© Copyright The Institute of Internal Auditors
2012 Governance Risk and Control Conference
Session and Speaker Information
Sunday August 19, 2012 3:00 – 6:00 PM
WORKSHOP 1
Fraud and Risk Assessment
Dr. Joan Pastor, CSP
Chief Executive Officer
JPA International, Inc.
Learn why fraud and risk self-assessments are important to any fraud program or risk assessment and a highly effective process for facilitation.
Discover a step by-step process for running an FRSA workshop.
Learn some key facilitation tools and dozens of tips and strategies for getting the best quality information.
Learn how to identify significant risks related to fraud exposure through your clients and assess the existence and strength of controls against the fraud risk exposure.
Dr. Joan Pastor has been a professional international speaker, trainer, and coach since 1979 and is well
known for her training, facilitation, and consulting skills. She authored Conflict Management and
Negotiation Skills for Internal Auditors, has published over 30 articles, and is the recipient of numerous
awards, including the American Institute of Certified Public Accountants’ Excellence in Journalism Award.
Joan has also made pioneering contributions related to risk assessment, fraud and business process
management, conflict management and interviewing skills, Sarbanes-Oxley, and mergers and
acquisitions. She and her associates are considered the premier trainers for auditors in all areas of
“people, leadership and management” skills related to the audit, risk and finance professions. She has
developed Audit Training Universities for several Fortune 100 companies. Joan works alongside legal
counsel and executives on potential or discovered fraud situations, and she has been responsible for
uncovering several embezzlement and other fraudulent schemes. She also is a member of the National
Association of Corporate Directors and has provided consultation services to many executive teams and
boards. Joan’s book The White Collar Criminal Revealed will be published in 2013.
Learning Field: Auditing
Learning Level: Beginner
© Copyright The Institute of Internal Auditors
Monday August 20, 2012 8:30 – 9:45 am
GS 1
Sharpening Our Focus on the Road Ahead: Internal Auditing 2020
Richard F. Chambers, CIA, CGAP, CCSA, CRMA
President and Chief Executive Officer
The Institute of Internal Auditors
Richard Chambers has 36 years of internal audit, accounting, and financial management leadership
experience, including a long career in public-sector internal auditing. His public service tenure included
holding chief audit executive positions at three of the U.S. government’s largest organizations. Chambers
also served as vice president of The IIA Learning Center and national practice leader in Internal Audit
Advisory Services for PricewaterhouseCoopers. He has served on numerous boards and panels,
including the U.S. President’s Council on Integrity and Efficiency; the City of Orlando, FL, Audit Board; the
U.S. Government’s Executive Council on Integrity and Efficiency; The IIA’s Internal Audit Standards
Board; and the Board of the Committee of Sponsoring Organizations of the Treadway Commission
(COSO).
Explore potential scenarios for the evolution of the profession in the decade ahead.
Examine the potential role, focus, and structure of internal auditing in 2020.
Address the skills internal auditors will need to develop to succeed in the future.
Learning Field: Auditing
Learning Level: Intermediate
Monday August 20, 2012 10:15 – 11:30 am
CS 1-1
Leadership Skills for Working with Executives and Audit Committees
Dr. Joan Pastor, CSP
Chief Executive Officer
JPA International, Inc.
● Learn the seven core competencies to effective leadership skills and which skills you need for
working with Audit Committees (AC).
© Copyright The Institute of Internal Auditors
● Learn the gap between CAE and AC expectations, and communications, and how to bridge it.
● Discover what ACs needs to do to be highly effective, and how you can also use your AC to
handle difficult clients.
Dr. Joan Pastor has been a professional international speaker, trainer, and coach since 1979 and is well
known for her training, facilitation, and consulting skills. She authored Conflict Management and
Negotiation Skills for Internal Auditors, has published over 30 articles, and is the recipient of numerous
awards, including the American Institute of Certified Public Accountants’ Excellence in Journalism Award.
Joan has also made pioneering contributions related to risk assessment, fraud and business process
management, conflict management and interviewing skills, Sarbanes-Oxley, and mergers and
acquisitions. She and her associates are considered the premier trainers for auditors in all areas of
“people, leadership and management” skills related to the audit, risk and finance professions. She has
developed Audit Training Universities for several Fortune 100 companies. Joan works alongside legal
counsel and executives on potential or discovered fraud situations, and she has been responsible for
uncovering several embezzlement and other fraudulent schemes. She also is a member of the National
Association of Corporate Directors and has provided consultation services to many executive teams and
boards. Joan’s book The White Collar Criminal Revealed, will be published in 2013.
Learning Field: Personal Development
Learning Level: Beginner
CS 1-2
Aligning ERM and Internal Audit to Focus on Strategic Risks
Sandra Pundmann, CIA, CPA
Partner, Audit and Enterprise Risk Services
Deloitte & Touche LLP
Elizabeth Truelove McDermott, CPA
Vice President, Audit, Ethics and Compliance Services
DeVry Inc.
Thomas Cheriyan, CISA, CRISC
Director, Business Process Assurance
CDW Corp.
Learn how to facilitate the development of an integrated enterprise risk framework to bridge
organizational barriers.
© Copyright The Institute of Internal Auditors
Understand how to act as a catalyst and enabler by focusing on strategic risks and engaging
senior leaders within the organization talking to each other; developing a common risk language;
and harmonizing the way that risk is identified, assessed, and measured, so that risk intelligence
can be developed across the organization.
Discuss how companies are engaging the board, senior management and their employees to
think differently about risks and how key risk indicators, strategic planning, and analytics are
helping change management’s thinking about risk management.
Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing,
accounting, finance, and information technology. She serves as the leader of the Governance and Risk
and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for
the technology, media, and telecommunications industry. Prior to joining Deloitte and Touche in 1996,
Pundmann served as the vice president and chief audit executive of a Fortune 50 company, where she
oversaw a global internal audit organization of more than 70 internal audit professionals. In addition, she
has served in a variety of finance, risk management, and IT leadership and management capacities.
Elizabeth Truelove McDermott is vice president, Audit, Ethics and Compliance Services at DeVry Inc.
She began her career with DeVry in 1992 as the state licensing specialist. Elizabeth has extensive
experience at DeVry, working across three divisions, including Becker Professional Review, before
assuming her current role. Most recently she served as senior director of internal audit with responsibility
for planning, directing, and administering a comprehensive risk-based internal audit program. She
provided audit leadership in the development, operation and evaluation of the organization risk-
management program, as well as served as the organization liaison to external audit and regulatory
reviews. Elizabeth earned her MBA from Keller Graduate School of Management,
Thomas Cheriyan oversees and directs the internal audit function at CDW, a leading provider of technology solutions for business, government, education and healthcare. Prior to joining CDW, Thomas worked at Deloitte & Touche where he conducted and directed a wide variety of enterprise-wide, strategic-level and operational risk management projects for Fortune 500 companies. In the area of Enterprise Risk Management (ERM), he assisted management to assess and enhance their existing governance practices, roles and responsibilities, risk identification, risk assessment, and risk mitigation strategies. Thomas has an MS in Information Systems Management from Loyola University Chicago and has presented to the Institute of Internal Auditors (IIA) on practical examples of implementing ERM.
Learning Field: Management Advisory Services
Learning Level: Intermediate
© Copyright The Institute of Internal Auditors
CS 1-3
Detecting Fraud in Credit Card Data
Phillip W. Hurd, CISA, CISSP
Chief Audit Executive and Director, Internal Auditing
Georgia Institute of Technology
Examine the role of credit cards in our society and their use as “purchasing controls” in corporate
government and higher education.
Discuss common fraud schemes used with purchasing cards and how to use data analytics with
these schemes and analyze control structures.
Identify how to retrieve level III credit card data.
Discover how to use common data analytics to identify signature-based fraud
Identify card-based CC and PC controls
Phil Hurd is a well known Southeast regional speaker on internal control structures, ethics, leadership,
fraud, and motivation. Phil presents his message in a folksy, comedic, and inspiring manner. A
recognized expert in fraud detection, Phil tells the stories of how he and his team uncovered several
multimillion dollar fraud schemes, analyzed the controls, and assisted in the prosecution. He and his team
have assisted the State of Georgia numerous times in removing the “bad apples” from the university
system.
Learning Field: Auditing
Learning Level: Beginner
CS 1-4
New Technology is Changing Business Processes, Risks and Controls. How Will That Impact
You?
Norman Marks, CRMA, CPA
Vice President
SAP
Learn why 2011 has been called the "most radical period of change in the history of digital
computing."
Explore how mobile technology, big data, augmented reality, the cloud, and in-memory computing
are changing business processes.
Discover what that means with respect to risks and controls.
© Copyright The Institute of Internal Auditors
Norman Marks is an influential blogger and recognized thought leader in the areas of internal auditing,
governance, risk management, compliance, enterprise performance, and business intelligence. He
served as vice president of Internal Audit for Business Objects before the company was acquired by SAP
in 2008. Norman has been a chief audit executive of major global corporations since 1990. He authored
two of the most downloaded IIA products: Sarbanes-Oxley Section 404: A Guide for Management by
Internal Controls Practitioners and The GAIT Methodology. Norman is editor of Internal Auditor
magazine's Corporate Governance department. He serves as a member of the review boards of several
audit and risk management publications, and he has authored several award-winning articles. He is also
an Honorary Fellow of the Institute of Risk Management and a Fellow of the Open Compliance and Ethics
Group (OCEG)
Learning Field: Auditing
Learning Level: Intermediate
Monday August 20, 2012 12:45 – 2:00 pm
CS 2-1
Governance, Risk, and Control (GRC): What is it? How is it Different than Enterprise Risk
Management (ERM)?
Dr. Glenn Sumners, CIA, CFE Director, Center for Internal Auditing College of Business Louisiana State University
Dr. Jared Soileau, CIA, CCSA, CPA, CISA
Visiting Assistant Professor, Accounting
Louisiana State University
What are the differences and similarities between GRC and ERM?
How are internal audit activities involved in the GRC process?
How is internal audit involved with the ERM process?
What activities internal audit functions are performing to evaluate the Governance and the ERM
processes?
Identification of any leading practices noted.
Dr. Glenn Sumners is a Louisiana State University faculty member and also the director of the LSU
Center for Internal Auditing. He was named Educator of the Year in 1987 by the IIA and received the
© Copyright The Institute of Internal Auditors
LCPA Lifetime Achievement in Accounting Education Award in 1999. In 2006, Glenn received the
Bradford Cadmus Memorial Award from the IIA. In 2012, he was inducted into the IIA American Hall of
Distinguished Audit Practitioners. He is a member of the IIA Society Emeritus. Eighteen students from the
LSUCIA Program have won international awards for the highest CIA exam score. Glenn provides quality
assurance reviews, consulting, and training to internal audit groups and audit committees and has made
over 1,200 presentations in the last 25 years.
Dr. Jared Soileau teaches accounting information systems at Louisiana State University and assists with
the LSU Center for Internal Auditing. Prior to obtaining his Ph.D. from The University of Memphis, Jared
worked in various audit capacities with Ernst & Young LLP, Alcatel Inc., Avery Dennison, and FedEx
Services. He has provided CIA exam review training for multiple IIA chapters and research interests that
include internal auditing, corporate governance, and enterprise risk management.
