Monday March 24, 2014 9:00 10:00 AM Documents... · Monday March 24, 2014 9:00 – 10:00 AM GS 1...

2014 General Audit Management Conference March 24-26, 2014 Hilton Bonnet Creek, Orlando, FL

Monday March 24, 2014 9:00 – 10:00 AM GS 1 The Board's View of Governance and the Important Role of Internal Audit Virginia Gambale Director, JetBlue Airways Managing Partner, Azimuth Partners

Gain a better understanding of emerging issues in board governance.

Learn how internal audit can play a strategic role in achieving corporate goals and operational excellence.

Understand the strategic aspect of enterprise risk management.

Acquire new perspectives and techniques for working with boards and executive teams.

Virginia Gambale has served on more than 20 public and private boards, including Piper Jaffray, Motive, WorkBrain and Synchronoss Technologies. She is a former general partner of Deutsche Bank Capital as well as a former CIO at Bankers Trust/Alex. Brown and Merrill Lynch. Gambale is on the mentor faculty and thesis evaluation board at Columbia University's Masters in Technology Leadership. She is a frequent speaker at the National Association of Corporate Directors and various forums for board governance and technology. Learning Field: Business Management & Organization Learning Level: Intermediate

Monday March 24, 2014 10:30 – 11:45 AM GS 2 Leading Internal Audit in an Organization That Thrives on Change Moderator: Richard Chambers, CIA, CGAP, CCSA, CRMA President and Chief Executive Officer The Institute of Internal Auditors Panelists: Lisa M. Lee Director, Internal Audit Google


Inder Gulati Head of Internal Audit LinkedIn Thomas W. Austin Vice President, Governance Risk & Control Cisco Systems Inc.

Learn the critical distinction between delivering “hindsight” and “adding value” in organizations that thrive on change.

Talk about gaining faster acceptance, less resistance, and greater satisfaction with the change in your internal audit functions and throughout your organization.

Identify easy ways to develop an organization of learning communities that will strengthen your audit functions.

Reduce strategic risk and increase organizational effectiveness by getting everyone involved in strategic thinking.

Explore the role technology plays in fostering a culture of change. Richard F. Chambers is president and CEO of The Institute of Internal Auditors. He has 38 years of internal audit and related experience. Previously, Chambers was national practice leader of Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director, U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Board of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), International Integrated Reporting Council, and IIA Board of Directors. Previously, he served as chairman of the Audit Board of the City of Orlando, Fla., and was a member of the U.S. President’s Council on Integrity and Efficiency, IIA Internal Audit Standards Board, and IIA North American Board. Chambers received the Association of Government Accountants’ Frank Greathouse Distinguished Leadership Award, and Accounting Today named him one of the Top 100 Most Influential People in Accounting. Lisa Lee leads internal audit and portfolio risk management at Google where she established the Sarbanes-Oxley compliance program and internal audit function. Before joining Google, Lee held positions at other technology companies such as Cisco Systems, and worked in tax and audit at KPMG. Inder Gulati established LinkedIn’s global Sarbanes-Oxley compliance program and internal audit function after the organization’s IPO. Prior to this, Gulati served as Visa’s vice president of finance responsible for the organization’s global Sarbanes-Oxley compliance and external reporting. He previously provided consulting and internal audit advice for leading technology companies such as Symantec, Verisign, Sandisk, and Dolby Laboratories etc. while working with PricewaterhouseCoopers.


Tom Austin oversees Cisco’s governance, risk, and controls organization that partners with internal business units. Previously, Austin worked at Applied Materials for 16 years, most recently as vice president and CFO for the display and solar business segments. Prior to Applied Materials, Austin worked with PriceWaterhouseCoopers in business assurance and with Merrill Lynch & Co. in investment banking. Learning Field: Business Management & Organization Learning Level: Intermediate

Monday March 24, 2014 12:45 – 2:00 PM CS 1-1 Resilience: Internal Audit’s Role in Strengthening Business Continuity Capabilities

Bruce B. Daly, CIA, CRMA Principal Deloitte & Touche LLP Mark P. Ruppert, CIA Director of Internal Audit Cedars-Sinai Health System

Define resilience in terms of business and why it’s important for the good of an organization.

Assess a plan for investing in a resilience posture.

Discuss the possible outcomes of not having a plan: business disruptions, reputational risks, and the impact of a prolonged, expensive recovery.

Identify the role internal audit can play in business continuity planning. Bruce Daly has served a variety of Deloitte clients as a trusted risk advisor for nearly 20 years, providing guidance across the risk services spectrum including leading IT internal audit services, articulating and executing risk-based IT audit programs, assessments and build-out of resiliency solutions (BCM/DR), applied audit analytics, internal control design and effectiveness, and assorted technology risk point solutions.

Mark Ruppert has more than 30 years of internal audit experience, including 18 years in the health care arena. He has served as an internal audit quality assurance review team member for The IIA and served in several leadership positions with the Association of Healthcare Internal Auditors as well as the Healthcare Compliance Association. Ruppert is a frequent speaker and has been published in Compliance Today and New Perspectives on various audit and compliance topics.


Learning Field: Business Management & Organization Learning Level: Intermediate CS 1-2 Engaging With the Audit Committee Peter R. Gleason Managing Director and Chief Financial Officer National Association of Corporate Directors

Discuss what stakeholders are focused on in this era of transformational change.

Learn how to identify what your board values in order to provide satisfaction.

Go beyond “compliance speak” and hear how to listen to what boards need to carry out their duties.

Discover how to engage committee members in the hot topics of strategy and risk.

Peter Gleason leads NACD’s research group, which engages in substantive research projects focused primarily on helping establish and refine leading practices to enhance board performance. Gleason serves as a member of NACD’s national faculty presenting on a variety of subjects related to board governance, and is regularly quoted in the national media. He is a member of the Business Advisory Board of Nura Health, Inc., a development-stage health care company, and was formerly a director of The Patriot Fund and the Executive Advisory Panel of the Open Compliance & Ethics Group (OCEG). He serves as a Council Member of the International Professional Practices Framework Oversight Council of The Institute of Internal Auditors. Learning Field: Communication Learning Level: Intermediate CS 1-3 Impact of Fraud in Government Agencies: What Government CAE/Audit Directors Should Know JoRay McCoy Audit Director Oklahoma Office of Management and Enterprise Services

Share how a "wedding cake" can cost millions in efficiency savings.

