audit within the automotive industry. Leading the IT audit function at Domino’s publicly traded entity, he is responsible for planning and executing a wide variety of technology related audits. Last year Vince presented to the Internal Audit Executive Study Group of the


National Restaurant Association on key audit concepts in data warehousing and the results of a disaster recovery benchmark study he conducted. His current areas of focus include consumer data privacy, food traceability software, and serving on the company’s data governance council. Vince also works part time as a firefighter and EMT for the City of Novi, Michigan.

Learning Level: Intermediate Learning Field: Management Advisory Services

CS 1-4 Assessing Fraud Risk for a New Internal Auditor

Pierre Taillefer Partner BDO Canada LLP

Understand fraud risk in your organization.

Learn the role of internal auditing in the prevention and detection of fraud.

Discuss roles a new internal auditor can play in preventing and detecting fraud.

Pierre Taillefer has more than 20 years of experience in the assurance field and in performing risk-related advisory engagements. Prior to joining BDO, Taillefer spent many years in audit and advisory at a Big Four accounting firm managing a client portfolio consisting of crown corporations, blue chip corporations, financial institutions, and large and medium-sized public and private companies. As a risk management practitioner, he has been involved in many engagements covering fraud prevention and detection, anti-money laundering, and business process and internal control reviews.


Monday October 14, 2013 12:45 – 2:00 PM

CS 2-1 How a Small Audit Department Enhances Corporate Governance through a Broader, More Strategic Focus on Risk

Kaveh Rikhtegar Director, Internal Audit Canadian Commercial Corp.


Use a risk based approach linked to the ERM to complete the annual audit plan.

Build an effective internal audit organizational structure, tools, and processes.

Implement an effective risk-based approach in planning, executing, and reporting

audit activities.

Create an effective reporting structure to the audit committee.

Kaveh Rikhtegar has worked as a director of internal audit/controls in both the public and private sectors for more than 20 years with organizations including Deloitte, Canada Post Corporation, Office of the Auditor General of Canada, and Canadian Commercial Corporation. He is an in-demand presenter at industry conferences around the world.


CS 2-2 Adding Quality to Quality Assessments

Larry Hubbard, CIA, CCSA, Principal Larry Hubbard and Associates

Hear about the best practices and most common findings in quality assessment

reviews.

Learn how the best assessments are performed.

Discuss common quality assurance team challenges.

Explore why many internal audit departments choose self-assessments over full

external reviews.

Test your knowledge of the Standards vs. others attending the session.

Larry Hubbard is a professional trainer and consultant with a broad background in accounting, auditing, and finance. His experience includes audit management; information systems, financial, and operational auditing; financial reporting; consulting and training; and organization directorship. Hubbard is a frequent author, course leader, and speaker for The IIA and other professional organizations. He specializes in leading control self-assessment, creative thinking, information technology, operational auditing, and risk assessment courses and authored The IIA's CSA introduction, CSA facilitation techniques, operational auditing, and financial literacy for auditors. Hubbard also published A Practical Guide to CSA and is a


qualified validator for internal audit quality assessment reviews. Hubbard has trained hundreds of auditors to perform quality assessments. Hubbard is a board member and past president of The IIA─Northern Virginia Chapter.


CS 2-3 Integrating IT into the ERM Process

Xenia Ley Parker, CIA, CFSA Senior Director, IT Internal Audit Marsh & McLennan Companies

Learn why IT has become a critical aspect of business and operational risk and why

the IT/ERM integration effort is such a challenge

Uncover various options for developing the IT subject matter.

Discover where and how it fits into the organizational “big picture.”

Learn why ERM teams are often devoid of IT expertise with several generic examples

based on real life experiences.

Engage in a Q&A session with fellow participants.

Xenia Ley Parker is senior director, MMCo Internal Audit, responsible for information technology audit worldwide. She joined Marsh Inc. in 2004 as Sarbanes-Oxley PMO for IT globally. Xenia is author of Information Technology Audits, published by CCH annually within their online Accounting Research Manager (ARM). She was a senior consultant with MIS Training Institute, with over 29 years of experience in IT and auditing. Xenia spent 14 years with Coopers & Lybrand and 3 with Ernst & Young. Co-author of C&L's Handbook of IT Auditing, she wrote the technology aspects of the original 1992 COSO study: Internal Control-Integrated Framework. Previously she was associate director, production, of the Unix-based data center for CBS/AT&T Venture One videotex field test. Xenia is a frequent presenter at major conferences; a member of ISACA and The IIA, has served on The IIA’s International Advanced Technology and Professional Issues Committees, and currently serves on The IIA New York Chapter Board of Governors. She received IIA-New York Chapter's 2010 Thomas A. Johnson Lifetime Achievement Award, the 1993 International IIA Auditing and Technology Award, among others. She has written numerous IIA monographs and participated in development of several GTAGs on IT Audit-related subjects.



CS 2-4 Fraudits – Seeking Hidden Indicators of Fraud Risk

Pamela Verick Director, Investigations & Fraud Risk Management Protiviti Inc.

