conference mmaarrcchh 99 -- 1111,, 22000099 have invited many audit and assurance vendors to set up...

Detroit Chapter

10th Annual Spring Conference

MMMaaarrrccchhh 999 --- 111111,,, 222000000999

University of Michigan Dearborn Fairlane Center

If you are responsible for your company's internal auditing, information systems security and integrity, Sarbanes-Oxley compliance or other regulatory matters, you will want to join us for the tenth annual Detroit Spring Conference.

The Detroit Chapters of the IIA and ISACA are proud to co-Chair the tenth annual Spring Conference. Each year, the seminar committee spends a considerable amount of time planning a comprehensive series of course offerings for our members. Our reward comes from seeing a lot of members in attendance and hearing their positive feedback. The 2009 event is no exception. This event has been a sell out for the past six years! Don't miss out on the opportunity to network with your peers, enhance your skills, and learn about new products/services out in the marketplace. With your support, we can achieve our goal of providing a local, world-class conference tailored to meet your needs. We look forward to seeing you at the Spring Conference.

Mark Weintraub, President, Detroit Chapter – IIA

Jamshid Sadaghiyani, President, Detroit Chapter – ISACA

Welcome

RETURNING THIS YEAR! – VENDOR EXPO

We have invited many audit and assurance vendors to set up displays during the conference giving you an opportunity to learn about products and partners that are out in the marketplace and their associated benefits for your organization.

A Special Thanks to our Platinum Sponsors who continue to give generous support to this annual event!

MONDAY LUNCH– ACCRETIVE SOLUTIONS

TUESDAY LUNCH – JEFFERSON WELLS WEDNESDAY LUNCH – KPMG

BREAKFAST EACH DAY – THE REHMANN GROUP

Detroit IIA & ISACA Page 2 2009 Spring Conference

Conference Location University of Michigan Fairlane Center North

19000 Hubbard Dearborn MI 48126

(Park in rear lot – north end of complex)

From the West Take I-94 East to Southfield (M-39) and exit north. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the UM-Dearborn/Fairlane Center (The marquis will reflect the following; The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building. From the East Take I-94 West to Southfield (M-39) and exit north. Follow Southfield (North) to the Michigan Ave. (U.S. 12) exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the UM-Dearborn/Fairlane Center (The marquis will reflect the following; The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building. From the South Take Southfield (M-39) north to the Michigan Avenue exit. Stay on the Southfield Service Drive to Hubbard Drive and turn left. Follow Hubbard Drive and turn right into the Southern entrance of the UM-Dearborn/Fairlane Center (The marquis will reflect the following; The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building. From the North Take Southfield (M-39) south to the Ford Road exit. Stay on the Ford Road Service Drive to Hubbard Drive and turn right. Follow Hubbard Drive and turn right into the Southern entrance of the UM-Dearborn/Fairlane Center (The marquis will reflect the following; The University of Michigan-Dearborn/Fairlane Center). Follow the entrance road to the back and turn left at the stop sign; the North Building will be located on your left hand side. Parking is directly across from the North Building


SEMINAR PROGRAM

TRACK MON MARCH 9 TUES MARCH 10 WED MARCH 11

A

Collaborative and Customer Service Skills for Internal

Auditors

(Joan Pastor)

Communication, Influencing and Change Implementation Skills for Auditors

(Mare Brutus)

B Conducting Effective Fraud Risk Assessments

(Paul Zikmund)

Investigative Interviewing Skills

for Auditors

(Paul Zikmund)

C Integrating COBIT 4.1 into Your IT Audit

Process

(Richard Tarr)

Auditing IT Projects

(Norm Kelson)

D Auditing and Securing SAP’s Enterprise Service-Oriented

Architecture

(Frank Lyons)

E Uncovering Fraud in Core Business Functions

(Gordon Williams)

F Internal Audit School (Audit College)

(Hernan Murdock)

G Computer Forensics: Tools and Techniques

(Jason Claycomb)

H Using Risk Assessment to Build Individual Audit Programs

(Greg Duckert)

I Project Management for Auditors

(Kathleen Crawford)

J Auditing the Manufacturing Process

(Bryan Wood)