Discuss fraud transparency and the do's and don'ts of reporting fraud.

Discuss election years and the perils of mixing politics and fraud.


Explore the proven Diamond Edge Auditing system for detecting and deterring fraud.

JoRay McCoy has years of experience as a governmental auditing and internal investigations director. He is a master analyst in financial forensics (MAFF), certified procurement officer (CPO), and created the Diamond Edge Auditing system as well as Oklahoma state government’s first paperless auditing program. McCoy is a popular speaker at national trade association conferences and events. Learning Field: Auditing (Governmental) Learning Level: Intermediate CS 1-4 COBIT 5: A New Governance Framework for Managing and Auditing the Technology Environment Nelson Gibbs, CIA, CRMA Vice President, Senior Audit Manager Union Bank

Discuss how IT management issues affect enterprises.

Assess how the COBIT 5 processes help guide the creation of the five basic principles and the seven governance and management enablers.

Understand the differences between COBIT 4.1 and COBIT 5 and what to consider when transitioning.

Explain the benefits of using COBIT 5. Nelson Gibbs has more than 20 years of experience in information systems focusing on secure network and systems planning and design. He specializes in information security, IT controls and infrastructure, and business process/application risk management. Gibb’s background includes experience as a network administrator, an EDI coordinator, and director of IT services in the manufacturing industry, as well as a security and internal controls consulting senior manager with Deloitte. Gibbs is a published author and in demand as a speaker on business and technology security issues. Learning Field: Business Management & Organization Learning Level: Intermediate


CS 1-5 Auditing Forward Patricia L. Barbari, CIA Senior Vice President and General Auditor New York Life Insurance Co.

Discover how to incorporate emerging risks into audits.

Learn how to sell the importance of controlling what might happen.

Explore ways to stay on top of emerging issues. Patricia Barbari has overall responsibility for corporate audit at New York Life. Barbari began her career at New York Life as a director of corporate quality. She spent four years in internal audit before moving to the company’s service operations where she held a series of positions including head of life and annuity new business services. In November 2010, Barbari returned to the Corporate Audit Department and was appointed General Auditor in April 2012. Learning Field: Auditing Learning Level: Intermediate

Monday March 24, 2014 2:30 – 3:45 PM CS 2-1 Balanced Scorecards for the Internal Audit Function and Strategic Risk Management Mark L. Frigo, Ph.D. Director, Strategic Risk Management Lab Ledger & Quill Distinguished Professor of Strategy and Leadership DePaul Univeristy

Learn about the latest developments in the applications of the balanced scorecard in internal Auditing, based on an IIA Research Foundation study led by Dr. Mark L. Frigo.

Learn about how to use a Mission Driven Strategy framework to develop a strategy and strategic objectives for building a strategic internal audit function.

Learn how to translate the strategy of an internal audit function into a balanced scorecard.

Learn how to use strategy maps in risk assessment and enterprise risk management.


Dr. Mark Frigo leads the Strategic Risk Management Lab at DePaul University in Chicago. He is the author of six books and more than 100 articles in leading business journals, including Harvard Business Review. His research on strategic risk management has been presented at executive conferences throughout North America, Europe, and Asia Pacitic. For more information, see www.markfrigo.com Learning Field: Auditing Learning Level: Intermediate CS 2-2 Leading Transformational Change Jeffery G. Browning, CIA Senior Vice President and Chief Audit Executive Fiserv Inc

Learn to incorporate transformational change efforts into the organization’s strategic plans.

Identify communication strategies to help introduce and drive change initiatives.

Explore reporting progress and measuring success.

Hear how to make change a sustainable part of your culture. Jeff Browning joined Fiserv in 2012 from Duke Energy where he served as senior vice president, CAE, and chief ethics and compliance officer. He has also held senior leadership roles with Genworth Financial, Transamerica, and KPMG. Learning Field: Business Management & Organization Learning Level: Advanced CS 2-3 Don’t Judge the Book by Its Cover: A Review of Substance Over Form Carl F. Jenkins Managing Director Duff & Phelps LLC

Discuss the collapse of Lehman Brothers, history’s largest bankruptcy filing.

Learn about Lehman's continuing effect on accounting policy.

Examine how auditors approach auditing complex financial transactions in today’s business environment.

Hear about other cases where substance versus form played a pivotal role.

http://www.markfrigo.com/


Carl Jenkins specializes in litigation support, business valuation, financial consulting, and forensic accounting. Prior to joining Duff & Phelps, he served as managing director at CBIZ Tofias; a member of the executive committee of UHY Advisors New England; and a partner in UHY. He has more than 32 years of experience with financial statement audits and tax matters, mergers and acquisitions, valuations, general financial and management consulting, litigation consulting, forensic accounting, and expert testimony. Jenkins is a frequent speaker for professional associations, law firms, and banks and has published numerous articles. Learning Field: Accounting Learning Level: Advanced CS 2-4 Auditing IT Governance: A Case Study Thierry Dessange, CRMA Director - IT Audit Safeway Inc.

Discuss why IT governance needs to be audited.

Identify governance standards and frameworks that can be leveraged.

Explore where the board of directors, audit committee, and management fit in the equation.

Develop an achievable scope and testing approach.

Learn how to sell the results and partner with management for future success. Thierry Dessange oversees IT audit, providing assurance and validation of the control environment through audits, consulting, and serving on committees. He is instrumental in the company’s enterprise risk management efforts and provides infrastructure support associated with maintaining audit automation and other department-wide tools. Prior to Safeway, he managed IT, financial, and operational audits for Barclays Global Investors and Bank of America. He serves on the University of San Francisco Masters of Internal Audit Program Advisory Council, and is a regular speaker at national and local audit profession conferences. Learning Field: Auditing Learning Level: Intermediate CS 2-5 Risk: It's More Than Just Compliance The Honorable Theresa M. Grafenstine, CIA, CGAP Inspector General


U.S. House of Representatives

Explore the risk of suffering from "checklist myopia."

Discuss the importance and necessity of understanding auditees and their business.