Learning Field: Auditing
Learning Level: Intermediate
CS 2-2
Be at the Table: Tips and Techniques for Auditors to Promote Effective and Efficient Enterprise
Risk Management
Carin Salonia, MS, PMP
Assistant Vice President, Internal Audit Management Advisory Services
The Hartford Financial Services Group Daniel Seabra Assistant Director, Internal Audit Management Advisor Services The Hartford Financial Services Group
Learn the attributes of effective risk management.
Practice developing an ERM risk governance audit program.
Find out how to move risk assessments from project exercise to embedded business process.
Promote sustainable risk management programs and behaviors within the business.
Carin Salonia is assistant vice president of internal audit management advisory services at The Hartford.
Carin has led a team of audit professionals during significant organizational process redesign (finance,
business, and IT), implementing coordinated audits involving assurance, advisory and consultative
services in business, finance and technology. An accomplished presenter, Carin is a member of
Toastmasters International; an active member of PMI; Six Sigma Green Belt; and Change Management
© Copyright The Institute of Internal Auditors
Certified. She currently serves on the board of directors as COO and vice president for the Southern New
England Chapter for Project Management.
Dan Seabra is assistant director of Internal Audit Management Advisory Services at The Hartford and has
over 8 years of audit experience in insurance and financial services. Dan has held a number of positions
within The Hartford's Internal Audit Department including SOX control design and testing, P&C and
Corporate Audit.
Learning Field: Management Advisory Services
Learning Level: Beginner
CS 2-3
Enhancing Management’s Internal Control Capabilities
Jacqueline Wagner, CIA, CPA
Consultant
Ernst & Young LLP
Bavan Holloway, CIA, CPA
Vice President
Corporate Audit, Office of Internal Governance
The Boeing Co.
Gain an understanding of how an initial investment in training can lead to a stronger control
environment/
Learn about the roles and responsibilities of management, Internal Audit and related functions in
the overall assessment and oversight of controls/
Explore different approaches to strengthen and enhance the management control environment
Increase efficiency by partnering with management to embed control monitoring within their
processes/
Learn how Internal Control Maturity can be factored into Internal Audit's risk assessment and
audit planning processes.
Jacquie Wagner is a consultant with Ernst & Young's Risk Advisory Practice. She is an experienced
internal audit executive who works with Ernst &Young teams to provide internal audit services and
insights around leading internal audit practices to global clients. Previously, Jacquie was general auditor
at several Fortune 100 companies to include financial services, oil and gas, and automotives industries.
In her role as general auditor, she directed the development and execution of risk based audit plans
across the organizations. She has extensive experience working with audit committees and various
regulatory agencies and has led both SOX and operational risk activities in several organizations. Jacquie
© Copyright The Institute of Internal Auditors
is a member of The Institute of Internal Auditors (IIA) and has served as chairman of the board,
committee chairperson for several international committees and a member of the Research Foundation.
Bavan Holloway is vice president of corporate audit, Office of Internal Governance for The Boeing
Company, the world’s leading aerospace company. Bavan is responsible for all corporate audit activities,
including review of internal control systems, overall process assessments ensuring effectiveness, and the
Boeing Enterprise Auditor Program, the company’s leadership development program. Previously, Bavan
was director of finance for the 777 program at Boeing Commercial Airplanes (BCA), responsible for
leading the development and integration of program business plans. Prior to that, Bavan held several
executive positions in finance supporting BCA and its commercial aviation services division. She joined
Boeing in 2002 and served as the assistant corporate controller and chief accountant directing the
management of financial accounting and external financial reporting. She also developed internal controls
and disclosure practices, working with the company’s business unit CEOs, CFOs and other stakeholders,
to ensure compliance. Prior to joining Boeing, Bavan was a partner at KMPG LLP and served clients in
Chicago and New York.
Learning Field: Auditing
Learning Level: Intermediate
CS 2-4
Best Practices on the Use of Data Mining to Combat Fraud
Felicia A. Hawkins
Manager, Countermeasures and Performance Evaluation
Office of Inspector General, U.S. Postal Service
Gain insights on how to implement a data mining and predictive analytics program to help combat
fraud.
Learn how to build a data mining team and discuss the best place to start building fraud models.
Discuss effective ways the data mining team can work with internal and external stakeholders to
build fraud models that can be used by multiple and diverse users.
Felicia A. Hawkins manages the operations of the countermeasures and performance evaluation team
and oversees the data mining support functions. Felicia is responsible for the data warehouse, reporting,
and the data mining model performance and life cycle. She has been with the OIG for the U.S. Postal
Service for 15 years and has worn many hats starting as as audit/evaluator for 10 years within the Office
of Audit. She was also a member of the professional development team and a manager with the Risk
Analysis Research Center.
© Copyright The Institute of Internal Auditors
Learning Field: Specialized Knowledge and Applications
Learning Level: Beginner
Monday August 20, 2012 2:30 – 3:45 pm
CS 3-1
Internal Audit: Thought Leadership for Effective Crisis Management
Sanjay Patel, MSC, MBA
Chief Financial Officer, Health Information Technology, Governors Office
State of Illinois
Understand the meaning behind a crisis situation.
Explore examples of effective and ineffective crisis management.
Discover the roles can internal audit play in crisis management?
Learn strategies to proactively manage crisis situations.
Sanjay Patel partners with the Governor’s office to ensure state agencies comply with Section 1512(c)
reporting requirements of the American Recovery & Reinvestment Act (ARRA) of 2009. Sanjay has
assisted many clients with Sarbanes-Oxley Section 404 compliance and business process improvement
projects. He has over 20 years of progressive experience within the public and private sectors. Sanjay
has also developed and delivered numerous presentations and training programs on a variety of
professional development topics.