TRACK A COLLABORATIVE AND CUSTOMER SERVICE SKILLS FOR

INTERNAL AUDITORS (JOAN PASTOR - MONDAY)

7 CPEs

Seminar Focus and Features

Most auditors realize that communication skills are just as important to successful audits as technical skills. Our focus is on important skills auditors don't usually consider but are absolutely necessary, such as listening skills, handling conflict, handling difficult people and situations that arise in auditing, developing mental flexibility, communicating from a client-centered approach, and so on. This workshop will cover the important issues related to building partnerships with others across the organization, addressing the unique issues that those in audit especially face in detail. Participants will learn networking skills, non-manipulative persuasive communication skills, many strategies for managing both their own emotions and others, and the behaviors that actually create the perception and the reality that you are collaborative in your approach. At the same time, participants will actually feel an increased sense of self-empowerment and leadership as they see themselves obtaining better results while increasing professionalism. The session is highly geared towards information-sharing and interactive exercises, for a very full and practical session. Highlights include:

1. The Consultative and Customer-Oriented Approach to Auditing, and what it means to be Value-Added- Overview

2. How to move away from a checklist and authoritative approach to a collaborative one

3. How and why you as the Auditor want to be perceived as communicating well and being fair

4. Making Findings relevant to a Business Context and usable by Client

a. Non-manipulative and positive persuasive communication skills

b. The single most powerful communication tool of all and why it works

c. Understanding how to integrate your own communications style with your auditee's and why that is so important

d. The step-by-step process for communicating in a win-win approach

5. Sizing up where the other person is coming from the start

6. Communicating in a “win/lose” scenario., or when the person has difficulty partnering with you for various reasons

a. How conflict arises in the best of circumstances, and why

7. How to defuse open conflict and reduce passive resistance when it cannot be avoided

a. Handling emotions of self and others, those with “street smarts” and higher org. stature

8. Possible customized role plays.

Learning Level: Basic


About the Instructor . . .

Joan Pastor, Ph D.

Joan Pastor, Ph.D. is president of Joan Pastor and Associates, International, an international consulting company. She acts as a consultant on the "people" aspect of business to corporations, and has been a professional speaker, trainer, seminar leader, and organizational development specialist for over eighteen years.

Joan has two master's degrees and has practiced extensively as a psychotherapist. She has been a guest on a number of radio and television shows and has hosted her own radio show. Joan is the author of Women's Work and the recipient of numerous awards, including Certified Speaking Professional from the National Speakers Association, Outstanding Young Woman of America, and Who's Who in the East and West. She is a member of the American Psychological Association and was elected to the prestigious membership of the Society for Industrial and Organizational Psychology in 1992.

Joan has over 14 years of experience facilitating groups to determine, define and improve their work procedures and departmental processes, including projects and conferences associated with and involving the highest level of senior officials in our government, our military and other governments. She has worked in partnership with her associates to implement process and quality improvement in organizations around the world. She has facilitated senior management teams in strategic planning, organizational change and implemented self-managed teams throughout organizations.

Finally, Joan has taught facilitation skills and group dynamic skills for over 10 years in many companies and for several universities, including George Mason University, Michigan State University, and San Diego State University. She has given numerous keynotes to associations and organizations around the world reflecting her extensive experience.


TRACK A COMMUNICATION; INFLUENCING; AND CHANGE

IMPLEMENTATION SKILLS (MARE BRUTUS, TUESDAY - WEDNESDAY)

15 CPEs


In this practical and interactive two-day seminar you will learn targeted communication strategies, effective influencing tactics, and proven change implementation skills that use a tested equation and will raise your professional profile while increasing Audit’s value to the organization. You will master tools and techniques you can use to enhance your communication, interview, and change implementation skills. You will cover the steps you can take to build good client relationships and tackle such thorny issues as interviewing executive management, dealing with disagreement before it gets out of control, understanding cultural differences, delivering bad news, partnering with your clients to help them successfully implement audit findings, and more. And, if you are currently wrestling with a communication challenge, we urge you to bring it with you so that you can apply what you learn to your real-world situation. Plus, class exercises throughout the seminar will let you learn by doing. There are no fluff theories here…you will leave this intensive session with the tools you need to boost your communication skills and your ability to influence others to implement the changes in your findings. Learning Level: Basic