Discover that it's all about relationships: reduce organizational risk by building relationships with key stakeholders.

Learn the perils of risk being in the "eye of the beholder" and strategies to combat it.

Theresa Grafenstine is responsible for planning and leading independent, non-partisan audits, advisories, and investigations of the financial and administrative functions of the U.S. House of Representatives. She is also an active volunteer in support of the technology, governance, internal auditing, and accounting professions. In addition to leadership roles with several professional trade associations, Grafenstine serves as a director on the IP3 Standards and Accreditation Council, a United Nations-rooted body; and as an audit committee member for the Department of Defense IG and the Pentagon Federal Credit Union. Learning Field: Auditing Learning Level: Intermediate

Monday March 24, 2014 3:45 – 5:10 PM CS 3-1 Dynamic Risk Assessment Allen J. Cooper, CIA Vice President, Internal Audit ConAgra Foods Inc. Ann Sedor Manager, Finance ConAgra Foods Inc.

Discuss the pros and cons of the traditional annual risk assessment.

Explore the virtues of more “real time” risk assessment including the use of continuous auditing, the application of data analytics, effectively partnering with business leaders, working with the second line of defense, and leveraging external sources.

Engage in a dialogue about selected risk hot spots.


Allen Cooper has more than 25 years of experience in internal audit, financial reporting, financial planning and analysis, supply chain finance, and consulting gained primarily within the manufacturing, distribution, and retail industries. Prior to joining ConAgra Foods, Inc., Cooper held finance and accounting leadership roles at General Electric, Armco Inc., and Ernst & Young. He has experience establishing internal audit functions as well as transforming under-performing audit functions. Ann Sedor joined ConAgra Foods, Inc. in 2010, having previously worked with PricewaterhouseCoopers LLP for clients in agriculture, grant accounting, automotive suppliers, and manufacturing. Sedor also has a background in commodities trading, alternative investments, and SEC reporting requirements. Learning Field: Auditing Learning Level: Intermediate CS 3-2 Show Them the Way: Using Employee Career Paths to Build, Improve, and Retain Your Internal Audit Team Paul McDonald Senior Executive Director Robert Half Lawrence Harrington, CIA, CRMA Vice President, Internal Audit Raytheon Company

Learn how to gain a better understanding of internal audit team members’ career objectives and motivations.

Gain insights on identifying opportunities to help employees build their skills and advance as well as communicating potential career opportunities within your organization.

Hear how to work with staff to develop a mutually beneficial career path.

Discuss how to use career road maps as a motivation, retention, and succession-planning tool.

Paul McDonald oversees strategic relationships and alliances for Robert Half International (RHI), an organization that specializes in the placement of accounting and finance professionals. McDonald joined Robert Half in 1984 as a recruiter in Boston, following a public accounting career with Price Waterhouse. In the 1990s, he became president of the Western U.S. region, which oversees RHI’s operations and lines of business. He became senior executive director of Robert Half Management Resources in 2000, and assumed his current role in 2012.


Larry Harrington has more than 25 years of experience in auditing and finance. He started his career in public accounting and has since held a wide range of positions within retail, financial services, insurance, manufacturing and technology. Harrington has served in key leadership roles over finance, human resources, and operations, as well as chief audit executive for several Fortune 200 companies. He serves on the Executive Committee of The IIA and is a past chairman of The IIA's North American Board of Directors. Learning Field: Personnel/HR Learning Level: Intermediate CS 3-3 Why We Miss Potential Fraud Situations: Our Antiquated Processes Joel Kramer Managing Director MIS Training Institute

Learn how to concentrate on significant risks and key controls in the midst of radical change within the profession.

Review the expectations of key stakeholders and their need for robust fraud risk assessment.

Find out how traditional processes are lacking when it comes to seeking out fraud.

Share examples of traditional audit approaches that often miss potential fraud situations.

Joel Kramer joined MIS in 1982 and introduced its internal audit curriculum. Prior to joining MIS, Kramer was director of internal audit for Instrumentation Laboratory, Inc. He also worked for both The Gillette Company and Coopers & Lybrand. Kramer is a popular speaker at international, national, and regional audit conferences and has written numerous articles for professional trade journals. He serves on the Advisory Board of the Louisiana State University Center for Internal Auditing and was inducted into The IIA’s American Hall of Distinguished Audit Practitioners in 2013. Learning Field: Auditing Learning Level: Intermediate


CS 3-4 Master Risk and Performance with Data-Driven GRC Dan Zitting Vice President, Management and Design ACL

Discover why transactional data is the "secret sauce" in GRC activities.

Learn a step-by-step method for integrating analytics and transactional monitoring into GRC activities.

Understand the maturity path of activities moving toward data-driven GRC and how maturity drives value.

See an example of the data-driven GRC approach to mastering bribery and corruption risk.

Dan Zitting is responsible for product management, design, and user experience for ACL’s software products. His previous experience was in the audit, risk and assurance industry. After working for several years at Ernst & Young, he co-founded a CPA firm that provided audit services to a global clientele and during which, he developed a web-based software for auditors which eventually led to the launch of a company that was acquired by ACL. Zitting is a three-time winner of the CPA Practice Advisor magazine’s 40 under 40 and Readers’ Choice awards. Learning Field: Auditing Learning Level: Intermediate CS 3-5 How Companies are Addressing Third Party Risks – A View From the Field

Patrick Warren, CIA, CRMA Risk Consulting Principal | Third Party Risk Services Leader Crowe Horwath LLP

Explore how audit departments in the survey are addressing third party risks at their organization.

Identify opportunities for Internal Audit to enhance third party audit and consulting activities.

Explore ways to identify the maturity of your organization’s third party risk management program.

Rick Warren serves as the leader of the internal audit practice for the southern U.S. and has more than 20 years of experience in helping companies and their audit committees with governance, compliance financial analysis, internal audit, enterprise


risk management, and financial statement audit. Prior to joining Crowe, Warren was a principal in the risk consulting practice of a Big Four accounting firm for seven years. He has served 19 Fortune 500 companies, including seven in the Fortune 100. His industry experience includes manufacturing and distribution, consumer products, life sciences, aerospace, transportation, financial services and high-tech. Learning Field: Auditing Learning Level: Intermediate

Tuesday March 25, 2014 8:30 – 9:45 AM

GS-3 Audit Committees’ Need for Insight: Keeping Pace With Changing Demands Olivia F. Kirtley Deputy President, International Federation of Accountants Board Member and Audit Committee Chairman U. S. Bancorp, Papa Johns International and ResCare Inc.