Learning Field: Management Advisory Services
Learning Level: Beginner
CS 3-2
Integrating IT into the ERM Process
Xenia Ley Parker, CIA, CFSA, CISA, CGEIT, CRISC
Senior Director, IT Internal Audit
Marsh & McLennan Companies
Learn why IT has become a critical aspect of business and operational risk and why the IT/ERM
integration effort is such a challenge
Uncover various options for developing the IT subject matter.
© Copyright The Institute of Internal Auditors
Discover where and how it fits into the organizational “big picture.”
Learn why ERM teams are often devoid of IT expertise with several generic examples based on
real life experiences.
Engage in a Q&A session with fellow participants.
Xenia Ley Parker is senior director, MMCo Internal Audit, responsible for information technology audit
worldwide. She joined Marsh Inc. in 2004 as Sarbanes-Oxley PMO for IT globally. Xenia is author of
Information Technology Audits, published by CCH annually within their online Accounting Research
Manager (ARM). She was a senior consultant with MIS Training Institute, with over 29 years of
experience in IT and auditing. Xenia spent 14 years with Coopers & Lybrand and 3 with Ernst & Young.
Co-author of C&L's Handbook of IT Auditing, she wrote the technology aspects of the original 1992
COSO study: Internal Control-Integrated Framework. Previously she was associate director, production,
of the Unix-based data center for CBS/AT&T Venture One videotex field test. Xenia is a frequent
presenter at major conferences; a member of ISACA and The IIA, has served on The IIA’s International
Advanced Technology and Professional Issues Committees, and currently serves on The IIA New York
Chapter Board of Governors. She received IIA-New York Chapter's 2010 Thomas A. Johnson Lifetime
Achievement Award, the 1993 International IIA Auditing and Technology Award, among others. She has
written numerous IIA monographs and participated in development of several GTAGs on IT Audit-related
subjects.
Learning Field: Auditing
Learning Level: Intermediate
CS 3-3
Choices in Risk Management
Sally Dix, CIA, CRMA
Vice President, Standards and Guidance
The Institute of Internal Auditors
Charles Locasto, CRMA Vice President MetLife
Sandra Pundmann, CIA, CPA
Partner, Audit and Enterprise Risk Service
Deloitte & Touche LLP
© Copyright The Institute of Internal Auditors
Norman Marks, CRMA, CPA
Vice President
SAP
Does "business maturity" figure significantly in a successful risk management strategy
implementation? If so, is this a major consideration in the choice of risk management model?
Who should "own" risk management, and how does the answer to this question affect the risk
management approach and odds of a successful short and long term RM strategy?
Are there good examples of hybrid RM strategies where management has chosen to combine
what they feel are the best features of different RM frameworks/approaches?
What role does internal audit play that makes the best contribution when management is
designing its RM stategy? What is internal audit's most effective role in supporting an on-going,
successful risk management strategy?
Sally Dix and her team are responsible for liaising with the IIA volunteer structure to support The IIA’s
process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics,
Standards and Guidance). She has been tasked with the aspirational goal of leading the evolution of her
Standards & Guidance team in delivering thought leadership to the internal audit profession. She is a
member of The IIA’s strategic task force to develop the capability to be agile in the development of
guidance/knowledge to keep internal audit professionals current and relevant. In her current role, she had
the opportunity to participate in chief audit executive roundtables in Orlando, Chicago and New York City,
where internal audit practitioners provided candid feedback on exposure draft issues to COSO and the
PwC authors of the new COSO IC framework. Her career in internal audit prior to joining The IIA in
October 2011 involved leading internal auditing and compliance organizations in medium to large publicly
traded companies in the high tech and telecom industries (ATMEL Corporation; AT&T Wireless; Verizon
Wireless; and AirTouch Communications, spin-off of Pacific Telesis Group).
Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.
Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing,
accounting, finance, and information technology. She serves as the leader of the Governance and Risk
and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for
the technology, media, and telecommunications industry. Prior to joining Deloitte and Touche in 1996,
Sandy served as the vice president and chief audit executive of a Fortune 50 company, where she
© Copyright The Institute of Internal Auditors
oversaw a global internal audit organization of more than 70 internal audit professionals. In addition, she
has served in a variety of finance, risk management, and IT leadership and management capacities.
Norman Marks is an influential blogger and recognized thought leader in the areas of internal auditing,
governance, risk management, compliance, enterprise performance, and business intelligence. He
served as vice president of Internal Audit for Business Objects before the company was acquired by SAP
in 2008. Norman has been a chief audit executive of major global corporations since 1990. He authored
two of the most downloaded IIA products: Sarbanes-Oxley Section 404: A Guide for Management by
Internal Controls Practitioners and The GAIT Methodology. Norman is editor of Internal Auditor
magazine's Corporate Governance department. He serves as a member of the review boards of several
audit and risk management publications, and he has authored several award-winning articles. He is also
an Honorary Fellow of the Institute of Risk Management and a Fellow of the Open Compliance and Ethics
Group (OCEG)
Learning Field: Business Management and Organization
Learning Level: Advanced
CS 3-4
Audit Smarter, Not Longer! IT Audit Case Study
Ross Elliott Wescott, CIA
Chief IT Auditor
Portland General Electric Company
Discuss whether technology use has brought efficiency and effectiveness to internal audit in such
a way that its removal would hamper internal audit functionality.
Learn how one organization’s internal audit department has used technology to accomplish
multiple objectives, such as:
Shrink audit project overhead and increase efficiency, effectiveness, and timeliness in the
field.