Mare Brutus

Maré Brutus is the Founder and President of Maré Brutus & Associates, Inc., a learning and management development organization that partners with Illuminated Consulting LLC to delivery training. For over 25 years, Ms. Brutus has worked with organizations that expect and have received training and change consulting services that improved individual performance, impacted cost savings, and increased productivity and effectiveness. She has run programs for a global audience that includes people from Europe, the Middle East, Far East and North America.

Ms. Brutus is well known for her highly interactive approach to running seminars and for skillfully using a blend of accelerated learning techniques. She has prepared/delivered over 30 core competency programs for audiences that range from the CEO to the administrative level. She has taught others to develop and use effective management and leadership strategies to communicate effectively, manage change, influence others, build teams, and reduce conflict.


TRACK B CONDUCTING EFFECTIVE FRAUD RISK ASSESSMENTS

(PAUL ZIKMUND – MONDAY - TUESDAY) 15 CPEs

Seminar Focus and Features Recent regulations and guidance, along with a heightened business risk, have increased the need to implement effective and efficient controls to reduce the likelihood of fraud within an organization. To accomplish this, companies are conducting enterprise-wide fraud risk assessments which aim to identify and evaluate fraud risk factors that increase the opportunity for fraud to occur. In this timely workshop, you'll explore key steps in helping protect the organization, its employees, and stakeholders from the potentially devastating effects of corporate fraud. The workshop will cover: Imbedding fraud risk assessments into your enterprise risk strategy. Defining a methodology to conduct an effective risk assessment

• implementing a 4 step approach • brainstorming specific fraud schemes and scenarios • material versus non material frauds • evaluation of inherent and residual risks

Communicating fraud risks to the audit committee and senior management

• packaging the results • what should you include • addressing high risk frauds

Evaluating your current fraud risk assessment process

• Who is involved • Frequency of risk assessment • Defining the results • Response to findings

Regulatory impact on fraud risk assessment

• Recent guidance • Company requirements • External auditors focus

Best practices for successful implementation

• Assembling the team • Effective and efficient processes • Brainstorming fraud schemes and scenarios • Ensuring management support

Learning Level: Intermediate


TRACK B INVESTIGATIVE INTERVIEWING SKILLS FOR AUDITORS

(PAUL ZIKMUND - WEDNESDAY) 7 CPEs

Seminar Focus and Features The increase of corporate fraud during the past several years has directed the attention of the government, company boards, and shareholders to the auditing profession. Recent passage of Audit Standard 5 and SAS 99 as well as internal audit standards prescribe "forensic-type" procedures on every audit to enhance the auditor's ability to uncover red flags for fraud. Interviewing is a forensic tool available to auditors and, when conducted effectively, can successfully uncover indicators of fraud during the audit. A successful interviewer should possess basic interviewing skills to afford themselves the opportunity to observe deceptive behavior. Auditors who are able to conduct focused discussions and alert themselves to suspicious behavior are more likely to detect fraud. Learning Level: Intermediate


Paul Zikmund

Paul E. Zikmund as Partner Fraud and Forensic Services at Control Solutions International is responsible for providing fraud investigation, detection, and prevention services to clients. Prior to his current role, he worked as a Senior Manager Deloitte & Touches Enterprise Risk Services and was responsible for assessing and implementing Antifraud Programs and Control solutions for clients. He has approximately 20 years of experience relating to the detection, prevention, and investigation of fraud. Paul effectively managed global fraud and forensic teams with various Fortune 500 companies. His experience includes investigation of insurance, healthcare, and financial frauds, conducting forensic audit engagements, providing litigation support for a variety of legal issues, and implementation of various antifraud programs and controls including fraud risk assessment and education and awareness programs relating to the detection and prevention of fraud. Prior to joining Deloitte and Touche, Paul was the Director Forensic Investigative Services for Tyco International. During his tenure with Tyco, Paul managed a global fraud and forensic services group responsible for investigating allegations of fraud within the company. Paul worked to develop and implement the company’s fraud risk assessment process, designed and provided fraud detection training to the Internal Audit department, and established the company’s investigative guidelines.


