Monday March 20, 2017 8:30 AM 9:45 AM - The Institute of ... Documents/2017-GAM-Abs-and... · Monday March 20, 2017 12:45 PM ... Prior to joining BDO USA, ... permissions leads to

Monday March 20, 2017 8:30 AM – 9:45 AM

GS 1: Auditing Strategically to Build Credibility

Greg Grocholski

Vice President

Chief Audit Executive

SABIC

CAEs bring the most value to their organizations when they engage strategically — above and beyond the traditional assurance work provided to stakeholders. CAEs need to think and speak like the CEO, chat with the CFO, talk techie with the CIO, and speak the dialects of Supply Chain, HR, Legal, Manufacturing, and others, focusing on what is most important to the success of the organization. Real participation and acceptance around the C-suite table, being invited to strategic discussions, is an earned outcome. This session explores what has worked to earn that credibility. In this session, participants will:

Look at the audit plan in a new light, with a focus on nontraditional audit areas — following the strategic risks, not last year’s plan.

Learn how presenting information to the C-suite and audit committee on risk areas, and what audit “does not cover,” leads to engaging discussion.

Discuss business acumen, dialects, and — more importantly — intuitive skills necessary to communicate and win during C-suite discussions.

Greg Grocholski is responsible for leading and managing the internal audit department on a

global level, to ensure the implementation of internal audit best practices worldwide, as well as

to coach the company’s internal audit employees to maximize their contributions to achieving

the company’s objectives. Grocholski is internationally respected in the audit field and is affiliated

to ISACA, for which he has served in various leadership roles. Prior to SABIC, Grocholski attained

an impressive track record in the global chemicals industry with more than 30 years of service at

The Dow Chemical Company. He achieved numerous promotions in the audit and finance

functions, most recently holding the posts of CAE and global director of business finance.

Monday March 20, 2017 10:15 AM – 11:30 AM

GS 2: Panel Session: Stakeholder Expectations (Updates from CBOK Stakeholder Studies)

Moderator:

Paul Sobel, CIA, QIAL, CRMA

Vice President


Georgia-Pacific, LLC

Panelists:

Angela Witzany

Chair, IIA Global Board of Directors

Larry Harrington, CIA, QIAL, CRMA, CPA

Vice President, Internal Audit

Raytheon Company

Brian Christensen

Executive Vice President

Global Internal Audit

Protiviti

In this session, participants will:

Discuss stakeholder perspectives on the internal audit value proposition.

Discuss insights from board members and executive team on leading practices in internal audit.

Review audit committee key imperatives for internal audit success.

Analyze perspectives from audit committee, board members and executive team on what the future holds for internal audit.

Paul Sobel has many years of experience in internal auditing leadership roles as a CAE for four

public companies. He has published three books through the Internal Audit Foundation on audit

topics and is a frequent speaker at industry conferences. Sobel is a long-time IIA volunteer leader

including having served as IIA Global Chairman of the Board. In 2012 he was recognized in

Treasury & Risk magazine’s list of the 100 Most Influential People in Finance. He has also served

on the Standing Advisory Group of the Public Company Accounting Oversight Board (PCAOB) and

as The IIA’s representative on the Pathways Commission, which developed recommendations to

enhance the future of accounting education in the United States.

Angela Witzany has been an internal auditor in the insurance sector since 1997, when she

developed Sparkassen Versicherung’s new internal audit function. She has served there as head

of internal audit since 2001, and now has responsibility for internal audit activities in Austria and

Central Eastern Europe. Further, Witzany serves as the Austrian Insurance Association’s vice

president of the Committee of Internal Audit and Control. She is the 2016–17 chair of The IIA’s

Global Board of Directors and has served in numerous leadership roles for about 10 years,

including the Finance Committee, Professional Guidance Advisory Council and on the

Professional Certifications Board. She also served as a board member of the European

Confederation of Institutes of Internal Auditing (ECIIA) and completed a term as vice president in

2015. Witzany is a frequent speaker and moderator at internal audit conferences and has written

about internal audit-related topics for a number of publications. She is a lecturer and trainer on

internal auditing in the insurance industry at Johannes Kepler University Linz in Austria.

Larry Harrington has more than 25 years of experience in auditing and finance and also served

as a vice president in human resources, health operations, and business unit CFO. His

experience includes working in the public accounting, retail, financial services, insurance,

manufacturing, and technology industries and with organizations such as Staples, Aetna and

LTV. Harrington is an active volunteer for The IIA, serving in numerous leadership roles, and

most recently as chairman of the Global Board of Directors for 2015–16. He is a frequent

speaker at seminars on auditing, change management, negotiation, and people development

and motivation.

Brian Christensen is a member of Protiviti’s executive leadership team and is the current global

leader of the firm’s Internal Audit and Financial Advisory Solution. In this role, he is responsible

for the development and execution of Protiviti’s internal audit products. Christensen has more

than 25 years of experience in helping clients increase the value of their internal audit function.

He is a frequent speaker on auditing and risk topics at national conferences.

Monday March 20, 2017 12:45 PM – 1:45 PM

CS 1-1: IT Auditing

Chris Semrow, CPA, CISA

IS Assurance Senior Manager

BDO USA

Information Technology (IT) has become an area that internal auditors cannot ignore. Just as

your business evolves, so does the landscape of an organization's IT landscape. Addressing the

risks and planning for IT in audit plans has become essential.


Discuss what IT auditing is and why it is so important to today's internal audit team.

Describe the IT risk assessment process.

Review the possible components of an IT audit plan (IT general controls, application controls, end-user computing, service organization reports, cloud computing, etc.)

Discuss the concept of integrated audits.

Chris Semrow has more than 16 years of external and internal audit experience He currently

supervises, directs, and reviews all aspects of the audit project throughout the planning, field

work, and wrap up phases. He is also responsible for the marketing, networking, and business

development within IT to clients and prospective clients. His clients are publicly traded, in

private industry, as well as governmental agencies. Prior to joining BDO USA, Semrow worked in

an internal audit capacity in the health and insurance industries as well as at several regional

and national public accounting firms, working in both audit and management consulting

practices. In this external capacity, he served various industries including government, non-

profit, retail, health care, and manufacturing. He also was the director of implementations for a

partner of Microsoft Business Solutions, a division of Microsoft Corporation as well as a

financial manager for a division of Mattel.

CS 1-2: Why Assess or Audit Organizational Culture?

Sharon F. Whittle

Practice Leader, Human Capital Services

Grant Thornton

Bruce Monahan, CIA, CCSA, CFSA, CGAP, CRMA

SVP & Chief Audit Executive

International Fidelity Insurance Company

Today’s audit leaders have seen the result of suboptimal organizational culture, whether it be an IT implementation that exceeded budget and timetable, a merger integration that did not realize projected deal value, or risks taken by a company that were completely counter to corporate values. How can an organization better understand troubled areas? Organizational culture assessment has many applications all focused on ultimately improving outcomes and experiences. In this session, participants will learn how to:

Assess culture and create a compelling future vision for strategic and cultural assets.

Identify key cultural attributes of integration and design specific integration plans to leverage commonalities and address differences.

Identify the key behaviors that contribute to the strategic and cultural success of the organization.

Address cultural attributes that may conflict with the value drivers or rationale, and deliver culturally aligning integration approaches.

Retain and engage key talent and customers years after acquisition.

Sharon F. Whittle has spent 25 years serving the human capital needs of businesses both as a

consultant to organizations and as a benefits director for several Fortune 500 companies. Her

diversified experience includes working closely with organizations that are conducting significant

merger, acquisition, restructuring, or realignment activities; experiencing changes in top

management and business strategy; being spun-off from a larger company; experiencing financial

distress; or ceasing operations.

Bruce Monahan is an accomplished CAE and audit committee chairman with over 30 years of experience in the financial services industry. He has been recognized for reestablishing and reenergizing poorly performing internal audit functions. Monahan focuses on efficiently, effectively, and economically providing cutting-edge internal audit services to key stakeholders. Among others, his specialties include corporate governance; ERM; operational, financial, and IT

auditing; control self-assessments; fraud prevention and investigations; due diligence; consulting; and compliance issues with FCPA, AML and Sarbanes-Oxley. He holds seven additional credentials including CISA, CRISC, CFE, CMA, CFM, CPCU, and AIAF. Monahan serves on The IIA’s Professional Responsibility and Ethics Committee.

CS 1-3: Fraud Risk Management and the Internal Audit Team

John J. Hall, CPA

President & Founder

Hall Consulting, Inc.

In many organizations, the internal audit team knows more about effective fraud prevention, deterrence, and quick detection than any other group. That puts us in the driver’s seat when it comes to management’s need for help on how to manage fraud risks and exposures – if we’re willing to step up and grasp this value-added opportunity to serve. In this session, participants will:

Discuss how to guide managers in their anti-fraud responsibilities (while honoring professional objectivity and independence).

Identify the seven components of an anti-fraud campaign.

Explore how to conduct an efficient, meaningful fraud risk assessment.

Explore building fraud risk planning into every audit project.

Learn how to find fraud faster – in three steps.

John Hall specializes in skills training programs and conference presentations for internal

auditors, CPAs, management groups, and professional associations. He also coaches internal

audit professionals in how to increase their effectiveness, clarify and meet their business and

personal goals, and move their careers forward. Hall has 40 years of experience as a consultant,

speaker, auditor, and business owner. He has worked in senior leadership positions in large

corporations and international public accounting firms. He wrote The Anti-Fraud Toolkit and the

award-winning book Do What You Can! Simple Steps – Extraordinary Results. Additionally, he

created and facilitates Fraud Detection, Deterrence & Incident Response for Internal Auditors, an

IIA seminar.

CS 1-4: Your ERP Is Leaking ... Solution? Implement Failsafe Automated Transaction Level

Controls

Wayne T. Gray

Director, ERM and Internal Audit

Clark Construction Group, LLC

Sergiu Cernautan, CPA, CISA

Director, GRC Strategy

ACL Services, Ltd.

ERP systems are highly complex and their embedded application controls (that organizations

count on) are not effective across all transactions. The complexity of transaction entry options

leads to transactions bypassing application controls. Layering on the complexity of user

permissions leads to access and segregation of duties issues that further weaken application

controls. Finally, complex configuration options lead to uncertainty that once-effective controls

remain so over time.


Learn how ERP systems are bleeding cash, time, and resources.

Examine root causes of failures in ERP system processes and controls.

Identify strategies for preventing ERP control and process breakdowns.

Quantify the impact of process control breakdowns.

Learn to accurately assess the organization’s risk exposure at the process, location, or transaction type level.

Wayne Gray oversees the ERM, internal audit, and federal submission functions for his

organization. He joined Clark's accounting team in 1998 and has progressively assumed his

current director roles from 2008 to 2014 respectfully. Before assuming the current role, in 2005

Gray was tasked with overseeing the FP&A and finance functions for the purposes of integrating

strategic planning with automated long range forecasting. He also serves as the chair of Clark's

risk roundtable.

Sergiu Cernautan has nearly 20 years of external audit, internal audit, and risk and regulatory

compliance consulting experience. After working at Deloitte and KPMG for more than 14 years,

he co-founded Straight Talk Consulting Ltd., a firm providing GRC consulting services. His

background covers financial, operational and systems auditing. In his current role, Cernautan is

responsible for product content strategy and market influencer relationship management for

ACL’s industry-leading software products. He specializes in the areas of internal controls over

financial reporting, regulatory compliance, business process control reviews, general computer

controls, litigation claims support, and data analytics.

CS 1-5: Strategies for Retaining Top Talent

Erin Morrow

Chief Auditor, Global Consumer Banking

Citigroup

Today’s complex business environment is constantly raising the bar for auditors around the

world. To be successful, audit departments must build top performing audit teams with the right

mix of skills. But when shaping a team in a highly competitive industry, how does one attract,

develop, and ultimately retain top talent?

In this session, participants will: • Define what constitutes a high performing team. • Receive insight on learning and development strategies to develop talent. • Identify obstacles to performance and ways to address them.

Erin Morrow oversees audits within cards, retail banking, mortgage, and commercial as well as

looking after the consumer holding project. She joined Citi in 2013, having worked with the

organization as an internal audit consultant to for ten months prior to joining the firm. Morrow

focuses on audit and advisory work, consulting with organizations on process design, control

design, process audits, and technology projects. In her consulting work, she supported several

global banks in areas such as consumer audit, including retail and mortgage audit, consent

order work, information security, vendor management programs, and the establishment of

outsourced audit operations. Prior to joining Citi, Morrow was a principal in the financial

services practice of Grant Thornton LLP, leading the governance, risk and compliance practice in

the northeast and served as the outsourced chief auditor for two regional banks as well as a

global asset manager.