Learn what keeps Audit Committee members up at night.

Discuss the critical role internal audit professionals have in assisting audit committees with carrying out their responsibilities.

Identify ways internal audit can provide audit committees with information and insights in the face of heightened expectations and changing demands.

Learn how to keep pace with evolving demands and risks while focusing on key areas including people, tools, communication, and reporting practices.

Review staffing and resources for audit quality expectations. Olivia Kirtley is a business, governance, and risk management consultant. She currently serves as deputy president of the International Federation of Accountants (IFAC) and in 2014, will serve as its president. After spending the first decade of her career with a “Big Eight” accounting firm, she held several executive positions with a global manufacturing company, including director of tax, treasurer, vice president of finance, and CFO. She is former chair of the American Institute of Certified Public Accountants (AICPA) and has served on public company boards for more than 15 years. Learning Field: Business Management & Organization Learning Level: Intermediate


Tuesday March 25, 2014 10:15 – 11:30 AM Leading an Effective Internal Audit Team Priya Sarjoo, CIA

Managing Director, Advisory Services Grant Thornton

Jean Chun Vice President, Global Internal Audit Applied Materials Inc.

Discover best practices for teambuilding to maximize results through trust, collaboration, and diversity.

Learn effective coaching techniques to enable individual and organizational success.

Hear how to balance increased regulation and scrutiny with shrinking budgets.

Identify indicators to determine whether your team is working well together or truly performing as a solid unit.

Priya Sarjoo previously worked in the private sector, where she managed the accounting group for a publicly listed company. She has more than 18 years of experience in accounting, internal controls, and business process improvement within a variety of industries such as financial services, manufacturing, distribution, consumer and industrial products, government, not-for-profit, and hospitality. Sarjoo has helped her clients improve operational efficiencies, enhance monitoring mechanisms, streamline management reporting systems, develop and implement internal audit functions and processes, and evaluate internal controls environments. Jean Chun has led the company’s global internal audit since joining the organization in 2013. Previously, she served as head of internal audit at SanDisk Corporation, senior director of audit services at Yahoo! Inc., and held various finance positions at Cisco Systems, Inc. She began her career with Arthur Andersen LLP. Learning Field: Personal Development Learning Level: Intermediate CS 4-2 Leadership and Rising Stakeholder Expectations Lawrence Harrington, CIA, CRMA Vice President, Internal Audit Raytheon Company


Understand key future challenges to the internal audit profession and their potential impact on internal auditors and business leaders.

Learn strategies to meet and exceed stakeholder expectations with regard to risk assessment, assurance, and adding value.

Share strategies to develop a top-notch team and collaborative relationships that enable achieving more with less.

Larry Harrington has more than 25 years of experience in auditing and finance. He started his career in public accounting and has since held a wide range of positions within retail, financial services, insurance, manufacturing and technology. Harrington has served in key leadership roles over finance, human resources, and operations, as well as chief audit executive for several Fortune 200 companies. He serves on the Executive Committee of The IIA and is a past chairman of The IIA's North American Board of Directors. Learning Field: Business Management & Organization Learning Level: Intermediate CS 4-3 Fraud in the Digital Age Lynn Fountain, CRMA President Fountain GRC LLC

Understand the inherent dynamics in today's technologically advanced society that contribute to the” fraud triangle.”

Review the evolution of fraud and the contributing impact found in advancements such as social media, the cloud, and advanced data systems.

Explore aspects of technological innovation that can lead to threats of fraud. Lynn Fountain has more than 30 years of experience including having served as CAE for two international companies. Her initiatives in internal audit enterprise risk management have been highlighted in various professional publications and trade journals. In her consulting practice, Fountain specializes in internal audit, Sarbanes-Oxley, ERM, fraud, governance, and compliance. She is a respected international trainer and speaker on topics including fraud, ethics, compliance, governance, risk management, and internal audit. Learning Field: Auditing Learning Level: Intermediate


CS 4-4 Risk and Opportunity: What Chief Audit Executives Should Know About CyberSecurity Jeff M. Spivey President, Security Risk Management Inc. International Vice President, Board of Directors, ISACA

Discuss the impending threat of cyber attacks at any organization.

Hear the critical issues surrounding the cybersecurity threat.

Develop an understanding of what organizations should be concerned about.

Explore the question of cybersecurity being a problem for technology or risk management.

Learn about auditing and evaluating the adequacy and effectiveness of the enterprise cybersecurity strategy.

Jeff M. Spivey is a career security professional having served with law enforcement before entering the private sector with NCNB (now Bank of America) where he rose to senior security management of the multi-state banking system. In 1989, Spivey established his own firm to provide strategic insight and program development for banking, corporate and governmental clients. The author and contributor of articles in professional journals, he has been a featured speaker at many security and IT risk management and counter-terrorism conferences worldwide. Spivey was past international president and chairman of the board of ASIS International, the world’s largest professional security association. Currently he serves as a member of the U.S. State Department’s Overseas Security Advisory Council (OSAC), the United States Justice Department’s Judicial Security Advisory Council, and is a founding member of the Cloud Security Alliance. Learning Field: Specialized Knowledge and Applications Learning Level: Intermediate

CS 4-5 PwC’s 2014 State of the Internal Audit Profession Jason Pett, CIA U.S. Internal Audit Leader PricewaterhouseCoopers LLC John Tantillo, CIA Internal Audit Partner PricewaterhouseCoopers LLC


Dominique Vincenti, CIA, CRMA Vice President, Internal Audit and Financial Controls Nordstrom Inc. Maria G. Frias, CIA, CFSA, CRMA Executive Vice President and Chief Risk Officer Seacoast National Bank

Charles E. Adair Audit Committee Chair Tech Data

Understand the methodology and validity of this study, now in its tenth year.

Discuss key themes and hot topics such as stakeholder’s expectations, performance and value of internal audit’s contribution, and the value in emerging risk areas.