Explore considerations in the planning and scoping of fraud audits.

Discuss sampling methodologies.

Learn about structured and unstructured data sources.

Review testing procedures to identify fraud risk in key processes.

Pam Verick is responsible for investigations and leading the organization’s fraud and corruption risk management initiatives. Verick has 20 years of risk management experience, including the creation of fraud governance systems and fraud risk management programs, planning and execution of fraud risk assessments, and conducting investigations to address fraud, misconduct, and potential violations of the Foreign Corrupt Practices Act as well as equivalent anti-bribery laws and regulations. She also assists with compliance and ethics programs for both the public and private sector.



CS 3-1 Internal Audit: Thought Leadership for Effective Crisis Management

Sanjay Patel Chief Operating Officer Illinois Power Agency (IPA)

Understand the meaning behind a crisis situation.

Explore examples of effective and ineffective crisis management.

Discover the roles can internal audit play in crisis management.

Learn strategies to proactively manage crisis situations.


Sanjay Patel partners with the Governor’s office to ensure state agencies comply with Section 1512(c) reporting requirements of the American Recovery & Reinvestment Act (ARRA) of 2009. Sanjay has assisted many clients with Sarbanes-Oxley Section 404 compliance and business process improvement projects. He has over 20 years of progressive experience within the public and private sectors. Sanjay has also developed and delivered numerous presentations and training programs on a variety of professional development topics.

Learning Level: Beginner Learning Field: Management Advisory Services

CS 3-2 Navigating Emerging Risk

Carolyn Koehn Director, Global Audit & Transformation, Program Management Office Dell Inc.

Lisa Mayo Director, Global Audit & Transformation Dell Inc.

Francisco Johnson Director, Audit Dell Inc.

Yoan Widjaja Director, Global Assurance & Transformation Dell Inc.

Discover how to align your internal audit organization with the business to

understand risk ─ both the current and future strategic objectives.

Contemplate the emerging risks facing companies that continue to globalize their

operations.

Share approaches to address emerging risks.

Carolyn Koehn moved to her current role after more than seven years with Dell's operations and technology finance team. Since joining Dell, she has had advancing roles within finance and has supported various functions within operations and technology including product group, logistics, reverse logistics, manufacturing, and fulfillment. Prior to


Dell, Koehn was with Nortel Networks supporting its Caribbean and Latin America sales and marketing division for more than six years.

Lisa Mayo is responsible for leading audit assurances and business initiatives engagements. She was previously the corporate reporting director responsible for Dell financial reporting. Since joining Dell, she has had advancing roles within finance and accounting supporting various functions within operations and technology including manufacturing, global call centers, and information technology. Prior to Dell, Mayo was with the Texas State Auditor's office for four years.

Francisco Johnson is a Director of the Global Audit & Transformation (GAT) organization and is responsible for leading activities, engagement execution and building our presence in Latin America. Francisco has over 15 years of experience across Accounting, Financial Planning, Tax and the last 3 years in GAT. He started at Dell Brazil in 1999 during the launch of our first manufacturing plant in Latin America, and played a key role in establishing regional finance functions in our Panama site during a 1-year international assignment. Francisco holds a MBA from Texas State University, an accounting bachelor’s degree from Universidade Federal do Rio Grande do Sul (UFRGS) and two green belt BPI certifications.

Yoan Widjaja leads the organization’s Risk, Reliance, and Operations team. She recently completed a 2-year assignment in Shanghai as the head of internal audit for North Asia which included building the team. Widjaja has 15 years of finance and audit experience and before joining Dell in 2005, her career was spent with Capital One Financial Services mainly in finance/accounting.


CS 3-3 Auditing IT Governance

Steve Hunt, CIA, CRMA Director - Risk Advisory Services McGladrey LLP

Gain an understanding of what IT governance is.

Learn why IT governance is important from both an IPPF compliance and strategic

standpoint.

Examine The IIA’s IT governance model.

Review example risks and controls.


Discuss the IT governance role of internal audit.

Steve Hunt has more than 20 years of professional experience within public accounting, internal audit, consulting firms, and other professional service providers serving several industries. His experience includes in-depth Sarbanes-Oxley (SOX) compliance management, internal and external audit, business process development/reengineering and several years of experience with SAP R/3 configuration, management consulting, business process reengineering and application security, and controls consulting. Hunt is the former chair of the International Advanced Technology Committee (ATC) of The IIA and current vice chair of the International Professional Issues Committee (PIC). He co-authored The IIA’s Global Technology Audit Guides (GTAG) Auditing Application Controls, Developing the IT Audit Plan and is completing a third GTAG entitled Auditing IT Governance. Hunt has presented at many IIA national, district and local chapter meetings around the country and abroad. He is often a featured speaker at local, national, and international events for several trade associations and conferences.


CS 3-4 Beyond Detection: Our Role in Prevention

Kathleen Lizé Director of Internal Audit Cirque du Soleil

Explore the nature of internal auditing within a creative environment that is moving

constantly.