CS 1-6: CAE Perspectives on Courageous Leadership: Instilling Confidence from Within

Harold Silverman, CIA, QIAL, CRMA


The Wendy’s Company

Doug Anderson, CIA, CRMA

Managing Director, CAE Solutions

The IIA

Jim Pelletier, CIA, CGAP

Vice President, Professional & Stakeholder Relations The IIA

The IIA’s Audit Executive Center is releasing the 2017 North American Pulse of Internal Audit,

Courageous Leadership: Instilling Confidence From Within. The report explores four often-

overlooked areas where CAEs can lead with courage and instill confidence within the

organization and among stakeholders. This session explores how leading CAEs view the topics

addressed in the report and how internal auditors can make changes in their organization.


Identify the overlooked types of public reporting that bring risks to an organization.

View environmental, health and safety risks as not something only for industrial

companies.

Explore how to better plan and implement data analytics.

Digest the possibility that internal auditors cause some of the problems interacting with

stakeholders.

Harold Silverman previously was vice president of internal audit at Houghton Mifflin Harcourt

Publishing Co. Before that, he served as senior manager of internal audit at Raytheon Co.,

managing the team that performed audits at the corporate locations and divisions in the

northeast. Prior to Raytheon, Silverman was an internal audit manager at

PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen. He serves

on The IIA’s Executive Committee and as vice chairman of Professional Certifications.

Doug Anderson joined The IIA in 2016 after serving as an assistant professor at Saginaw Valley

State University. Until 2013 Anderson worked with The Dow Chemical Company for 22 years.

His roles at Dow included 16 years in internal audit (9 years as CAE), a global finance director in

corporate controllers supporting acquisitions, divestitures, and joint ventures, and the finance

leader for the global Dow latex business. Previously he spent 10 years with

PriceWaterhouseCoopers.

Jim Pelletier has more than 15 years of internal auditing experience in both the public and

private sectors. In his current role, he provides direction for The IIA’s Audit Executive Center;

Financial Services Audit Center; American Center for Government Auditing; Environmental,

Health and Safety Audit Center; and Global and North American Advocacy. Prior to joining The

IIA, Pelletier served as city auditor for Palo Alto, Calif., and was the chief of audits for the

County of San Diego. His diverse auditing experience also includes roles at the California State

University System, PETCO Animal Supplies, Inc., State Street Corporation, and General Electric.

Pelletier received The IIA’s John B. Thurston Award for outstanding paper in the field of internal

auditing for his article “Adding Risk Back into the Audit Process.” His new book, Collaborative

Auditing, is available through The IIA’s Bookstore, powered by the Internal Audit Foundation.


CS 2-1: How Intelligent Is Your Cybersecurity Operations Center?

Raj Chaudhary, CGEIT, CRISC

Principal

Crowe Howath

David McKnight

Senior Manager

Crowe Horwath LLP

Cybersecurity is a priority for today’s boards and management. Ensuring confidentiality, integrity,

and availability of information assets is a big job. Besides robust systems engineering and sound

configuration management, an enterprise should also have a team charged with monitoring and

defending the enterprise against cyberattacks. A Security Operations Center (SOC) must be a part

of an enterprise’s cybersecurity strategy of tomorrow.


Learn with an SOC is and their various types.

Discuss SOC architecture, tools, and processes.

Delve into the current state of intelligence in SOCs.

Review lessons learned from mature SOCs to new SOCs.

Gain an understanding of the role of internal audit with respect to an SOC. David McKnight works with mid-to-large tier financial service organizations to refine their cybersecurity capabilities. He has nearly 20 years of information security experience, and leads Crowe’s cybersecurity incident management group. McKnight began his professional career by testing the security thresholds of corporate networks and deployed applications, fulfilling various InfoSec roles for his clients along the way. Over the last two years, he has been assisting directors, executives, and boards prioritize their cybersecurity goals, by evaluating how well their organizations are poised to handle cybersecurity threats.

Raj Chaudhary is an industry thought leader in the area of privacy and data protection. He

consults with major entities in the private and public sector in assisting them with remediation

of deficiencies in safeguarding information. He has extensive knowledge of regulatory

frameworks for managing security and privacy in multiple industries including financial services,

health care and the public sector.

CS 2-2: Building Relationships With the Business

Robert Kuling, CIA, CRMA, CQA Chair, IIA North American Board of Directors

Partner, Enterprise Risk Services

Deloitte

As part of internal audit’s drive to craft its role and deliver strategic value, building business

relationships is essential. Audit leaders must identify key business stakeholders and develop

strategies to connect and network internally. Often, the toughest relationships can yield the

highest value to internal audit. This humorous and interactive session will challenge internal

auditors to go beyond their “comfort zone” and push themselves to higher relevance and

visibility.


Identify key stakeholders and constituencies for internal audit.

Develop tactics to build internal networks.

Suggested strategies to develop business/operational knowledge.

Integrating cultural considerations into internal audit work.

Robert Kuling assists organizations with internal audit, compliance, and governance, as well as delivering insights on risk management, internal controls, fraud, and ethics. Prior to joining Deloitte, Kuling was vice president of internal audit for Tervita, an environmental solutions provider based in Calgary. Other positions include CAE for Viterra and director of audit services for Precision Drilling Corporation. He has held audit management positions with Farm Credit Canada and the Provincial Auditor of Saskatchewan. As a leader of the IIA’s global organization, Kuling serves multiple volunteer leadership roles with The IIA, including serving as chair of the North American Board and a member of the Global Board of Directors. He has been a key national

spokesman for the internal audit profession with directors, regulators, professional associations, training firms, and government organizations. CS 2-3: Integrating Key Risk and Performance Indicators

Larry Baker, CRMA, CCSA, CPA

Managing Director, Content Strategy

The Institute of Internal Auditors

As risk management evolves and matures, many organizations are focusing more on performance

management, which measures how effectively they are achieving their key business objectives.

With this growing emphasis on performance, internal auditors should provide assurance and

consulting advice regarding the achievement of objectives communicated to stakeholders.


• Discuss management’s maintaining a clear focus on achieving key objectives communicated to stakeholders.

• Understand the value of measuring performance and addressing management of risk to the achievement of key objectives.

• Recognize the synergies between performance management, ERM, and internal auditing. • Understand the practical activities necessary to build and implement a sustainable KPI

Management Process. • Realize how performance and risk information can be highlighted in an Executive

Dashboard to help management generate value and retain value.

Larry Baker is an accomplished internal audit executive with extensive experience in ERM,

financial and operational audits, COSO, Sarbanes-Oxley, control self-assessment, and complex

companywide special projects with Fortune 500 companies and Big 4 CPA firms. He has teamed

with executive management to identify, measure, and report significant risks and operational

issues for many of the world’s largest organizations. Baker leads content strategy and

development for the Internal Audit Foundation. He also partners with the executive leadership

team of The IIA to develop the global strategic plan and identify key enterprise risks. Prior to

joining the Internal Audit Foundation, Baker was a senior leader/partner at Devon Energy,

MAPCO, Deloitte, EY, and Marsh & McLennan.

CS 2-4: Positioning Internal Audit to Deliver Value

Lyn Rouchell CPA, CITP, CISA VP General Auditor Entergy Lucie Wuescher Managing Director KPMG Abstract Being Finalized

Lynn Rouchell began her career with Entergy as a senior staff auditor in 1989. In her current

role, she administers the organization’s Sarbanes-Oxley compliance program including

developing and testing of controls, quarterly certification process, and annual report. She also

conducts ethics line and fraud investigation and chairs the organization’s Disclosure Committee.

Rouchell previously served as director of finance and group controller at Science Applications

International Corp., internal audit director at Pelican Homestead, and as a tax accountant at

Deloitte and Touche.

Lucie Wuescher directs the internal audit, risk, and compliance services practice for KPMG’s

Houston office. She has 20 years’ experience in public accounting, managing large scale internal

audit and compliance related teams and professionals serving Fortune 500 organizations in

industries including energy, manufacturing, food service, and health care. Wuescher combines

experience in internal audit, IT, project management, client management, ERM, internal audit

process improvement, business processes and controls, and consulting in serving her

clients. She has served as a CAE in industry prior to her career in public accounting. Wuescher

most recently served as an advisor to clients as they transform their internal audit functions.

CS 2-5: Key Attributes of Outstanding Internal Auditors

Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA

President and Chief Executive Officer

The IIA

IIA President and CEO Richard Chambers discusses the traits of great internal audit leadership. Based on his new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, Chambers reviews the top character traits of gifted practitioners who have gained the trust of stakeholders. Based on surveys and interviews of some of the profession’s most-respected CAEs, Chambers crafts a compelling message on what it takes to become a true trusted advisor. In this session, participants will:

• Identify the character traits most valued in trusted advisors • Glean insights into becoming a trusted advisor from experiences and anecdotes shared

by Fortune 500 and other top CAEs • Learn the tools and techniques for enhancing the most desired and valued character

traits • Examine how enhancing these character traits will help your organization

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today has named him one

of the Top 100 Most Influential People in Accounting, as well as one of 10 tweeters worth following. The National Association of Corporate Directors (NACD) has named him one of the most influential leaders in corporate governance since 2013. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers authored the award-winning book, Lessons Learned on the Audit Trail, which is currently available in five languages, and has a new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, due for release in early 2017. CS 2-6: Compliance, Culture and the Role of Internal Audit

Mike Joyce, CIA, CRMA, CPA

Vice President, Chief Auditor, and Compliance Officer

Blue Cross Blue Shield Association

Facilitator:

Cassian Jae

Director, Financial Services Center

The IIA

Internal audit may seem like an unlikely place to start a discuss about compliance and culture,

but this "In Conversation With..." session will highlight the intersection of internal audit and

compliance responsibilities, and how an integrated approach can address or supplement

“culture” audits within an organization/


• Learn how one organization manages dual responsibility for internal audit and compliance.

• Examine approaches for integrating audits of culture into everyday practices, including how-to examples.

• Discuss the latest thinking, trends, and feedback of audits of culture.

Mike Joyce directs the internal audit, national anti-fraud, and compliance staff functions. He is

responsible for the development of BCBSA-sponsored compliance, anti-fraud and internal audit

training programs for BCBS licensees and the establishment of the BCBSA National Anti-Fraud

Department to provide centralized support to the licensees. Joyce has more than 33 years of

professional experience and has been with BCBSA since 1999. Prior to joining the Association,

Joyce served as director of internal audit and controller for Rush Prudential Health Plans and held

a variety of positions with the JCPenney Company’s internal audit department. He has been long-

time volunteer member of The IIA since 1989, serving multiple roles at the local, regional,

national, and international levels. Joyce is also the public member commissioner and a finance

and audit committee member for the Commission for Case Manager Certification. In addition, he

serves on the Advisory Board for DePaul University’s Endorsed Internal Audit Program.

Cassian Jae is responsible for content development and operations for The IIA’s Financial Services

Audit Center, which launched in June 2015. He has produced thought leadership on internal audit

topics spanning from geopolitics and organizational risk culture to various regulatory challenges.

Cassian has played a key role in advocacy for the internal audit profession by connecting

regulators with industry leaders through roundtable discussions, Congressional visits, and The

IIA’s annual Financial Services Exchange conference. Before joining The IIA, Cassian spent 13

years at John Hancock Investments — nine as a compliance director — where he developed

expertise in Rule 38a-1 and 206(4)-7, with an emphasis on privacy, records management,

business continuity, and disaster recovery. In addition to performing audits on the enterprise

compliance program, he has designed and implemented audit, compliance, risk, and legal

processes that have become enterprise standards. In addition, Cassian was John Hancock’s

regulatory exam coordinator, serving as the primary examination contact for the U.S. Securities

and Exchange Commission, U.S. Financial Industry Regulatory Authority, and Canada’s Office of

the Superintendent of Financial Institutions. In that role, he was responsible for the firm’s

regulatory examination readiness and oversaw the enterprise regulatory examination response

process.


CS 3-1: The Internet of Things: What Does this Mean to Internal Audit?

