Upload
nguyendang
View
214
Download
0
Embed Size (px)
Citation preview
Monday March 20, 2017 8:30 AM – 9:45 AM
GS 1: Auditing Strategically to Build Credibility
Greg Grocholski
Vice President
Chief Audit Executive
SABIC
CAEs bring the most value to their organizations when they engage strategically — above and beyond the traditional assurance work provided to stakeholders. CAEs need to think and speak like the CEO, chat with the CFO, talk techie with the CIO, and speak the dialects of Supply Chain, HR, Legal, Manufacturing, and others, focusing on what is most important to the success of the organization. Real participation and acceptance around the C-suite table, being invited to strategic discussions, is an earned outcome. This session explores what has worked to earn that credibility. In this session, participants will:
Look at the audit plan in a new light, with a focus on nontraditional audit areas — following the strategic risks, not last year’s plan.
Learn how presenting information to the C-suite and audit committee on risk areas, and what audit “does not cover,” leads to engaging discussion.
Discuss business acumen, dialects, and — more importantly — intuitive skills necessary to communicate and win during C-suite discussions.
Greg Grocholski is responsible for leading and managing the internal audit department on a
global level, to ensure the implementation of internal audit best practices worldwide, as well as
to coach the company’s internal audit employees to maximize their contributions to achieving
the company’s objectives. Grocholski is internationally respected in the audit field and is affiliated
to ISACA, for which he has served in various leadership roles. Prior to SABIC, Grocholski attained
an impressive track record in the global chemicals industry with more than 30 years of service at
The Dow Chemical Company. He achieved numerous promotions in the audit and finance
functions, most recently holding the posts of CAE and global director of business finance.
Monday March 20, 2017 10:15 AM – 11:30 AM
GS 2: Panel Session: Stakeholder Expectations (Updates from CBOK Stakeholder Studies)
Moderator:
Paul Sobel, CIA, QIAL, CRMA
Vice President
Chief Audit Executive
Georgia-Pacific, LLC
Panelists:
Angela Witzany
Chair, IIA Global Board of Directors
Larry Harrington, CIA, QIAL, CRMA, CPA
Vice President, Internal Audit
Raytheon Company
Brian Christensen
Executive Vice President
Global Internal Audit
Protiviti
In this session, participants will:
Discuss stakeholder perspectives on the internal audit value proposition.
Discuss insights from board members and executive team on leading practices in internal audit.
Review audit committee key imperatives for internal audit success.
Analyze perspectives from audit committee, board members and executive team on what the future holds for internal audit.
Paul Sobel has many years of experience in internal auditing leadership roles as a CAE for four
public companies. He has published three books through the Internal Audit Foundation on audit
topics and is a frequent speaker at industry conferences. Sobel is a long-time IIA volunteer leader
including having served as IIA Global Chairman of the Board. In 2012 he was recognized in
Treasury & Risk magazine’s list of the 100 Most Influential People in Finance. He has also served
on the Standing Advisory Group of the Public Company Accounting Oversight Board (PCAOB) and
as The IIA’s representative on the Pathways Commission, which developed recommendations to
enhance the future of accounting education in the United States.
Angela Witzany has been an internal auditor in the insurance sector since 1997, when she
developed Sparkassen Versicherung’s new internal audit function. She has served there as head
of internal audit since 2001, and now has responsibility for internal audit activities in Austria and
Central Eastern Europe. Further, Witzany serves as the Austrian Insurance Association’s vice
president of the Committee of Internal Audit and Control. She is the 2016–17 chair of The IIA’s
Global Board of Directors and has served in numerous leadership roles for about 10 years,
including the Finance Committee, Professional Guidance Advisory Council and on the
Professional Certifications Board. She also served as a board member of the European
Confederation of Institutes of Internal Auditing (ECIIA) and completed a term as vice president in
2015. Witzany is a frequent speaker and moderator at internal audit conferences and has written
about internal audit-related topics for a number of publications. She is a lecturer and trainer on
internal auditing in the insurance industry at Johannes Kepler University Linz in Austria.
Larry Harrington has more than 25 years of experience in auditing and finance and also served
as a vice president in human resources, health operations, and business unit CFO. His
experience includes working in the public accounting, retail, financial services, insurance,
manufacturing, and technology industries and with organizations such as Staples, Aetna and
LTV. Harrington is an active volunteer for The IIA, serving in numerous leadership roles, and
most recently as chairman of the Global Board of Directors for 2015–16. He is a frequent
speaker at seminars on auditing, change management, negotiation, and people development
and motivation.
Brian Christensen is a member of Protiviti’s executive leadership team and is the current global
leader of the firm’s Internal Audit and Financial Advisory Solution. In this role, he is responsible
for the development and execution of Protiviti’s internal audit products. Christensen has more
than 25 years of experience in helping clients increase the value of their internal audit function.
He is a frequent speaker on auditing and risk topics at national conferences.
Monday March 20, 2017 12:45 PM – 1:45 PM
CS 1-1: IT Auditing
Chris Semrow, CPA, CISA
IS Assurance Senior Manager
BDO USA
Information Technology (IT) has become an area that internal auditors cannot ignore. Just as
your business evolves, so does the landscape of an organization's IT landscape. Addressing the
risks and planning for IT in audit plans has become essential.
In this session, participants will:
Discuss what IT auditing is and why it is so important to today's internal audit team.
Describe the IT risk assessment process.
Review the possible components of an IT audit plan (IT general controls, application controls, end-user computing, service organization reports, cloud computing, etc.)
Discuss the concept of integrated audits.
Chris Semrow has more than 16 years of external and internal audit experience He currently
supervises, directs, and reviews all aspects of the audit project throughout the planning, field
work, and wrap up phases. He is also responsible for the marketing, networking, and business
development within IT to clients and prospective clients. His clients are publicly traded, in
private industry, as well as governmental agencies. Prior to joining BDO USA, Semrow worked in
an internal audit capacity in the health and insurance industries as well as at several regional
and national public accounting firms, working in both audit and management consulting
practices. In this external capacity, he served various industries including government, non-
profit, retail, health care, and manufacturing. He also was the director of implementations for a
partner of Microsoft Business Solutions, a division of Microsoft Corporation as well as a
financial manager for a division of Mattel.
CS 1-2: Why Assess or Audit Organizational Culture?
Sharon F. Whittle
Practice Leader, Human Capital Services
Grant Thornton
Bruce Monahan, CIA, CCSA, CFSA, CGAP, CRMA
SVP & Chief Audit Executive
International Fidelity Insurance Company
Today’s audit leaders have seen the result of suboptimal organizational culture, whether it be an IT implementation that exceeded budget and timetable, a merger integration that did not realize projected deal value, or risks taken by a company that were completely counter to corporate values. How can an organization better understand troubled areas? Organizational culture assessment has many applications all focused on ultimately improving outcomes and experiences. In this session, participants will learn how to:
Assess culture and create a compelling future vision for strategic and cultural assets.
Identify key cultural attributes of integration and design specific integration plans to leverage commonalities and address differences.
Identify the key behaviors that contribute to the strategic and cultural success of the organization.
Address cultural attributes that may conflict with the value drivers or rationale, and deliver culturally aligning integration approaches.
Retain and engage key talent and customers years after acquisition.
Sharon F. Whittle has spent 25 years serving the human capital needs of businesses both as a
consultant to organizations and as a benefits director for several Fortune 500 companies. Her
diversified experience includes working closely with organizations that are conducting significant
merger, acquisition, restructuring, or realignment activities; experiencing changes in top
management and business strategy; being spun-off from a larger company; experiencing financial
distress; or ceasing operations.
Bruce Monahan is an accomplished CAE and audit committee chairman with over 30 years of experience in the financial services industry. He has been recognized for reestablishing and reenergizing poorly performing internal audit functions. Monahan focuses on efficiently, effectively, and economically providing cutting-edge internal audit services to key stakeholders. Among others, his specialties include corporate governance; ERM; operational, financial, and IT
auditing; control self-assessments; fraud prevention and investigations; due diligence; consulting; and compliance issues with FCPA, AML and Sarbanes-Oxley. He holds seven additional credentials including CISA, CRISC, CFE, CMA, CFM, CPCU, and AIAF. Monahan serves on The IIA’s Professional Responsibility and Ethics Committee.
CS 1-3: Fraud Risk Management and the Internal Audit Team
John J. Hall, CPA
President & Founder
Hall Consulting, Inc.
In many organizations, the internal audit team knows more about effective fraud prevention, deterrence, and quick detection than any other group. That puts us in the driver’s seat when it comes to management’s need for help on how to manage fraud risks and exposures – if we’re willing to step up and grasp this value-added opportunity to serve. In this session, participants will:
Discuss how to guide managers in their anti-fraud responsibilities (while honoring professional objectivity and independence).
Identify the seven components of an anti-fraud campaign.
Explore how to conduct an efficient, meaningful fraud risk assessment.
Explore building fraud risk planning into every audit project.
Learn how to find fraud faster – in three steps.
John Hall specializes in skills training programs and conference presentations for internal
auditors, CPAs, management groups, and professional associations. He also coaches internal
audit professionals in how to increase their effectiveness, clarify and meet their business and
personal goals, and move their careers forward. Hall has 40 years of experience as a consultant,
speaker, auditor, and business owner. He has worked in senior leadership positions in large
corporations and international public accounting firms. He wrote The Anti-Fraud Toolkit and the
award-winning book Do What You Can! Simple Steps – Extraordinary Results. Additionally, he
created and facilitates Fraud Detection, Deterrence & Incident Response for Internal Auditors, an
IIA seminar.
CS 1-4: Your ERP Is Leaking ... Solution? Implement Failsafe Automated Transaction Level
Controls
Wayne T. Gray
Director, ERM and Internal Audit
Clark Construction Group, LLC
Sergiu Cernautan, CPA, CISA
Director, GRC Strategy
ACL Services, Ltd.
ERP systems are highly complex and their embedded application controls (that organizations
count on) are not effective across all transactions. The complexity of transaction entry options
leads to transactions bypassing application controls. Layering on the complexity of user
permissions leads to access and segregation of duties issues that further weaken application
controls. Finally, complex configuration options lead to uncertainty that once-effective controls
remain so over time.
In this session, participants will:
Learn how ERP systems are bleeding cash, time, and resources.
Examine root causes of failures in ERP system processes and controls.
Identify strategies for preventing ERP control and process breakdowns.
Quantify the impact of process control breakdowns.
Learn to accurately assess the organization’s risk exposure at the process, location, or transaction type level.
Wayne Gray oversees the ERM, internal audit, and federal submission functions for his
organization. He joined Clark's accounting team in 1998 and has progressively assumed his
current director roles from 2008 to 2014 respectfully. Before assuming the current role, in 2005
Gray was tasked with overseeing the FP&A and finance functions for the purposes of integrating
strategic planning with automated long range forecasting. He also serves as the chair of Clark's
risk roundtable.
Sergiu Cernautan has nearly 20 years of external audit, internal audit, and risk and regulatory
compliance consulting experience. After working at Deloitte and KPMG for more than 14 years,
he co-founded Straight Talk Consulting Ltd., a firm providing GRC consulting services. His
background covers financial, operational and systems auditing. In his current role, Cernautan is
responsible for product content strategy and market influencer relationship management for
ACL’s industry-leading software products. He specializes in the areas of internal controls over
financial reporting, regulatory compliance, business process control reviews, general computer
controls, litigation claims support, and data analytics.
CS 1-5: Strategies for Retaining Top Talent
Erin Morrow
Chief Auditor, Global Consumer Banking
Citigroup
Today’s complex business environment is constantly raising the bar for auditors around the
world. To be successful, audit departments must build top performing audit teams with the right
mix of skills. But when shaping a team in a highly competitive industry, how does one attract,
develop, and ultimately retain top talent?
In this session, participants will: • Define what constitutes a high performing team. • Receive insight on learning and development strategies to develop talent. • Identify obstacles to performance and ways to address them.
Erin Morrow oversees audits within cards, retail banking, mortgage, and commercial as well as
looking after the consumer holding project. She joined Citi in 2013, having worked with the
organization as an internal audit consultant to for ten months prior to joining the firm. Morrow
focuses on audit and advisory work, consulting with organizations on process design, control
design, process audits, and technology projects. In her consulting work, she supported several
global banks in areas such as consumer audit, including retail and mortgage audit, consent
order work, information security, vendor management programs, and the establishment of
outsourced audit operations. Prior to joining Citi, Morrow was a principal in the financial
services practice of Grant Thornton LLP, leading the governance, risk and compliance practice in
the northeast and served as the outsourced chief auditor for two regional banks as well as a
global asset manager.