Hear how an effective anti-fraud program was implemented.

Discover the tools and techniques used by the internal audit team for both fraud

prevention and detection.

Get detailed examples of audit mandates performed in relation to fraud detection

and prevention.

Kathleen Lizé is charged with navigating Cirque du Soleil’s internal audit team within a creative environment that is moving constantly and literally. As the director of internal audit, she is responsible for financial, operational, and efficiencies audit mandates as well as fraud investigations. Previously she worked as chief internal auditor for Canadian energy


distributor Gaz Metro, and started her career with Raymond Chabot Grant Thornton. Lizé has been in the internal audit industry since 1994.



CS 4-1 Internal Audit: Working in Concert With Other Governance and Compliance Functions

Suzanne Rancourt Vice President, Internal Audit CGI

Hear how internal auditing can work strategically in concert with other governance

and compliance functions.

Discover how to expand your audit plan by applying a collaborative approach.

Learn ways to align approaches and coordinate responsibilities to ensure coverage

of all risks.

Suzanne Rancourt oversees and directs the internal audit function for CGI where she is responsible for the execution of audits as well as the company’s risk assessment. Prior to this role, she managed a global client partnership in the finance sector. Previously, she managed the consulting practice of the financial services sector at CGI and was responsible for the delivery of projects. Prior to joining CGI, she was a senior auditor for a major bank in Canada.


CS 4-2 Honorably Retire "Controls” and Promote "Risk Treatments": It's Time

Tim J. Leech, CIA, CRMA Managing Director, Global Services Risk Oversight Inc.

Review the history and definition of “controls” and “risk treatments.”


Learn why it’s time to retire “controls” and promote “risk treatments”: the business

case for change.

Discover “Optimizing risk treatments” – practical strategies to add exponentially

more value.

Share what needs to happen to retire “controls” and promote the use of “risk

treatments”.

Tim Leech is managing director of global services at Risk Oversight Inc., which focuses on helping companies more effectively manage risk and assurance to meet escalating due diligence expectations and add real value. He has over 25 years of experience in the ERM, internal audit, and forensic accounting fields, including expert witness testimony in civil and criminal proceedings and global experience helping public and private sector organizations with internal audit transformation initiatives and the design, implementation, and maintenance of integrated GRC/ERM frameworks. He is co-author with his daughter, Lauren Leech of Preventing the Next Wave of Unreliable Financial Reporting: Why U.S. Congress Should Amend Section 404 of the Sarbanes-Oxley Act, and author of a new Risk Oversight Inc. white paper challenging traditional approaches to ERM titled The High Cost of the ERM Herd Mentality.


CS 4-3 Data Mining and Continuous Monitoring Beyond IT

Anthony M. Mackle, CIA Hoosier Fellow, Senior Vice President and Chief Audit Executive BrightPoint Inc.

Sue Ulrey Partner CliftonLarsonAllen’s Business Risk Services

Discover why continuous monitoring is moving out of IT and into compliance,

operations, and finance.

Learn how top companies are creating continuous monitoring programs coupled

with data mining to reduce the time spent in audit preparation and to identify the

red flags of fraud.


Discover practical examples of how to use continuous monitoring to increase audit

effectiveness and cost efficiency.

Hear examples of how this works to ensure internal audit adds value.

Anthony Mackle is an internal audit executive with more than 25 years of audit, accounting, and risk management experience. Prior to joining BrightPoint, he served nine years as director of internal audit for Pioneer Standard Electronics and also served as head of internal audit at Cole National. Mackle created and led the internal audit function for three publicly listed companies, led the SOX initiative for two companies, worked on more than 14 acquisitions, integrations, and several divestitures. Mackle has led more than 50 fraud investigations.

Sue Ulrey has more than 20 years of internal audit, ERM, and compliance experience as a CAE and a consultant. In addition, she has performed more than 30 Quality Assessment Reviews in the last two years. Her role as CBOK 2010’s co-chair enables her to share the insights from the study to strengthen internal audit’s value to the organization and the profession as a whole.


CS 4-4 The Mind Behind the Fraudster’s Crime: Understand the Human and Environmental Elements of Fraud and Bribery

Jonathan Marks Partner In-Charge of Fraud, Ethics, & Anti-Corruption Crowe Horwath LLP

Take a closer look at the personality traits of individual perpetrators of massive

fraud.

Discuss the basics of profiling or identifying elements of behavior common

among white-collar criminals.

Discover what role company culture plays in the commission of fraud.

Hear cutting edge ideas and methods to help detect and deter fraud.

Jonathan Marks is a partner in the risk business unit and is the national leader of the fraud, ethics, and anti-corruption practice at Crowe Horwath LLP. In his role, Marks advises domestic and international engagement teams and clients on anti-fraud, fraud (including


bribery and corruption), corporate governance, business practices, ethics, risk management, compliance, internal audit, and internal control matters. He also works closely with and provides training to boards and senior management. Prior to joining Crowe, Marks was co-owner of a national consulting practice where he directed the firm’s fraud, SEC, technical accounting, governance, internal audit, risk management, quality assurance review, and education/training practices.