Jeff Rowland, CIA, CRMA, CPA, CFE, CISA

Vice President, Audit Services

USAA

Jordan Reed

Managing Director

Protiviti

The Internet of Things (IoT) is a hot topic because the ever accelerating technological

advancements provide staggering transformational opportunities that make our lives more

convenient. IoT creates opportunities to reengineer industrial processes and revolutionize

customer experiences, while improving the efficiency and effectiveness of business processes.

The IoT also brings disruptive change to the forefront, and the security and data management

challenges are significant. Disruptive change drives fresh and innovative business models, and

while many organizations must keep up to remain competitive, such change drive unique

challenges for risk and audit personnel alike.


Solve the riddle of what the Internet of Things comprises.

Evaluate why this topic should be on the radar of audit professionals.

Discuss how the Internet of Things impacts different industries.

Learn about new opportunities and potential risks posed by the Internet of Things.

Jeff Rowland is vice president of IT and security audit services for USAA. He joined the company in December 2002 and has more than 30 years of financial and IT audit experience in a number of diverse industries, including banking, transportation, insurance, technology, and wholesale/retail distribution. His experience also includes accounting, information systems, security, IT system implementations, and network solutions.

Jordan Reed specializes in internal audit and financial advisory solutions, assisting public and

private organizations with internal audit planning and execution, and he has been involved with

all phases of internal control over financial reporting initiatives. Reed is also active in the

development of spreadsheet risk management programs. He is a frequent speaker on topics

including internal audit, Sarbanes-Oxley, emerging technology risk, and spreadsheet risk

management.

CS 3-2: Leveraging COSO ERM to Drive High-impact Outcomes

Benito Ybarra, CIA, CISA, CFE

Chief Audit and Compliance Officer

Texas Department of Transportation

To provide an example of using COSO's Enterprise Risk Management Framework to drive better

risk management and value.


Receive an overview of planning, conducting, and reporting fieldwork as it relates to COSO’s ERM framework,

Discuss methods of delivering opinions on internal control frameworks.

Explore reporting to stakeholders in terms of risk themes and smart resource investment.

Benito Ybarra has more than 17 years of audit experience and oversees TxDOT's Internal Audit

and Compliance divisions; their functions are aimed at improving controllership, risk

management, accountability, and governance. He is a member of The IIA's North American Board

and serves on the Publications Advisory Committee. Ybarra also serves on the internal audit and

peer review committees of the American Association of State Highway and Transportation

Officials and the (Texas) State Agency Internal Audit Forum.

CS 3-3: Rebranding Your Internal Audit Department

Brian Tremblay, CIA, CISA


Acacia Communications, Inc.

Branding is everywhere, on every sign, webpage, and even in everyday interactions. Yet it is often

overlooked by CAEs as a tool to bridge the gap between being just an auditor and a valuable

resource to organizations and stakeholders. You and your department have a brand – whether

or not you realize it. How do you discover the way your department is perceived? And how do

you embark on a branding journey, or more importantly, rebranding if you feel your brand is not

being perceived you want it to be?


Learn the value branding can play in the success of your department.

Discuss how internal audit’s brand can affect how you execute your mission.

Recognize the level of effort t it takes to implement a brand/rebrand strategy.

Identify common branding pitfalls

Delve into an actual case study on how a rebranding effort can be undertaken and the fruits of the labor to be enjoyed.

Brian Tremblay leads all activities of the internal audit function at the high-tech semiconductor

company. He has spoken on the topic of branding at several conferences, believing a strong brand

can be a significant asset to an internal auditor’s success. Prior to joining Acacia, Tremblay was

director of internal audit at Iron Mountain, overseeing all audits and projects within North

America as well as liaising with global quality managers. Prior to Iron Mountain, he served as

senior manager at Houghton Mifflin Harcourt, where he built out an internal audit department

and executed a Sarbanes-Oxley implementation. Tremblay also previously worked at Raytheon

and Deloitte.

CS 3-4: Bring Me Value! (And How Internal Audit Can Answer That Call)

John J. Hall, CPA

President & Founder

Hall Consulting, Inc.

Every day in every organization, senior management is looking for more value from their audit team. This session will deliver proven ideas on how to answer that call – without adding to our existing workload and project responsibilities. In this session, participants will:

Identify project planning and risk assessment techniques that can provide instant value.

Learn to recognize and respond to Consultative Moments – every single day.

Underscore the need to master business, technical, and interpersonal skills – the very foundation of providing measurable value.

Share three innovative audit ideas for 2017 and how to apply them in your organization.

John Hall specializes in skills training programs and conference presentations for internal

auditors, CPAs, management groups, and professional associations. He also coaches internal

audit professionals in how to increase their effectiveness, clarify and meet their business and

personal goals, and move their careers forward. Hall has 40 years of experience as a consultant,

speaker, auditor, and business owner. He has worked in senior leadership positions in large

corporations and international public accounting firms. He wrote The Anti-Fraud Toolkit and the

award-winning book Do What You Can! Simple Steps – Extraordinary Results. Additionally, he

created and facilitates Fraud Detection, Deterrence & Incident Response for Internal Auditors, an

IIA seminar.

CS 3-5: Rules of Engagement: Mastering Influences and Neutralizing Resistance

Toby Groves Cognitive Scientist Groves Cognitive Research

There are science-based approaches and tools that can break down walls to connect with people

at a deeper level so they are more receptive to arguments. This fascinating session will use live

audience experiments to demonstrate subtle but powerful communication tools discovered in

cognitive science research. The nuances with which technical information is communicated is

crucial to the connection made with the audience, but many instinctive communication methods

actually block receipt of the intended message.

In this session, participants will: • Learn nuances of negotiation useful in all types of communication. • Understand different methods of communication for different types of technical data. • Hear how to erase audience resistance to your message. • Explore the science behind influential messages.

Toby Groves is a researcher, advocate, and speaker who investigates the cognitive science of expert judgment. He teaches expert decision makers to tap hidden cognitive networks to maximize their powers of reasoning. A popular speaker among government and professional organizations that provide society’s most critical services, Groves is known for delivering unconventional, interactive, informative talks. Trained in a unique combination of behavioral and financial forensics, Groves is a doctoral level researcher in psychology. His commentary and story have been featured on media outlets such as NPR, in numerous professional journals, and is studied by leading researchers and business schools around the world.

CS 3-6: How to Effectively Report Out to the Audit Committee

Mark Sparano, CPA, CGMA

Former Chief Audit Executive

U.S. Bank

Facilitator:

Larry Rittenberg, Ph.D., CIA

Emeritus Professor of Accounting and Audit Committee

University of Wisconsin

If you are familiar with the maxim that the information you communicated is not necessarily the

message your audience received, this session is for you. The reports you work so hard to create

to convey messages cannot be acted upon if they are not absorbed by the recipients. Tips and

techniques to break through your audiences “listening barriers” will be offered as well as

suggestions to incorporating feedback loops to ensure the message you delivered was the

message received.


Discuss assessing all stakeholder communications required by internal audit with a focus on the audit committee.

Identify methods to maximize audit committee reporting, key messages, and takeaways.

Review the importance of ensuring a feedback loop with audit committee interactions.

Mark Sparano is an internal audit professional from the financial services industry. During his

career, he has led professionals in internal audit, risk management, finance, and public

accountancy. Sparano has worked for companies including U.S. Bank, BNY Mellon, U.S. Trust, and

KPMG.

Larry Rittenberg serves as chair of the audit committee of Woodward, Inc., an aerospace and

energy company. He has served in several leadership roles for The IIA, including serving as

president of The IIA Research Foundation as well as vice chairman of the Professional Practice

and Professional Oversight committees. His most recent published work was COSO Internal

Control‒Integrated Framework: Turning Principles into Positive Action published by The IIA

Research Foundation. Rittenberg served as chair of the Commission of the Sponsoring

Organizations of the Treadway Commission (COSO) for five years during a time in which COSO

developed the principles approach to internal control and applied it to small businesses. He also

served as a member of COSO during the development of the COSO Enterprise Risk Management

Framework. Rittenberg is the former EY Professor of Accounting and Information Systems at the

University of Wisconsin and has written numerous publications sharing his professional expertise

with leading accounting and audit journals.


CS 4-1: Cloud Risk

Vinny Troia

Founder

Night Lion Security

It is a fairly straightforward question, but how could you possibly know the answer? There are

many different cloud security frameworks, each with their own set of requirements and

interpretations for those requirements. So how do you know which framework is the “right”

framework? More importantly, what are we even protecting ourselves against? We will begin

our journey with a Live Hacking demonstration. I will show you how an average, no-skill hacker

with only basic knowledge can penetrate your fully secure cloud environment. Next, I will show

you how you can protect yourselves against these attackers by developing your own

organization specific set of security standards using the Cyber Security Framework.


View a Live Hacking Demonstration

Review Different Cloud Security Frameworks

Evaluate how to choose the "right" framework for your organization

Develop a custom testing framework using the Cyber Security Framework

Review how to save time and resources with framework mapping (and a free database)

Vinny Troia is a computer security expert, certified ethical hacker, computer forensic investigator and has refined his underground IT expertise across security, management, development, and administration of interconnected systems. Having spent nearly a decade engineering and architecting security systems for the U.S. Department of Defense, Troia has become one of the media’s top go-to experts on cyber-related controversies, regularly participating on global news networks discussing major corporate data breaches, cyber law and legislation, airline and automobile hacking, and cyber/email-related scandals of national significance. In 2014, Troia used his national media presence as a platform to launch his own company. His unconventional approach to identifying risk within an organization, combined

with his ability to interact and work directly with business leaders, has allowed him to become one of the most sought-after IT security professionals in the industry. CS 4-2: Evolving Perspectives of ERM

Charlie Wright, CIA, CPA Founder Wright Audit and Risk Management, LLC

Organizations around the globe are demonstrating an increasing interest in strengthening

enterprise risk management (ERM). But because regulatory requirements and global

frameworks are constantly evolving, it is difficult for boards, executive management, and

internal auditors to meet their stakeholders’ expectations. There are key challenges about how

internal audit can help optimize ERM to add value, but there are potential solutions, including

mechanisms to assist in measuring ERM’s effectiveness.


Review highlights of the new COSO ERM update.

Understand the role of internal audit in ERM.

Learn to identify important components of your organization’s ERM framework.

Compare and contrast key performance indicators and key risk indicators.

Identify key measurement criteria to assess the effectiveness of ERM.

Charlie Wright recently founded his firm that specializes in internal audit and ERM consulting. From 2005 to 2016, Wright was vice president of internal audit at Devon Energy Corporation, and general auditor at American Airlines prior to that. Wright was recently elected to serve as the vice chairman of Professional Guidance Committee on The IIA’s Global Board of Directors.

CS 4-3: Are Your Internal Controls Keeping Up With the Times?

Lisa Hartkopf

Partner

EY

Lynne Coveillo

Partner

EY

Stephanie Liebman


Hewlett Packard

Kathy Weekley


AMC Theaters

Today’s velocity of change – and the type of changes such as digitization and outsourcing – has

upended the business environment, and business models are struggling to respond at the

unprecedented pace. To keep up, studies have shown that strong risk management and systems

of internal controls have a positive impact on long-term business performance and earnings

potential. So why have internal control structures not kept up with the times?


• Define changes to the regulatory environment and business landscape over time. • Discuss management’s continuing role as owner of a company’s internal controls. • Share internal controls/internal audit operating models and the relationship with the

three lines of defense. • Identify ways to improve efficiency and effectiveness of control processes.

Lisa Hartkopf is with EY’s Advisory Practice and also serves as EY’s Americas internal audit leader.

She has more than 19 years of public accounting experience working in assurance, transaction,

and advisory services. Hartkopfa leads the innovation, thought leadership, methodology, client

service, and go-to-market growth initiatives around internal audit services in the Americas and

works with clients to maximize operational effectiveness and efficiency of process, risks, and

controls primarily with automotive, consumer products, and diversified industrial manufacturing

companies. She has also assisted clients in their implementations of Sarbanes-Oxley, Japanese

Financial Instruments and Exchange Law (J-SOX), and ERM programs.

Lynne Coveillo is an experienced executive with a proven track record advising clients on

governance, risk, and control issues with deep technical expertise in internal audit, controls, and

ERM, and previously served as the internal controls leader for the Northeast Region. She has

been EY for nearly 14 years. Coveillo recently received the 2015 Women to Watch Award from

the Massachusetts Society of CPAs as well as a 2016 Rising Star of the Profession by Consulting

magazine.