CS 1-6: CAE Perspectives on Courageous Leadership: Instilling Confidence from Within
Harold Silverman, CIA, QIAL, CRMA
Vice President, Internal Audit
The Wendy’s Company
Doug Anderson, CIA, CRMA
Managing Director, CAE Solutions
The IIA
Jim Pelletier, CIA, CGAP
Vice President, Professional & Stakeholder Relations The IIA
The IIA’s Audit Executive Center is releasing the 2017 North American Pulse of Internal Audit,
Courageous Leadership: Instilling Confidence From Within. The report explores four often-
overlooked areas where CAEs can lead with courage and instill confidence within the
organization and among stakeholders. This session explores how leading CAEs view the topics
addressed in the report and how internal auditors can make changes in their organization.
In this session, participants will:
Identify the overlooked types of public reporting that bring risks to an organization.
View environmental, health and safety risks as not something only for industrial
companies.
Explore how to better plan and implement data analytics.
Digest the possibility that internal auditors cause some of the problems interacting with
stakeholders.
Harold Silverman previously was vice president of internal audit at Houghton Mifflin Harcourt
Publishing Co. Before that, he served as senior manager of internal audit at Raytheon Co.,
managing the team that performed audits at the corporate locations and divisions in the
northeast. Prior to Raytheon, Silverman was an internal audit manager at
PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen. He serves
on The IIA’s Executive Committee and as vice chairman of Professional Certifications.
Doug Anderson joined The IIA in 2016 after serving as an assistant professor at Saginaw Valley
State University. Until 2013 Anderson worked with The Dow Chemical Company for 22 years.
His roles at Dow included 16 years in internal audit (9 years as CAE), a global finance director in
corporate controllers supporting acquisitions, divestitures, and joint ventures, and the finance
leader for the global Dow latex business. Previously he spent 10 years with
PriceWaterhouseCoopers.
Jim Pelletier has more than 15 years of internal auditing experience in both the public and
private sectors. In his current role, he provides direction for The IIA’s Audit Executive Center;
Financial Services Audit Center; American Center for Government Auditing; Environmental,
Health and Safety Audit Center; and Global and North American Advocacy. Prior to joining The
IIA, Pelletier served as city auditor for Palo Alto, Calif., and was the chief of audits for the
County of San Diego. His diverse auditing experience also includes roles at the California State
University System, PETCO Animal Supplies, Inc., State Street Corporation, and General Electric.
Pelletier received The IIA’s John B. Thurston Award for outstanding paper in the field of internal
auditing for his article “Adding Risk Back into the Audit Process.” His new book, Collaborative
Auditing, is available through The IIA’s Bookstore, powered by the Internal Audit Foundation.
Monday March 20, 2017 2:00 PM – 3:00 PM
CS 2-1: How Intelligent Is Your Cybersecurity Operations Center?
Raj Chaudhary, CGEIT, CRISC
Principal
Crowe Howath
David McKnight
Senior Manager
Crowe Horwath LLP
Cybersecurity is a priority for today’s boards and management. Ensuring confidentiality, integrity,
and availability of information assets is a big job. Besides robust systems engineering and sound
configuration management, an enterprise should also have a team charged with monitoring and
defending the enterprise against cyberattacks. A Security Operations Center (SOC) must be a part
of an enterprise’s cybersecurity strategy of tomorrow.
In this session, participants will:
Learn with an SOC is and their various types.
Discuss SOC architecture, tools, and processes.
Delve into the current state of intelligence in SOCs.
Review lessons learned from mature SOCs to new SOCs.
Gain an understanding of the role of internal audit with respect to an SOC. David McKnight works with mid-to-large tier financial service organizations to refine their cybersecurity capabilities. He has nearly 20 years of information security experience, and leads Crowe’s cybersecurity incident management group. McKnight began his professional career by testing the security thresholds of corporate networks and deployed applications, fulfilling various InfoSec roles for his clients along the way. Over the last two years, he has been assisting directors, executives, and boards prioritize their cybersecurity goals, by evaluating how well their organizations are poised to handle cybersecurity threats.
Raj Chaudhary is an industry thought leader in the area of privacy and data protection. He
consults with major entities in the private and public sector in assisting them with remediation
of deficiencies in safeguarding information. He has extensive knowledge of regulatory
frameworks for managing security and privacy in multiple industries including financial services,
health care and the public sector.
CS 2-2: Building Relationships With the Business
Robert Kuling, CIA, CRMA, CQA Chair, IIA North American Board of Directors
Partner, Enterprise Risk Services
Deloitte
As part of internal audit’s drive to craft its role and deliver strategic value, building business
relationships is essential. Audit leaders must identify key business stakeholders and develop
strategies to connect and network internally. Often, the toughest relationships can yield the
highest value to internal audit. This humorous and interactive session will challenge internal
auditors to go beyond their “comfort zone” and push themselves to higher relevance and
visibility.
In this session, participants will:
Identify key stakeholders and constituencies for internal audit.
Develop tactics to build internal networks.
Suggested strategies to develop business/operational knowledge.
Integrating cultural considerations into internal audit work.
Robert Kuling assists organizations with internal audit, compliance, and governance, as well as delivering insights on risk management, internal controls, fraud, and ethics. Prior to joining Deloitte, Kuling was vice president of internal audit for Tervita, an environmental solutions provider based in Calgary. Other positions include CAE for Viterra and director of audit services for Precision Drilling Corporation. He has held audit management positions with Farm Credit Canada and the Provincial Auditor of Saskatchewan. As a leader of the IIA’s global organization, Kuling serves multiple volunteer leadership roles with The IIA, including serving as chair of the North American Board and a member of the Global Board of Directors. He has been a key national
spokesman for the internal audit profession with directors, regulators, professional associations, training firms, and government organizations. CS 2-3: Integrating Key Risk and Performance Indicators
Larry Baker, CRMA, CCSA, CPA
Managing Director, Content Strategy
The Institute of Internal Auditors
As risk management evolves and matures, many organizations are focusing more on performance
management, which measures how effectively they are achieving their key business objectives.
With this growing emphasis on performance, internal auditors should provide assurance and
consulting advice regarding the achievement of objectives communicated to stakeholders.
In this session, participants will:
• Discuss management’s maintaining a clear focus on achieving key objectives communicated to stakeholders.
• Understand the value of measuring performance and addressing management of risk to the achievement of key objectives.
• Recognize the synergies between performance management, ERM, and internal auditing. • Understand the practical activities necessary to build and implement a sustainable KPI
Management Process. • Realize how performance and risk information can be highlighted in an Executive
Dashboard to help management generate value and retain value.
Larry Baker is an accomplished internal audit executive with extensive experience in ERM,
financial and operational audits, COSO, Sarbanes-Oxley, control self-assessment, and complex
companywide special projects with Fortune 500 companies and Big 4 CPA firms. He has teamed
with executive management to identify, measure, and report significant risks and operational
issues for many of the world’s largest organizations. Baker leads content strategy and
development for the Internal Audit Foundation. He also partners with the executive leadership
team of The IIA to develop the global strategic plan and identify key enterprise risks. Prior to
joining the Internal Audit Foundation, Baker was a senior leader/partner at Devon Energy,
MAPCO, Deloitte, EY, and Marsh & McLennan.
CS 2-4: Positioning Internal Audit to Deliver Value
Lyn Rouchell CPA, CITP, CISA VP General Auditor Entergy Lucie Wuescher Managing Director KPMG Abstract Being Finalized
Lynn Rouchell began her career with Entergy as a senior staff auditor in 1989. In her current
role, she administers the organization’s Sarbanes-Oxley compliance program including
developing and testing of controls, quarterly certification process, and annual report. She also
conducts ethics line and fraud investigation and chairs the organization’s Disclosure Committee.
Rouchell previously served as director of finance and group controller at Science Applications
International Corp., internal audit director at Pelican Homestead, and as a tax accountant at
Deloitte and Touche.
Lucie Wuescher directs the internal audit, risk, and compliance services practice for KPMG’s
Houston office. She has 20 years’ experience in public accounting, managing large scale internal
audit and compliance related teams and professionals serving Fortune 500 organizations in
industries including energy, manufacturing, food service, and health care. Wuescher combines
experience in internal audit, IT, project management, client management, ERM, internal audit
process improvement, business processes and controls, and consulting in serving her
clients. She has served as a CAE in industry prior to her career in public accounting. Wuescher
most recently served as an advisor to clients as they transform their internal audit functions.
CS 2-5: Key Attributes of Outstanding Internal Auditors
Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA
President and Chief Executive Officer
The IIA
IIA President and CEO Richard Chambers discusses the traits of great internal audit leadership. Based on his new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, Chambers reviews the top character traits of gifted practitioners who have gained the trust of stakeholders. Based on surveys and interviews of some of the profession’s most-respected CAEs, Chambers crafts a compelling message on what it takes to become a true trusted advisor. In this session, participants will:
• Identify the character traits most valued in trusted advisors • Glean insights into becoming a trusted advisor from experiences and anecdotes shared
by Fortune 500 and other top CAEs • Learn the tools and techniques for enhancing the most desired and valued character
traits • Examine how enhancing these character traits will help your organization
Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today has named him one
of the Top 100 Most Influential People in Accounting, as well as one of 10 tweeters worth following. The National Association of Corporate Directors (NACD) has named him one of the most influential leaders in corporate governance since 2013. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers authored the award-winning book, Lessons Learned on the Audit Trail, which is currently available in five languages, and has a new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, due for release in early 2017. CS 2-6: Compliance, Culture and the Role of Internal Audit
Mike Joyce, CIA, CRMA, CPA
Vice President, Chief Auditor, and Compliance Officer
Blue Cross Blue Shield Association
Facilitator:
Cassian Jae
Director, Financial Services Center
The IIA
Internal audit may seem like an unlikely place to start a discuss about compliance and culture,
but this "In Conversation With..." session will highlight the intersection of internal audit and
compliance responsibilities, and how an integrated approach can address or supplement
“culture” audits within an organization/
In this session, participants will:
• Learn how one organization manages dual responsibility for internal audit and compliance.
• Examine approaches for integrating audits of culture into everyday practices, including how-to examples.
• Discuss the latest thinking, trends, and feedback of audits of culture.
Mike Joyce directs the internal audit, national anti-fraud, and compliance staff functions. He is
responsible for the development of BCBSA-sponsored compliance, anti-fraud and internal audit
training programs for BCBS licensees and the establishment of the BCBSA National Anti-Fraud
Department to provide centralized support to the licensees. Joyce has more than 33 years of
professional experience and has been with BCBSA since 1999. Prior to joining the Association,
Joyce served as director of internal audit and controller for Rush Prudential Health Plans and held
a variety of positions with the JCPenney Company’s internal audit department. He has been long-
time volunteer member of The IIA since 1989, serving multiple roles at the local, regional,
national, and international levels. Joyce is also the public member commissioner and a finance
and audit committee member for the Commission for Case Manager Certification. In addition, he
serves on the Advisory Board for DePaul University’s Endorsed Internal Audit Program.
Cassian Jae is responsible for content development and operations for The IIA’s Financial Services
Audit Center, which launched in June 2015. He has produced thought leadership on internal audit
topics spanning from geopolitics and organizational risk culture to various regulatory challenges.
Cassian has played a key role in advocacy for the internal audit profession by connecting
regulators with industry leaders through roundtable discussions, Congressional visits, and The
IIA’s annual Financial Services Exchange conference. Before joining The IIA, Cassian spent 13
years at John Hancock Investments — nine as a compliance director — where he developed
expertise in Rule 38a-1 and 206(4)-7, with an emphasis on privacy, records management,
business continuity, and disaster recovery. In addition to performing audits on the enterprise
compliance program, he has designed and implemented audit, compliance, risk, and legal
processes that have become enterprise standards. In addition, Cassian was John Hancock’s
regulatory exam coordinator, serving as the primary examination contact for the U.S. Securities
and Exchange Commission, U.S. Financial Industry Regulatory Authority, and Canada’s Office of
the Superintendent of Financial Institutions. In that role, he was responsible for the firm’s
regulatory examination readiness and oversaw the enterprise regulatory examination response
process.
Monday March 20, 2017 3:30 PM – 4:30 PM
CS 3-1: The Internet of Things: What Does this Mean to Internal Audit?
Jeff Rowland, CIA, CRMA, CPA, CFE, CISA
Vice President, Audit Services
USAA
Jordan Reed
Managing Director
Protiviti
The Internet of Things (IoT) is a hot topic because the ever accelerating technological
advancements provide staggering transformational opportunities that make our lives more
convenient. IoT creates opportunities to reengineer industrial processes and revolutionize
customer experiences, while improving the efficiency and effectiveness of business processes.