TRACK B INVESTIGATIVE INTERVIEWING SKILLS FOR AUDITORS

(PAUL ZIKMUND - WEDNESDAY) 7 CPEs


Paul Zikmund Prior to joining Tyco, Paul was a Director of Fraud Investigative Services at Dow Chemical, a Director of Corporate Security for Nortel Networks, and a Senior Investigator for Union Carbide Corporation. Paul started his career working in various capacities of law enforcement including investigation of health care and insurance fraud. Paul is an active member of the Association of Certified Fraud Examiners, Institute of Internal Auditors, and American Society for Industrial Security. Paul holds an MBA from the University of Connecticut, a Masters of Accountancy from Auburn University, and a degree in Criminal Justice and an Accounting Certificate from the University of Pittsburgh. He is a Certified Fraud Examiner and Certified Fraud Deterrence Analyst and regularly lectures on the topic of fraud investigation, detection, and prevention. Paul also teaches a graduate fraud and forensic accounting course at Rider University in New Jersey.


TRACK C INTEGRATING COBIT 4.1 INTO YOUR IT AUDIT PROCESS

(RICHARD TARR, MONDAY - TUESDAY) 15 CPEs


With the current emphasis on enterprise governance, successful organizations are integrating IT with business strategies to achieve their objectives, optimize information value, and capitalize on today’s technologies. To that end, Control Objectives for Information and related Technology (COBIT®), the internationally recognized set of IT management best practices and control objectives, provides a powerful framework for IT governance, control and audit. COBIT offers IT management an effective tool for controlling IT operations and provides IT auditors with an efficient means to assess the resulting IT control environment. Because COBIT links control objectives to the business framework, it can be used as a guide for ensuring appropriate control coverage.

In this two-day seminar you will review the latest COBIT control framework and focus on how you can use this industry-recognized framework for evaluating the effectiveness of IT-related controls. You will also discover how it can help ensure IT is in compliance with the numerous international laws and regulations that require effective IT security and control. In addition you, will pay particular attention to using COBIT for performing risk assessments, for strengthening IT control practices, and for planning and executing your IT audits. Throughout the seminar, you will use several COBIT control objectives to see for yourself how to best apply detailed control objectives, control practices, and IT assurance guidelines when planning and executing audits. Learning Level: Intermediate


Richard H. Tarr, CISA, CIA

Richard H. Tarr, CISA, CIA, is an audit and information systems consultant, specializing in quality assurance and training for all audit functions as well as disaster recovery planning and project management. A 28-year audit and information systems veteran, Mr. Tarr began his career with Electronic Data Systems Company. He served as Corporate EDP Audit Manager for the Walt Disney Company, and, after that, as Manager of Quality Assurance Review for the IIA. He authored the IIA's audit tool kit, Establishing an Internal Audit Function.


TRACK C AUDITING IT PROJECTS

(NORM KELSON – WEDNESDAY) 7 CPEs

Seminar Focus and Features IT Projects, whether they involve software (development or acquisition) or hardware (acquisition or upgrade), require strong project management. Most IT projects go off track when the project controls fail, or are not adequately enforced. The process is often subject to financial, operational, and political constraints and pressures. The results can be devastating if not properly addressed. IT Audit can provide major value in reviewing the process by phase. Its contribution can be both in content (internal controls) and governance oversight. Using CobiT as a framework, we will develop an audit approach that achieves both objectives. Highlights include: • How to execute an audit of the various phases of the project • When to audit the phases • How to report findings to line management, senior management, and the Board. • When and how often to re‐audit the Project • Integrating audit resources • Common issues that arise at each project phase Learning Level: Intermediate


Norman J. Kelson CPA, CISA

Norm Kelson is a 30 year veteran with extensive experience in IT assurance and governance as a consultant with a Big 4 firm and an internal audit boutique, internal auditor executive, and industry advocate. He has been responsible for building and disseminating best practices to internal audit and governance stakeholders. As Managing Director of The Kelson Group, Norm specializes in IT Assurance and Governance. Previously, he was Director of IT Audit for the Dutch retailer Ahold, and was responsible for IT Audit services for the Stop & Shop, Giant (Maryland and Pennsylvania), Tops, and Peapod grocery chains. He was a key member of the internal audit professional practices and standards and the global information security committees.