Explore the internal audit mandate and what regulators now expect from internal audit.

Jason Pett has been delivering external audit and internal audit services for more than 15 years. His extensive experience also includes providing enterprisewide risk assessments and efficient, risk based internal audit plans to organizations in a variety of industries. Pett has assisted organizations in the design of start-up internal audit functions as well as working with companies to transform existing internal audit functions into value added, risk based, and strategically aligned functions. John Tantillo has focused exclusively in providing internal and external audit, Sarbanes-Oxley and risk and control services to the financial services sector for more than 27 years. He provides risk and internal control assessments, reviews of internal audit departments and is a frequent speaker on internal audit leading practices. Prior to joining PwC in 2012, Tantillo was a partner with another Big Four firm. Dominique Vincenti currently oversees a team of 29 professionals for both the retail and financial services arms of the company. She has 20 years of experience, principally in the retail industry for prominent international retailers (Marks & Spencer and the PPR group). She also served for six years as chief officer at The IIA, where she oversaw the organization’s professional and technical practices and worked closely with other professional national or international institutions and regulators such as the U.S. Securities and Exchange Commission, the International Organisation of Supreme Audit Institutions, and IFAC. Maria Frias has been with Seacoast since 1990, first serving in the company’s internal audit department before moving on to become compliance officer in 1996. She has


served in additional leadership roles, including senior vice president and chief auditor served before receiving her current appointment in 2012. Frias is actively involved with several trade associations, including serving on the Board of Governors of IIA‒Palm Beach Chapter since 2000. Eddie Adair has served as a partner or manager of two venture capital fund management companies since 1993. Adair served as president and chief operating officer with Durr-Fillauer Medical, Inc. for more than 10 years, and currently serves on the board of directors of PSS World Medical, Inc., a post he has held since 2002. He also serves as chair of the audit and executive committees. Since 2003, Adair has been on the board of directors of Torchmark Corporation, where he also serves as lead director and a member of the compensation committee. Learning Field: Auditing Learning Level: Intermediate

Tuesday March 25, 2014 12:45 – 2:00 PM

CS 5-1 Effective Strategies for Implementing the 2013 COSO Framework Robert B. Hirth Chairman Committee of Sponsoring Organizations of the Treadway Commission (COSO) Kathleen A. Swain Senior Vice President of Internal Audit and Chief Audit Executive Allstate Insurance Company

Review what led up to the update and steps taken during the revision process.

Discuss what has changed and what has stayed the same.

Learn what organizations must consider to transition to the revised framework.

Consider one publicly held company’s approach to the transition for internal control over financial reporting.

Bob Hirth serves as COSO Chair and was unanimously elected by the board of its sponsoring organizations to serve a three year term beginning June 1, 2013. His experience includes all of COSO’s mission disciplines: ERM, internal control, and fraud deterrence. Hirth has worked on assignments and made presentations in over 15 countries, serving more than 50 organizations and working with board members, C-level executives, finance and accounting personnel, accounting firm partners, and employees. Most recently, Hirth served as a senior managing director of Protiviti, and before that, he was executive vice president, global internal audit and a member of the


firm’s executive management team. In 2012, Hirth was appointed to serve a two-year term on the Standing Advisory Group of the Public Company Accounting Oversight Board (PCAOB). Hirth is a recognized leader in the internal audit profession, serving as IIA Research Foundation trustee and Service Provider committee member. In 2013, Hirth was inducted into The American Hall of Distinguished Audit Practitioners. Kathy Swain oversees and directs her organization’s internal audit function, responsible for providing assurance and enterprisewide consulting. She joined Allstate in 2002 as assistant vice president in finance, responsible for the development and implementation of financial and business process solutions, before moving into IT, leading the Enterprise Applications group. Before Allstate, Swain was deputy director of assurance and head of internal audit for BP Amoco in London. Learning Field: Auditing Learning Level: Intermediate CS 5-2 Women as Successful CAEs MODERATOR Karen Begelfer, CIA, CRMA Vice President, Corporate Audit Services Sprint Corp PANELISTS: Mary Ludford Vice President, Audit and Controls Exelon Corp Karine Wegrznowicz Vice President, Internal Audit Deckers Outdoor Corp. Barb Bergmeier, CIA, CFSA Vice President and Chief Internal Auditor Mutual of Omaha

Learn about the skills and characteristics many women possess that have made them leaders in the audit profession.

Explore the opportunities and challenges of pursuing this career path to senior leadership levels.

Gain perspective on how some women CAEs have leveraged mentorship successfully, both as a mentor and as a mentee.


Discuss how to attract and retain women and other diverse candidates into the audit department.

Karen Begelfer leads the Internal Audit function at Sprint, which includes Corporate Audit, Retail Audit and Enterprise Risk Management. Prior to Sprint, Karen was Vice President, Chief Auditor of Payless Holdings, where she was responsible for the international audit team, the Enterprise Risk Management function and the Sustainability initiative. Prior to Payless, she was a Director of Internal Audit at The Home Depot where she directed audits in the Finance and Shared Services areas, including Sarbanes-Oxley testing. Previously, she delivered post-deal integration services at PricewaterhouseCoopers and was a member of the Corporate Audit Staff at General Electric. Mary Ludford is responsible for Exelon's internal audit, financial controls, and environmental health and safety audit strategy, and the creation and execution of the annual audit and controls plans. She is also responsible for overseeing the Financial Controls Group. Prior to her current role, Ludford served as vice president of PECO's Smart Grid/Smart Meter project, in addition to previously having served in various leadership roles with various Exelon subsidiaries and business units. Ludford held various leadership positions at including roles in finance, customer operations, regulatory, and governmental affairs. Karine Wegrzynowicz is responsible for global internal audit, oversight of the Sarbanes-Oxley program, and leading the organization’s ERM function. She also serves as co-chair of the corporate compliance council. Wegrzynowicz has more than 25 years of audit and operational experience in the retail, automotive, airline, and manufacturing industries. She serves as the vice chair of the International Internal Audit Standards Board. Barb Bergmeier directs internal audit activities of Mutual of Omaha and its 22 subsidiaries, including Mutual of Omaha Bank. She has more than 27 years of accounting, auditing, and risk management experience within the insurance and banking industries. Prior to joining Mutual of Omaha in 2011, she served in both chief audit executive and chief risk officer roles with another life and health insurance company. She was a senior manager with a Big Four public accounting firm, where she served clients in the insurance and banking industries. She has served as a representative with insurance industry trade associations and has participated in regulatory developments such as the Model Audit Rule and ORSA. Learning Field: Personal Development Learning Level: Intermediate


CS 5-3 Minimizing the Risk of Fraud: Whistleblower or Ethics Hotlines Carmelina Di Mondo, CGAP Director, Forensic Unit Auditor General’s Office, City of Toronto

Discover the story behind the introduction of Toronto’s pilot hotline program.