The IoT also brings disruptive change to the forefront, and the security and data management
challenges are significant. Disruptive change drives fresh and innovative business models, and
while many organizations must keep up to remain competitive, such change drive unique
challenges for risk and audit personnel alike.
In this session, participants will:
Solve the riddle of what the Internet of Things comprises.
Evaluate why this topic should be on the radar of audit professionals.
Discuss how the Internet of Things impacts different industries.
Learn about new opportunities and potential risks posed by the Internet of Things.
Jeff Rowland is vice president of IT and security audit services for USAA. He joined the company in December 2002 and has more than 30 years of financial and IT audit experience in a number of diverse industries, including banking, transportation, insurance, technology, and wholesale/retail distribution. His experience also includes accounting, information systems, security, IT system implementations, and network solutions.
Jordan Reed specializes in internal audit and financial advisory solutions, assisting public and
private organizations with internal audit planning and execution, and he has been involved with
all phases of internal control over financial reporting initiatives. Reed is also active in the
development of spreadsheet risk management programs. He is a frequent speaker on topics
including internal audit, Sarbanes-Oxley, emerging technology risk, and spreadsheet risk
management.
CS 3-2: Leveraging COSO ERM to Drive High-impact Outcomes
Benito Ybarra, CIA, CISA, CFE
Chief Audit and Compliance Officer
Texas Department of Transportation
To provide an example of using COSO's Enterprise Risk Management Framework to drive better
risk management and value.
In this session, participants will:
Receive an overview of planning, conducting, and reporting fieldwork as it relates to COSO’s ERM framework,
Discuss methods of delivering opinions on internal control frameworks.
Explore reporting to stakeholders in terms of risk themes and smart resource investment.
Benito Ybarra has more than 17 years of audit experience and oversees TxDOT's Internal Audit
and Compliance divisions; their functions are aimed at improving controllership, risk
management, accountability, and governance. He is a member of The IIA's North American Board
and serves on the Publications Advisory Committee. Ybarra also serves on the internal audit and
peer review committees of the American Association of State Highway and Transportation
Officials and the (Texas) State Agency Internal Audit Forum.
CS 3-3: Rebranding Your Internal Audit Department
Brian Tremblay, CIA, CISA
Chief Audit Executive
Acacia Communications, Inc.
Branding is everywhere, on every sign, webpage, and even in everyday interactions. Yet it is often
overlooked by CAEs as a tool to bridge the gap between being just an auditor and a valuable
resource to organizations and stakeholders. You and your department have a brand – whether
or not you realize it. How do you discover the way your department is perceived? And how do
you embark on a branding journey, or more importantly, rebranding if you feel your brand is not
being perceived you want it to be?
In this session, participants will:
Learn the value branding can play in the success of your department.
Discuss how internal audit’s brand can affect how you execute your mission.
Recognize the level of effort t it takes to implement a brand/rebrand strategy.
Identify common branding pitfalls
Delve into an actual case study on how a rebranding effort can be undertaken and the fruits of the labor to be enjoyed.
Brian Tremblay leads all activities of the internal audit function at the high-tech semiconductor
company. He has spoken on the topic of branding at several conferences, believing a strong brand
can be a significant asset to an internal auditor’s success. Prior to joining Acacia, Tremblay was
director of internal audit at Iron Mountain, overseeing all audits and projects within North
America as well as liaising with global quality managers. Prior to Iron Mountain, he served as
senior manager at Houghton Mifflin Harcourt, where he built out an internal audit department
and executed a Sarbanes-Oxley implementation. Tremblay also previously worked at Raytheon
and Deloitte.
CS 3-4: Bring Me Value! (And How Internal Audit Can Answer That Call)
John J. Hall, CPA
President & Founder
Hall Consulting, Inc.
Every day in every organization, senior management is looking for more value from their audit team. This session will deliver proven ideas on how to answer that call – without adding to our existing workload and project responsibilities. In this session, participants will:
Identify project planning and risk assessment techniques that can provide instant value.
Learn to recognize and respond to Consultative Moments – every single day.
Underscore the need to master business, technical, and interpersonal skills – the very foundation of providing measurable value.
Share three innovative audit ideas for 2017 and how to apply them in your organization.
John Hall specializes in skills training programs and conference presentations for internal
auditors, CPAs, management groups, and professional associations. He also coaches internal
audit professionals in how to increase their effectiveness, clarify and meet their business and
personal goals, and move their careers forward. Hall has 40 years of experience as a consultant,
speaker, auditor, and business owner. He has worked in senior leadership positions in large
corporations and international public accounting firms. He wrote The Anti-Fraud Toolkit and the
award-winning book Do What You Can! Simple Steps – Extraordinary Results. Additionally, he
created and facilitates Fraud Detection, Deterrence & Incident Response for Internal Auditors, an
IIA seminar.
CS 3-5: Rules of Engagement: Mastering Influences and Neutralizing Resistance
Toby Groves Cognitive Scientist Groves Cognitive Research
There are science-based approaches and tools that can break down walls to connect with people
at a deeper level so they are more receptive to arguments. This fascinating session will use live
audience experiments to demonstrate subtle but powerful communication tools discovered in
cognitive science research. The nuances with which technical information is communicated is
crucial to the connection made with the audience, but many instinctive communication methods
actually block receipt of the intended message.
In this session, participants will: • Learn nuances of negotiation useful in all types of communication. • Understand different methods of communication for different types of technical data. • Hear how to erase audience resistance to your message. • Explore the science behind influential messages.
Toby Groves is a researcher, advocate, and speaker who investigates the cognitive science of expert judgment. He teaches expert decision makers to tap hidden cognitive networks to maximize their powers of reasoning. A popular speaker among government and professional organizations that provide society’s most critical services, Groves is known for delivering unconventional, interactive, informative talks. Trained in a unique combination of behavioral and financial forensics, Groves is a doctoral level researcher in psychology. His commentary and story have been featured on media outlets such as NPR, in numerous professional journals, and is studied by leading researchers and business schools around the world.
CS 3-6: How to Effectively Report Out to the Audit Committee
Mark Sparano, CPA, CGMA
Former Chief Audit Executive
U.S. Bank
Facilitator:
Larry Rittenberg, Ph.D., CIA
Emeritus Professor of Accounting and Audit Committee
University of Wisconsin
If you are familiar with the maxim that the information you communicated is not necessarily the
message your audience received, this session is for you. The reports you work so hard to create
to convey messages cannot be acted upon if they are not absorbed by the recipients. Tips and
techniques to break through your audiences “listening barriers” will be offered as well as
suggestions to incorporating feedback loops to ensure the message you delivered was the
message received.
In this session, participants will:
Discuss assessing all stakeholder communications required by internal audit with a focus on the audit committee.
Identify methods to maximize audit committee reporting, key messages, and takeaways.
Review the importance of ensuring a feedback loop with audit committee interactions.
Mark Sparano is an internal audit professional from the financial services industry. During his
career, he has led professionals in internal audit, risk management, finance, and public
accountancy. Sparano has worked for companies including U.S. Bank, BNY Mellon, U.S. Trust, and
KPMG.
Larry Rittenberg serves as chair of the audit committee of Woodward, Inc., an aerospace and
energy company. He has served in several leadership roles for The IIA, including serving as
president of The IIA Research Foundation as well as vice chairman of the Professional Practice
and Professional Oversight committees. His most recent published work was COSO Internal
Control‒Integrated Framework: Turning Principles into Positive Action published by The IIA
Research Foundation. Rittenberg served as chair of the Commission of the Sponsoring
Organizations of the Treadway Commission (COSO) for five years during a time in which COSO
developed the principles approach to internal control and applied it to small businesses. He also
served as a member of COSO during the development of the COSO Enterprise Risk Management
Framework. Rittenberg is the former EY Professor of Accounting and Information Systems at the
University of Wisconsin and has written numerous publications sharing his professional expertise
with leading accounting and audit journals.
Monday March 20, 2017 4:45 PM – 5:45 PM
CS 4-1: Cloud Risk
Vinny Troia
Founder
Night Lion Security
It is a fairly straightforward question, but how could you possibly know the answer? There are
many different cloud security frameworks, each with their own set of requirements and
interpretations for those requirements. So how do you know which framework is the “right”
framework? More importantly, what are we even protecting ourselves against? We will begin
our journey with a Live Hacking demonstration. I will show you how an average, no-skill hacker
with only basic knowledge can penetrate your fully secure cloud environment. Next, I will show
you how you can protect yourselves against these attackers by developing your own
organization specific set of security standards using the Cyber Security Framework.
In this session, participants will:
View a Live Hacking Demonstration
Review Different Cloud Security Frameworks
Evaluate how to choose the "right" framework for your organization
Develop a custom testing framework using the Cyber Security Framework
Review how to save time and resources with framework mapping (and a free database)
Vinny Troia is a computer security expert, certified ethical hacker, computer forensic investigator and has refined his underground IT expertise across security, management, development, and administration of interconnected systems. Having spent nearly a decade engineering and architecting security systems for the U.S. Department of Defense, Troia has become one of the media’s top go-to experts on cyber-related controversies, regularly participating on global news networks discussing major corporate data breaches, cyber law and legislation, airline and automobile hacking, and cyber/email-related scandals of national significance. In 2014, Troia used his national media presence as a platform to launch his own company. His unconventional approach to identifying risk within an organization, combined
with his ability to interact and work directly with business leaders, has allowed him to become one of the most sought-after IT security professionals in the industry. CS 4-2: Evolving Perspectives of ERM
Charlie Wright, CIA, CPA Founder Wright Audit and Risk Management, LLC
Organizations around the globe are demonstrating an increasing interest in strengthening
enterprise risk management (ERM). But because regulatory requirements and global
frameworks are constantly evolving, it is difficult for boards, executive management, and
internal auditors to meet their stakeholders’ expectations. There are key challenges about how
internal audit can help optimize ERM to add value, but there are potential solutions, including
mechanisms to assist in measuring ERM’s effectiveness.
In this session, participants will:
Review highlights of the new COSO ERM update.
Understand the role of internal audit in ERM.
Learn to identify important components of your organization’s ERM framework.
Compare and contrast key performance indicators and key risk indicators.
Identify key measurement criteria to assess the effectiveness of ERM.
Charlie Wright recently founded his firm that specializes in internal audit and ERM consulting. From 2005 to 2016, Wright was vice president of internal audit at Devon Energy Corporation, and general auditor at American Airlines prior to that. Wright was recently elected to serve as the vice chairman of Professional Guidance Committee on The IIA’s Global Board of Directors.
CS 4-3: Are Your Internal Controls Keeping Up With the Times?
Lisa Hartkopf
Partner
EY
Lynne Coveillo
Partner
EY
Stephanie Liebman
Chief Audit Executive
Hewlett Packard
Kathy Weekley
Chief Audit Executive
AMC Theaters
Today’s velocity of change – and the type of changes such as digitization and outsourcing – has
upended the business environment, and business models are struggling to respond at the
unprecedented pace. To keep up, studies have shown that strong risk management and systems
of internal controls have a positive impact on long-term business performance and earnings
potential. So why have internal control structures not kept up with the times?
In this session, participants will:
• Define changes to the regulatory environment and business landscape over time. • Discuss management’s continuing role as owner of a company’s internal controls. • Share internal controls/internal audit operating models and the relationship with the
three lines of defense. • Identify ways to improve efficiency and effectiveness of control processes.
Lisa Hartkopf is with EY’s Advisory Practice and also serves as EY’s Americas internal audit leader.
She has more than 19 years of public accounting experience working in assurance, transaction,
and advisory services. Hartkopfa leads the innovation, thought leadership, methodology, client
service, and go-to-market growth initiatives around internal audit services in the Americas and
works with clients to maximize operational effectiveness and efficiency of process, risks, and
controls primarily with automotive, consumer products, and diversified industrial manufacturing
companies. She has also assisted clients in their implementations of Sarbanes-Oxley, Japanese
Financial Instruments and Exchange Law (J-SOX), and ERM programs.
Lynne Coveillo is an experienced executive with a proven track record advising clients on
governance, risk, and control issues with deep technical expertise in internal audit, controls, and
ERM, and previously served as the internal controls leader for the Northeast Region. She has
been EY for nearly 14 years. Coveillo recently received the 2015 Women to Watch Award from
the Massachusetts Society of CPAs as well as a 2016 Rising Star of the Profession by Consulting
magazine.