Norman J. Kelson Norm was Vice President of Internal Audit Services and National IT Audit Practice Director for CBIZ Harborview Partners, where he was responsible for establishing an Internal Audit/Corporate Governance practice. He was Managing Director of IT Audit and Technical Seminars for MIS Training Institute. During his 12 year tenure, he was responsible for creation, and all curriculum development, of its global IT Audit training portfolio focusing on best practices in risk-based auditing. He had managed KPMG’s New England Region IT Auditing practice, and held positions in IT Audit management with Fannie Mae, CIGNA, and Loews Corporation. He began his career as a financial auditor with Laventhol and Horwath. Norm is a frequent speaker, and subject matter expert, at ISACA/ITGI and Institute of Internal Auditors (IIA) conferences. He is a former Executive Vice President of the New England ISACA Chapter, and recipient of the Chapter’s John Beveridge Achievement Award in recognition of his efforts to the Profession and ISACA.


TRACK D AUDITING AND SECURING SAP’S ENTERPRISE SERVICE-

ORIENTED ARCHTECTURE (FRANK LYONS, MONDAY - WEDNESDAY)

22 CPEs


SAP ERP Central Component (ECC) represents the evolution of R/3 towards an architecture based on Web services that is open and flexible. This shift, however, introduces an element of high risk in a SAP technology environment that is complex and requires that controls be built into the architecture to protect the underlying organizational data.

Picking up where Auditing and Securing ECC and SAP R/3 left off, this three-day seminar is for auditors and security professionals who have to audit the risks associated with the new SAP™ Net Weaver environment. You will cover the major components of the Web architecture and their associated risk areas. You will diagram many of the transactional conduits for accessing data to identify the risks and control points required for processing integrity. You will see how system and security administration responsibilities provide the framework for overall data access, integrity, logging, reporting, contingency for operational data throughout the network and learn the risks and controls for each component, including the Web, GUI, portal, and non-SAP systems.

In addition, you will evaluate the protection of organizational financial data accessible via the open architecture tool and review each architectural component as to their administration, authentication, authorization, and audit ability. These components include Web AS, Net Weaver, Master Data Manager, Enterprise Portal, Exchange Server and Mobile Infrastructure focusing on their risks, system defaults, segregation of duties, and other key controls necessary to ensure the integrity and confidentiality of transactional data are properly established. You will cover penetration testing required to ensure that your SAP environment is not unduly exposed. Audit and security guidelines will be provided to assist in your review effort.

Prerequisite: Knowledge of SAP application module controls.

Learning Level: Advanced


Frank W. Lyons, CISA, CNDE Frank W. Lyons, CISA, is a consultant specializing in developing, managing, securing, and auditing large and small networked information systems. A recognized leader in the field, he has been involved in data security and database technology for nearly 21 years. As IS Audit Manager for Blue Shield and Sun Banks, Mr. Lyons designed a functional approach to IS auditing that he later used as Manager of Advanced Technology for the Institute of Internal Auditors. He has been with Cullinet Database Systems and a partner in the Plagman Group where he developed database auditing and data security seminars.


TRACK E UNCOVERING FRAUD IN CORE BUSINESS FUNCTIONS

(GORDON WILLIAMS – MONDAY - WEDNESDAY) 22 CPEs


Core business functions offer abundant opportunities for undetected fraud. In this eye-opening, three-day seminar you will pinpoint the areas most prone to internal fraud and identify key indicators of potential crime. You will focus on the expenditure, revenue/cash receipts, treasury, inventory, travel expense, contract, payroll and HR, computer, marketing, and outsourced functions as targets for fraud...and high-payback audits.