Access corporate data in such a way as to greatly cut sampling requirements.
Bypass IT and the operating departments to gain data independence.
Ross Wescott is responsible for managing all IT internal control audits and special projects in the
information systems areas of PGE. In addition, as the senior member of the staff, he assists the director
of internal audit in internal audit strategy, methodology, and tool use. Prior to joining PGE, he held similar
positions at Louisiana Pacific Corporation and NW Natural Gas Company. Currently, he is a member of
© Copyright The Institute of Internal Auditors
the ISACA Credentialing Board and Cloud II Task Force and serves as the Audit Committee Chair for a
nearly $1B Credit Union.
Learning Field: Auditing
Learning Level: Intermediate
Monday August 20, 2012 3:55 – 5:10 pm
CS 4-1
Auditing Governance: If There's a Will, There's a Way
Hal Garyn, CIA
Vice President, North American Audit Services
The Institute of Internal Auditors
Discuss what is or can be meant by governance.
Identify areas in a company where "governance" audits can be performed.
Challenge participants to potentially rethink their annual audit plans.
Offer ideas on ways to successfully audit governance.
Hal Garyn has 30 years of professional experience, predominantly focused on the financial services
industry with emphasis on the disciplines of risk management, internal auditing, strategic planning,
mergers and acquisitions, investor relations, and corporate governance. In his current role as Vice
President - IIA North American Services, he is responsible for chief audit executive services, quality
services, and global advocacy. Previously, Hal served on The IIA’s Global Audit Committee, Ethics
Committee, and Nominating Committee, as well as The IIA’s North American Board and Nominating
Committee and has held numerous leadership officer roles within five U.S. IIA chapters.
Learning Field: Auditing
Learning Level: Intermediate
CS 4-2
An Overview of the OCEG GRC Capability Model
Jason Mefford, CIA, CRMA, CPA, GRCP, CICA
President
Mefford Associates
© Copyright The Institute of Internal Auditors
M. Jane Diaz GRCP, CCEP, CICA Senior Internal Auditor Ventura Foods, LLC
Gain a brief explanation of the Open Compliance and Ethics Group (OCEG) GRC Capability
model.
Learn how the GRC framework was developed by an open source think tank of end use
companies and service providers and was designed to be applied to all organizations.
Find out how the framework can be applied by GRC professionals to design and implement a
robust GRC function.
Tap into tools available from OCEG for use by internal auditors on how to audit a GRC function.
Jason Mefford is a sought after advisor and speaker on ethics, corporate governance, GRC, and internal
audit topics. He is currently the president of Mefford Associates, a professional training, coaching and
boutique advisory firm. Jason has been the chief audit executive at two multi-billion dollar manufacturing
companies. Prior to that he was a manager at both Arthur Andersen and KPMG, performing internal and
external audits and advisory services for clients in various industries. Jason is active in The Institute of
Internal Auditors where he has served in various volunteer leadership positions at the local and
international level. He serves on the leadership council for the Open Compliance and Ethics Group
(OCEG) a non-profit think tank that helps organizations drive “Principled Performance” by enhancing
corporate culture and integrating governance, risk management, and compliance processes.
Jane Diaz is responsible for the day to day operations of the Ethics and Compliance at Ventura Foods,
LLC. She leads the company's annual company-wide Employee Survey and is responsible for the
administration and maintainance of the policy management cycle and processes. Prior to joining Ventura
Foods, LLC, Jane was an internal audit supervisor at Farmers Insurance Group Federal Credit Union
where she directed and managed the internal audit activities. She is a former tax auditor for the state of
California where she also instructed various sales and use tax xeminars for new business owners.
Learning Field: Auditing
Learning Level: Beginner
CS 4-3
Governing with ITIL and COBIT
Pam Nigro, CISA, CGEIT, CRISC Manager Health Care Service Corp
© Copyright The Institute of Internal Auditors
Learn the primary focus of ITIL - Service Support Management and Service Delivery Management
Expand your understanding of COBIT’s focus on definition, implementation, auditing, measurement
and improvement of controls
Discover how when implemented effectively, both COBIT and ITIL provide the necessary framework
of an IT GRC program that enables the IT organization to govern itself.
Pam. Nigro is the manager of the iInternal controls, IT policy, and risk management teams at Health Care Service Corporation (HCSC operates the Blue Cross and Blue Shield plans in Illinois, New Mexico, Oklahoma and Texas). She has over 20 years of experience working in information technology, ultimately becoming a subject matter expert in IT general controls. Prior to HCSC, Pam’s experience in the systems and process assurance (SPA) practice at PwC focused on services related to controls around IT management. She served both audit and non-audit clients. As a consultant, she helped HCSC develop its control framework using ITIL and COBIT.
Learning Field: Computer Science
Learning Level: Beginner
CS 4-4
The Auditor’s Role in Helping Management Understand How to Prevent and Detect Fraud Harriet Richardson, CIA, CGAP, CPA Audit Manager City of Berkeley, CA
Discuss examples of fraud in private and public sector organizations and what allowed them to
occur.
Explore examples of how auditors can do a better job of explaining to management what allowed
organizational fraud to occur.
Share ideas about how auditors can help management better understand the reasons behind
auditors' recommendation for preventing fraud and detecting it if it does occur.
Harriet Richardson has more than 25 years of performance audit and management analysis experience
in federal, state, and local governments, and currently manages the performance audit function in the
Berkeley City Auditor’s Office. Her previous audit experience includes the Washington State Auditor’s
Office; the City and County of San Francisco; the Atlanta City Auditor’s Office; King County, Washington;
and Fort Lewis, Washington. Harriet’s a frequent conference presenter and is a current member of the
Association of Local Government Auditors’ Professional Issues Committee and the Association of
Government Accountants’ Financial Management Standards Board.