Stephanie Liebman joined Hewlett Packard Company through the EDS acquisition, where she led the integration of the EDS audit organization and processes into HP. With the Hewlett Packard Company split, she returned to internal auditing after spending 7 years in the business as the vice president for HP’s enterprise services financial operations responsible for global financial analysis and invoicing, system architecture support and automation programs, and previously the Best Shore Services CFO.
Kathy Weekley has more than 20 years of experience in the financial services industry, including multi-disciplinary roles in IT, IT-audit, financial audit, operational audit, compliance/regulatory, and insurance risk control operations, with recent emphasis in process improvement of the internal operational audit function and joined AMC Theatres in 2015. Prior to joining AMC, Weekley served in multi-disciplinary financial services function. She joined AMC Theatres in 2015.
CS 4-4: Continuous Auditing: Data Analytics
Karl Riem, CPA, CISA
Senior Vice President and General Auditor
Federal Reserve Bank of Minneapolis
As organizations evolve, internal audit departments also adjust and are consistently expected to
do more with less. Applying a continuous audit program can provide an audit department with
an effective way to increase coverage, in less time and with better results.
In this session participants will:
Learn the difference between continuous monitoring and continuous auditing.
Identify conditions that may warrant a continuous auditing approach.
Hear learnings from implementing a continuous auditing program.
Discuss a few specific continuous auditing programs.
Karl Riem is responsible for providing audit coverage over the Ninth District bank activities based in Minneapolis, Minnesota (USA), and has audit responsibility for some activities conducted across the Federal Reserve System nationwide. Overall, Riem has 33 years of risk management experience consisting of leadership roles in internal audit and front line production/operational risk leadership roles. He has created several industry leading risk management processes around merger and acquisition due diligence, system conversions, emerging risks, and continuous auditing. CS 4-5: Negotiating Through Effective Collaboration
Debbie Lundberg
Author and Principal
Presenting Powerfully
Collaborative negotiation should be about both parties being able to win. This session will discuss how to confidently and thoughtfully go from compromise to collaboration.
In this session, participants will:
Examine how compromise is not the lose-lose scenario.
Learn how collaborative negotiation leads to both parties being able to win.
Discuss how slight changes in words, attitudes, and actions can make the difference in obtaining successful collaborative outcomes.
Debbie Lundberg is both an educator and an entertainer. With her expertise the areas of
effective communication, professional behaviors, and thriving relationships, she comes to
clients with evidence of her experience, perspective, partnership, delivery, accountability, and
results. Lundberg's personal brand is "Committed to applied knowledge, growth, fun & ROI."
She is a Certified Leadership Coach, a Subconscious Restructuring™ Life Coach (SRLC), and the
author of nine books filled with tips and tools for life-long-learners of all ages. Lundberg was a
faculty member at the University of Phoenix facilitating Critical and Creative Thinking courses
for seven years. She has a named scholarship with The University of Tampa Board of Fellows,
serves on the USF Entrepreneurship Advisory Board, and serves as the chair and governor for
The Centre Club Board.
CS 4-6: Impactful Communications Between Internal Audit and the Audit Committee
Michele J. Hooper
Managing Partner
The Directors' Council
Facilitator:
Kathy Anderson, CRMA
Managing Director, North American Advocacy
The IIA
The audit committee’s role and responsibilities in corporate governance is more important than ever. To perform their responsibilities effectively, it is important that audit committee members have the right information, analyze it carefully, ask pertinent questions, and make informed decisions. Effective communication between the audit committee and the internal audit function is critical.
In this session, participants will:
Understand some of the key priorities for audit committees today.
Optimizing the intersecting roles of the audit committee, internal audit, and external audit.
Audit Committee … what they need vs. what they get.
Identify the trends related to the makeup and structure of boards.
Michele J. Hooper is president and CEO of The Directors’ Council, which consults with major
companies to improve the effectiveness of their corporate governance. With more than 25 years
of corporate board experience, Hooper is an audit committee financial expert — with over 20
years of experience chairing audit committees of several major companies— a highly-regarded
governance expert, and a business leader. Hooper serves on the corporate boards of directors of
PPG Industries, Inc. (former chair, Audit Committee) and UnitedHealth Group. (Chair, Nom and
Gov Committee). She has been a commissioner on the 2004 through 2015 NACD Blue Ribbon
Commissions on Governance. Hooper recently retired as a board member and is former vice chair
of the Center for Audit Quality (CAQ) where she was also chair of the CAQ Working Group focused
on Deterring and Detecting Financial Reporting Fraud.
Kathy Anderson is instrumental in designing, implementing, and coordinating The IIA’s advocacy efforts to promote and elevate the profession of internal auditing. She is responsible for the development and implementation of the Advocacy Department’s communications strategy, which informs members, leaders, and stakeholders about the profession and The IIA’s advocacy efforts. Prior to joining The IIA, Anderson had more than 20 years of experience with the Florida Institute of Certified Public Accountants, most recently in the role of CEO and executive director for six years. She also served seven years as executive director of the South Carolina Association of Certified Public Accountants. Anderson is a graduate of the U.S. Chamber of Commerce’s six-year association management program, as well as the year-long Leadership Tallahassee program sponsored by the Tallahassee and Florida Chambers of Commerce.
Tuesday March 21, 2017 8:30 AM – 9:45 AM
GS 3: Open Discussion With the Honorable Barbara Hackman Franklin: How Leaders in
Internal Audit Can Be Most Effective Supporting Management and the Board
The Honorable Barbara Hackman Franklin
President and CEO
Barbara Franklin Enterprises
Former U.S. Secretary of Commerce
Facilitator:
Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA
President and Chief Executive Officer
The IIA
Internal and external factors significantly impact the governance and management of an
organization. Internal audit’s role is evolving as it relates to how to support both the organization
and the board as a trusted agent in this time of challenge, change, and transition.
Learn about the leadership and expertise acquired from a member of several corporate boards
and audit committees and participate in a discussion about current forces impacting
organizations and how leaders in internal audit can be most effective supporting management
and the board.
In this session, participants will:
Explore top concerns on the minds of stakeholders.
Determine how leaders in internal audit can be most effective in supporting stakeholders.
Identify the best options for internal audit to help organizations manage emerging and volatile risks.
Discuss how boards expect internal audit to handle disagreements with management.
Highlight the optimal methods in promoting internal audit as trusted agents of change.
The Honorable Barbara Hackman Franklin heads a private international consulting firm headquartered in Washington, DC. She is an advocate for and advisor to American companies doing business in international markets and is an expert on corporate governance, auditing, and financial reporting practices. As Secretary of Commerce for President George H.W. Bush, she achieved a major goal – increasing American exports – with emphasis on market-opening initiatives in China, Russia, Japan, and Mexico. Secretary Franklin's has had a long career in public service, having served five U.S. presidents and, in 2006, she received the Woodrow Wilson Award for Public Service. In the private sector Franklin served on the boards of directors of 14 public companies and four private companies. She has chaired six public company audit committees, including Aetna and Dow Chemical. A recognized expert in corporate governance, Franklin is Chairman Emerita of the National Association Corporate Directors (NACD) and of the Economic Club of New York (ECNY). She has received numerous honorary degrees and awards, including the John J. McCloy award for audit excellence, and was inducted into the NACD Directorship Hall of Fame, the Financial Executives International Hall of Fame, and the Connecticut Women’s Hall of Fame. Franklin also has a history of service to the accounting profession. She was one of the first public members of the board of AICPA, chaired its audit committee, was a public member of the Auditing Standards Board Planning Committee, served as a trustee of the Financial Accounting Foundation and chaired its international committee, and is an emeritus member of the PCAOB Advisory Council. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today has named him one of the Top 100 Most Influential People in Accounting, as well as one of 10 tweeters worth
following. The National Association of Corporate Directors (NACD) has named him one of the most influential leaders in corporate governance since 2013. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers authored the award-winning book, Lessons Learned on the Audit Trail, which is currently available in five languages, and has a new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, due for release in early 2017.
Tuesday March 21, 2017 10:15 AM – 11:15 AM CS 5-1: Open Source Software: Managing the Compliance Pitfalls
Bruce Carpenter
VP, Internal Audit
NVIDIA
Jeff Luszcz
Vice President, Product Management
Flexera Software
This session discusses the benefits of using OSS, the related risks, and associated compliance
obligations. We will demonstrate the value of developing an OSS compliance program using a
case-study approach. Finally, participants will learn five steps to assess any potential exposures
for their own organization.
In this session, participants will:
Understand Open Source Software (OSS) and its compliance obligations.
Discuss how to develop an OSS compliance program.
Demonstrate the value of using specialized tools to analyze software components.
Consider the challenges and pitfalls in managing OSS use.
Outline five steps to understand OSS exposure in your organization.
Bruce Carpenter has been leading NVIDIA’s internal audit department for two years. Before
joining NVIDIA, he joined Sybase, Inc., in 2001 to oversee the development of the internal audit
department. Carpenter was also responsible for ERM while serving as the company’s
compliance officer. In 2012 Sybase won OCEG’s Principled Performance Award for excellence in
the implementation of ERM companywide. Subsequent to Sybase’s acquisition by SAP,
Carpenter moved to the SAP Corporate Audit Department serving as vice president of global
sales and services audit. He also led go-to-market activities of SAP’smobile-enabled audit
management product. He began his career with KPMG in New Zealand.
Jeff Lusczc is responsible for product strategy for the company’s software composition analysis
solution. Previously, he was founder & CTO of Palamida, a provider of open source discovery
and vulnerability management solutions helping software development organizations
understand how to best use open source while complying with their license obligations and
managing security vulnerability risk. The company was acquired by Flexera Software. Luszcz
also led the professional services team at Palamida responsible for open source compliance and
security audits and performed reviews for some of the largest mergers and acquisitions in the
technology industry.
CS 5-2: Developing a Collaborative Relationship With Management
Harold Silverman, CIA, QIAL, CRMA
Vice President, Internal Audit
The Wendy's Company
Internal audit functions do not operate in a vacuum. To be successful in assisting the organization
in achieving its objectives, internal auditors must build the trust and confidence of management.
In this session, participants will:
Hear tools and techniques from an experienced CAE on developing a strong working relationship with management.
Enjoy humorous anecdotes of successes and failures from the speaker's career.
Have the opportunity to share experiences in relationship strengthening with co-workers in management functions.
Harold Silverman previously was vice president of internal audit at Houghton Mifflin Harcourt
Publishing Co. Before that, he served as senior manager of internal audit at Raytheon Co.,
managing the team that performed audits at the corporate locations and divisions in the
northeast. Prior to Raytheon, Silverman was an internal audit manager at
PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen. He serves
on The IIA’s Executive Committee and as vice chairman of Professional Certifications.
CS 5-3: 5 Ways to Manage Third-party Relationship Risks
Mark Kultgen
Partner, National Leader, Internal Audit and SOX Services
RSM
Kelly Gillis
Director, Enterprise Risk Management Officer
Alliance Data
Many organizations use third-parties to achieve their strategic objectives, increase efficiency,
and save money and resources by select tasks to more experienced providers. As outsourcing
becomes more commonplace, regulatory oversight is expanding to monitor sensitive data and
processes that third-parties may be managing. Processes can be outsourced, but the inherent
risks to your organization cannot.
In this session, participants will:
Review benefits and potential pitfalls associated with third-party relationships.
Understand your organization’s risk liability when working with third-party providers.
Obtain strategies to better manage third-party relationships.
Mark Kultgen has oversight responsibilities for developing the organization’s internal audit and
Sarbanes-Oxley methodologies and the teams delivering those services. He has more than 30
years of experience in public accounting and industry, including the oversight of a shared service
operation of a $2 billion multi-location company. Prior to joining RSM, Kultgen was an office-
managing partner at a Big Four firm. He brings a strong background in internal audit, Sarbanes-
Oxley reporting, and service organization control (SOC) attestation services.
Kelly Gillis is the Chief Enterprise Risk Management Officer for Alliance Data Card Services. He has the ultimate oversight and reporting responsibilities for Enterprise Risk Management and Model Risk Management at Alliance Data Card Services and two subsidiary Banks. He has over 20 years of experience in public accounting and industry, including leading the SOX program for
a Fortune 25 Company. He brings a strong background in Enterprise Risk Management, internal audit, external audit, and internal control programs. CS 5-4: Small Audit Departments’ Effective Use of Data
Michael Pryal, CIA, CRMA
Vice President, Internal Audit
Federal Signal Corporation
Small to mid-sized internal audit functions are frequently challenged on effectively
communicating the benefits, getting started, and enhancing the audit process using data analysis.