Stephanie Liebman joined Hewlett Packard Company through the EDS acquisition, where she led the integration of the EDS audit organization and processes into HP. With the Hewlett Packard Company split, she returned to internal auditing after spending 7 years in the business as the vice president for HP’s enterprise services financial operations responsible for global financial analysis and invoicing, system architecture support and automation programs, and previously the Best Shore Services CFO.

Kathy Weekley has more than 20 years of experience in the financial services industry, including multi-disciplinary roles in IT, IT-audit, financial audit, operational audit, compliance/regulatory, and insurance risk control operations, with recent emphasis in process improvement of the internal operational audit function and joined AMC Theatres in 2015. Prior to joining AMC, Weekley served in multi-disciplinary financial services function. She joined AMC Theatres in 2015.

CS 4-4: Continuous Auditing: Data Analytics

Karl Riem, CPA, CISA

Senior Vice President and General Auditor

Federal Reserve Bank of Minneapolis

As organizations evolve, internal audit departments also adjust and are consistently expected to

do more with less. Applying a continuous audit program can provide an audit department with

an effective way to increase coverage, in less time and with better results.

In this session participants will:

Learn the difference between continuous monitoring and continuous auditing.

Identify conditions that may warrant a continuous auditing approach.

Hear learnings from implementing a continuous auditing program.

Discuss a few specific continuous auditing programs.

Karl Riem is responsible for providing audit coverage over the Ninth District bank activities based in Minneapolis, Minnesota (USA), and has audit responsibility for some activities conducted across the Federal Reserve System nationwide. Overall, Riem has 33 years of risk management experience consisting of leadership roles in internal audit and front line production/operational risk leadership roles. He has created several industry leading risk management processes around merger and acquisition due diligence, system conversions, emerging risks, and continuous auditing. CS 4-5: Negotiating Through Effective Collaboration

Debbie Lundberg

Author and Principal

Presenting Powerfully

Collaborative negotiation should be about both parties being able to win. This session will discuss how to confidently and thoughtfully go from compromise to collaboration.


Examine how compromise is not the lose-lose scenario.

Learn how collaborative negotiation leads to both parties being able to win.

Discuss how slight changes in words, attitudes, and actions can make the difference in obtaining successful collaborative outcomes.

Debbie Lundberg is both an educator and an entertainer. With her expertise the areas of

effective communication, professional behaviors, and thriving relationships, she comes to

clients with evidence of her experience, perspective, partnership, delivery, accountability, and

results. Lundberg's personal brand is "Committed to applied knowledge, growth, fun & ROI."

She is a Certified Leadership Coach, a Subconscious Restructuring™ Life Coach (SRLC), and the

author of nine books filled with tips and tools for life-long-learners of all ages. Lundberg was a

faculty member at the University of Phoenix facilitating Critical and Creative Thinking courses

for seven years. She has a named scholarship with The University of Tampa Board of Fellows,

serves on the USF Entrepreneurship Advisory Board, and serves as the chair and governor for

The Centre Club Board.

CS 4-6: Impactful Communications Between Internal Audit and the Audit Committee

Michele J. Hooper

Managing Partner

The Directors' Council

Facilitator:

Kathy Anderson, CRMA

Managing Director, North American Advocacy

The IIA

The audit committee’s role and responsibilities in corporate governance is more important than ever. To perform their responsibilities effectively, it is important that audit committee members have the right information, analyze it carefully, ask pertinent questions, and make informed decisions. Effective communication between the audit committee and the internal audit function is critical.


Understand some of the key priorities for audit committees today.

Optimizing the intersecting roles of the audit committee, internal audit, and external audit.

Audit Committee … what they need vs. what they get.

Identify the trends related to the makeup and structure of boards.

Michele J. Hooper is president and CEO of The Directors’ Council, which consults with major

companies to improve the effectiveness of their corporate governance. With more than 25 years

of corporate board experience, Hooper is an audit committee financial expert — with over 20

years of experience chairing audit committees of several major companies— a highly-regarded

governance expert, and a business leader. Hooper serves on the corporate boards of directors of

PPG Industries, Inc. (former chair, Audit Committee) and UnitedHealth Group. (Chair, Nom and

Gov Committee). She has been a commissioner on the 2004 through 2015 NACD Blue Ribbon

Commissions on Governance. Hooper recently retired as a board member and is former vice chair

of the Center for Audit Quality (CAQ) where she was also chair of the CAQ Working Group focused

on Deterring and Detecting Financial Reporting Fraud.

Kathy Anderson is instrumental in designing, implementing, and coordinating The IIA’s advocacy efforts to promote and elevate the profession of internal auditing. She is responsible for the development and implementation of the Advocacy Department’s communications strategy, which informs members, leaders, and stakeholders about the profession and The IIA’s advocacy efforts. Prior to joining The IIA, Anderson had more than 20 years of experience with the Florida Institute of Certified Public Accountants, most recently in the role of CEO and executive director for six years. She also served seven years as executive director of the South Carolina Association of Certified Public Accountants. Anderson is a graduate of the U.S. Chamber of Commerce’s six-year association management program, as well as the year-long Leadership Tallahassee program sponsored by the Tallahassee and Florida Chambers of Commerce.

Tuesday March 21, 2017 8:30 AM – 9:45 AM

GS 3: Open Discussion With the Honorable Barbara Hackman Franklin: How Leaders in

Internal Audit Can Be Most Effective Supporting Management and the Board

The Honorable Barbara Hackman Franklin

President and CEO

Barbara Franklin Enterprises

Former U.S. Secretary of Commerce

Facilitator:



The IIA

Internal and external factors significantly impact the governance and management of an

organization. Internal audit’s role is evolving as it relates to how to support both the organization

and the board as a trusted agent in this time of challenge, change, and transition.

Learn about the leadership and expertise acquired from a member of several corporate boards

and audit committees and participate in a discussion about current forces impacting

organizations and how leaders in internal audit can be most effective supporting management

and the board.


Explore top concerns on the minds of stakeholders.

Determine how leaders in internal audit can be most effective in supporting stakeholders.

Identify the best options for internal audit to help organizations manage emerging and volatile risks.

Discuss how boards expect internal audit to handle disagreements with management.

Highlight the optimal methods in promoting internal audit as trusted agents of change.

The Honorable Barbara Hackman Franklin heads a private international consulting firm headquartered in Washington, DC. She is an advocate for and advisor to American companies doing business in international markets and is an expert on corporate governance, auditing, and financial reporting practices. As Secretary of Commerce for President George H.W. Bush, she achieved a major goal – increasing American exports – with emphasis on market-opening initiatives in China, Russia, Japan, and Mexico. Secretary Franklin's has had a long career in public service, having served five U.S. presidents and, in 2006, she received the Woodrow Wilson Award for Public Service. In the private sector Franklin served on the boards of directors of 14 public companies and four private companies. She has chaired six public company audit committees, including Aetna and Dow Chemical. A recognized expert in corporate governance, Franklin is Chairman Emerita of the National Association Corporate Directors (NACD) and of the Economic Club of New York (ECNY). She has received numerous honorary degrees and awards, including the John J. McCloy award for audit excellence, and was inducted into the NACD Directorship Hall of Fame, the Financial Executives International Hall of Fame, and the Connecticut Women’s Hall of Fame. Franklin also has a history of service to the accounting profession. She was one of the first public members of the board of AICPA, chaired its audit committee, was a public member of the Auditing Standards Board Planning Committee, served as a trustee of the Financial Accounting Foundation and chaired its international committee, and is an emeritus member of the PCAOB Advisory Council. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today has named him one of the Top 100 Most Influential People in Accounting, as well as one of 10 tweeters worth

following. The National Association of Corporate Directors (NACD) has named him one of the most influential leaders in corporate governance since 2013. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers authored the award-winning book, Lessons Learned on the Audit Trail, which is currently available in five languages, and has a new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, due for release in early 2017.

Tuesday March 21, 2017 10:15 AM – 11:15 AM CS 5-1: Open Source Software: Managing the Compliance Pitfalls

Bruce Carpenter

VP, Internal Audit

NVIDIA

Jeff Luszcz

Vice President, Product Management

Flexera Software

This session discusses the benefits of using OSS, the related risks, and associated compliance

obligations. We will demonstrate the value of developing an OSS compliance program using a

case-study approach. Finally, participants will learn five steps to assess any potential exposures

for their own organization.


Understand Open Source Software (OSS) and its compliance obligations.

Discuss how to develop an OSS compliance program.

Demonstrate the value of using specialized tools to analyze software components.

Consider the challenges and pitfalls in managing OSS use.

Outline five steps to understand OSS exposure in your organization.

Bruce Carpenter has been leading NVIDIA’s internal audit department for two years. Before

joining NVIDIA, he joined Sybase, Inc., in 2001 to oversee the development of the internal audit

department. Carpenter was also responsible for ERM while serving as the company’s

compliance officer. In 2012 Sybase won OCEG’s Principled Performance Award for excellence in

the implementation of ERM companywide. Subsequent to Sybase’s acquisition by SAP,

Carpenter moved to the SAP Corporate Audit Department serving as vice president of global

sales and services audit. He also led go-to-market activities of SAP’smobile-enabled audit

management product. He began his career with KPMG in New Zealand.

Jeff Lusczc is responsible for product strategy for the company’s software composition analysis

solution. Previously, he was founder & CTO of Palamida, a provider of open source discovery

and vulnerability management solutions helping software development organizations

understand how to best use open source while complying with their license obligations and

managing security vulnerability risk. The company was acquired by Flexera Software. Luszcz

also led the professional services team at Palamida responsible for open source compliance and

security audits and performed reviews for some of the largest mergers and acquisitions in the

technology industry.

CS 5-2: Developing a Collaborative Relationship With Management

Harold Silverman, CIA, QIAL, CRMA


The Wendy's Company

Internal audit functions do not operate in a vacuum. To be successful in assisting the organization

in achieving its objectives, internal auditors must build the trust and confidence of management.


Hear tools and techniques from an experienced CAE on developing a strong working relationship with management.

Enjoy humorous anecdotes of successes and failures from the speaker's career.

Have the opportunity to share experiences in relationship strengthening with co-workers in management functions.

Harold Silverman previously was vice president of internal audit at Houghton Mifflin Harcourt

Publishing Co. Before that, he served as senior manager of internal audit at Raytheon Co.,

managing the team that performed audits at the corporate locations and divisions in the

northeast. Prior to Raytheon, Silverman was an internal audit manager at

PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen. He serves

on The IIA’s Executive Committee and as vice chairman of Professional Certifications.

CS 5-3: 5 Ways to Manage Third-party Relationship Risks

Mark Kultgen

Partner, National Leader, Internal Audit and SOX Services

RSM

Kelly Gillis

Director, Enterprise Risk Management Officer

Alliance Data

Many organizations use third-parties to achieve their strategic objectives, increase efficiency,

and save money and resources by select tasks to more experienced providers. As outsourcing

becomes more commonplace, regulatory oversight is expanding to monitor sensitive data and

processes that third-parties may be managing. Processes can be outsourced, but the inherent

risks to your organization cannot.


Review benefits and potential pitfalls associated with third-party relationships.

Understand your organization’s risk liability when working with third-party providers.

Obtain strategies to better manage third-party relationships.

Mark Kultgen has oversight responsibilities for developing the organization’s internal audit and

Sarbanes-Oxley methodologies and the teams delivering those services. He has more than 30

years of experience in public accounting and industry, including the oversight of a shared service

operation of a $2 billion multi-location company. Prior to joining RSM, Kultgen was an office-

managing partner at a Big Four firm. He brings a strong background in internal audit, Sarbanes-

Oxley reporting, and service organization control (SOC) attestation services.

Kelly Gillis is the Chief Enterprise Risk Management Officer for Alliance Data Card Services. He has the ultimate oversight and reporting responsibilities for Enterprise Risk Management and Model Risk Management at Alliance Data Card Services and two subsidiary Banks. He has over 20 years of experience in public accounting and industry, including leading the SOX program for

a Fortune 25 Company. He brings a strong background in Enterprise Risk Management, internal audit, external audit, and internal control programs. CS 5-4: Small Audit Departments’ Effective Use of Data

Michael Pryal, CIA, CRMA


Federal Signal Corporation

Small to mid-sized internal audit functions are frequently challenged on effectively

communicating the benefits, getting started, and enhancing the audit process using data analysis.