© Copyright The Institute of Internal Auditors
Learning Field: Auditing
Learning Level: Intermediate
Tuesday August 21, 2012 8:30 – 9:45 am
GS 2
Providing Assurance Over Risk Management: It's Not an Option Anymore
Paul Sobel, CIA, CRMA, CPA
Vice President and Chief Audit Executive
Georgia Pacific LLC
Better understand the assurance and consulting requirements of the Standards.
Learn an approach for evaluating the overall risk management program, leveraging concepts
from ISO 31000 and other sources.
Evaluate the maturity of the risk management program to help provide better advice on improving
sustainability of the program.
Consider what resources are needed to provide assurance over risk management.
Paul Sobel leads the global internal audit activity for Georgia-Pacific, LLC, a diversified forest products
company based in Atlanta. He previously served as the chief audit executive for three public companies
in the energy and publishing industries. He is a frequent speaker on governance, enterprise risk
management (ERM), and internal audit topics. Sobel recently co-authored a book titled Enterprise Risk
Management: Achieving and Sustaining Success. Previously he authored Auditor’s Risk Management
Guide: Integrating Auditing and ERM and coauthored Internal Auditing: Assurance and Consulting
Services. He currently serves on The IIA’s Board of Directors as senior vice chair.
Learning Field: Management Advisory Services
Learning Level: Intermediate
© Copyright The Institute of Internal Auditors
Tuesday August 21, 2012 10:15 – 11:30 am
CS 5-1
Case Study: Corporate Governance Start-Up
Nick Moscaritolo, CPA, CFE
Vice President, Internal Assurance
JDA Software Group
Starting an ERM program and extracting a risk-based audit plan from the results.
Solving small department/start-up common issues.
Transitioning from a co-source to internal audit model.
Best practices for auditing and reporting in a small audit team environment.
Nick Moscaritolo has over 15 years of experience in the internal and external audit field. Nick started his
career at Arthur Andersen, moved to Arizona Public Service Company, and later, Starwood Hotels &
Resorts. Currently, Nick is the vice president of internal assurance and chief audit executive at JDA
Software Group. Nick has spoken at the last 2 MIS Training Institute SuperStrategies conferences.
Learning Field: Auditing
Learning Level: Intermediate
CS 5-2
Risk Management Strategy: The Right Approach for Your Organization
Sally Dix, CIA, CRMA
Vice President, Standards and Guidance
The Institute of Internal Auditors
Understand how identifying and implementing the right specific strategies and approaches for
your organization and its unique culture matter.
Learn how to combine theoretical knowledge and real world experience
Share new tips for making risk management work for your organization.
Discover how an approach tailored to your organization can make the difference in the success or
failure of risk management at your organization.
© Copyright The Institute of Internal Auditors
Sally Dix and her team are responsible for liaising with the IIA volunteer structure to support The IIA’s
process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics,
Standards and Guidance). She has been tasked with the aspirational goal of leading the evolution of her
Standards & Guidance team in delivering thought leadership to the internal audit profession. She is a
member of The IIA’s strategic task force to develop the capability to be agile in the development of
guidance/knowledge to keep internal audit professionals current and relevant. In her current role, she had
the opportunity to participate in chief audit executive roundtables in Orlando, Chicago and New York City,
where internal audit practitioners provided candid feedback on exposure draft issues to COSO and the
PwC authors of the new COSO IC framework. Her career in internal audit prior to joining The IIA in
October 2011 involved leading internal auditing and compliance organizations in medium to large publicly
traded companies in the high tech and telecom industries (ATMEL Corporation; AT&T Wireless; Verizon
Wireless; and AirTouch Communications, spin-off of Pacific Telesis Group).
Learning Field: Auditing
Learning Level: Intermediate
CS 5-3
Case Study: How Elster Group Integrates Multiple Compliance Initiatives on a Single Technology
Platform
Malte H. Globig, CIA, Dipl-Kfm
Senior Manager, Internal Audit
Elster Group SE
Hear how this multi-national engineering company meets compliance requirements for a diverse
group of stakeholders with a consolidated, single solution.
Learn how "narrow" technology requirements for a Sarbanes-Oxley compliance project were
developed into a "big tent" philosophy to allow internal auditors and risk managers collaborate on
an integrated GRC platform with operational and financial managers on a global scale.
Walk away from this session understanding how consolidating compliance for multiple business
applications into your existing GRC solutions provides Elster’s stakeholders with real-time insight
to improve business governance and process transparency.
Malte Globig is responsible for the internal audit function at Elster Group's businesses in the Americas.
He also serves as the company's internal GRC technology champion, spearheading the innovative use of
software applications to address today's governance, risk and compliance management challenges. Prior
to joining Elster Group, he led operational efficiency projects as a Six Sigma Black Belt at UnitedHealth
Group and provided business process improvement consulting services to clients in the utility and
financial services industries.
© Copyright The Institute of Internal Auditors
Learning Field: Auditing
Learning Level: Intermediate
CS 5-4
IA and Fraud Risk Assessment and Management
Annie Dugas, CA, DIFA, CFE
Director, Investigative & Forensic Services
Raymond Chabot Grant Thornton Consulting Inc
Christian Asselin, CA, CMA, CFE
Chief Audit Executive
Natural Resources Canada
Discover a framework and practical approaches to conducting effective fraud risk assessments.
Understand why greater expectations are being placed on internal auditors to integrate value-
added fraud risk and control assessments and strengthen their organizational fraud risk
management practices.