Learn how a hotline can complement an organization’s other fraud minimizing efforts.

Discuss how to effectively manage hotline inquiries and resolve whistleblower complaints.

Carmelina Di Mondo, having practiced law for over 10 years in both government and private sectors, assumed her current role in 2001 dedicated to managing and investigating complaints that include allegations of fraud, conflict of interest, and other wrongdoing. She was instrumental in setting up the city's Fraud & Waste Hotline Program, the first Canadian municipal hotline program of its kind. Di Mondo has presented at various conferences and addresses inquiries from organizations across Canada and the United States about the hotline program. Learning Field: Behavioral Ethics Learning Level: Intermediate CS 5-4 Success Strategies: Integrating Data Analytics in a Risk-Based Audit Plan Andrew Simpson Chief Operating Officer CaseWare Analytics Todd Freeman, CIA Vice President, Internal Audit Chicago Bridge & Iron

Learn how to apply data analytics to overall risk assessment.

Integrate analytics into the audit management processes.

Identify how analytics be employed throughout risk-based audit life cycle, as part of risk assessment, by testing internal control effectiveness, benchmarking with external data, and looking at trends and predictions.

Apply strategies for effective use of analytics, drawn from real world examples. Andrew Simpson has nearly 20 years of experience in the information systems audit and security business, specifically within data analytics, interrogation, and forensics. He is a regular contributor to various auditing conferences and is acknowledged as a luminary on continuous controls monitoring and fraud prevention. Simpson previously


worked with Ernst & Young as an IT security specialist and is also the chairman of Symptai Consulting, an IT audit and security consulting firm. Todd Freeman joined CB&I, a global engineering, procurement, and construction company, in 2002, and is responsible for the internal audit function including Sarbanes-Oxley as well as operational, financial, compliance, and IT audits for its offices and projects around the world. Freeman current serves as the vice chair of The IIA’s Learning Solutions Committee. Learning Field: Auditing Learning Level: Intermediate CS 5-5 Moving the Pendulum Back: Shifting From a Controls Focus to a Value-Enhancing Approach to Audit Noah Gottesman Audit Advisory & Innovation Director Thomson Reuters Accelus Alexander Stephanouk, CIA, CRMA Chief Audit Executive Aflac Inc.

Discuss bridging the gap between being focused on financial controls to exerting influence and bringing value to all areas of an organization.

Understand why internal and external stakeholders are demanding a more holistic perspective.

Explore how technology and the Quality Assessment and Improvement Program can be used as enablers for the audit department.

Share ideas, suggestions, and alternatives on how to grow the skills, talents, and compentencies of audit department staff to meet changing expectations.

Noah Gottesman uses his background in internal audit and internal controls to provide both industry thought leadership as well as real world client experiences and opportunities in his role as innovation director. Prior to Thomson Reuters Accelus, Gottesman served as senior manager with Ernst & Young’s Advisory Services Risk and IT Risk practices performing risk-based financial, operational, and compliance audits. Alex Stephanouk is responsible for the global internal audit function, Sarbanes-Oxley compliance, and coordination with the company’s ERM department. Before joining Aflac, Stephanouk was a managing director in KPMG's Internal Audit Services practice


assisting clients in developing, assessing, and leading internal audit and Sarbanes-Oxley 404 compliance departments. Learning Field: Management Advisory Services Learning Level: Intermediate

Tuesday March 25, 2014 2:30 – 3:45 PM CS 6-1 Corporate Strategy and Risks: Making an Impact! Pamela Short Jenkins, CIA, CRMA Vice President, Audit Services U.S. Foods Mark S. Beasley, Ph.D. Deloitte Professor of Enteprise Risk Management Poole College of Management North Carolina State University

Learn how to sell ERM to stakeholders as more than just another compliance program.

Understand of the importance of positioning an organization’s risk oversight processes using a strategic viewpoint.

Hear tactical ideas of how organizations are structuring their risk identification and monitoring efforts to provide rich information to stakeholders on significant risks likely to impact the organization’s core business model.

Pam Jenkins has tactical expertise in areas including enterprise risk assessment, business unit consulting, corporate governance, audit committee support, operational assessments, process improvement, financial reporting, loss prevention, IT systems audits, and strategic planning in acquisitions, corporate integrations, dispositions, and business expansion for both public and private companies. Jenkins was chosen to lead the Transformation Program Management Office for companywide strategic initiatives, and is an integral member of the Integration Management Office in Master Planning for the Sysco merger. Prior to joining USFoods, Jenkins served as senior vice president of internal audit at The Wendy’s Company/Wendy’s Arby’s Group, Inc., and vice president of internal audit for Home Depot, Inc. She was a senior manager for KPMG in the assurance practice and has impacted numerous professional and civic groups through her fundraising and financial expertise. Jenkins serves on The IIA’s North American and Global Boards as well as NC State University as a member of the ERM Initiative Advisory Board for the Poole College of Management.


Mark Beasley leads a team that provides thought leadership on ERM practices and their integration with strategy and corporate governance. In 2012, Beasley was named by the National Association of Corporate Directors (NACD) as one of the “100 People to Watch.” He recently completed more than seven years of service on the board for the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Beasley has authored more than 90 research articles and business publications and he frequently works with boards of directors and senior executives on risk oversight issues. Learning Field: Business Management & Organization Learning Level: Intermediate CS 6-2 Upgrading Your Internal Audit Function Lynn McKenzie-Tallerico Partner KPMG LLP Ruthe Holden, CIA, CGAP, CRMA Chief Auditor Los Angeles County Metropolitan Transportation Authority

Explore ways to deal with today’s budget challenges in the face of ever-expanding job responsibilities.