Learning Level: Intermediate Learning Field: Behavioral Ethics

Tuesday October 15, 2013 8:30 – 9:45 AM

GS 2 Enterprise Fraud Risk Management

Paul E. Zikmund Director, Global Integrity and Forensic Audit Bunge Ltd.

Learn why managing the risk of fraud is a critical component to any ERM program.

Gain a foundation to a fraud-free environment through the development,

implementation, and maintenance of an effective anti-fraud program and controls

framework.

Hear about the elements of a comprehensive enterprisewide risk management

framework that includes steps to deter, detect, investigate, and remediate incidents

of fraud within an organization.

Paul E. Zikmund serves as director of global integrity & forensic audit of Bunge in White Plains, New York. He is responsible for managing and conducting investigations of fraud and misconduct, implementing fraud detective techniques, administering the company’s fraud risk assessment process, and managing anti-fraud programs and controls designed to reduce the risk of fraud within the company. Prior to joining Bunge, Paul worked as the senior director, forensic audit in Princeton, New Jersey, and the director of litigation support services at Amper, Politziner, & Mattia, LLP, in Philadelphia where he was responsible for developing, implementing, and administering fraud risk management services to Tyco and to clients. He possesses nearly 20 years of experience in this field and has effectively managed global fraud and forensic teams at various Fortune 500 companies.



Tuesday October 15, 2013 10:15 – 11:30 AM

CS 5-1 Case Study: Corporate Governance Start-Up

Nick Moscaritolo Vice President, Internal Assurance JDA Software Group

Starting an ERM program and extracting a risk-based audit plan from the results.

Solving small department/start-up common issues.

Transitioning from a co-source to internal audit model.

Best practices for auditing and reporting in a small audit team environment.

Nick Moscaritolo has over 15 years of experience in the internal and external audit field. Nick started his career at Arthur Andersen, moved to Arizona Public Service Company, and later, Starwood Hotels & Resorts. Currently, Nick is the vice president of internal assurance and chief audit executive at JDA Software Group. Nick has spoken at the last 2 MIS Training Institute SuperStrategies conferences.


CS 5-2 A Risk Manager's View of ERM

Carol Fox, ARM Director, Strategic and Enterprise Practice RIMS, The Risk Management Society

Hear an experienced risk practitioner's insights on making enterprise risk

management a strategic business discipline.

Expand your understanding of how enterprise risk management can create as well as

protect value.


Learn how high-performing organizations are using risk management to reduce

uncertainties and increase the odds of success.

Discover how to forge a collaborative alliance between internal audit and risk

management for your organization's success.

Carol Fox is director of strategic and enterprise risk practice for RIMS, a global not-for-profit association dedicated to advancing risk management for organizational success. Founded in 1950, RIMS produces networking, professional development and education opportunities for its membership of more than 10,000 risk management professionals who operate in more than 120 countries. Prior to joining RIMS in 2010, Carol was senior director of risk management at Convergys Corporation, a publicly traded, global relationship management company. A graduate of Miami University (Ohio), she serves on the advisory board for its Center for Business Excellence. She also holds the Associate in Risk Management (ARM) designation from The Institutes. Carol has authored and contributed to numerous published articles and whitepapers on a variety of risk management topics and currently serves as vice chair on the U.S. Technical Advisory Group for the international ISO 31000 risk management standard implementation projectTreasury & Risk named Carol as one of its 2011 100 Most Influential People in Finance.

Learning Level: Intermediate Learning Field: Management Advisory Services

CS 5-3 Governing with ITIL and COBIT

Pam Nigro Manager Health Care Service Corp

Learn the primary focus of ITIL - Service Support Management and Service Delivery

Management.

Expand your understanding of COBIT’s focus on definition, implementation,

auditing, measurement and improvement of controls.

Discover how when implemented effectively, both COBIT and ITIL provide the

necessary framework of an IT GRC program that enables the IT organization to

govern itself.

Pam. Nigro is the manager of the iInternal controls, IT policy, and risk management teams at Health Care Service Corporation (HCSC operates the Blue Cross and Blue Shield plans in


Illinois, New Mexico, Oklahoma and Texas). She has over 20 years of experience working in information technology, ultimately becoming a subject matter expert in IT general controls. Prior to HCSC, Pam’s experience in the systems and process assurance (SPA) practice at PwC focused on services related to controls around IT management. She served both audit and non-audit clients. As a consultant, she helped HCSC develop its control framework using ITIL and COBIT.

Learning Field: Computer Science Learning Level: Beginner

CS 5-4 Investigating Internal Fraud: Soup to Nuts

Jason Hadavi Assistant City Auditor, Office of the City Auditor City of Austin

Learn the “Do's and Don’ts" of investigating internal fraud, including lessons

applicable to handling allegations, interviewing employees and contractors, and

reporting findings.