Dive into topics such as: designing an appropriate approach to fraud risk assessments, identifying
key elements of a fraud risk management program, defining the role of internal audit, and
developing a continuous auditing approach to managing the risk of fraud.
Annie Dugas is a director with the investigative and forensic consulting division of Raymond Chabot
Grant Thornton Consulting Inc. in Ottawa, Canada. Annie has extensive work experience in the
assurance and forensic advisory fields, including fraud prevention, detection, and investigation for
government and large private sector enterprises in Canada and internationally. Annie continues to
actively raise awareness and provide leadership to internal auditors and audit committee members on
their roles and responsibilities with regard to conducting fraud risk assessments and strengthening their
organization’s fraud risk management programs.
Christian Asselin is responsible for the internal audit branch of a department that has an annual budget
of around $3.3B and 4,000 full-time employees. Prior, Christian worked for the Office of the Comptroller
General of Canada as senior director, liaison and intelligence. In his role, Christian oversaw and
facilitated the collection, integration and analysis of audit related information to support proactive, efficient
and effective internal audit practices across the federal government. Previously he had experience as
director of investigation and forensic audits with the Office of the Auditor General of Canada (OAG) and
chief audit executive at the Public Health Agency of Canada.
Learning Field: Auditing
© Copyright The Institute of Internal Auditors
Learning Level: Intermediate
Tuesday August 21, 2012 12:45 – 2:00 pm
CS 6-1
How a Small Audit Department Enhances Corporate Governance through a Broader, More
Strategic Focus on Risk
Kaveh Rikhtegar, CA, CISA
Director, Internal Audit
Canadian Commercial Corp.
Use a risk based approach linked to the ERM to complete the annual audit plan.
Build an effective internal audit organizational structure, tools, and processes.
Implement an effective risk-based approach in planning, executing, and reporting audit activities.
Create an effective reporting structure to the audit committee.
Kaveh Rikhtegar has worked as a director with internal audit/controls in both the public and private
sectors for the past 15 years at Canada Post, Office of the Auditor General of Canada and more recently
at Canadian Commercial Corporation. Kaveh has made an extensive number of presentations on internal
audit and controls at various conferences and events throughout North America.
Learning Field: Auditing
Learning Level: Intermediate
CS 6-2
Enterprise Fraud Risk Management
Paul E. Zikmund, MBA, MAcc, MBEC, CFE, CFD
Director, Global Integrity and Forensic Audit
Bunge Ltd.
Learn why managing the risk of fraud is a critical component to any ERM program.
Gain a foundation to a fraud-free environment through the development, implementation, and
maintenance of an effective anti-fraud program and controls framework.
Hear about the elements of a comprehensive enterprisewide risk management framework that
includes steps to deter, detect, investigate, and remediate incidents of fraud within an
organization.
© Copyright The Institute of Internal Auditors
Paul E. Zikmund serves as director of global integrity & forensic audit of Bunge in White Plains, New
York. He is responsible for managing and conducting investigations of fraud and misconduct,
implementing fraud detective techniques, administering the company’s fraud risk assessment process,
and managing anti-fraud programs and controls designed to reduce the risk of fraud within the company.
Prior to joining Bunge, Paul worked as the senior director, forensic audit in Princeton, New Jersey, and
the director of litigation support services at Amper, Politziner, & Mattia, LLP, in Philadelphia where he was
responsible for developing, implementing, and administering fraud risk management services to Tyco and
to clients. He possesses nearly 20 years of experience in this field and has effectively managed global
fraud and forensic teams at various Fortune 500 companies.
Learning Field: Auditing
Learning Level: Intermediate
CS 6-3
Honorably Retiring “Controls” and Promoting “Risk Treatments.” It’s Time.
Tim J. Leech, CIA, CRMA, FCA, CFE
Managing Director Global Services
Risk Oversight Inc.
Review the history and definition of “controls” and “risk treatments.”
Learn why it’s time to retire “controls” and promote “risk treatments”: the business case for
change.
Disvoer “Optimizing risk treatments” – practical strategies to add exponentially more value
Share what needs to happen to retire “controls” and promote the use of “risk treatments”
Tim Leech is managing director of global services at Risk Oversight Inc., which focuses on helping
companies more effectively manage risk and assurance to meet escalating due diligence expectations
and add real value. He has over 25 years of experience in the ERM, internal audit, and forensic
accounting fields, including expert witness testimony in civil and criminal proceedings and global
experience helping public and private sector organizations with internal audit transformation initiatives
and the design, implementation, and maintenance of integrated GRC/ERM frameworks. He is co-author
with his daughter, Lauren Leech of Preventing the Next Wave of Unreliable Financial Reporting: Why
U.S. Congress Should Amend Section 404 of the Sarbanes-Oxley Act, and author of a new Risk
Oversight Inc. white paper challenging traditional approaches to ERM titled The High Cost of the ERM
Herd Mentality.
Learning Field: Auditing
© Copyright The Institute of Internal Auditors
Learning Level: Intermediate
CS 6-4
Crisis Management: A New Playbook
Jason Ackerman, CIA, CRMA, MBA, CFE, RISC, CGEIT
Chief Audit Executive
Georgetown University
Monica Modi Dalwadi, CIA, CPA, MBA, CFE
Director
Baker Tilly
Review details of some of the latest news-making company crises, particularly those affecting
higher education in the form of abuse allegations and inadequate emergency action procedures
in the face of these incidents.
Learn more about the challenges that arise in the aftermath of a crisis such as negative financial
impact, reorganization, unwanted media attention, reputational damage and pressure to prevent
reoccurrences.