Learn how to upgrade the internal audit team’s performance by setting expectations and providing support.

Rediscover the back-to-basics approach with consistent execution of effective audit and reporting processes.

Imagine deploying and evolving new audit tools and techniques to realize more value from your internal audit department.

Lynn McKenzie-Tallerico is a partner with KPMG’s Advisory Services practice. With more than 30 years of business experience, she works in both line management and risk management functions, primarily for financial services organizations. Her experience includes providing risk management and advisory services for the last 20+ years. She serves as lead partner on several large internal audit and Sarbanes-Oxley strategic sourcing engagements. In this capacity she is responsible for all facets of internal audit operations, from planning to execution and reporting. She is also the lead human resources partner for KPMG's Pacific Southwest Region Internal Audit practice, where she is respnosible for the recruting, training, staff development, evaluation, and compensation processes. Additionally, she has extensive experience performing quality assessments and better practice reviews of internal audit functions.


Ruthe Holden oversees the internal audit office and conducts operational, performance, information technology, contract compliance, and regulatory compliance audits. She has 20 years of audit experience in both a local government agency and the federal government. Holden serves as vice chair of The IIA’s Regional Conference Committee and as chair of the American Public Transportation Association’s Committee of Audit Professionals. Learning Field: Auditing Learning Level: Intermediate CS 6-3 Fraud Risks for the Chief Audit Executive and the Board John J. Hall President Hall Consulting Inc.

Learn about a proven eight-step roadmap for leading the charge against fraud in your organization.

Get turn-by-turn instructions for board members and chief audit executives as they manage the strategic and tactical portions of an anti-fraud campaign.

Get instructions and example scripts to recruit every employee in the fight against fraud risks.

Walk away with checklists, sample policies, and other real-world practice tools to use immediately.

John Hall draws on 35 years of experience as a consultiant, speaker, and audit leader. He specializes in training presentations for management, auditors, and professional associations. He has worked in senior leadership positions in corporations, international public accounting firms, and consulting firms. He also coaches audit and business professionals on how to increase their effectiveness, clarify and meet their goals, and advance their careers. Hall is the author of the 2012 award-winning book Do What You Can! Simple Steps – Extraordinary Results. He is a member of the National Speakers Association, The IIA, and the American Institute of Certified Public Accountants. Learning Field: Management Advisory Services Learning Level: Advanced CS 6-4 Success in the IT Internal Audit Function Hans Geiger Sr. Director, Global IT & Financial Audit


ADP

Learn techniques to help IT internal audit establish credibility with stakeholders.

Discuss how IT internal audit can expand the scope of its work to the organization’s benefit.

Explore the path to becoming a recognized risk partner within the organization. Hans Geiger has oversight of IT and financial risk audit, Sarbanes-Oxley, and global coordination of ADP’s Service Organization Control (SOC) reporting process. He joined ADP in 2011 after spending more than 10 years at Ernst & Young, focusing on IT assurance and advisory services for financial services companies. Previously, Geiger worked for Arthur Andersen’s business consulting division as well as a small Wall St. based data vendor firm. Learning Field: Auditing Learning Level: Intermediate CS 6-5 Integrated Reporting: What Is It and Why Should I Care? Eric Hespenheide Consultant Deloitte & Touche (Retired)

Hear a brief history of the International Integrated Reporting Council and the drivers that led to its creation.

Learn what integrated reporting is and isn't.

Discover who should be involved and how, including internal auditing.

Explore the next steps of the journey toward integrated reporting. Eric Hespenheide served as one of the global leaders of Deloitte Touche Tohmatsu Limited (DTTL) member firms’ sustainability group within audit and enterprise risk services. He currently serves as a member of the working group of the International Integrated Reporting Committee (IIRC), and chairs the taxonomy committee for IRIS (Impact Reporting and Investment Standards). Hespenheide is a frequent speaker and author on the topic of sustainability, particularly related to reporting and assurance matters. He is a member of the board of the Global Reporting Initiative (GRI) and chairs the AICPA Sustainability Task Force. Learning Field: Auditing Learning Level: Intermediate


Tuesday March 25, 2014 3:55 – 5:10 PM CS 7-1 Dynamic Risk Assessment and Emerging Risks/"High Impact" Audits MODERATOR: Mike O’Leary, CFSA, CRMA Partner, Advisory, Global Internal Audit Leader Ernst & Young LLP PANELISTS: Stephen E. Shelton Vice President Internal Audit KBR Inc. William Luebke Internal Audit & Enterprise Risk Management Computer Sciences Corporation

Explore why an annual risk assessment may no longer be often enough.

Hear how some internal audit departments are using a more dynamic approach to assessing risks.

Learn how you can incorporate emerging risks in the assessment.

Discuss some "high impact" audits that address the risks that matter.

Mike O’Leary leads the innovation, thought leadership, methodology, client service, and go-to market growth initiatives around internal audit services. Prior to being appointed to his current role, O’Leary served as risk practice leader, responsible for the practice P&L, client service, business development, people, and quality matters across a service line including internal audit co-sourcing and outsourcing, enterprise risk and risk transformation, internal control advisory and compliance, and contract risk services. Early roles in his tenure with EY include working in the assurance and advisory practices. O’Leary has obtained international experience with diverse companies from private start-ups to Fortune 500 clients, and has worked with top levels of management. He is a frequent speaker and facilitator. Stephen Shelton is is responsible for the organization’s global audit services function including anti-corruption (FCPA) compliance, operational audits of multi-billion dollar construction projects, joint ventures, corporate and financial audits, government contract compliance, and independent Sarbanes-Oxley testing. Before joining KBR, Shelton served in the role of vice president of internal audit at organizations including blockbuster, Belo, and SkyTel Communications. He also worked with


PricewaterhouseCoopers providing outsourced internal audit services and consulting on risk assessments, implementing ERM, and reengineering business processes. Bill Luebke oversees and directs the internal audit and ERM departments for the organization and its subsidiaries. Prior to joining CSC, Luebke worked with the Public Company Accounting Oversight Board as associate director of inspections managing the inspection process and overseeing the activities of inspection teams on multiple U.S. and International projects. Previously, he was a partner in the Assurance Services practice at KPMG managing a diverse client portfolio. Learning Field: Auditing Learning Level: Intermediate CS 7-2 Internal Audit's Role in Introducing the Three Lines of Defense Governance Model Glenn A. Benisek, CIA, CRMA Chief Audit Executive Xerox Corp. Steven D. Enos Director, Internal Audit Xerox Corp.