Use of data analysis tools and sourcing the right data, both internally or externally managed on

the cloud, can create both cost and staff training challenges.


View a framework and related techniques on identifying project target areas.

Talk about"quick wins" for data analysis projects that demonstrate operational benefits.

Explore case studies on how data analysis is used on recurring assurance and cost recovery advisory projects using ERP and third-party managed data elements.

Share examples of management reporting examples.

Mike Pryal has over 35 years of combined consulting and internal audit experience. His career

includes Big Five Accounting work in financial statement assurance practice, senior manager in

the business process risk consulting practice, and as a partner in the internal audit services

practice serving consumer products and manufacturing clients. Pryal also spent seven years at

Protiviti as managing director responsible for client service and leading industry programs in the

two regional markets. He has extensive process experience in transforming internal audit

departments including enhancements in Sarbanes-Oxley and compliance programs, ERM and

global risk assessments, third-party contract audits, COSO framework implementation, anti-

corruption and internal audit quality assurance (QAR) reviews. Earlier in his career, Pryal served

as director of internal audit at Keebler Company and manager of internal audit at Turtle Wax.

CS 5-5: Using Data to Monitor Key Risks with Sales Practices (A Case Study)

Erin Morrow

Chief Auditor, Global Consumer Banking

Citigroup

Josh Goldsmith

Senior Vice President Audit Analytics

Citigroup

There are, perhaps, as many internal audit staffing strategies as there are audit leaders. The

right approach may depend on the culture and needs of the business. Were you to determine

that a fully rotational staffing model was the solution, how would you implement it and what

would it look like?


Discuss several staffing models and approaches.

Examine the recruiting, development, and roll-out processes that must exist to support a fully rotational staffing model.

Get real-world examples of how a fully rotational staffing model has worked.

Debate the merits of such a model and discuss why it may or may not work in your organization.

Erin Morrow oversees audits within cards, retail banking, mortgage, and commercial as well as

looking after the consumer holding project. She joined Citi in 2013, having worked with the

organization as an internal audit consultant to for ten months prior to joining the firm. Morrow

focuses on audit and advisory work, consulting with organizations on process design, control

design, process audits, and technology projects. In her consulting work, she supported several

global banks in areas such as consumer audit, including retail and mortgage audit, consent

order work, information security, vendor management programs, and the establishment of

outsourced audit operations. Prior to joining Citi, Morrow was a principal in the financial

services practice of Grant Thornton LLP, leading the governance, risk and compliance practice in

the northeast and served as the outsourced chief auditor for two regional banks as well as a

global asset manager.

Joshua Goldsmith oversees analytics support of the global consumer banking, compliance,

corporate operations, and other global functions product audit teams. His responsibilities

include contributing to the group’s operating strategy, coordinating with product audit

leadership team in all phases from audit planning through execution, and managing a group of

analytics practitioners providing guidance and oversight. Prior to joining Citi 3 years ago,

Goldsmith worked at Deloitte for nine years in their data analytics practice, leading data

analytics initiatives to support regulatory and capital markets engagements.

CS 5-6: Sustainability and ERM: The First Steps Toward Integration

Brendan LeBlanc, CIA, CPA

Partner

EY

Facilitator:

Doug Anderson, CIA, CRMA

Managing Director

CAE Solutions

The IIA

Research conducted by the World Business Council for Sustainable Development (WBCSD)

suggests that there is a disconnect in the effectiveness with which organizations are identifying,

measuring, managing, and disclosing sustainability risks. This interactive session will walk you

through the findings of this research and discuss the path forward for risk managers,

sustainability practitioners, and audit professionals.


Learn about the research conducted by the WBCSD on "material" sustainability topics.

Explore how the revised COSO ERM framework encourages the elimination of unconscious bias.

Share market practices of sustainability risk management tools, techniques, and approaches.

Brendan LeBlanc has led over 100 engagements on the subject of nonfinancial measurement,

accounting, analysis, and/or assurance in the past 10 years, and brings 22 years of experience

to his role as partner in EY’s Climate Change and Sustainability Services practice. He speaks

frequently on the topics of human rights, resource scarcity, social, and natural capital and the

measurement and accounting thereof. LeBlanc serves as EY’s representative for various global

organizations including the World Business Council for Sustainable Development (WBCSD),

International Integrated Reporting Council (IIRC), SHIFT Project, and Sustainability Accounting

Standards Board.

Doug Anderson joined The IIA in 2016 after serving as an assistant professor at Saginaw Valley

State University. Until 2013 Anderson worked with The Dow Chemical Company for 22 years.

His roles at Dow included 16 years in internal audit (9 years as CAE), a global finance director in

corporate controllers supporting acquisitions, divestitures, and joint ventures, and the finance

leader for the global Dow latex business. Previously he spent 10 years with

PriceWaterhouseCoopers.

Tuesday March 21, 2017 12:30 PM – 1:30 PM

CS 6-1: Using Data Analytics to Build Effective Reports for Senior Management and the Audit

Committee

Ramón Machado, JD, CIA, CRMA, CPA, CISA, CFE

Senior Vice President, Chief Audit Executive

First American Title Co.

Data analytics promises greater risk mitigation and increased assurance. But where do you start?

What tools are required? Do you know what your stakeholders want? Join us to explore real-life

analytics, visualizations, and how you can also unlock the power of data.


Discuss framework strategies for data analytics implementation.

Identify opportunities to leverage data analytics.

Review elements of successful, value-added reporting for stakeholders.

Explore various data visualizations.

Ramón Machado has provided auditing, forensic accounting, and litigation services as a member

of private industry, public accounting, and U.S. regulators for over 20 years. He currently oversees

First American's global internal audit function in the United States, Canada, Asia, and the

Caribbean. Machado previously served as adjunct professor at Pepperdine University School of

Law and Chapman University Argyros School of Business & Economics.

CS 6-2: Internal Audit as a Respected and Trusted Advisor: Mission Impossible…Or Is It?

Patricia Miller, CIA, QIAL, CRMA

Owner

PKMiller Risk Consulting, LLC

Internal auditors strive to gain respect and credibility in their organizations, but with ever-

changing stakeholder expectations and sometimes being the bearer of bad news, it may seem as

though being seen as a “trusted advisor” is Mission Impossible. This session will explore ideas

and suggestions from years of experience as well as relevant research to help participants explore

how to achieve this goal.


Understand the nature of current stakeholder expectations.

Learn internal audit’s current state in meeting such expectations.

Learn how leading CAEs approach the challenge of meeting and exceeding such

expectations, to become a trusted advisor.

Patty Miller has significant management and consulting experience in governance, risk

management, and control. She spent 14 years with Deloitte, serving as the lead risk services

partner on some of the firm’s most significant technology and consumer business clients. Miller

joined Deloitte following a 14-year career with Pacific Telesis and Pacific Bell where she held

numerous mid and senior management positions in areas including financial management,

billing, internal audit, process design and re-engineering, project and program management, and

merger planning and integration. She is a frequent speaker and trainer at locations worldwide

and has authored or co-authored projects for The IIA’s Internal Audit Foundation and Internal

Auditor magazine. Miller has served numerous volunteer leadership roles with The IIA, including

a term as its chairman and a member of the executive committee for seven years. In addition,

she has been presented with The IIA’s William G. Bishop III Lifetime Achievement Award and of

the Victor Z. Brink Award for Distinguished Service.

CS 6-3: Enhancing Your Risk Assessment and Audit Planning Processes

Michael Gowell

General Manager, Senior Vice President

Wolters Kluwer, TeamMate

Michael Sekoni, CIA, CFSA, CISA, CPA, CFE, CGMA

Vice President, General Auditor

BCBSM Emerging Markets

Audit leaders from around the world are seeking to fine-tune and enhance their existing risk

assessment and audit planning activities to better address the nature of changing risk

environments. To better understand the status of their successes and failures, TeamMate

launched a survey to gather data on both current and anticipated practices. The survey resulted

in 10 specific recommendations for internal auditors to consider as they review the adequacy of

their current risk assessment and audit planning processes and explore how to better understand

and audit the risks facing their organizations.


Learn 10 areas for potential enhancements for your risk assessment and audit planning processes.

Understand how 2016 survey respondents are addressing each topical area.

Identify developing practices being implemented by select respondents.

Compare your practices in these 10 areas to those responding to TeamMate recent survey.

Identify specific practices related to risk assessments and audit planning you can use to enhance your risk assessment and audit planning processes.

Michael Gowell leads all aspects of TeamMate’s global operations and is responsible for the

overall product strategy. With more than 25 years of audit, audit methodology, and audit

management software experience, Gowell is a leading expert on audit technology and audit

management systems. As project director at PwC, Gowell founded TeamMate in 1993 and has

personally implemented TeamMate at over 300 corporations. He is a frequent keynote speaker

at national and international industry conferences.

Michael Sekoni directs internal audits and advisory services, ensuring that AF Group and its

brands meet their business objectives. As CAE, he is responsible for developing and executing a

comprehensive audit program for the evaluation of the company’s governance, risk, and

compliance. Sekoni joined AF in 1998 as a senior information systems auditor and has since

served in leadership roles of progressive responsibility. Before joining AF, he worked as a research

assistant to a World Bank economist and as an analyst/network coordinator at University of

California, Santa Barbara. He also worked as an internal auditor for Farm Bureau Insurance.

CS 6-4: Streamlining Audit Processes With Data Mining and Analysis

Himi Tina Kim, CIA, CGAP, CRMA

Head of NY State Audit

Chair, IT Guidance Committee

Delivering high-impact audits starts with a robust risk assessment process. In environments

where limited resources, competing priorities, demanding deadlines, and subject matter non-

expertise conspire to thwart risk identification, many auditors look to technology for solutions.

There are innovative ways to apply technology to improve the efficiency and effectiveness of risk

assessment and other audit processes if there is an innovation-friendly environment within your

audit organization.


• Learn how tools such as cognitive technology, geographic information systems, network analysis, data analytics and data mining can be used to improve risk assessment and other audit processes.

• Explore how collaboration can improve the adoption of technology within your organization.

• Identify action steps to encourage and foster innovation within your audit organization.

Tina Kim is responsible for overseeing the division that conducts audits of New York State

agencies and public authorities as well as New York City, having been appointed to the role in

2014. Earlier in her career, Kim served as director of the New York State Department of

Transportation’s audit and civil rights division as well as the leader of the New York State

economic recovery and reinvestment cabinet’s internal control and fraud prevention working

group. Prior to joining the DOT, she was the deputy inspector general for audit with the New York

Office of the State Inspector General. Kim is chair of The IIA’s IT Guidance Committee, and former

chair of its Public Sector Committee and AICPA’s Government Performance and Accountability

Committee.

CS 6-5: Maximizing Resources in the Small Audit Department

Thomas O'Reilly, CIA

Vice President and General Manager

MIS Training Institute

As company budgets continue to tighten, and as organizations focus on improving margins, CAEs

face the dilemma of having to do more with less. For CAEs with over 100 team auditors, resource

decreases are usually a small percentage of budgets and headcount. But for CAEs smaller

departments, maybe 20 or fewer, the struggle to meet stakeholder demands is real, and keeping

up with deliverables becomes exceedingly difficult.


Learn tips, tricks, and techniques from over 100 CAEs on making the best use of constrained resources.

Find out how to leverage non-auditors to help, or complete, internal-audit related work.

Get advice on shortening internal audit planning and fieldwork without sacrificing the audit scope.

Identify ways to decrease the time it takes to draft, and publish a report.

Practice making the business case for additional resources when budgets and headcount increases are frozen.

Tom O'Reilly works with internal audit departments around the globe, creating solutions to

enable positive change within their organizations. Prior to his current role, he served as CAE of

Analog Devices, a global semiconductor manufacturer. In nearly five years there, O’Reilly

increased his department's budget and headcount. He also served as a manager in EY's risk

advisory practice, serving the internal audit departments of two Fortune 100 companies.

CS 6-6: Women Leaders in the Profession: Strategies for Success

Karen Begelfer, CIA, CRMA

Vice President, Chief Audit Executive, Corporate Audit Services

Sprint Corporation

Carolyn Saint


University of Virginia

Facilitator:

Cyndi Plamondon, CIA, QIAL, CISA, CCSA, CGAP, CFSA, CRMA

Senior Vice President and Chief Knowledge Officer

The IIA

Part of the In Conversation With series, the session will be an interactive conversation with two

women chief audit executives. Participants will learn strategies for reaching and succeeding at

the top of the internal auditing profession.