Use of data analysis tools and sourcing the right data, both internally or externally managed on
the cloud, can create both cost and staff training challenges.
In this session, participants will:
View a framework and related techniques on identifying project target areas.
Talk about"quick wins" for data analysis projects that demonstrate operational benefits.
Explore case studies on how data analysis is used on recurring assurance and cost recovery advisory projects using ERP and third-party managed data elements.
Share examples of management reporting examples.
Mike Pryal has over 35 years of combined consulting and internal audit experience. His career
includes Big Five Accounting work in financial statement assurance practice, senior manager in
the business process risk consulting practice, and as a partner in the internal audit services
practice serving consumer products and manufacturing clients. Pryal also spent seven years at
Protiviti as managing director responsible for client service and leading industry programs in the
two regional markets. He has extensive process experience in transforming internal audit
departments including enhancements in Sarbanes-Oxley and compliance programs, ERM and
global risk assessments, third-party contract audits, COSO framework implementation, anti-
corruption and internal audit quality assurance (QAR) reviews. Earlier in his career, Pryal served
as director of internal audit at Keebler Company and manager of internal audit at Turtle Wax.
CS 5-5: Using Data to Monitor Key Risks with Sales Practices (A Case Study)
Erin Morrow
Chief Auditor, Global Consumer Banking
Citigroup
Josh Goldsmith
Senior Vice President Audit Analytics
Citigroup
There are, perhaps, as many internal audit staffing strategies as there are audit leaders. The
right approach may depend on the culture and needs of the business. Were you to determine
that a fully rotational staffing model was the solution, how would you implement it and what
would it look like?
In this session, participants will:
Discuss several staffing models and approaches.
Examine the recruiting, development, and roll-out processes that must exist to support a fully rotational staffing model.
Get real-world examples of how a fully rotational staffing model has worked.
Debate the merits of such a model and discuss why it may or may not work in your organization.
Erin Morrow oversees audits within cards, retail banking, mortgage, and commercial as well as
looking after the consumer holding project. She joined Citi in 2013, having worked with the
organization as an internal audit consultant to for ten months prior to joining the firm. Morrow
focuses on audit and advisory work, consulting with organizations on process design, control
design, process audits, and technology projects. In her consulting work, she supported several
global banks in areas such as consumer audit, including retail and mortgage audit, consent
order work, information security, vendor management programs, and the establishment of
outsourced audit operations. Prior to joining Citi, Morrow was a principal in the financial
services practice of Grant Thornton LLP, leading the governance, risk and compliance practice in
the northeast and served as the outsourced chief auditor for two regional banks as well as a
global asset manager.
Joshua Goldsmith oversees analytics support of the global consumer banking, compliance,
corporate operations, and other global functions product audit teams. His responsibilities
include contributing to the group’s operating strategy, coordinating with product audit
leadership team in all phases from audit planning through execution, and managing a group of
analytics practitioners providing guidance and oversight. Prior to joining Citi 3 years ago,
Goldsmith worked at Deloitte for nine years in their data analytics practice, leading data
analytics initiatives to support regulatory and capital markets engagements.
CS 5-6: Sustainability and ERM: The First Steps Toward Integration
Brendan LeBlanc, CIA, CPA
Partner
EY
Facilitator:
Doug Anderson, CIA, CRMA
Managing Director
CAE Solutions
The IIA
Research conducted by the World Business Council for Sustainable Development (WBCSD)
suggests that there is a disconnect in the effectiveness with which organizations are identifying,
measuring, managing, and disclosing sustainability risks. This interactive session will walk you
through the findings of this research and discuss the path forward for risk managers,
sustainability practitioners, and audit professionals.
In this session, participants will:
Learn about the research conducted by the WBCSD on "material" sustainability topics.
Explore how the revised COSO ERM framework encourages the elimination of unconscious bias.
Share market practices of sustainability risk management tools, techniques, and approaches.
Brendan LeBlanc has led over 100 engagements on the subject of nonfinancial measurement,
accounting, analysis, and/or assurance in the past 10 years, and brings 22 years of experience
to his role as partner in EY’s Climate Change and Sustainability Services practice. He speaks
frequently on the topics of human rights, resource scarcity, social, and natural capital and the
measurement and accounting thereof. LeBlanc serves as EY’s representative for various global
organizations including the World Business Council for Sustainable Development (WBCSD),
International Integrated Reporting Council (IIRC), SHIFT Project, and Sustainability Accounting
Standards Board.
Doug Anderson joined The IIA in 2016 after serving as an assistant professor at Saginaw Valley
State University. Until 2013 Anderson worked with The Dow Chemical Company for 22 years.
His roles at Dow included 16 years in internal audit (9 years as CAE), a global finance director in
corporate controllers supporting acquisitions, divestitures, and joint ventures, and the finance
leader for the global Dow latex business. Previously he spent 10 years with
PriceWaterhouseCoopers.
Tuesday March 21, 2017 12:30 PM – 1:30 PM
CS 6-1: Using Data Analytics to Build Effective Reports for Senior Management and the Audit
Committee
Ramón Machado, JD, CIA, CRMA, CPA, CISA, CFE
Senior Vice President, Chief Audit Executive
First American Title Co.
Data analytics promises greater risk mitigation and increased assurance. But where do you start?
What tools are required? Do you know what your stakeholders want? Join us to explore real-life
analytics, visualizations, and how you can also unlock the power of data.
In this session, participants will:
Discuss framework strategies for data analytics implementation.
Identify opportunities to leverage data analytics.
Review elements of successful, value-added reporting for stakeholders.
Explore various data visualizations.
Ramón Machado has provided auditing, forensic accounting, and litigation services as a member
of private industry, public accounting, and U.S. regulators for over 20 years. He currently oversees
First American's global internal audit function in the United States, Canada, Asia, and the
Caribbean. Machado previously served as adjunct professor at Pepperdine University School of
Law and Chapman University Argyros School of Business & Economics.
CS 6-2: Internal Audit as a Respected and Trusted Advisor: Mission Impossible…Or Is It?
Patricia Miller, CIA, QIAL, CRMA
Owner
PKMiller Risk Consulting, LLC
Internal auditors strive to gain respect and credibility in their organizations, but with ever-
changing stakeholder expectations and sometimes being the bearer of bad news, it may seem as
though being seen as a “trusted advisor” is Mission Impossible. This session will explore ideas
and suggestions from years of experience as well as relevant research to help participants explore
how to achieve this goal.
In this session, participants will:
Understand the nature of current stakeholder expectations.
Learn internal audit’s current state in meeting such expectations.
Learn how leading CAEs approach the challenge of meeting and exceeding such
expectations, to become a trusted advisor.
Patty Miller has significant management and consulting experience in governance, risk
management, and control. She spent 14 years with Deloitte, serving as the lead risk services
partner on some of the firm’s most significant technology and consumer business clients. Miller
joined Deloitte following a 14-year career with Pacific Telesis and Pacific Bell where she held
numerous mid and senior management positions in areas including financial management,
billing, internal audit, process design and re-engineering, project and program management, and
merger planning and integration. She is a frequent speaker and trainer at locations worldwide
and has authored or co-authored projects for The IIA’s Internal Audit Foundation and Internal
Auditor magazine. Miller has served numerous volunteer leadership roles with The IIA, including
a term as its chairman and a member of the executive committee for seven years. In addition,
she has been presented with The IIA’s William G. Bishop III Lifetime Achievement Award and of
the Victor Z. Brink Award for Distinguished Service.
CS 6-3: Enhancing Your Risk Assessment and Audit Planning Processes
Michael Gowell
General Manager, Senior Vice President
Wolters Kluwer, TeamMate
Michael Sekoni, CIA, CFSA, CISA, CPA, CFE, CGMA
Vice President, General Auditor
BCBSM Emerging Markets
Audit leaders from around the world are seeking to fine-tune and enhance their existing risk
assessment and audit planning activities to better address the nature of changing risk
environments. To better understand the status of their successes and failures, TeamMate
launched a survey to gather data on both current and anticipated practices. The survey resulted
in 10 specific recommendations for internal auditors to consider as they review the adequacy of
their current risk assessment and audit planning processes and explore how to better understand
and audit the risks facing their organizations.
In this session, participants will:
Learn 10 areas for potential enhancements for your risk assessment and audit planning processes.
Understand how 2016 survey respondents are addressing each topical area.
Identify developing practices being implemented by select respondents.
Compare your practices in these 10 areas to those responding to TeamMate recent survey.
Identify specific practices related to risk assessments and audit planning you can use to enhance your risk assessment and audit planning processes.
Michael Gowell leads all aspects of TeamMate’s global operations and is responsible for the
overall product strategy. With more than 25 years of audit, audit methodology, and audit
management software experience, Gowell is a leading expert on audit technology and audit
management systems. As project director at PwC, Gowell founded TeamMate in 1993 and has
personally implemented TeamMate at over 300 corporations. He is a frequent keynote speaker
at national and international industry conferences.
Michael Sekoni directs internal audits and advisory services, ensuring that AF Group and its
brands meet their business objectives. As CAE, he is responsible for developing and executing a
comprehensive audit program for the evaluation of the company’s governance, risk, and
compliance. Sekoni joined AF in 1998 as a senior information systems auditor and has since
served in leadership roles of progressive responsibility. Before joining AF, he worked as a research
assistant to a World Bank economist and as an analyst/network coordinator at University of
California, Santa Barbara. He also worked as an internal auditor for Farm Bureau Insurance.
CS 6-4: Streamlining Audit Processes With Data Mining and Analysis
Himi Tina Kim, CIA, CGAP, CRMA
Head of NY State Audit
Chair, IT Guidance Committee
Delivering high-impact audits starts with a robust risk assessment process. In environments
where limited resources, competing priorities, demanding deadlines, and subject matter non-
expertise conspire to thwart risk identification, many auditors look to technology for solutions.
There are innovative ways to apply technology to improve the efficiency and effectiveness of risk
assessment and other audit processes if there is an innovation-friendly environment within your
audit organization.
In this session, participants will:
• Learn how tools such as cognitive technology, geographic information systems, network analysis, data analytics and data mining can be used to improve risk assessment and other audit processes.
• Explore how collaboration can improve the adoption of technology within your organization.
• Identify action steps to encourage and foster innovation within your audit organization.
Tina Kim is responsible for overseeing the division that conducts audits of New York State
agencies and public authorities as well as New York City, having been appointed to the role in
2014. Earlier in her career, Kim served as director of the New York State Department of
Transportation’s audit and civil rights division as well as the leader of the New York State
economic recovery and reinvestment cabinet’s internal control and fraud prevention working
group. Prior to joining the DOT, she was the deputy inspector general for audit with the New York
Office of the State Inspector General. Kim is chair of The IIA’s IT Guidance Committee, and former
chair of its Public Sector Committee and AICPA’s Government Performance and Accountability
Committee.
CS 6-5: Maximizing Resources in the Small Audit Department
Thomas O'Reilly, CIA
Vice President and General Manager
MIS Training Institute
As company budgets continue to tighten, and as organizations focus on improving margins, CAEs
face the dilemma of having to do more with less. For CAEs with over 100 team auditors, resource
decreases are usually a small percentage of budgets and headcount. But for CAEs smaller
departments, maybe 20 or fewer, the struggle to meet stakeholder demands is real, and keeping
up with deliverables becomes exceedingly difficult.
In this session, participants will:
Learn tips, tricks, and techniques from over 100 CAEs on making the best use of constrained resources.
Find out how to leverage non-auditors to help, or complete, internal-audit related work.
Get advice on shortening internal audit planning and fieldwork without sacrificing the audit scope.
Identify ways to decrease the time it takes to draft, and publish a report.
Practice making the business case for additional resources when budgets and headcount increases are frozen.
Tom O'Reilly works with internal audit departments around the globe, creating solutions to
enable positive change within their organizations. Prior to his current role, he served as CAE of
Analog Devices, a global semiconductor manufacturer. In nearly five years there, O’Reilly
increased his department's budget and headcount. He also served as a manager in EY's risk
advisory practice, serving the internal audit departments of two Fortune 100 companies.
CS 6-6: Women Leaders in the Profession: Strategies for Success
Karen Begelfer, CIA, CRMA
Vice President, Chief Audit Executive, Corporate Audit Services
Sprint Corporation
Carolyn Saint
Chief Audit Executive
University of Virginia
Facilitator:
Cyndi Plamondon, CIA, QIAL, CISA, CCSA, CGAP, CFSA, CRMA
Senior Vice President and Chief Knowledge Officer
The IIA
Part of the In Conversation With series, the session will be an interactive conversation with two
women chief audit executives. Participants will learn strategies for reaching and succeeding at
the top of the internal auditing profession.