You will cover the methodologies used by those who would do you harm and focus on the red flags that signal the need for an investigation. You will learn how to implement and develop audit procedures that will increase the likelihood of discovering fraud, including data mining. You will also find out how to connect fraud analysis to PCAOB standards. Throughout this seminar, case studies will illustrate and enhance what you learn.



Gordon L. Williams, CPA, CIA, DACFE Gordon Williams is a Senior Audit Specialist with a major utility, where he is responsible for fraud- and FCPA-related audit projects internationally and in the US. He has also designed fraud tests for inclusion in audit plans; developed an internal fraud training program for auditors and other department managers; and reviewed audit plans and made recommendations for greater efficiency. Previously, Mr. Williams was a consultant with KForce, serving on a specialized team working with KPMG to review WorldCom financial affairs for possible fraudulent activities. Prior to that, he was with a Fortune-50 telecommunications company, where he held a variety of positions, including Internal Audit International Team Leader, Manager of Asset Management and Senior Analyst for the Line of Business Group. During the course of his career at BellSouth, he served on high-profile teams working on strategic fraud and FCPA assignments and provided subject matter expertise in high-risk audits that included fraud, currency translations, inventory valuation, contract analysis, and balance sheet reviews. Mr. Williams is a member of the American Institute of Certified Public Accountants, the Institute of Internal Auditors, the Georgia Society of Certified Public Accountants, the American Board of Fraud Examiners, and MENSA.


TRACK F INTERNAL AUDIT SCHOOL (AUDIT COLLEGE)

(HERNAN MURDOCK – MONDAY - WEDNESDAY) 22 CPEs


Today’s auditors are feeling the heat to do more effective and efficient audits of the organization’s business operations. In this intensive three-day seminar you will master fundamental operational auditing techniques and learn how to use data-driven risk assessment, fraud detection, and continuous auditing to enhance your audits of seven major business operation areas: Human Resources, Purchasing, Marketing, Information Technology (IT), Management, Finance/Treasury, and Accounting.

You will discover how using data mining and ERM attributes can produce a more objective risk assessment; explore a “scheme” approach to fraud risk assessment you can use in your fraud detection audit program steps; and find out how continuous auditing and testing through the computer will boost productivity in your business process audits. Throughout the seminar, case studies will help you focus on improving audits of business operations through positive outcomes and not just report outputs.



Dr. Hernan Murdock, CIA Hernan Murdock is a Senior Consultant for MIS Training Institute. Before joining MIS he was the Director of Training at Control Solutions International where he oversaw the company’s training and employee development program. Prior to that, he was a Senior Project Manager leading audit and consulting projects for clients in the manufacturing, transportation, high tech, education, insurance and power generation industries. Dr. Murdock also worked at Northeastern University, Arthur Andersen, Liberty Mutual and KeyCorp and has completed projects in North America, Latin America, Europe and Asia. Dr. Murdock is a lecturer at Northeastern University where he teaches management, international business and ethics. He is the author of articles on whistle blowing programs, fraud, deception and behavioral profiling and has delivered numerous invited talks and conference presentations at internal audit, academic and government functions in the United States, Latin America and Europe.


TRACK G COMPUTER FORENSICS: TOOLS AND TECHNIQUES

(JASON CLAYCOMB – MONDAY - WEDNESDAY) 22 CPEs


Computer forensics is the application of computer investigation and analysis techniques to identify potential legal evidence of illegal or unauthorized activity such as a hacked Web site, trade secret theft or fraud. In this timely three-day seminar, you will explore a variety of tools that can be used during each phase of a forensics investigation and learn how to tell which tools are best suited for your situation. Starting with the initial discovery or suspicion of a crime, you will cover the concerns that must be addressed to maintain the integrity of electronic evidence. You will examine open source and commercial tools that are available to help you preserve evidence, investigate the case, report your findings, and clean up vulnerabilities. You will also review data analysis tools that may be helpful during the investigation of financial fraud. Throughout the seminar, you will benefit from case studies, exercises, and demonstrations of how selected tools work in real-world situations. You will leave this high-impact seminar equipped to conduct effective forensic examinations and use sound evidence-handling procedures.

Bonus: You will receive a glossary of forensic terminology; a list of tools and the stages at which they may be useful; a summary of laws that apply to computer forensics; and a list of law enforcement contacts.