Understand the tools and techniques employed by CAEs to successfully lead their teams.

Discuss the role that gender plays in leadership.

Explore the importance of leadership diversity and ways to overcome bias.

Karen Begelfer leads the internal audit function including corporate audit, retail audit, and

ERM. Prior to Sprint, she served as vice president and chief auditor of Payless Holdings,

responsible for the international corporate audit team, the ERM function and the sustainability

initiative. Prior to Payless, Begelfer was a director of internal audit at The Home Depot,

directing audits in the finance and shared services areas, including Sarbanes-Oxley testing.

Previously, she delivered post-deal integration services at PricewaterhouseCoopers and was a

member of the corporate audit staff at General Electric.

Carolyn Saint is responsible for the leadership of the university’s audit department, leading its

revitalization when she joined UV in 2015. She is a member of the President’s Executive

Cabinet, serving as a key leader in enhancing and protecting organizational value by providing

risk based and objective assurance, advice, and insight. Saint also serves as an executive mentor

in the Center for Leadership Excellence, and contributes to staff training and development

through presentations at the Organizational Excellence Quality Core Network and other venues.

Saint previously served as vice president and chief audit executive for several multinational

companies, including Sears Holdings, Lowe’s, and 7-Eleven. She began her career at Deloitte,

serving clients in the manufacturing, health care, and not-for-profit sectors. An active advocate

for the internal auditing profession, Saint is a frequent speaker at national and global auditing

conferences. She has chaired The IIA’s North American Board of Directors, served as an IIA

global board member, and was a member of The IIA Research Foundation Board of Trustees.

She currently serves as IIA Global Advocacy chair, where she led the creation of The IIA’s global

advocacy platform. Saint is also a member of ACL’s advisory board, a software development

company headquartered in Vancouver Canada.

Cyndi Plamondon has responsibility for global revenues comprising more than US$16 million

and leads a professional staff of more than 45 members in the areas of professional standards

and assessments, professional and stakeholder relations, governance, and quality assessments.

Prior to her most recent appointment, she served as vice president of global professional

certifications, responsible for the administration, development, and execution of 12

certification exams in 20 languages delivered in 165 countries. Prior to that, she held posts

including vice president of professional practices overseeing the development and distribution

of standards and guidance for internal audit professionals around the world; vice president of

educational programs; and manager of quality assurance reviews. As a member of the internal

audit profession, Plamondon was director of internal audit for PSS World Medical Inc. and

inspector general for the University of North Florida (UNF). She also worked in internal auditing

for Prudential Insurance Co. for nearly 10 years in both the insurance and financial services

areas. Plamondon regularly facilitates seminars and speaks at conferences on behalf of The IIA.

She is a certified course developer/designer and has received The Institute’s Distinguished

Faculty Member designation.


CS 7-1: Emerging Topics in Cyber Assurance

Michael Juergens, CIA, CRMA

Principal and IT Internal Audit Practice Leader

Deloitte and Touche LLP

In the ongoing battle of managing cyber risk, internal audit has a critical role to play as the third

line of defense. The resilient organization is building a long-term plan for maintaining and

enhancing security capabilities to move the organization toward its desired level of cybersecurity

maturity. This session will provide insight into the latest trends in cyber assurance and innovative

approaches for internal audit to add value to this strategically vital issue.


Identify the foundational elements of a cyber assurance program: risk assessment, multi-year plan, execution, and reporting.

Evaluate varying methods of a cyber assurance risk assessment.

Learn to use “at a glance” tools to communicate effectively with stakeholders.

Generate greater impact and influence with stakeholders on the topic of cybersecurity.

Michael Juergens has more than 20 years of professional experience, including providing

external audit services, Sarbanes-Oxley readiness and attestation services, IT controls

assessments and transformations, and detailed IT technology audits. He maintains deep

experience in ERP systems as well as end user computing technologies. Juergens currently

oversees the IT internal training curriculum offered by The IIA and ISACA and is an adjunct faculty

member at the Paul Merage School of Business at the University of California, Irvine.

CS 7-2: How to Effectively Market the Internal Audit Function

Pamela Short Jenkins, CIA, CRMA, CPA

Vice President, Global Audit Services

Fossil Group, Inc.

Greg Estes, CIA

Senior Audit Manager

Fossil Group, Inc.

The auditing profession continues to evolve with increasing demands to add value. We must market our wide range of experience and show that by having a seat at the table, we can assist management in achieving their critical objectives. This is not achieved without a plan and visible action. Regardless of your department's size, strategic partnerships are still built via relationships. Come and learn how to be an influencer. In this session, participants will:

Receive a guide with specific examples to market the internal audit function at your company.

Discuss how to use relationship skills and talent to show management ways to get to where they want to go more effectively and efficiently.

Review specific actions to implement that will help publicize your ability and willingness to assist the company get to the next level with the proper level of controls.

Pam Short Jenkins is an innovative strategist who excels at building relationships with key

stakeholders to effectively lead transformation efforts and mission-critical business initiatives.

She is skilled in linking enterprise risk assessment with shareholder value, key objectives, and

customer needs. Jenkins previously served as the CAE and vice president of the projective

management office for company-wide strategic initiatives for US Foods, responsible for bringing

strategic focus and fast-paced tactical execution to the audit services department. She has

more than 15 years of executive level experience in internal audit with organizations such as

The Wendy’s Company and The Home Depot. Jenkins currently serves as the vice chair of

professional development on The IIA’ North American Board of Directors.

Greg Estes has over 12 years of experience as an internal auditor and has served as a corporate

financial professional for over 20 years. His areas of expertise include global ERM

administration, financial and operational audit management, and Sarbanes-Oxley testing and

administration.

CS 7-3: Auditing Corporate Governance

J. Douglas Watt

Senior Vice President & Chief Audit Executive

Fannie Mae

Brian Schwartz, CFSA, CRMA, CBA

US Internal Audit, Compliance and Risk Management Solutions Leader – Financial Services PwC

Meeting the ever-growing expectations of key stakeholders requires internal audit to think more

broadly and consider the role corporate governance plays on a company’s overall control

environment. But auditing corporate governance can be a challenge, requiring the audit function

to look at the company through a different lens. Developing the right approach and leveraging

the right resources are critical success factors.


Gain an understanding of the key elements of corporate governance.

Identify corporate governance-related risks and how they influence the auditor's approach.

Evaluate the factors that help determine an assurance or consulting path.

Explore various approaches to auditing corporate governance.

Review a framework to help assess corporate governance maturity.

Share leading practices to frame issues and communicate results.

Doug Watt joined Fannie Mae in 2016, previously serving as managing director and audit

executive for the Americas at GE Capital. Prior to GE Capital, Watt led the retail and commercial

bank audit teams at Capital One. For the majority of his career, Watt was a partner in the banking

and capital markets practice at PwC.

Brian Schwartz oversees the risk assurance practice’s financial services sector service offerings,

including corporate governance, risk management, compliance, internal audit, GRC tool

enablement, and business continuity management. He is a key driver of PwC’s annual risk in

review survey and related research paper on risk management and governance leading practices.

His governance, risk management, and internal audit experiences and competencies have been

developed over the past 27 years, working with clients in building, assessing, and transforming

their governance structures, risk management capabilities, compliance efforts, Sarbanes-Oxley

programs, and internal audit functions. Prior to joining PwC, Schwartz led the global and Americas

internal audit and controls practice for another Big Four firm. He spent 10 years in industry in

roles including CAE, regulatory compliance officer, and co-chair of the risk management oversight

committee prior to joining professional services. Schwartz has spoken on governance, risk

management, and internal audit topics at numerous professional conferences, authored articles

for trade publications, and been interviewed by business publications on these topics.

CS 7-4: Integrating the Core Principles Into Your QAIP

Basil Woller, CIA, CRMA

Principal, Owner

Basil Woller and Associates, LLC

The Core Principles are a mandatory element of the IPPF. This session introduces an insightful

way to integrate these principles into your QAIP that will demonstrate their relevance and value

to your stakeholders, and provide a foundation for continuous improvement in your internal

audit activity's infrastructure and processes.


Examine the use of a maturity framework to integrate Core Principles into a QAIP.

Understand characteristics that differentiate different level of maturity related to Core Principles.

Explore reporting of maturity of the Core Principles to promote the role and value of internal auditing.

Gain an understanding of interrelationships between Core Principles and The IIA’s Standards.

Basil Woller is one of the leading and most recognized quality specialists in the internal auditing

profession. His career includes time as a CAE for a Fortune 100 company and the QAR practice

leader for a major service provider. Woller is dedicated to internal audit quality and has

personally led or conducted over 250 external assessments in his career. He is a frequent speaker

on the topic of internal audit quality. His practical experience and insight into the role and

operation of internal auditing contributes to valuable insights to promote continuous

improvement.

CS 7-5: Encore Presentation: Key Attributes of Outstanding Internal Auditors



The IIA

IIA President and CEO Richard Chambers discusses the traits of great internal audit leadership. Based on his new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, Chambers reviews the top character traits of gifted practitioners who have gained the trust of stakeholders. Based on surveys and interviews of some of the profession’s most-respected CAEs, Chambers crafts a compelling message on what it takes to become a true trusted advisor.


• Identify the character traits most valued in trusted advisors • Glean insights into becoming a trusted advisor from experiences and anecdotes shared

by Fortune 500 and other top CAEs • Learn the tools and techniques for enhancing the most desired and valued character

traits • Examine how enhancing these character traits will help your organization

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today has named him one of the Top 100 Most Influential People in Accounting, as well as one of 10 tweeters worth following. The National Association of Corporate Directors (NACD) has named him one of the most influential leaders in corporate governance since 2013. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers authored the award-winning book, Lessons Learned on the Audit Trail, which is currently available in five languages, and has a new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, due for release in early 2017.

CS 7-6: Internal Audit Innovation

Shannon Urban, CIA, CRMA Senior Vice Chair, IIA North American Board of Directors

Executive Director

EY

Facilitator:

Bill Michalisin

Executive Vice President, Chief Operations Officer

The IIA

Some would argue that there has been little innovation in the field of internal audit in the last 25

years. Others would argue that a lot has changed during that time. How do we define innovation

when it comes to internal audit, and what role should innovation play in driving your journey to

add value to your organization?


Examine how we define innovation and what that means for internal audit.

Explore some of the innovative strategies and approaches organizations have adopted to generate internal audit value.

Envision what role innovation should play for internal audit in today's fast-paced, technology driven, disruptive world.

Shannon Urban has over 20 years of experience in internal audit, enterprise risk assessment, and

control design and assessment. She specializes in assisting organizations to understand and

assess risks within their operations, assessing the design of processes and controls, and providing

tailored solutions. Urban currently serves as the internal audit competency leader for the

Northeast region, and leads risk advisory and internal audit engagements at several clients in the

Northeast area in the government, health care, life sciences, consumer products, and technology

industry sectors. Urban is a leadership volunteer with The IIA, serving as senior vice chair of the

North American Board and on the Global Board of Directors.

Bill Michalisin joined The IIA in 2013 as chief marketing officer leading all brand, marketing,

communications, sales, and relationship enablement strategies across all global IIA channels. In

2014, his role was expanded to include oversight as the executive director of The IIA’s Research

Foundation, and in 2015, he assumed the role of chief officer for IIA operations. In his current

role, Michalisin leads all operations and core services offered to IIA members globally, including

Membership, Chapter & Institute Relations, Certifications, Conferences, Learning Solutions,

Partnerships, and Enterprisewide Sales & Business Development. Prior to joining The IIA,

Michalisin was industry marketing leader for consumer and industrial products at Deloitte,

which included responsibilities for cross-functional delivery within aerospace and defense,

automotive, consumer products, process and industrial products, retail and distribution, and

travel, hospitality, and leisure sectors. Earlier in his career, Michalisin was a business process

strategy and fraud/forensic investigation consultant at both Deloitte Consulting and Accenture,

providing consulting services to clients in media and entertainment, consumer products,

manufacturing, and financial services.


CS 8-1: A CAE's Perspective: Examining Cybersecurity Risks, Realities, and Real World

Strategies

Steve Sanders, CRMA


Computer Services, Inc.