Hear how The IIA's Three Lines of Defense model was used to coordinate assurance efforts of a diverse group of risk management and control functions.

Learn strategies to leverage knowledge and information sharing across all risk and control functions operating within the different Lines of Defense to better accomplish individual mandates.

Explore ways to provide the audit committee and senior management with a clear picture of comprehensive assurance.

Glenn Benisek leads the $23 billion organization’s global internal audit function. Prior to joining Xerox, Benisek was vice president of global internal audit with Intercontinental Hotels Group and director of financial controls at Campbell Soup Company. He began his audit career with PricewaterhouseCoopers, responsible for a global assurance engagement after returning from a three year international assignment. Steve Enos began his career with Xerox in the internal audit function as an audit specialist and recently returned to the internal audit group in his current position. During his career with Xerox, Enos has held a number of senior financial positions in manufacturing, equipment revenue, post-sale revenue for equipment and contracted services, and recently as vice president of a global supplies business group.


Learning Field: Auditing Learning Level: Intermediate CS 7-3 Aggressively Addressing Anti-Corruption Risk Todd Freeman, CIA Vice President, Internal Audit Chicago Bridge & Iron

Explore the relationship between internal audit and compliance in addressing anti-corruption risk.

Identify the methods to develop a risk-based approach around “where to audit.”

Discuss how to create and implement an anti-corruption audit program.

Gain an understanding of the use of data analytics in anti-corruption efforts.

Learn how to report the results of anti-corruption efforts (keeping the audit committee in the loop).

Todd Freeman joined CB&I, a global engineering, procurement, and construction company, in 2002, and is responsible for the internal audit function including Sarbanes-Oxley as well as operational, financial, compliance, and IT audits for its offices and projects around the world. Freeman current serves as the vice chair of The IIA’s Learning Solutions Committee. Learning Field: Auditing Learning Level: Intermediate CS 7-4 Emerging Technology and Security Trends Jordan Reed Managing Director Protiviti Inc.

Navigate policies and measures around social media and mobile commerce.

Discuss how to manage and classify big data.

Explore incident response and monitoring security events.

Learn why managing third-party vendors for compliance is key.

Share tips on business resumption plans in the face of unforeseen crises.


Jordan Reed specializes in internal audit and financial advisory solutions, assisting public and private organizations with internal audit planning and execution, and he has been involved with all phases of internal control over financial reporting initiatives. Reed is also active in the development of spreadsheet risk management programs. He is a frequent speaker on topics including internal audit, Sarbanes-Oxley, emerging technology risk, and spreadsheet risk management. Learning Field: Specialized Knowledge and Applications Learning Level: Intermediate CS 7-5 Privacy Risk and Data Management: What the CAE Should Know Omer Tene, Ph.D. Vice President, Research and Education International Association of Privacy Professionals

Learn how privacy can impact business processes in a big data environment.

Discover the challenges and complexities of managing privacy expectations across cultures and business models.

Find out what key concepts mean, including privacy impact assessment, security breach notification, privacy by design, and data protection by default.

Omer Tene administers the Westin Fellowship program and fosters ties between the industry and academia. He is also deputy dean of the College of Management School of Law, Rishon Le Zion, Israel; an affiliate scholar at the Stanford Center for Internet and Society; and a senior fellow at the Future of Privacy Forum. He has published extensively in U.S. and European law reviews about big data, online tracking, and international privacy law. Learning Field: Auditing Learning Level: Intermediate

Wednesday March 26, 2014 8:30 – 9:45 AM GS-4 Emerging Regulatory and Legislative Issues Jeanette M. Franzel. CIA Board Member Public Company Accounting Oversight Board


Learn about PCAOB’s initiatives in the development of audit quality indicators, outreach to audit committees, and other efforts aimed at improving audit quality and independence.

Become informed about PCAOB’s latest auditing standards projects, including the auditor’s reporting model, transparency, quality control standards, and more.

Expand your understanding of PCAOB’s audit firm inspection program and how to interpret inspection results.

Jeanette M. Franzel was appointed to the PCAOB, which oversees the audits of public companies to protect investors and further the public interest through high quality, independent, and reliable audits, in 2012. Prior to joining the PCAOB, Franzel served as a managing director overseeing the Government Accountability Office’s financial audit oversight of the U.S. government. During her tenure at GAO, her team oversaw efforts to stabilize financial markets and promote economic recovery. From 2003 to 2012, Franzel oversaw GAO's issuance of Government Auditing Standards ("The Yellow Book"). Learning Field: Auditing Learning Level: Intermediate

Wednesday March 26, 2014 10:15 – 11:30 AM GS-5 Lead with Purpose John Baldoni Chair, Leadership Development Practice N2growth

Discover the power of organizational purpose.

Define ways to implement purpose in their workplace.

How defined purpose can help your team thrive and achieve.

Ways to make people your first priority and turn good intentions into great results. John Baldoni is an internationally-recognized leadership educator, executive coach, speaker, and author who has written 11 books on leadership, three of which were selected as the “year’s best leadership books,” Along with numerous articles and columns. Prior to joining N2growth, Baldoni operated his own consulting firm for 12 years. For nearly 20 years, he has coached and consulted for a number of leading companies in various industries including automotive, banking, high technology, and consumer goods. He is much in demand as a keynote and workshop presenter with corporate, government, professional, and military audiences. Over the last few years, Baldoni was named to the list of the world's top leadership gurus.


Learning Field: Business Management & Organization Learning Level: Intermediate

Monday March 24, 2014 9:00 10:00 AM Documents... · Monday March 24, 2014 9:00 – 10:00 AM GS 1...

Documents

Transcript of Monday March 24, 2014 9:00 10:00 AM Documents... · Monday March 24, 2014 9:00 – 10:00 AM GS 1...