Identify and share investigative resources and protocols including investigation

standards, interviewing techniques, and case management.

Discover opportunities for tracking cases and measuring the performance of

investigation units.

Explore examples of lessons learned during actual investigations.

Jason Hadavi leads a team of investigators responsible for investigating, detecting, and preventing fraud, waste, and abuse throughout the City of Austin. Hadavi has more than 11 years of investigative experience in both the public and private sectors. He has provided internal and external training on conducting investigations and has testified in numerous court proceedings to support prosecution resulting from his investigations.



Tuesday October 15, 2013 12:45 – 2:00 PM

CS 6-1 The Politics Surrounding Tone at the Top in Governmental Auditing Entities

Rachel Ann Snell, CIA, CRMA Deputy City Auditor City of Long Beach

Expand your understanding of what it means to have “tone at the top” within the

audit organization and the government entity, and how it contributes to the control

environment, including accountability and transparency.

Discuss the various political influences within governmental entities and the effect

on audit departments and the guidance available from Yellow Book and Red Book.

Hear examples of politics influencing “tone at the top” decisions within management

and audit structures at governmental entities.

Obtain best practice strategies to avoid political pitfalls while maintaining a top audit

shop.

Rachel Snell has worked in the audit profession for more than eight years, starting at the Texas State Auditor’s Office. After serving as an assistant city auditor with the City Auditor’s Office in Austin, Texas, Snell returned to the City of Long Beach as the deputy city auditor. She has performed operational responsibilities in both public and private sectors, including Chase Bank, the City of La Mirada, Calif., and the Austin (Texas) Police Department, and she worked for a United States Congressman. Snell has been published in several audit magazines and journals.

Learning Level: Advanced Learning Field: Auditing (Governmental)

CS 6-2 Innovation and Internal Audit: What it Means, Why it is Important to Success and How Can Internal Audit Use It!

Philip E. Flora, CIA Principal, Managing Member FloBiz & Associates LLC

Learn the meaning of innovation and how it relates to the internal audit function.


Learn how to reinforce the importance of innovation and why it is necessary for

auditors to meet primary stakeholder expectations.

Identify reasons that audit functions should consider innovation in the Quality

Assurance and Improvement Program to demonstrate commitment to continuous

improvement.

Hear approaches to address emerging issues and how innovation can be used.

Receive resources and a tip list for consideration in determining how innovation

strengthens the internal audit value proposition and brand.

Phil Flora served as the chief audit executive at a not-for-profit public corporation for more than 16 years. His experience includes banking, public accounting and cost accounting, and he has more than 30 years of management/leadership and auditing experience. Flora currently serves as trustee for The IIA Research Foundation (IIARF), is a former chair of the Committee of Research and Education Advisors (CREA), and has served on numerous IIA international committees. He has served as president of The IIA─Austin Chapter, and he received the chapter’s 2006 Practitioner of the Year Award. Flora has been a frequent speaker at various national, regional, state and international conferences and has provided training on numerous subjects related to internal auditing, leadership, governance, risk management, and IT audit.

Learning Level: Advanced Learning Field: Management Advisory Services

CS 6-3 “There's an App for That": Smart Device Apps for Auditors

Norman Comstock, CIA, CCSA Managing Director UHY Advisors TX, LLC

Angelin Butler Senior Manager UHY Advisors TX, LLC

Survey productivity-boosting applications for use in audit, administration, and

monitoring.

Identify risk considerations for mobile devices and mobile apps.

Receive a framework to classify your custom grouping of apps for various phases of

the audit process.


Explore tips for bringing the mobile revolution to your audit team to foster efficiency

and collaboration.

Norman Comstock leads advisory and assurance services for IT strategy, governance, and risk assessment; software selection/implementation; documenting and testing IT general controls and application controls; and Information Systems Security. He is also the firm’s national practice leader for Management & Technology Consulting specializing in governance, risk, and compliance. Comstock was president of GCRM Solutions, LLC before its merger with UHY Advisors in 2006. Prior to UHY Advisors, he was a principal with three firms providing technology and management consulting services to Fortune 1000 companies. Comstock held audit, accounting, and finance roles of increasing responsibility at Texaco, Inc. and Compaq Computer Corporation after beginning his career in finance at Oppenheimer & Company. He is an adjunct professor at the C.T. Bauer School of Business, University of Houston, and is an alumnus instructor of The Data Warehousing Institute. Comstock is a member of the advisory council for The Open Compliance and Ethics Group (OCEG), a not-for-profit think tank focused on improving corporate governance, risk, and compliance practices.

Angel Butler has worked with multi-national Fortune 500 companies to improve internal controls related to financial, operational, and compliance objectives. She has reengineered business processes and managed a Sarbanes-Oxley project for a multinational client with operations around the world. Butler has experience performing vendor audits (contract compliance and cost recovery) and managing the outsourcing and co-sourcing of an organization’s internal audit function. Her special projects have included managing projects related to organizational redesign and business process reviews, as well as performing analyses of audit committee charters and analyzing company reporting practices to aid in the completion of environmental reports.