You can’t take your eye off cybersecurity threats. Business must remain ever vigilant in defending

their systems, networks, and customer data, as well as ensuring employees don’t inadvertently

open the door to the latest threat. With cyber risks consuming so much attention, wouldn’t it be

nice to gain a new, stronger perspective? This session will share insights and best practices into

the current risks, realities, and real-world strategies to help your organization be prepared for

today’s cyber threats.


• Understand the current “cyber reality” and the serious threats many businesses face. • Examine the real risks for today’s companies and why risks are probably greater than first

thought. • Uncover the most overlooked cybersecurity areas. • Discuss six attributes of a strong cybersecurity posture every auditor should be

evaluating.

Steve Sanders oversees the evaluation of risks associated with IT, financial, and operational

systems. He has a strong knowledge of cybersecurity and privacy, accompanied by an educational

background in computer security and data protection. Sanders regularly speaks at conferences

on information security, cybersecurity, and risk management.

CS 8-2: Aligning Technology Sector Internal Audit Goals with Stakeholder Expectations

Princy Jain, CIA, CCSA, CRMA

Partner

PwC

Linda Glaub

Senior Director, Internal Audit

Citrix Systems, Inc.

Michael Jenkins, CPA


Facebook

Michelle DeBella, CPA


Hewlett Packard Enterprise

This panel discussion features CAEs discussing leading practices and key challenges on aligning

internal audit’s goals with stakeholder expectations. They will focus on reporting structures,

managing and aligning expectations, communication challenges, information sharing, risk/audit

reporting, and adding value with the audit function.


Explore how internal audit can align or pivot its approach and plan to cater to

stakeholder needs with the speed of change in business and related risks.

Learn how internal audit can create awareness among stakeholders on value the activity

can provide.

Examine how the audit committee can help establish the strategy of internal audit and

how to align with the committee’s expectations and those of the CFO.

Discuss creating a balance between assurance and consulting.

Share challenges with internal audit’s budget and resources with a focus on obtaining

support.

Princy Jain has more than 20 years of experience serving technology-sector companies and has

spent the past 10 years serving public and venture-backed companies by providing his expertise

within internal audit, Sarbanes-Oxley compliance, risk management, and related consulting

services across a range of industries including semiconductor, electronics, consumer electronics,

internet, software, and more. Jain is an active public speaker on topics including internal audit,

Sarbanes-Oxley, and more, and has contributed as a co-author on several guidance publications

produced by The IIA. He is an active volunteer at The IIA, serving on The IIA’s North American and

Global Boards. He also serves on the Northern California’s Board of Ascend, an organization

dedicated to leveraging the leadership and global business potential of Pan-Asians.

Linda Glaub is responsible for operational, financial, and IT audits, Sarbanes-Oxley compliance, and internal investigations. Prior to joining Citrix, she held internal audit leadership positions with Fleet Boston Financial and American Express Company’s Latin America/Caribbean Division. Glaub previously worked with PricewaterhouseCoopers.

Mike Jenkins has broad finance, accounting, and auditing experience with organizations

including Google, Gap Inc., and Sun Microsystems. He began his career with Ernst & Young.

Michelle Stillman DeBella manages HPE’s global internal audit department, leading more than

170 professionals working to manage risk and drive improvements in the organization’s

operations. Previously, she held the role of vice president of HP enterprise financial reporting.

Stillman Debella joined HP/HPE in 2009 from EY where she served as an audit senior manager for

15 years.

CS 8-3: Governance, Strategy, and Culture: How to Address Them in Your Risk Assessment

Mike Fucilli, CIA, QIAL, CGAP, CRMA, CFE


Metropolitan Transportation Authority

Corporate governance’s dependence on a company's culture is critical to meeting an

organization's strategy. It can determine the corporate direction and performance that effects

stakeholders and management, employees, customers, suppliers, and creditors. Unfortunately,

failure of risk management is a legacy of the ongoing global economic turmoil. Boards may have

failed to exercise appropriate oversight or management took ill-advised extraordinary risks for

short-term results. This session ties into Seeing Beyond the Tip of the Iceberg about key business

risks affecting governance, culture, and strategy.


• Learn how to incorporate cultural concepts into your risk assessments and audits practically.

• Identify changing business cultural shifts and the effects on GRC. • Discuss how auditing strategy can dramatically increase your impact for the better within

your organization.

Mike Fucilli leads a staff of 85 internal auditors at North America’s largest public transportation

agency, with an operating budget of $15 billion and a capital budget that exceeds $5 billion

annually. He has more than 35 years of internal audit experience, having started his career with

Manufacturers Hanover Trust (now Chase Bank) performing procurement audits of large

government contracts including audits of NASA, the U.S. Army and Air Force, and Voyager 1.

Fucilli has served in various leadership roles at the national and global level for The IIA, currently

serving as the vice president of development of the Internal Audit Foundation. He is an adjunct

professor for Pace University, teaching The IIA’s CIA Learning System for the Certified Internal

Auditor exam.

CS 8-4: PwC's 2017 State of the Internal Audit Profession Study

Jason Pett US Internal Audit, Compliance and Risk Management Solutions Leader Mark Kristall, CPA, CISA Partner, Internal Audit, Compliance and Risk Management Solutions Randy Earley, CIA, CISA, CRMA, CRISC Vice President, Audit Services Cox Enterprises, Inc. Elmar Vinh-Thomas Director of Assurance and Enterprise Risk Management Bill and Melinda Gates Foundation Katie Scalia Global Senior Vice President, Internal Audit News Corp

For the past 12 years, PwC has conducted an annual State of the Internal Audit Profession study

that has obtained significant visibility across the internal audit community. The most recent

study, True North: Evolving through disruption with resiliency and agility, comprises the input of

CAEs, CFOs, and audit committee members to understand what matters most to them and to

obtain their perspectives on the challenges and opportunities of the profession.


Delve into the findings on what survey respondents want internal audit to do to increase its organizational relevance and value in an environment of disruption and change.

Hear about leading trends and best practices from PwC's 2017 State of the Internal Audit Profession Study.

Learn to position internal audit to push beyond its traditional assurance and compliance-related role.

Identify strategies to help the business recognize and respond to potential disrupters, and extract opportunities.

Jason Pett has been delivering risk management, external audit, and internal audit services to

leading global and national organizations for more than 20 years. His extensive experience also

includes providing implementing and optimizing enterprise wide risk management programs and

systems and performing risk assessments to organizations in a variety of industries. Pett has

assisted organizations in the design of start-up internal audit, ERM, and compliance functions as

well as working with companies to transform existing functions to be value-added, risk-based,

and strategically aligned with other lines of defense and the business. He has managed

outsourced and co-sourced internal audit engagements for many companies. Pett also has

extensive experience incorporating best practices, such as embedding data analytics into risk

management and control, and leveraging deep industry and technical expertise from across PwC

into the planning, execution, and reporting of internal audit projects, risk management programs,

and compliance testing solutions. He is an author of both PwC's annual Risk in Review and State

of the Internal Audit Profession studies and a frequent speaker on the topics of compliance,

internal audit, risk management, and control.

Mark Kristall oversees the delivery of internal audit, compliance, and risk management solutions

to clients in the products and services sectors. He joined the firm in 2001 as an assurance

associate, and during his time with PwC, he has held numerous client service roles in the

assurance and advisory practices. In 2010, Kristall became director of operations in the risk

assurance delivery center. In 2011, he relocated to take over the growth of internal audit across

the firm’s products and services sectors including industrial products, retail and consumer,

technology, and energy.

Randy Earley oversees the company's audit services team that delivers strategic financial,

operational, and IT audit and risk advisory projects across all corporate departments and

businesses. Prior to Cox, he served as vice president of internal audit at SuperMedia, an

advertising agency for small to medium-sized businesses. Earley has internal audit experience

across multiple industries including retail, financial services, telecommunications,

manufacturing, and media through his work at JCPenney, Citigroup, Nortel Networks, and

Flowserve.

Elmar Vinh-Thomas originally trained as a physician, spending the first part of his professional

life in clinical practice in Southern Africa. He went on to manage public health grants for private

foundations in the U.S. and Europe. His increasing interest in the ethical integrity of donor

funding piqued his interest in auditing so he obtained the Certified Internal Auditor credential.

He now leads the Gates Foundation’s small assurance function, which includes ERM, internal

audit, fraud investigation, and assurance over $5 billion in annual funding made to grantees

around the world.

Katie Scalia Bio Being Finalized

CS 8-5: Innovative Ways for a Non-IT Auditor to Identify Possible Fraud Through Performing

Effective Access Reviews

Kari Sklenka-Gordon, CISA

Director

RSM

Jamie Burgess

Director

RSM

Learning how to assess SoD from an entity-level approach, including assessing access controls,

automated controls, and segregation of duties against functional responsibilities and manual

controls, can open up new avenues to discover fraud. Non-IT auditors will get a taste of gathering

systematic data to assess SoD and mitigate risk from a holistic perspective. Additionally, it helps

to do look-back testing to figure out whether ineffective controls were in place that led to access

issues, and whether another assertion is required.


Learn how to integrate IT into existing audit areas.

Develop an understanding of how to strengthen access reviews.

Understand the value of assessing segregation of duties from an entity-level approach.

Broaden understanding of risk mitigation through exposure testing once SoD issues are identified and remediated.

Explore lessons learned from a case study.

Kari Sklenka-Gordon has focused a majority of her career in SAP, but has worked with multiple

ERPs identifying controls, as well as multiple ERP GRC tools that cover SAP, Oracle, and other

ERPs. She has been both an implementer of GRC tools as well as an end user in the private sector

and an auditor. Most of her experience is around Approva, by Info, but has also worked with GRC

tools including Virsa and SAP GRC, ERP Maestro, Security Weaver, FastPath, and others. Sklenka-

Gordon has overseen eight GRC tool implementations, audited 10 GRC systems, and performed

approximately 25 rule set analyses, and over 20 SOD audits. She has built a GRC controls

monitoring program in the private sector using multiple GRC tools to cover multiple ERP packages

including SAP.

Jamie Burgess is an experienced consulting director in the RSM risk advisory practice specializing

in enhancing the reliability of processes and systems to better manage and control risk within the

business enterprise. She is a consulting professional with nearly 15 years of experience, with over

seven years working in a Big Four global consulting firm. Her primary responsibilities are to

provide consulting focused services with an emphasis on clients’ business and information

technology needs, including strategy, compliance, risk management, and audit services.

CS 8-6: Emerging Trends in Technology

Robert Stroud, CGEIT, CRISC

Principal Analyst

Forrester Research

Facilitator:

Himi Tina Kim, CIA, CGAP, CRMA

Deputy Comptroller

Office of the New York State Comptroller

Technology innovation is driving businesses faster than ever as they strive be competitive in a

world where a competitor can appear overnight. The driver behind this emerging trend is the

customer. Technology innovation can create an environment where the business realizes the

power it holds, therefore sacrificing loyalty for speed and customer experience. To win, serve

our customers, and elevate the customer experience, we must be agile, drive velocity, and

effectively manage risk and compliance.


Discuss how the business is driving change and the implications on risk profile.

Analyze the changing cloud landscape and the implications of its adoption on the role of the auditor.

Examine the emergence of deep intelligence and decision making and potential implications of privacy and compliance?

Evaluate auditing as code – is it finally a mandatory requirement?

Discuss how to enforce segregation of duties.

Robert Stroud is responsible for leading the research on DevOps and the research agenda for

the Modern Service Delivery Playbook on the I&O team. He also serves on core cloud

computing team, focused on driving the market toward delivering business innovation at the

speed of business. His research incorporates DevOps, cloud computing, CICD, cloud

management, software-defined datacenter, governance, risk, security, and compliance. Prior to

joining Forrester, Stroud spent more than 15 years in multiple roles at CA Technologies

including business applications, product management, and product strategy, advising

organizations on strategies to drive growth through innovation to deliver maximum business

value from their investments in technology-enabled business governance. As immediate past

international chairman of the board of ISACA and ITGI, Stroud has contributed to multiple

framework and standards publications, including COBIT 4.0, 4.1, and COBIT 5; guidance for

Basel II, Risk IT, Val IT; and multiple mappings of COBIT to various frameworks and standards,

including several ISO standards for security, service management, and software asset

management. He served on the USA and International boards of itSMF and as has served as a

member of the ITIL Update Project Board. Prior to his relocation to North America, Stroud spent

more than 15 years in the finance industry, managing multiple initiatives in the technology and

retail banking sectors related to infrastructure rationalization, security, service management,

and governance.