In this session, participants will:
Understand the tools and techniques employed by CAEs to successfully lead their teams.
Discuss the role that gender plays in leadership.
Explore the importance of leadership diversity and ways to overcome bias.
Karen Begelfer leads the internal audit function including corporate audit, retail audit, and
ERM. Prior to Sprint, she served as vice president and chief auditor of Payless Holdings,
responsible for the international corporate audit team, the ERM function and the sustainability
initiative. Prior to Payless, Begelfer was a director of internal audit at The Home Depot,
directing audits in the finance and shared services areas, including Sarbanes-Oxley testing.
Previously, she delivered post-deal integration services at PricewaterhouseCoopers and was a
member of the corporate audit staff at General Electric.
Carolyn Saint is responsible for the leadership of the university’s audit department, leading its
revitalization when she joined UV in 2015. She is a member of the President’s Executive
Cabinet, serving as a key leader in enhancing and protecting organizational value by providing
risk based and objective assurance, advice, and insight. Saint also serves as an executive mentor
in the Center for Leadership Excellence, and contributes to staff training and development
through presentations at the Organizational Excellence Quality Core Network and other venues.
Saint previously served as vice president and chief audit executive for several multinational
companies, including Sears Holdings, Lowe’s, and 7-Eleven. She began her career at Deloitte,
serving clients in the manufacturing, health care, and not-for-profit sectors. An active advocate
for the internal auditing profession, Saint is a frequent speaker at national and global auditing
conferences. She has chaired The IIA’s North American Board of Directors, served as an IIA
global board member, and was a member of The IIA Research Foundation Board of Trustees.
She currently serves as IIA Global Advocacy chair, where she led the creation of The IIA’s global
advocacy platform. Saint is also a member of ACL’s advisory board, a software development
company headquartered in Vancouver Canada.
Cyndi Plamondon has responsibility for global revenues comprising more than US$16 million
and leads a professional staff of more than 45 members in the areas of professional standards
and assessments, professional and stakeholder relations, governance, and quality assessments.
Prior to her most recent appointment, she served as vice president of global professional
certifications, responsible for the administration, development, and execution of 12
certification exams in 20 languages delivered in 165 countries. Prior to that, she held posts
including vice president of professional practices overseeing the development and distribution
of standards and guidance for internal audit professionals around the world; vice president of
educational programs; and manager of quality assurance reviews. As a member of the internal
audit profession, Plamondon was director of internal audit for PSS World Medical Inc. and
inspector general for the University of North Florida (UNF). She also worked in internal auditing
for Prudential Insurance Co. for nearly 10 years in both the insurance and financial services
areas. Plamondon regularly facilitates seminars and speaks at conferences on behalf of The IIA.
She is a certified course developer/designer and has received The Institute’s Distinguished
Faculty Member designation.
Tuesday March 21, 2017 1:45 PM – 2:45 PM
CS 7-1: Emerging Topics in Cyber Assurance
Michael Juergens, CIA, CRMA
Principal and IT Internal Audit Practice Leader
Deloitte and Touche LLP
In the ongoing battle of managing cyber risk, internal audit has a critical role to play as the third
line of defense. The resilient organization is building a long-term plan for maintaining and
enhancing security capabilities to move the organization toward its desired level of cybersecurity
maturity. This session will provide insight into the latest trends in cyber assurance and innovative
approaches for internal audit to add value to this strategically vital issue.
In this session, participants will:
Identify the foundational elements of a cyber assurance program: risk assessment, multi-year plan, execution, and reporting.
Evaluate varying methods of a cyber assurance risk assessment.
Learn to use “at a glance” tools to communicate effectively with stakeholders.
Generate greater impact and influence with stakeholders on the topic of cybersecurity.
Michael Juergens has more than 20 years of professional experience, including providing
external audit services, Sarbanes-Oxley readiness and attestation services, IT controls
assessments and transformations, and detailed IT technology audits. He maintains deep
experience in ERP systems as well as end user computing technologies. Juergens currently
oversees the IT internal training curriculum offered by The IIA and ISACA and is an adjunct faculty
member at the Paul Merage School of Business at the University of California, Irvine.
CS 7-2: How to Effectively Market the Internal Audit Function
Pamela Short Jenkins, CIA, CRMA, CPA
Vice President, Global Audit Services
Fossil Group, Inc.
Greg Estes, CIA
Senior Audit Manager
Fossil Group, Inc.
The auditing profession continues to evolve with increasing demands to add value. We must market our wide range of experience and show that by having a seat at the table, we can assist management in achieving their critical objectives. This is not achieved without a plan and visible action. Regardless of your department's size, strategic partnerships are still built via relationships. Come and learn how to be an influencer. In this session, participants will:
Receive a guide with specific examples to market the internal audit function at your company.
Discuss how to use relationship skills and talent to show management ways to get to where they want to go more effectively and efficiently.
Review specific actions to implement that will help publicize your ability and willingness to assist the company get to the next level with the proper level of controls.
Pam Short Jenkins is an innovative strategist who excels at building relationships with key
stakeholders to effectively lead transformation efforts and mission-critical business initiatives.
She is skilled in linking enterprise risk assessment with shareholder value, key objectives, and
customer needs. Jenkins previously served as the CAE and vice president of the projective
management office for company-wide strategic initiatives for US Foods, responsible for bringing
strategic focus and fast-paced tactical execution to the audit services department. She has
more than 15 years of executive level experience in internal audit with organizations such as
The Wendy’s Company and The Home Depot. Jenkins currently serves as the vice chair of
professional development on The IIA’ North American Board of Directors.
Greg Estes has over 12 years of experience as an internal auditor and has served as a corporate
financial professional for over 20 years. His areas of expertise include global ERM
administration, financial and operational audit management, and Sarbanes-Oxley testing and
administration.
CS 7-3: Auditing Corporate Governance
J. Douglas Watt
Senior Vice President & Chief Audit Executive
Fannie Mae
Brian Schwartz, CFSA, CRMA, CBA
US Internal Audit, Compliance and Risk Management Solutions Leader – Financial Services PwC
Meeting the ever-growing expectations of key stakeholders requires internal audit to think more
broadly and consider the role corporate governance plays on a company’s overall control
environment. But auditing corporate governance can be a challenge, requiring the audit function
to look at the company through a different lens. Developing the right approach and leveraging
the right resources are critical success factors.
In this session, participants will:
Gain an understanding of the key elements of corporate governance.
Identify corporate governance-related risks and how they influence the auditor's approach.
Evaluate the factors that help determine an assurance or consulting path.
Explore various approaches to auditing corporate governance.
Review a framework to help assess corporate governance maturity.
Share leading practices to frame issues and communicate results.
Doug Watt joined Fannie Mae in 2016, previously serving as managing director and audit
executive for the Americas at GE Capital. Prior to GE Capital, Watt led the retail and commercial
bank audit teams at Capital One. For the majority of his career, Watt was a partner in the banking
and capital markets practice at PwC.
Brian Schwartz oversees the risk assurance practice’s financial services sector service offerings,
including corporate governance, risk management, compliance, internal audit, GRC tool
enablement, and business continuity management. He is a key driver of PwC’s annual risk in
review survey and related research paper on risk management and governance leading practices.
His governance, risk management, and internal audit experiences and competencies have been
developed over the past 27 years, working with clients in building, assessing, and transforming
their governance structures, risk management capabilities, compliance efforts, Sarbanes-Oxley
programs, and internal audit functions. Prior to joining PwC, Schwartz led the global and Americas
internal audit and controls practice for another Big Four firm. He spent 10 years in industry in
roles including CAE, regulatory compliance officer, and co-chair of the risk management oversight
committee prior to joining professional services. Schwartz has spoken on governance, risk
management, and internal audit topics at numerous professional conferences, authored articles
for trade publications, and been interviewed by business publications on these topics.
CS 7-4: Integrating the Core Principles Into Your QAIP
Basil Woller, CIA, CRMA
Principal, Owner
Basil Woller and Associates, LLC
The Core Principles are a mandatory element of the IPPF. This session introduces an insightful
way to integrate these principles into your QAIP that will demonstrate their relevance and value
to your stakeholders, and provide a foundation for continuous improvement in your internal
audit activity's infrastructure and processes.
In this session, participants will:
Examine the use of a maturity framework to integrate Core Principles into a QAIP.
Understand characteristics that differentiate different level of maturity related to Core Principles.
Explore reporting of maturity of the Core Principles to promote the role and value of internal auditing.
Gain an understanding of interrelationships between Core Principles and The IIA’s Standards.
Basil Woller is one of the leading and most recognized quality specialists in the internal auditing
profession. His career includes time as a CAE for a Fortune 100 company and the QAR practice
leader for a major service provider. Woller is dedicated to internal audit quality and has
personally led or conducted over 250 external assessments in his career. He is a frequent speaker
on the topic of internal audit quality. His practical experience and insight into the role and
operation of internal auditing contributes to valuable insights to promote continuous
improvement.
CS 7-5: Encore Presentation: Key Attributes of Outstanding Internal Auditors
Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA
President and Chief Executive Officer
The IIA
IIA President and CEO Richard Chambers discusses the traits of great internal audit leadership. Based on his new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, Chambers reviews the top character traits of gifted practitioners who have gained the trust of stakeholders. Based on surveys and interviews of some of the profession’s most-respected CAEs, Chambers crafts a compelling message on what it takes to become a true trusted advisor.
In this session, participants will:
• Identify the character traits most valued in trusted advisors • Glean insights into becoming a trusted advisor from experiences and anecdotes shared
by Fortune 500 and other top CAEs • Learn the tools and techniques for enhancing the most desired and valued character
traits • Examine how enhancing these character traits will help your organization
Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today has named him one of the Top 100 Most Influential People in Accounting, as well as one of 10 tweeters worth following. The National Association of Corporate Directors (NACD) has named him one of the most influential leaders in corporate governance since 2013. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers authored the award-winning book, Lessons Learned on the Audit Trail, which is currently available in five languages, and has a new book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors, due for release in early 2017.
CS 7-6: Internal Audit Innovation
Shannon Urban, CIA, CRMA Senior Vice Chair, IIA North American Board of Directors
Executive Director
EY
Facilitator:
Bill Michalisin
Executive Vice President, Chief Operations Officer
The IIA
Some would argue that there has been little innovation in the field of internal audit in the last 25
years. Others would argue that a lot has changed during that time. How do we define innovation
when it comes to internal audit, and what role should innovation play in driving your journey to
add value to your organization?
In this session, participants will:
Examine how we define innovation and what that means for internal audit.
Explore some of the innovative strategies and approaches organizations have adopted to generate internal audit value.
Envision what role innovation should play for internal audit in today's fast-paced, technology driven, disruptive world.
Shannon Urban has over 20 years of experience in internal audit, enterprise risk assessment, and
control design and assessment. She specializes in assisting organizations to understand and
assess risks within their operations, assessing the design of processes and controls, and providing
tailored solutions. Urban currently serves as the internal audit competency leader for the
Northeast region, and leads risk advisory and internal audit engagements at several clients in the
Northeast area in the government, health care, life sciences, consumer products, and technology
industry sectors. Urban is a leadership volunteer with The IIA, serving as senior vice chair of the
North American Board and on the Global Board of Directors.
Bill Michalisin joined The IIA in 2013 as chief marketing officer leading all brand, marketing,
communications, sales, and relationship enablement strategies across all global IIA channels. In
2014, his role was expanded to include oversight as the executive director of The IIA’s Research
Foundation, and in 2015, he assumed the role of chief officer for IIA operations. In his current
role, Michalisin leads all operations and core services offered to IIA members globally, including
Membership, Chapter & Institute Relations, Certifications, Conferences, Learning Solutions,
Partnerships, and Enterprisewide Sales & Business Development. Prior to joining The IIA,
Michalisin was industry marketing leader for consumer and industrial products at Deloitte,
which included responsibilities for cross-functional delivery within aerospace and defense,
automotive, consumer products, process and industrial products, retail and distribution, and
travel, hospitality, and leisure sectors. Earlier in his career, Michalisin was a business process
strategy and fraud/forensic investigation consultant at both Deloitte Consulting and Accenture,
providing consulting services to clients in media and entertainment, consumer products,
manufacturing, and financial services.
Tuesday March 21, 2017 3:15 PM – 4:15 PM
CS 8-1: A CAE's Perspective: Examining Cybersecurity Risks, Realities, and Real World
Strategies
Steve Sanders, CRMA
Vice President, Internal Audit
Computer Services, Inc.