CS 6-4 Back to Basics – Common Frauds and Detection Methods

Craig L. Greene Founding Partner McGovern & Greene LLP

Examine the common and overlooked frauds occurring.

Learn methods for detecting and investigating these frauds through disposition.


Discuss key internal controls organizations need to detect and deter this type of

fraud.

Gain a broader understanding of the fraud risks.

Craig L. Greene is a consultant and expert witness on matters involving allegations of fraud and misrepresentation for gaming organizations. Many of his engagements have involved high profile fraud investigations both nationally and internationally. He has worked on due diligence and gaming licensing a application matters for the Michigan Gaming Control Board, San Manuel Band of Mission Indians Gaming Commission, and the Nebraska Lottery as well as other investigation assignments for several state-operated lotteries.



CS 7-1 Shifting the Paradigm: A Case Study in Transforming Internal Audit

Randal C. Earley, CIA, CRMA Vice President, Audit Services Cox Enterprises Inc.

Kalpana E. Oommen HR Director Cox Enterprises Inc.

Elton O’Neal Advisory and Assurance Director Cox Enterprises Inc.

Hear the story of a traditional internal audit function faced with adapting to the

needs of a changing business.

Gain an understanding of how the plan was built to transform the function to a

progressive internal audit shop.

Learn how we changed the minds of company leadership in building a new brand.

Learn what metrics we used to measure our success.


Randy Earley oversees the company’s audit services team that delivers strategic financial, operational, and information technology audit and risk advisory projects across all Cox corporate departments and businesses. Prior to Cox, he served as vice president of internal audit at an advertising agency. Earley has nearly 30 years of internal audit experience across multiple industries including retail, financial services, telecommunications, manufacturing, cable, automotive, and media through his work at JCPenney, Citigroup, Nortel Networks, Flowserve, SuperMedia, and Cox Enterprises.

Kalpana Oommen is a Six Sigma Black Belt with more than 12 years of experience in process improvement/audit and more than 15 years of experience in information technology. She joined Cox Enterprises in 2004 as senior IT auditor, building a new IT audit function spanning all Cox businesses. After leading the internal audit department through a transformation from "corporate police" to trusted advisor, Oommen recently joined the organization’s HR development group. Prior to joining Cox, Oommen worked at The Home Depot in their Leadership Development Program, a management training program designed to utilize rotations within internal audit to develop future company leadership.

Elton O’Neal has more than 11 years of experience in information technology, process improvement, and audit. He is responsible for the media and automotive service businesses leading teams utilizing progressive audit techniques and Lean Six Sigma methodology. He joined Cox Enterprises in 2005 after a management role in the enterprise risk group of Deloitte, and an IT account management role at International Paper where he was instrumental in the implementation of ITIL processes in service management.


CS 7-2 Choices In Risk Management Models

MODERATOR: Sally Dix, CIA, CRMA Consultant

PANELIST: Norman D. Marks, CRMA Evangelist Norman Marks

Sandra Pundmann, CIA, Partner, Audit and Enterprise Risk Services


Deloitte & Touché LLP

Charles Locasto, CRMA Vice President MetLife

Does "business maturity" figure significantly in a successful risk management

strategy implementation? If so, is this a major consideration in the choice of risk

management model?

Who should "own" risk management, and how does the answer to this question

affect the risk management approach and odds of a successful short and long term

RM strategy?

Are there good examples of hybrid RM strategies where management has chosen to

combine what they feel are the best features of different RM

frameworks/approaches?

What role does internal audit play that makes the best contribution when management is designing its RM stategy?

What is internal audit's most effective role in supporting an on-going, successful risk management strategy?

Sally Dix prior responsibilities with The IIA included leadership of the Standards and Guidance organization. Her career in internal audit prior to joining The IIA involved leading internal auditing and compliance organizations in medium to large publicly traded companies in the high tech and telecom industries. Norman Marks, CRMA, is an evangelist for “better run business,” focusing on corporate governance, risk management, internal audit, enterprise performance, and the value of information. He is also a mentor to individuals and organizations around the world. He served as CAE for several major global corporations for 20 years and is a globally recognized thought leader in internal auditing and risk management, having served as chief risk officer, compliance officer, and ethics officer, and managed what would now be called the IT governance function. He has been published on Sarbanes-Oxley and serves on the review boards of several audit and risk management publications, including the magazines of ISACA and The IIA. Marks is a contributing author, blogger, and speaker and ranks as one of the top global influencers in social media on the topics of GRC, internal audit, risk management, and governance. He has been honored as a Fellow of the Open Compliance and Ethics Group for his GRC thought leadership and as an Honorary Fellow of the Institute of Risk Management for his contributions to risk management.


Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing, accounting, finance, and information technology. She serves as the leader of the Governance and Risk and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for the technology, media, and telecommunications industry. Prior to joining Deloitte and Touché in 1996, Pundmann served as the vice president and chief audit executive of a Fortune 50 company, where she oversaw a global internal audit organization of more than 70 internal audit professionals. In addition, she has served in a variety of finance, risk management, and IT leadership and management capacities.

Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.

Learning Level: Advanced Learning Field: Business Management & Organization

CS 7-3 IT Auditing for Non-IT Auditors

Raven Catlin, CIA, CFSA Trainer, Facilitator, Consultant

Raven Global Training

Acquire and refresh baseline knowledge of IT general and application controls.

Identify IT risks and controls.

Understand the importance and impact of IT on business processes.

Discover how to integrate IT testing into your performance, program, operational,

financial, and compliance audits.

Raven Catlin is an internationally recognized expert, speaker, and consultant in internal auditing. She has more than 15 years of auditing and seminar facilitation experience. Before starting Raven Global Training, Catlin was a consultant for Experis and a senior manager at Protiviti. She held internal audit positions with Freddie Mac, Bank of America, and Philip Morris. Catlin is a contributing author to The IIA’s CIA Learning System.


Learning Level: Beginner Learning Field: Auditing

CS 7-4 Tools of the Fraudster: What You Don’t Know Can Hurt You

Ryan C. Hubbs, CIA, CCSA Forensic Audit Manager Halliburton

Learn how easy it is to get a fake background, wash checks for fraud, and pad an expense account.

Be amazed by the tools and resources found on a multitude of websites that support fraudsters and their behavior.

Learn how to play catch-up to detect and identify the sordid tools and methods used by cheats and swindlers.

Discuss ways to prevent these types from being employed in your own organization.

Ryan Hubbs has more than 11 years of experience in the fraud investigation and internal audit field and more than 13 years of law enforcement experience. He is responsible for forensic audits and data analytics initiatives at Halliburton. Prior to joining Halliburton, Hubbs provided investigative support on fraud and employee misconduct investigations, internal controls and audits within the energy sector, and through external consulting engagements. He has extensive experience with employee and contractor frauds, conflicts of interest, ethics and compliance violations, controls consulting, process improvements, fraud risk assessments, contract review, and contract recovery audits. Hubbs is versed on organization-wide anti-fraud programs and measures, including both preventive and detective measures. He has published articles for several industry trade publications. Hubbs is a frequent and popular instructor and presenter on specialized fraud training for local, regional, and national organizations and associations, and teaches online, graduate-level courses with University of Phoenix. Learning Level: Intermediate Learning Field: Management Advisory Services



CS 8-1 Rebranding Your Internal Audit Department, Changing the Stakeholder Impressions

Harold C. Silverman, CIA Vice President, Internal Audit The Wendy’s Co.

Expand your understanding of how your department's brand affects how you

execute your mission.

Better understand the interplay among the needs of stakeholders, process owners,

and internal audit personnel.

Learn techniques to evolve your department's brand within your organization.

Harold Silverman previously was vice president of internal audit at Houghton Mifflin Harcourt Publishing Co. in Boston. Before that, he served as senior manager of internal audit at Raytheon Co., where he managed and led the team that performed audits at the corporate locations and divisions in the northeast. Prior to Raytheon, Silverman was an internal audit manager at PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen.

Learning Level: Intermediate Learning Field: Business Management & Organization

CS 8-2 Using Lean Techniques to Audit the Supply Chain and Identify Savings

Bryant Richards, CIA Director, Corporate Governance The Mohegan Tribe

Expand your understanding of lean techniques and methodologies when auditing

the supply chain.

Learn how to identify savings by eliminating waste.

Understand how to document a process flow in the current and future state.

Bryant Richards brings more than 15 years of experience to his role in which he is responsible for the internal audit, compliance, and record retention departments. Richards


is a Visiting Assistant Professor and department chair of the hospitality program at Nichols College. Learning Level: Intermediate Learning Field: Auditing

CS 8-3 Hidden in Plain Sight: Investigating on the Internet

Allan Bachman Education Manager Association of Certified Fraud Examiners

Learn the advanced tools that can make Google searches even more powerful.

Explore the world of social media where there are no secrets or hidden identities.

Learn how to protect your organization and your personal life from the possible

perils of social media.

Discover websites to search for almost any topic, organization, or individual.

Allan Bachman is responsible for ACFE’s seminar development and the educational content of all conferences and online learning. Most recently he worked in higher education as director of an audit unit and was project manager on several IT implementations specializing in information and access security. Previously Bachman worked in or has consulted for retail, real estate, and manufacturing and has done extensive small to medium business consulting where he worked hundreds of fraud cases. He has conducted training sessions at the IIA International Conference, the ACFE AsiaPacific Conference, various ACFE Chapters and other national organizations. Bachman has taught college courses in accounting, auditing, information systems, and computer security.