Tina Kim is responsible for overseeing the division that conducts audits of New York State

agencies and public authorities as well as New York City, having been appointed to the role in

2014. Earlier in her career, Kim served as director of the New York State Department of

Transportation’s audit and civil rights division as well as the leader of the New York State

economic recovery and reinvestment cabinet’s internal control and fraud prevention working

group. Prior to joining the DOT, she was the deputy inspector general for audit with the New York

Office of the State Inspector General. Kim is chair of The IIA’s IT Guidance Committee, and former

chair of its Public Sector Committee and AICPA’s Government Performance and Accountability

Committee.


CS 9-1: Cyber Resiliency

James Reinhard, CIA, CPA, CISA

Audit Director

Simon Property Group, Inc.

Organizations continue to implement cybersecurity defensive mechanisms to prevent an attack

from occurring. Cyber resiliency shifts the paradigm away from defense toward sustainability and

returning to business operations. But is it clear what cybersecurity aspects focus on resiliency?

What cyber resiliency areas can internal auditors provide value in assessing and consulting?


Distinguish between cybersecurity and cyber resiliency.

Gain a practical understanding of cyber resiliency.

Identify areas of assessing and consulting for cyber resiliency.

Discuss the ramifications of both on a business’s reputation.

James Reinhard has worked in industries including retail, insurance, health care, loan servicing,

real estate investment trusts, state and local government, and nonprofits. He is an adjunct

instructor at the Kelley School of Business, Indiana University, Indianapolis. Reinhard has served

as a volunteer leader for The IIA, currently as a member of the Committee of Research and

Education Advisers, has presented at national events, and has authored courses and articles.

CS 9-2: The New Standards: What You Need to Know for Quality Assurance

Paul Sobel, CIA, QIAL, CRMA

Vice President, Chief Executive Officer

Georgia Pacific, LLC

The IPPF was updated in 2015 and new Standards were issued, effective January 2017. This

session will focus on how changes may affect the quality assurance and improvement programs

(QAIP) for internal audit activities.


Understand the key changes to the IPPF and resultant changes to the Standards.

Learn how the Core Principles for the Professional Practice of Internal Auditing should influence a QAIP.

Identify ways to leverage the IPPF and Standards to better achieve the new Mission of Internal Audit.

Paul Sobel has many years of experience in internal auditing leadership roles as a CAE with

Georgia-Pacific and three public companies including Mirant Corporation, Aquila, Inc., and

Harcourt General. Sobel’s responsibilities included leading the global internal audit efforts at

these companies, as well as consulting on each company’s ERM, compliance and internal controls

programs. He has also served as international audit manager for PepsiCo, senior manager in

Arthur Andersen’s business risk consulting practice, and manager in Arthur Andersen’s financial

statement assurance practice. Sobel is a frequent speaker on governance, risk management, and

internal audit topics. He has written and co-authored three books: Auditor’s Risk Management

Guide: Integrating Auditing and ERM; Internal Auditing: Assurance and Consulting Services; and

Enterprise Risk Management: Achieving and Sustaining Success. He has been recognized for

articles published in Internal Auditor magazine and Management Accounting Quarterly. Sobel

has served numerous leadership positions with The IIA, including the Board of Directors and

Executive Committee, as well as positions with The IIA Research Foundation. In 2012 he was

recognized in Treasury & Risk magazine’s list of the 100 Most Influential People in Finance. He

has also served on the Standing Advisory Group of the Public Company Accounting Oversight

Board (PCAOB) and as The IIA’s representative on the Pathways Commission, which developed

recommendations to enhance the future of accounting education in the United States.

CS 9-3: Affordable Care Act (ACA) - Why Internal Audit is Key in Helping Protect the Company

An Buchhagen, CIA, CPA

Director, Internal Audit

Raytheon Company

Jennifer Allen, CIA, CISA, CFE

Senior Internal Auditor

Raytheon Company

The first year of reporting under the Employer Mandate has passed, leaving some companies

breathing a sigh of relief. This year, the risks of failing to comply increases significantly as parts

of the ACA become active and penalties are indexed year over year. As the bar is raised, internal

audit must assess an organization’s risk of noncompliance with ACA regulations.


Understand the reporting regulations and importance of compliance with the Employer Mandate of the Affordable Care Act.

Explore internal audit’s role of assessing risks, identifying gaps, and potential areas impacted, and advising management on potential exposures as the requirements get stricter and penalties increase each year.

Examine strategies to ensure compliance to avoid penalties assessed by the IRS.

Learn how failing to comply may be material to the financial statements.

Discuss strategies on steps to take once a penalty is assessed by utilizing the Appeals process.

An Buchhagen directs internal audit plan activities across the company. Her key focus areas include strategic initiatives, accounting, shared services, supply chain, international business and finance, human resources, regulatory compliance, and legal. She has over 25 years of business and audit experience.

Jennifer Allen conducts a variety of internal audits and offers process improvement solutions.

She has nearly 10 years of internal audit experience (5 in health care) in assessing the adequacy

of internal controls, testing the operating efficiencies of operations, IT general controls, the

reliability of financial reporting, process improvement, and compliance with policies and

procedures.

CS 9-4: The Treasured "Value Add" and Where to Find It

Aaron Boor, CISA

IT Audit and Project Automation Specialist

Donegal Insurance Group

Whether they realize it or not, internal auditors involved in both the financial audit and testing of IT systems have a unique perspective into how data is generated and, specifically, into what data is compiled to generate financial reports and analysis. Auditors need to take that knowledge further by digging into financial data to uncover the treasured “value-add” that lies within these datasets. Without this understanding, internal auditors will continue to provide plain vanilla analysis, along with unremarkable results. This presentation provides perspective on how to get over the innovation hump in internal audit using data analysis tools to reveal powerful insights. In this session, participants will:

Learn where to start with a data analysis project.

Develop ideas on how to effectively perform data analysis.

Plan to ensure data analysis tools perform at their highest level.

Develop ideas on how to present data analysis findings to decision makers.

Receive insight on how to manage data analysis expectations.

Aaron Boor has more than 12 years of data analysis, audit, and process automation experience.

With a degree in accounting and an information technology background, he started his career in

public accounting where he honed his data analysis skills by incorporating automation techniques

throughout all stages of the audit. He introduced data analysis to DIG’s internal audit team, which

is now revolutionizing the way in which it performs audits by uncovering and quantifying long-

standing anomalies.

CS 9-5: How To Effectively Lead Millennials

Tonia Lediju, Ph.D.


City and County of San Francisco, Controller's Office

Millennials comprise the largest generational cohort in the U.S. today and will increasingly

dominate the workforce. They are making valuable contributions to the workforce and their

different skill sets and life experiences are calling for new ways to lead. Prepare to explore and

discuss strategies to inspire and cultivate the best in Millennials to foster organizational

commitment and develop a new generation of leaders.


Review proven tactics to motivate the next generation of leaders with effective outcomes.

Discuss strategies to hire, onboard, and retain Millennials.

Learn how to effectively engage Millennials.

Tonia Lediju has more than 20 years of government auditing experience and her leadership

philosophy embodies service through integrity, teamwork, respect, and inclusion. She has built a

high-functioning multigenerational audit organization as the CAE of the City and County of San

Francisco. Lediju received the 2016 David M. Walker Excellence in Government Performance and

Accountability Award, presented by the U.S. Comptroller General and leader of the U.S.

Government Accountability Office. She previously was the audit director of several agencies of

the State of California, including the Highway Patrol, Employment Development Department, and

Department of Child Support Services.

CS 9-6: Extracting Maximum ROI From Audit Data Analytics

Tom Austin, CIA

Vice President, Governance Risk and Control

Cisco Systems, Inc.

Riyaz Kasmani, CISM, CISA, PMP

Senior Manager

Cisco Systems, Inc.

Facilitator:

John Wszelaki, CIA, CRMA, CFE

Director, American Center for Government Auditing

The IIA

Data analytics is undeniably the present and future of audit. But user adoption has been mediocre

at best. What are some common pitfalls (cultural fit, methodology, quality, etc.) of data analytics

that lead to this phenomenon? Can data analytics be embedded within your audit methodology?

How do you maximize ROI on your data analytics investment?


• Identify barriers to adoption of data analytics. • Design an audit plan to drive analytics adoption. • Lead the way with federated compliance analytics. • Empower not one but ALL three lines of defense.

Tom Austin oversees Cisco’s governance, risk, and controls organization that partners with

internal business units. Previously, Austin worked at Applied Materials for 16 years, most recently

as vice president and CFO for the display and solar business segments. Prior to Applied Materials,

Austin worked with PriceWaterhouseCoopers in business assurance and with Merrill Lynch & Co.

in investment banking.

Riyaz Kasmani heads the audit data intelligence team for GRC within Cisco, where he has worked

for 11 years in various internal audit and IT management roles. Prior to Cisco, Riyaz worked for

10 years at Netpace, Inc. where he held product and program management roles with clients at

Cisco Systems, Hewlett Packard, and Zions Bank.

John Wszelaki is the Director of the American Center for Government Auditing at The Institute

of Internal Auditors, the global professional association and standard-setting body for internal

auditors. Wszelaki is recognized as a long-time leader in advancing the internal audit profession

on the local and national levels, sharing best practice approaches and mentoring fellow

professionals. He also is deeply versed in risk management, internal control, governance, and

investigative techniques.

Before joining The IIA in early 2016, Wszelaki was Director of Internal Audit at the State of Virginia’s Department of Alcoholic Beverage Control for nearly 17 years and, previously, Managing Auditor at American Greetings Corp. for nearly 22 years. An active IIA volunteer for more than 20 years, Wszelaki served in an array of leadership capacities, including as Chairman of the North American Board (2014-15); Chair of the North American Chapter Relations Committee; member of the North American and Global boards; President and member of the Board of Governor of The IIA’s Central Virginia Chapter; and district representative and adviser.

Wednesday March 22, 2017 8:30 AM – 9:45 AM

GS 4: Storytelling With Data

Cole Nussbaumer Knaflic

Author

Speaker

Storytelling With Data

Stories resonate and stick with your audience in ways that data alone does not. Why wouldn’t

you leverage the power of story when communicating with data? Join this engaging session to

discuss the untapped potential of combining the magic of story with best practices in data

visualization for communicating effectively with data.

In this session participants will:

Comprehend the difference between poor and effective visuals and identify examples of each.

Understand the importance of contrast and how to use it strategically.

Use color intentionally to focus your audience's attention.

Know what words are needed to make your data visualizations accessible.

Synthesize lessons learned to transform a poor visual into an effective visual story.

Cole Nussbaumer Knaflic tells stories with data. She is the author of "storytelling with data: a

data visualization guide for business professionals" and writes the popular blog

www.storytellingwithdata.com. Knaflic’s unique talent was honed over the past decade through

analytical roles in banking, private equity, and on Google's People Analytics team. Her well-

regarded workshops and presentations are highly sought after by data-minded individuals,

companies, and philanthropic organizations all over the world.

GS 5: Transition Resilience: It's Not Just About Managing Change

Keith Wyche

Corporate Transformation Leader, Best-selling Author

Adapting to change is a minimum requirement in today’s world. Change brings opportunity and

responsibilities whatever your job title. For you and your organization to excel, you must be able

to lead change and transformation. Leaders who can influence transformation are valued and

differentiated. Real-world case studies will be explored, highlighting peaks and valleys that others

have successfully – or not so successfully – dealt with. Ultimately, successful leaders encourage

their teams to acknowledge change not just in their heads, but also in their hearts.


Discuss the psychology of change, and why people resist it.

Recognize and use the four R’s of change: Relevance, Readiness, Robustness, and

Responsiveness.

Learn how to overcome the seven stakeholder barriers that can sink a change project.

Review how to define and cast your vision so it engages every level of your organization.

Keith Wyche is responsible for ensuring an exemplary customer experience at Walmart's large format stores in the Northeast, and has more than 30 years of experience in leading major organizations through change, achieving dramatic turnaround results of some of America’s best known corporations including Ameritech, Convergys, AT&T, IBM, Pitney Bowes, and SuperValu’s divisions including Cub Foods and Acme markets. Wyche has risen to become a well-respected, successful corporate executive and he shares these experiences as an author, speaker, and thought leader.