You can’t take your eye off cybersecurity threats. Business must remain ever vigilant in defending
their systems, networks, and customer data, as well as ensuring employees don’t inadvertently
open the door to the latest threat. With cyber risks consuming so much attention, wouldn’t it be
nice to gain a new, stronger perspective? This session will share insights and best practices into
the current risks, realities, and real-world strategies to help your organization be prepared for
today’s cyber threats.
In this session, participants will:
• Understand the current “cyber reality” and the serious threats many businesses face. • Examine the real risks for today’s companies and why risks are probably greater than first
thought. • Uncover the most overlooked cybersecurity areas. • Discuss six attributes of a strong cybersecurity posture every auditor should be
evaluating.
Steve Sanders oversees the evaluation of risks associated with IT, financial, and operational
systems. He has a strong knowledge of cybersecurity and privacy, accompanied by an educational
background in computer security and data protection. Sanders regularly speaks at conferences
on information security, cybersecurity, and risk management.
CS 8-2: Aligning Technology Sector Internal Audit Goals with Stakeholder Expectations
Princy Jain, CIA, CCSA, CRMA
Partner
PwC
Linda Glaub
Senior Director, Internal Audit
Citrix Systems, Inc.
Michael Jenkins, CPA
Vice President, Internal Audit
Michelle DeBella, CPA
Vice President, Internal Audit
Hewlett Packard Enterprise
This panel discussion features CAEs discussing leading practices and key challenges on aligning
internal audit’s goals with stakeholder expectations. They will focus on reporting structures,
managing and aligning expectations, communication challenges, information sharing, risk/audit
reporting, and adding value with the audit function.
In this session, participants will:
Explore how internal audit can align or pivot its approach and plan to cater to
stakeholder needs with the speed of change in business and related risks.
Learn how internal audit can create awareness among stakeholders on value the activity
can provide.
Examine how the audit committee can help establish the strategy of internal audit and
how to align with the committee’s expectations and those of the CFO.
Discuss creating a balance between assurance and consulting.
Share challenges with internal audit’s budget and resources with a focus on obtaining
support.
Princy Jain has more than 20 years of experience serving technology-sector companies and has
spent the past 10 years serving public and venture-backed companies by providing his expertise
within internal audit, Sarbanes-Oxley compliance, risk management, and related consulting
services across a range of industries including semiconductor, electronics, consumer electronics,
internet, software, and more. Jain is an active public speaker on topics including internal audit,
Sarbanes-Oxley, and more, and has contributed as a co-author on several guidance publications
produced by The IIA. He is an active volunteer at The IIA, serving on The IIA’s North American and
Global Boards. He also serves on the Northern California’s Board of Ascend, an organization
dedicated to leveraging the leadership and global business potential of Pan-Asians.
Linda Glaub is responsible for operational, financial, and IT audits, Sarbanes-Oxley compliance, and internal investigations. Prior to joining Citrix, she held internal audit leadership positions with Fleet Boston Financial and American Express Company’s Latin America/Caribbean Division. Glaub previously worked with PricewaterhouseCoopers.
Mike Jenkins has broad finance, accounting, and auditing experience with organizations
including Google, Gap Inc., and Sun Microsystems. He began his career with Ernst & Young.
Michelle Stillman DeBella manages HPE’s global internal audit department, leading more than
170 professionals working to manage risk and drive improvements in the organization’s
operations. Previously, she held the role of vice president of HP enterprise financial reporting.
Stillman Debella joined HP/HPE in 2009 from EY where she served as an audit senior manager for
15 years.
CS 8-3: Governance, Strategy, and Culture: How to Address Them in Your Risk Assessment
Mike Fucilli, CIA, QIAL, CGAP, CRMA, CFE
Chief Audit Executive
Metropolitan Transportation Authority
Corporate governance’s dependence on a company's culture is critical to meeting an
organization's strategy. It can determine the corporate direction and performance that effects
stakeholders and management, employees, customers, suppliers, and creditors. Unfortunately,
failure of risk management is a legacy of the ongoing global economic turmoil. Boards may have
failed to exercise appropriate oversight or management took ill-advised extraordinary risks for
short-term results. This session ties into Seeing Beyond the Tip of the Iceberg about key business
risks affecting governance, culture, and strategy.
In this session, participants will:
• Learn how to incorporate cultural concepts into your risk assessments and audits practically.
• Identify changing business cultural shifts and the effects on GRC. • Discuss how auditing strategy can dramatically increase your impact for the better within
your organization.
Mike Fucilli leads a staff of 85 internal auditors at North America’s largest public transportation
agency, with an operating budget of $15 billion and a capital budget that exceeds $5 billion
annually. He has more than 35 years of internal audit experience, having started his career with
Manufacturers Hanover Trust (now Chase Bank) performing procurement audits of large
government contracts including audits of NASA, the U.S. Army and Air Force, and Voyager 1.
Fucilli has served in various leadership roles at the national and global level for The IIA, currently
serving as the vice president of development of the Internal Audit Foundation. He is an adjunct
professor for Pace University, teaching The IIA’s CIA Learning System for the Certified Internal
Auditor exam.
CS 8-4: PwC's 2017 State of the Internal Audit Profession Study
Jason Pett US Internal Audit, Compliance and Risk Management Solutions Leader Mark Kristall, CPA, CISA Partner, Internal Audit, Compliance and Risk Management Solutions Randy Earley, CIA, CISA, CRMA, CRISC Vice President, Audit Services Cox Enterprises, Inc. Elmar Vinh-Thomas Director of Assurance and Enterprise Risk Management Bill and Melinda Gates Foundation Katie Scalia Global Senior Vice President, Internal Audit News Corp
For the past 12 years, PwC has conducted an annual State of the Internal Audit Profession study
that has obtained significant visibility across the internal audit community. The most recent
study, True North: Evolving through disruption with resiliency and agility, comprises the input of
CAEs, CFOs, and audit committee members to understand what matters most to them and to
obtain their perspectives on the challenges and opportunities of the profession.
In this session, participants will:
Delve into the findings on what survey respondents want internal audit to do to increase its organizational relevance and value in an environment of disruption and change.
Hear about leading trends and best practices from PwC's 2017 State of the Internal Audit Profession Study.
Learn to position internal audit to push beyond its traditional assurance and compliance-related role.
Identify strategies to help the business recognize and respond to potential disrupters, and extract opportunities.
Jason Pett has been delivering risk management, external audit, and internal audit services to
leading global and national organizations for more than 20 years. His extensive experience also
includes providing implementing and optimizing enterprise wide risk management programs and
systems and performing risk assessments to organizations in a variety of industries. Pett has
assisted organizations in the design of start-up internal audit, ERM, and compliance functions as
well as working with companies to transform existing functions to be value-added, risk-based,
and strategically aligned with other lines of defense and the business. He has managed
outsourced and co-sourced internal audit engagements for many companies. Pett also has
extensive experience incorporating best practices, such as embedding data analytics into risk
management and control, and leveraging deep industry and technical expertise from across PwC
into the planning, execution, and reporting of internal audit projects, risk management programs,
and compliance testing solutions. He is an author of both PwC's annual Risk in Review and State
of the Internal Audit Profession studies and a frequent speaker on the topics of compliance,
internal audit, risk management, and control.
Mark Kristall oversees the delivery of internal audit, compliance, and risk management solutions
to clients in the products and services sectors. He joined the firm in 2001 as an assurance
associate, and during his time with PwC, he has held numerous client service roles in the
assurance and advisory practices. In 2010, Kristall became director of operations in the risk
assurance delivery center. In 2011, he relocated to take over the growth of internal audit across
the firm’s products and services sectors including industrial products, retail and consumer,
technology, and energy.
Randy Earley oversees the company's audit services team that delivers strategic financial,
operational, and IT audit and risk advisory projects across all corporate departments and
businesses. Prior to Cox, he served as vice president of internal audit at SuperMedia, an
advertising agency for small to medium-sized businesses. Earley has internal audit experience
across multiple industries including retail, financial services, telecommunications,
manufacturing, and media through his work at JCPenney, Citigroup, Nortel Networks, and
Flowserve.
Elmar Vinh-Thomas originally trained as a physician, spending the first part of his professional
life in clinical practice in Southern Africa. He went on to manage public health grants for private
foundations in the U.S. and Europe. His increasing interest in the ethical integrity of donor
funding piqued his interest in auditing so he obtained the Certified Internal Auditor credential.
He now leads the Gates Foundation’s small assurance function, which includes ERM, internal
audit, fraud investigation, and assurance over $5 billion in annual funding made to grantees
around the world.
Katie Scalia Bio Being Finalized
CS 8-5: Innovative Ways for a Non-IT Auditor to Identify Possible Fraud Through Performing
Effective Access Reviews
Kari Sklenka-Gordon, CISA
Director
RSM
Jamie Burgess
Director
RSM
Learning how to assess SoD from an entity-level approach, including assessing access controls,
automated controls, and segregation of duties against functional responsibilities and manual
controls, can open up new avenues to discover fraud. Non-IT auditors will get a taste of gathering
systematic data to assess SoD and mitigate risk from a holistic perspective. Additionally, it helps
to do look-back testing to figure out whether ineffective controls were in place that led to access
issues, and whether another assertion is required.
In this session, participants will:
Learn how to integrate IT into existing audit areas.
Develop an understanding of how to strengthen access reviews.
Understand the value of assessing segregation of duties from an entity-level approach.
Broaden understanding of risk mitigation through exposure testing once SoD issues are identified and remediated.
Explore lessons learned from a case study.
Kari Sklenka-Gordon has focused a majority of her career in SAP, but has worked with multiple
ERPs identifying controls, as well as multiple ERP GRC tools that cover SAP, Oracle, and other
ERPs. She has been both an implementer of GRC tools as well as an end user in the private sector
and an auditor. Most of her experience is around Approva, by Info, but has also worked with GRC
tools including Virsa and SAP GRC, ERP Maestro, Security Weaver, FastPath, and others. Sklenka-
Gordon has overseen eight GRC tool implementations, audited 10 GRC systems, and performed
approximately 25 rule set analyses, and over 20 SOD audits. She has built a GRC controls
monitoring program in the private sector using multiple GRC tools to cover multiple ERP packages
including SAP.
Jamie Burgess is an experienced consulting director in the RSM risk advisory practice specializing
in enhancing the reliability of processes and systems to better manage and control risk within the
business enterprise. She is a consulting professional with nearly 15 years of experience, with over
seven years working in a Big Four global consulting firm. Her primary responsibilities are to
provide consulting focused services with an emphasis on clients’ business and information
technology needs, including strategy, compliance, risk management, and audit services.
CS 8-6: Emerging Trends in Technology
Robert Stroud, CGEIT, CRISC
Principal Analyst
Forrester Research
Facilitator:
Himi Tina Kim, CIA, CGAP, CRMA
Deputy Comptroller
Office of the New York State Comptroller
Technology innovation is driving businesses faster than ever as they strive be competitive in a
world where a competitor can appear overnight. The driver behind this emerging trend is the
customer. Technology innovation can create an environment where the business realizes the
power it holds, therefore sacrificing loyalty for speed and customer experience. To win, serve
our customers, and elevate the customer experience, we must be agile, drive velocity, and
effectively manage risk and compliance.
In this session, participants will:
Discuss how the business is driving change and the implications on risk profile.
Analyze the changing cloud landscape and the implications of its adoption on the role of the auditor.
Examine the emergence of deep intelligence and decision making and potential implications of privacy and compliance?
Evaluate auditing as code – is it finally a mandatory requirement?
Discuss how to enforce segregation of duties.
Robert Stroud is responsible for leading the research on DevOps and the research agenda for
the Modern Service Delivery Playbook on the I&O team. He also serves on core cloud
computing team, focused on driving the market toward delivering business innovation at the
speed of business. His research incorporates DevOps, cloud computing, CICD, cloud
management, software-defined datacenter, governance, risk, security, and compliance. Prior to
joining Forrester, Stroud spent more than 15 years in multiple roles at CA Technologies
including business applications, product management, and product strategy, advising
organizations on strategies to drive growth through innovation to deliver maximum business
value from their investments in technology-enabled business governance. As immediate past
international chairman of the board of ISACA and ITGI, Stroud has contributed to multiple
framework and standards publications, including COBIT 4.0, 4.1, and COBIT 5; guidance for
Basel II, Risk IT, Val IT; and multiple mappings of COBIT to various frameworks and standards,
including several ISO standards for security, service management, and software asset
management. He served on the USA and International boards of itSMF and as has served as a
member of the ITIL Update Project Board. Prior to his relocation to North America, Stroud spent
more than 15 years in the finance industry, managing multiple initiatives in the technology and
retail banking sectors related to infrastructure rationalization, security, service management,
and governance.