CS 8-4

The Auditor’s Role in Helping Management Understand How to Prevent and Detect Fraud (A Harriet Richardson Presentation, presented by Jonathan Marks)

Jonathan Marks Partner In-Charge of Fraud, Ethics, & Anti-Corruption Crowe Horwath LLP


Discuss examples of fraud in private and public sector organizations and what

allowed them to occur.

Explore examples of how auditors can do a better job of explaining to management

what allowed organizational fraud to occur.

Share ideas about how auditors can help management better understand the

reasons behind auditors' recommendation for preventing fraud and detecting it if it

does occur.

Jonathan Marks is a partner in the risk business unit and is the national leader of the fraud, ethics, and anti-corruption practice at Crowe Horwath LLP. In his role, Marks advises domestic and international engagement teams and clients on anti-fraud, fraud (including bribery and corruption), corporate governance, business practices, ethics, risk management, compliance, internal audit, and internal control matters. He also works closely with and provides training to boards and senior management. Prior to joining Crowe, Marks was co-owner of a national consulting practice where he directed the firm’s fraud, SEC, technical accounting, governance, internal audit, risk management, quality assurance review, and education/training practices.


Wednesday October 16, 2013 8:30 – 9:45 AM

GS 3 Creative Auditing – More than Just an Oxymoron

Mike Jacka, CIA Chief Creative Pilot FPACTS

Explore why auditors should care about creativity.

Learn how creativity can be fostered in an internal audit environment

Identify six tips to developing a creative auditing department.

Review how to work on your own creativity.

Mike Jacka is known for his work with Internal Auditor magazine, including his blog “From the Mind of Mike Jacka” and the magazine’s Lighter Side pieces such as “Alice in Auditland,”


and “Auditing Songs for the Holidays.” After a 30-year career in internal audit most recently with Farmers Insurance, he is spreading his wings and sharing his knowledge as a founding member of Flying Pig Audit, Consulting, and Training Solutions (FPACTS). He is the co-author of several books available through The IIA, including his most current effort with Peter Scott, The Marketing Strategy: A Risk and Governance Guide to Building a Brand.


Wednesday October 16, 2013 10:15 – 11:30 AM

GS 4 Talent Management – What’s Your Plan for Attracting, Developing, and Retaining?

Moderator: Bryant Richards, CIA Director, Corporate Governance The Mohegan Tribe

Panelists: Robert W. Rudloff Jr. Vice President, Internal Audit MGM Resorts International

Chelle Adams Vice President, Chief Internal Auditor The Cosmopolitan of Las Vegas

Sharon T. Grant, CIA, CRMA Managing Director, Corporate Audit United Airlines Inc.

Define the word “Talent” by identifying specific attributes which, when combined or

by themselves, make internal auditors rank as “talented.”

Discuss current and proposed methods whereby talented individuals are identified

and hired.

Learn useful methods for increasing individual and department talent levels.

Engage participants in a Q&A session on the subject of talent management.


Bryant Richards brings more than 15 years of experience to his role in which he is responsible for the internal audit, compliance, and record retention departments. Richards is a Visiting Assistant Professor and department chair of the hospitality program at Nichols College.

Bob Rudloff is a 30-year veteran of the gaming industry. Prior to joining MGM Resorts International, he was director of Internal Audit Services with PricewaterhouseCoopers. Rudloff is a recognized leader in the internal audit profession and has held positions of leadership within The IIA at the local and international levels for more than 20 years. He is also a frequent speaker on ethics, internal auditing, fraud and gaming industry topics at local and national conferences and seminars. Rudloff has been an adjunct instructor in accounting for the University of Nevada, Las Vegas, and an adjunct instructor in business, accounting, and auditing at Richard Stockton State College and Atlantic Community College in New Jersey.

Chelle Adams oversees the internal audit function for The Cosmopolitan of Las Vegas including regulatory compliance, SOX compliance, opertional reviews and special investigations. Prior to joining The Cosmopolitan, she was the partner-in-charge of RubinBrown’s Hospitality & Gaming Services Group. She has gaming experience serving more than 20 commercial, riverboat, and tribal casinos across nine states in addition to gaming expertise from working with a Big 4 accounting firm in which she served a wide range of gaming clients. Adams was recognized by the St. Louis Business Journal as one of St. Louis' 40 Under 40 Business Leaders (2012) and one of St. Louis' Most Influential Minority Business Leaders (2008). She currently serves on the Board of The IIA’s Gaming Audit Group.

Sharon Grant is responsible for the organization’s financial and operational audits. She joined Continental Airlines in 1993 before its merger with United, where she has managed the corporate, IT and field related audits. Grant also has experience in the marketing controller’s and financial planning divisions. She started her professional career at Coopers & Lybrand. Grant is actively involved with The IIA serving on various committees and boards as well as serving as the 2012-2013 president of the The IIA Research Foundation board of trustees.

Learning Level: Intermediate Learning Field: Personnel/HR

2013 All Star Conference - The Institute of Internal Auditor Documents... · 2013 All Star...

Documents

Transcript of 2013 All Star Conference - The Institute of Internal Auditor Documents... · 2013 All Star...