Jason Claycomb, CISA

Jason D. Claycomb is a principal in INARMA LLC. He has 20 years of experience in computer system development, audit, and security evaluation. Previously, Mr. Claycomb was National Director of IT Services at Jefferson Wells LLC, a Manager at Price Waterhouse, and an IT Auditor at First Colonial Bankshares Corporation. Mr. Claycomb is a member of ISACA, IIA, and ISSA. He is on the Security White Paper Committee Co-Chairman of the Technology Executive’s Club.


TRACK H USING RISK ASSESSMENT TO BUILD INDIVIDUAL AUDIT

PROGRAMS (GREG DUCKERT, MONDAY - WEDNESDAY)

22 CPEs Seminar Focus and Features In this revealing three-day seminar you will learn how to use risk assessment -- generally applied to annual audit plans -- to help build individual audit programs that will boost auditor productivity and provide the control assurance required by Sarbanes-Oxley. You will explore the differences between traditional, control-based risk assessment and a new, business risk-based approach that addresses management's concerns at the individual audit level. This progressive risk-based approach will demonstrate how assurance and consultative auditing can be performed simultaneously to maximize your audit resources and generate high-impact outcomes.

You will learn how to recognize primary risks critical to any organization and to evaluate if there are appropriate controls in financial, information systems, compliance, and operational audits. You will then investigate the innovative methodology in a practical, case-based work session that will lead you step-by-step through the development of an individual audit program that can be executed in your own organization. You are encouraged to bring an audit subject and background information to use in this class exercise. Attend this timely seminar to learn how to focus your audits on the business concerns of the audit committee, senior management, and the organization's operations.

Learning Level: Advanced


Greg Duckert, CIA, CISA, CMA, CPA

Greg Duckert, is CEO of Audit, Inc., a consulting firm specializing in risk assessment models, operational analysis, and audit process methodologies designed to maximize returns to the organization. Mr. Duckert is also a Senior Consultant for MIS Training Institute and has over 30 years of national and international experience as an Internal/IS Audit Director. Mr. Duckert has held Audit Director positions in the manufacturing, construction and healthcare industries, assuming responsibilities for financial, operational, and information systems auditing functions. His information systems expertise includes application audits, software acquisition, systems development, controls, security design, adequacy and implementation, and systems'' operational efficiencies. He has performed consulting services in IS, financial, and operational audits, as well as in business acquisitions and start-ups.


TRACK I PROJECT MANAGEMENT FOR AUDITORS

(KATHLEEN CRAWFORD, MONDAY-WEDNESDAY) 22 CPEs


An audit is simply a project! Yet few auditors take advantage of techniques used by project managers to bring their projects in on time and on budget. In two, intensive days you will learn the basics of project management, including how you can achieve improved cost control, resource utilization, and more timely audit conclusions. You will then apply these techniques to improving productivity in the internal audit process. Using audit-specific examples, you will learn project planning, scheduling, control, and decision support concepts and methodologies -- the basics of project management. The techniques outlined in this session will significantly improve your productivity in planning and managing all audit projects



Kathleen Crawford

Kathleen Crawford is an Internal Auditor for Vinfen Corporation, a private, nonprofit human services organization. Ms. Crawford’s responsibilities include assisting management in the standardization of operations, developing policies and procedures, and improving processes. In addition, she conducts operational and financial audits throughout the company. Ms. Crawford began her career as a bank auditor, first with Bank of New England, then Eastern Bank, and State Street Bank. A member of the Institute of Internal Auditors, Ms. Crawford is a past President of the Greater Boston Chapter of the IIA. She is also a member of the Association of Certified Fraud Examiners and the American Society for Training and Development.


TRACK J AUDITING THE MANUFACTURING PROCESS (BRYAN WOOD, MONDAY - WEDNESDAY)

22 CPEs


In this three-day seminar you will learn how to use process flow auditing (PFA) to analyze and breakdown a business into its core processes and to identify high-payback areas. You will focus on operational auditing and its interaction with IT auditing to arrive at an integrated approach to audits that will help control costs, minimize risks and exposures, and maximize your understanding of the business. You will explore the critical role of data in process reviews and analysis, determining how to apply business-oriented risks assessment techniques to the key processes of your organization. You will also learn alternative audit tools and methodologies you can use to make your engagements highly effective, boost productivity, and maximize payback.