Tina Kim is responsible for overseeing the division that conducts audits of New York State
agencies and public authorities as well as New York City, having been appointed to the role in
2014. Earlier in her career, Kim served as director of the New York State Department of
Transportation’s audit and civil rights division as well as the leader of the New York State
economic recovery and reinvestment cabinet’s internal control and fraud prevention working
group. Prior to joining the DOT, she was the deputy inspector general for audit with the New York
Office of the State Inspector General. Kim is chair of The IIA’s IT Guidance Committee, and former
chair of its Public Sector Committee and AICPA’s Government Performance and Accountability
Committee.
Tuesday March 21, 2017 3:15 PM – 4:15 PM
CS 9-1: Cyber Resiliency
James Reinhard, CIA, CPA, CISA
Audit Director
Simon Property Group, Inc.
Organizations continue to implement cybersecurity defensive mechanisms to prevent an attack
from occurring. Cyber resiliency shifts the paradigm away from defense toward sustainability and
returning to business operations. But is it clear what cybersecurity aspects focus on resiliency?
What cyber resiliency areas can internal auditors provide value in assessing and consulting?
In this session, participants will:
Distinguish between cybersecurity and cyber resiliency.
Gain a practical understanding of cyber resiliency.
Identify areas of assessing and consulting for cyber resiliency.
Discuss the ramifications of both on a business’s reputation.
James Reinhard has worked in industries including retail, insurance, health care, loan servicing,
real estate investment trusts, state and local government, and nonprofits. He is an adjunct
instructor at the Kelley School of Business, Indiana University, Indianapolis. Reinhard has served
as a volunteer leader for The IIA, currently as a member of the Committee of Research and
Education Advisers, has presented at national events, and has authored courses and articles.
CS 9-2: The New Standards: What You Need to Know for Quality Assurance
Paul Sobel, CIA, QIAL, CRMA
Vice President, Chief Executive Officer
Georgia Pacific, LLC
The IPPF was updated in 2015 and new Standards were issued, effective January 2017. This
session will focus on how changes may affect the quality assurance and improvement programs
(QAIP) for internal audit activities.
In this session, participants will:
Understand the key changes to the IPPF and resultant changes to the Standards.
Learn how the Core Principles for the Professional Practice of Internal Auditing should influence a QAIP.
Identify ways to leverage the IPPF and Standards to better achieve the new Mission of Internal Audit.
Paul Sobel has many years of experience in internal auditing leadership roles as a CAE with
Georgia-Pacific and three public companies including Mirant Corporation, Aquila, Inc., and
Harcourt General. Sobel’s responsibilities included leading the global internal audit efforts at
these companies, as well as consulting on each company’s ERM, compliance and internal controls
programs. He has also served as international audit manager for PepsiCo, senior manager in
Arthur Andersen’s business risk consulting practice, and manager in Arthur Andersen’s financial
statement assurance practice. Sobel is a frequent speaker on governance, risk management, and
internal audit topics. He has written and co-authored three books: Auditor’s Risk Management
Guide: Integrating Auditing and ERM; Internal Auditing: Assurance and Consulting Services; and
Enterprise Risk Management: Achieving and Sustaining Success. He has been recognized for
articles published in Internal Auditor magazine and Management Accounting Quarterly. Sobel
has served numerous leadership positions with The IIA, including the Board of Directors and
Executive Committee, as well as positions with The IIA Research Foundation. In 2012 he was
recognized in Treasury & Risk magazine’s list of the 100 Most Influential People in Finance. He
has also served on the Standing Advisory Group of the Public Company Accounting Oversight
Board (PCAOB) and as The IIA’s representative on the Pathways Commission, which developed
recommendations to enhance the future of accounting education in the United States.
CS 9-3: Affordable Care Act (ACA) - Why Internal Audit is Key in Helping Protect the Company
An Buchhagen, CIA, CPA
Director, Internal Audit
Raytheon Company
Jennifer Allen, CIA, CISA, CFE
Senior Internal Auditor
Raytheon Company
The first year of reporting under the Employer Mandate has passed, leaving some companies
breathing a sigh of relief. This year, the risks of failing to comply increases significantly as parts
of the ACA become active and penalties are indexed year over year. As the bar is raised, internal
audit must assess an organization’s risk of noncompliance with ACA regulations.
In this session, participants will:
Understand the reporting regulations and importance of compliance with the Employer Mandate of the Affordable Care Act.
Explore internal audit’s role of assessing risks, identifying gaps, and potential areas impacted, and advising management on potential exposures as the requirements get stricter and penalties increase each year.
Examine strategies to ensure compliance to avoid penalties assessed by the IRS.
Learn how failing to comply may be material to the financial statements.
Discuss strategies on steps to take once a penalty is assessed by utilizing the Appeals process.
An Buchhagen directs internal audit plan activities across the company. Her key focus areas include strategic initiatives, accounting, shared services, supply chain, international business and finance, human resources, regulatory compliance, and legal. She has over 25 years of business and audit experience.
Jennifer Allen conducts a variety of internal audits and offers process improvement solutions.
She has nearly 10 years of internal audit experience (5 in health care) in assessing the adequacy
of internal controls, testing the operating efficiencies of operations, IT general controls, the
reliability of financial reporting, process improvement, and compliance with policies and
procedures.
CS 9-4: The Treasured "Value Add" and Where to Find It
Aaron Boor, CISA
IT Audit and Project Automation Specialist
Donegal Insurance Group
Whether they realize it or not, internal auditors involved in both the financial audit and testing of IT systems have a unique perspective into how data is generated and, specifically, into what data is compiled to generate financial reports and analysis. Auditors need to take that knowledge further by digging into financial data to uncover the treasured “value-add” that lies within these datasets. Without this understanding, internal auditors will continue to provide plain vanilla analysis, along with unremarkable results. This presentation provides perspective on how to get over the innovation hump in internal audit using data analysis tools to reveal powerful insights. In this session, participants will:
Learn where to start with a data analysis project.
Develop ideas on how to effectively perform data analysis.
Plan to ensure data analysis tools perform at their highest level.
Develop ideas on how to present data analysis findings to decision makers.
Receive insight on how to manage data analysis expectations.
Aaron Boor has more than 12 years of data analysis, audit, and process automation experience.
With a degree in accounting and an information technology background, he started his career in
public accounting where he honed his data analysis skills by incorporating automation techniques
throughout all stages of the audit. He introduced data analysis to DIG’s internal audit team, which
is now revolutionizing the way in which it performs audits by uncovering and quantifying long-
standing anomalies.
CS 9-5: How To Effectively Lead Millennials
Tonia Lediju, Ph.D.
Chief Audit Executive
City and County of San Francisco, Controller's Office
Millennials comprise the largest generational cohort in the U.S. today and will increasingly
dominate the workforce. They are making valuable contributions to the workforce and their
different skill sets and life experiences are calling for new ways to lead. Prepare to explore and
discuss strategies to inspire and cultivate the best in Millennials to foster organizational
commitment and develop a new generation of leaders.
In this session, participants will:
Review proven tactics to motivate the next generation of leaders with effective outcomes.
Discuss strategies to hire, onboard, and retain Millennials.
Learn how to effectively engage Millennials.
Tonia Lediju has more than 20 years of government auditing experience and her leadership
philosophy embodies service through integrity, teamwork, respect, and inclusion. She has built a
high-functioning multigenerational audit organization as the CAE of the City and County of San
Francisco. Lediju received the 2016 David M. Walker Excellence in Government Performance and
Accountability Award, presented by the U.S. Comptroller General and leader of the U.S.
Government Accountability Office. She previously was the audit director of several agencies of
the State of California, including the Highway Patrol, Employment Development Department, and
Department of Child Support Services.
CS 9-6: Extracting Maximum ROI From Audit Data Analytics
Tom Austin, CIA
Vice President, Governance Risk and Control
Cisco Systems, Inc.
Riyaz Kasmani, CISM, CISA, PMP
Senior Manager
Cisco Systems, Inc.
Facilitator:
John Wszelaki, CIA, CRMA, CFE
Director, American Center for Government Auditing
The IIA
Data analytics is undeniably the present and future of audit. But user adoption has been mediocre
at best. What are some common pitfalls (cultural fit, methodology, quality, etc.) of data analytics
that lead to this phenomenon? Can data analytics be embedded within your audit methodology?
How do you maximize ROI on your data analytics investment?
In this session, participants will:
• Identify barriers to adoption of data analytics. • Design an audit plan to drive analytics adoption. • Lead the way with federated compliance analytics. • Empower not one but ALL three lines of defense.
Tom Austin oversees Cisco’s governance, risk, and controls organization that partners with
internal business units. Previously, Austin worked at Applied Materials for 16 years, most recently
as vice president and CFO for the display and solar business segments. Prior to Applied Materials,
Austin worked with PriceWaterhouseCoopers in business assurance and with Merrill Lynch & Co.
in investment banking.
Riyaz Kasmani heads the audit data intelligence team for GRC within Cisco, where he has worked
for 11 years in various internal audit and IT management roles. Prior to Cisco, Riyaz worked for
10 years at Netpace, Inc. where he held product and program management roles with clients at
Cisco Systems, Hewlett Packard, and Zions Bank.
John Wszelaki is the Director of the American Center for Government Auditing at The Institute
of Internal Auditors, the global professional association and standard-setting body for internal
auditors. Wszelaki is recognized as a long-time leader in advancing the internal audit profession
on the local and national levels, sharing best practice approaches and mentoring fellow
professionals. He also is deeply versed in risk management, internal control, governance, and
investigative techniques.
Before joining The IIA in early 2016, Wszelaki was Director of Internal Audit at the State of Virginia’s Department of Alcoholic Beverage Control for nearly 17 years and, previously, Managing Auditor at American Greetings Corp. for nearly 22 years. An active IIA volunteer for more than 20 years, Wszelaki served in an array of leadership capacities, including as Chairman of the North American Board (2014-15); Chair of the North American Chapter Relations Committee; member of the North American and Global boards; President and member of the Board of Governor of The IIA’s Central Virginia Chapter; and district representative and adviser.
Wednesday March 22, 2017 8:30 AM – 9:45 AM
GS 4: Storytelling With Data
Cole Nussbaumer Knaflic
Author
Speaker
Storytelling With Data
Stories resonate and stick with your audience in ways that data alone does not. Why wouldn’t
you leverage the power of story when communicating with data? Join this engaging session to
discuss the untapped potential of combining the magic of story with best practices in data
visualization for communicating effectively with data.
In this session participants will:
Comprehend the difference between poor and effective visuals and identify examples of each.
Understand the importance of contrast and how to use it strategically.
Use color intentionally to focus your audience's attention.
Know what words are needed to make your data visualizations accessible.
Synthesize lessons learned to transform a poor visual into an effective visual story.
Cole Nussbaumer Knaflic tells stories with data. She is the author of "storytelling with data: a
data visualization guide for business professionals" and writes the popular blog
www.storytellingwithdata.com. Knaflic’s unique talent was honed over the past decade through
analytical roles in banking, private equity, and on Google's People Analytics team. Her well-
regarded workshops and presentations are highly sought after by data-minded individuals,
companies, and philanthropic organizations all over the world.
GS 5: Transition Resilience: It's Not Just About Managing Change
Keith Wyche
Corporate Transformation Leader, Best-selling Author
Adapting to change is a minimum requirement in today’s world. Change brings opportunity and
responsibilities whatever your job title. For you and your organization to excel, you must be able
to lead change and transformation. Leaders who can influence transformation are valued and
differentiated. Real-world case studies will be explored, highlighting peaks and valleys that others
have successfully – or not so successfully – dealt with. Ultimately, successful leaders encourage
their teams to acknowledge change not just in their heads, but also in their hearts.
In this session, participants will:
Discuss the psychology of change, and why people resist it.
Recognize and use the four R’s of change: Relevance, Readiness, Robustness, and
Responsiveness.
Learn how to overcome the seven stakeholder barriers that can sink a change project.
Review how to define and cast your vision so it engages every level of your organization.
Keith Wyche is responsible for ensuring an exemplary customer experience at Walmart's large format stores in the Northeast, and has more than 30 years of experience in leading major organizations through change, achieving dramatic turnaround results of some of America’s best known corporations including Ameritech, Convergys, AT&T, IBM, Pitney Bowes, and SuperValu’s divisions including Cub Foods and Acme markets. Wyche has risen to become a well-respected, successful corporate executive and he shares these experiences as an author, speaker, and thought leader.