Bryan Wood, CPA

Bryan Wood is the owner of a consulting firm specializing in business acquisitions and start-ups. He received Big 6 audit training from Deloitte & Touche (Haskin & Sells), where he was attached to the forensic task force. In this capacity he was responsible for detecting, investigating, and prosecuting casino fraud perpetrators. He has more than 14 years of national and international experience as a Director of Internal Audit. Mr. Wood established the internal audit department for Bentley Nevada Corporation, and has worked in the retail, banking, healthcare, and gaming industries. His areas of expertise include application, due diligence, acquisition/merger, process flow, fraud, and operational efficiency audits. He has also served as an expert witness in several forensic accounting and fraud cases.


REGISTRATION INFORMATION Participation is limited. Registration will be accepted on a first come first served basis. Pricing has been established to provide the maximum educational benefit for the lowest cost. Therefore, we will not be offering discounts from the established prices for early registration, membership affiliation or groups. Dress code for the conference is business casual. Morning refreshments will be provided from 7:30 AM – 8:30 AM on Monday, Tuesday, and Wednesday. General sessions will be from 8:30 AM – 4:30 PM. Lunch will be provided. Vegetarian lunch is available via pre-registration. Please note: due to circumstances outside of our control, we may find it necessary to reschedule or cancel sessions or change instructors. We will give registrants advance notice of such changes.

Payment and Cancellation Policy Please note all times are stated in Eastern Standard Time (EST). All reservations must be made online at www.isaca-det.org. Telephone, fax, and mail-in registrations and registrations made to IIA Detroit will not be accepted. All payments must be received by the ISACA Detroit Chapter Administrator by midnight 2/24/09. Payments may be made at the time of registration using Visa, Mastercard, Discover or Paypal or check payments may be mailed to the address listed below. Cancellations may be made online until Tuesday midnight 2/24/09 without penalty. Any cancellation received after Tuesday midnight 2/24/09 and before Monday midnight 3/2/09 will be charged a non-refundable service fee based on the CPEs of the registered course being cancelled. No refunds will be given for registrations that are cancelled after midnight 3/2/09.

CPEs Non-Refundable

Service Fee 7 $25 15 $50 22 $75

Payments (payable to: ISACA Detroit) should be mailed to the address below. Please do not remit payment to the IIA Detroit Chapter. Conference or registration questions should be sent to [email protected]. ISACA Detroit Geralyn Jarmoluk – Chapter Administrator 78850 McKay Rd Romeo, MI 48065


TRACK INFORMATION

Track Session Dates Fee

Collaborative Customer Service Skills for Auditors (7 CPEs) 3/9 $275 A Communication, Influencing and Change Implementation Skills for Auditors (15 CPEs)

3/10-3/11 $550

Conducting Effective Fraud Risk Assessments (15 CPEs) 3/9-3/10 $550 B Investigative Interviewing Skills for Auditors (7 CPEs) 3/11 $275 Integrating COBIT 4.1 into Your IT Audit Projects (15 CPEs) 3/9-3/10 $550 C Auditing IT Projects (7 CPEs) 3/11 $275

D Auditing and Securing SAP’s Enterprise Service-Oriented Architecture (22CPEs)

3/9-3/11 $825

E Uncovering Fraud in Core Business Functions (22 CPEs) 3/9-3/11 $825 F Internal Audit School (22CPEs) 3/9-3/11 $825 G Computer Forensics: Tools and Techniques (22 CPEs) 3/9-3/11 $825

H Using Risk Assessment to Build Individual Audit Programs (22 CPEs)

3/9-3/11 $825

I Project Management for Auditors (22 CPEs) 3/9-3/11 $825 J Auditing the Manufacturing Process (22 CPEs) 3/9-3/11 $825

conference mmaarrcchh 99 -- 1111,, 22000099 have invited many audit and assurance vendors to set up...

Documents