Explore case studiesto learn how to take an active approach to mitigating the risk around
potential crisis at your organization.
focus on lessons learned — positive and negative — from recent athletics program scandals and
discuss the role that internal audit can serve in managing crisis, along with the necessary steps to
take to evaluate whether your organization has preventive measures and a sound post-crisis
action plan.
Jason Ackerman has 16 years of leadership experience providing goverance, risk, and compliance
solutions. His internal audit experience includes work with organizations in the Americas, Europe, Africa,
and Asia. Jason previously worked at major international consulting firms providing investigation,
transaction advisory, technology commercialization, and strategy optimization services. His clients
included non-profits, federal government agencies, and Fortune 500 companies in industries including, oil
& gas, utilities, railroad, manufacturing, mining, cable television, hospitality, financial services, and
pharmaceuticals. Jason has participated as a presenter for various webinars sponsored by The IIA.
Monica Dalwadi is a member of Baker Tilly’s risk advisory services and internal audit practice with 10
years of experience. Monica’s primary focus is internal auditing on a wide range of business issues and
regulatory compliance matters, corporate governance, and internal control structures, including crisis
management reviews. Prior to joining the firm, Monica worked in the internal audit department of a
financial institution where she led risk assessment activities and audited lending, deposits, and trusts. Her
© Copyright The Institute of Internal Auditors
client base includes higher education institutions, financial services companies, government contractors,
and not-for-profit institutions, including the World Bank, The Catholic University of America, Sevenson,
Howard Hughes Medical Institute, The JBG Companies, Princeton University, Children’s National Medical
Center, and The George Washington University. Monica has co-authored numerous research papers that
have been published in trade publications and has delivered many presentations on internal audit-related
topics at conferences and IIA chapter meetings.
Learning Field: Business Management
Learning Level: Intermediate
Tuesday August 21, 2012 2:30 – 3:45 pm
CS 7-1
Is IT Governance Really Auditable?
Tim Penrose, CIA, CISA, CIPP, PMP
Senior Director, IT Audit
TIAA-CREF
Expand your knowledge and understanding on the meaning of "IT Governance."
Gain insights into specific approaches and available guidance when assessing IT governance
within your organization.
Explore some of the potential pitfalls when completing an audit focused on your senior
leadership.
Tim Penrose leads the IT audit and data analytics functions within the internal audit division at TIAA-
CREF, responsible for the IT audit plan, integrated audits, and data analytics in support of audit, fraud,
investigations, and continuous auditing. Prior to joining TIAA-CREF, he was a senior manager with Ernst
& Young LLP’s Advisory Services practice, primarily focused on IT risk transformation. Prior to Ernst &
Young LLP, Tim was an assistant vice president and management associate at Citigroup, serving as a
risk and control officer as well as a technical project manager. He also has prior experience with Intel and
the National Security Agency (NSA).
Learning Field: Auditing
Learning Level: Intermediate
© Copyright The Institute of Internal Auditors
CS 7-2
Leveraging the Three Lines of Defense for Effective Risk Coverage Charles Locasto, CRMA Assistant Vice President MetLife
The benefits of a three lines of defense model.
Operating models for coordinated risk and control activities.
World class risk and control frameworks and methodologies.
World class risk and control platforms.
How to implement frameworks whether a big or small audit shop.
Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.
Learning Field: Auditing
Learning Level: Intermediate
CS 7-3
Time to Get Real — Refocusing Controls to Fight Modern Threats
Daimon Geopfert, CISSP, CISM, CISA, GCIH
National Leader, Security & Privacy Consulting
McGladrey
Vincent J. Schira, CPA, CISA, CISSP IT Audit Program Leader Domino’s Pizza Inc.
Learn about real-world hacking demonstrations that show controls bypass methods.
Discuss the topic of cracking and re-using "strong" passwords.
Hear about bypassing intrusion detection systems.
Ask whether evading anti-virus can compromise "protected" systems.
Find out how social engineering methods abuse social media.
Gain recommendations on how to implement more robust controls.
© Copyright The Institute of Internal Auditors
Daimon Geopfert is the national leader of security and privacy consulting for McGladrey. He specializes
in penetration testing, vulnerability and risk management, security monitoring, incident response, digital
forensics and investigations, and compliance frameworks within heavily regulated industries. Daimon has
over 17 years of experience in a wide array of information security disciplines. He serves as the firm’s
national leader for the security and privacy practice, responsible for the development of the firm’s overall
strategy related to security and privacy services and applicable methodologies, tool kits and engagement
documentation.
Vincent Schira is a seasoned professional with experience in financial and IT audit and joined Domino’s
Pizza Inc. in April 2010. Prior to working for Domino’s Pizza he held leadership positions in accounting,
materials & logistics management, and internal audit within the automotive industry. Leading the IT audit
function at Domino’s publicly traded entity, he is responsible for planning and executing a wide variety of
technology related audits. Last year Vince presented to the Internal Audit Executive Study Group of the
National Restaurant Association on key audit concepts in data warehousing and the results of a disaster
recovery benchmark study he conducted. His current areas of focus include consumer data privacy, food
traceability software, and serving on the company’s data governance council. Vince also works part time
as a firefighter and EMT for the City of Novi, Michigan.
Learning Field: Management Advisory Services
Learning Level: Intermediate
CS 7-4
Emerging Technology Risks - "Smart Phones, iPads and Blackberries, Oh My!"
Norman Comstock, CIA, CRMA, CCSA, CISA, CGEIT, CISSP
Managing Director
UHY Advisors
Richard Peters, CISA, CISSP, QSA Senior Manager UHY Advisors
Jamie DuBray, CIA, CPA, CISA, CISSP, CGEIT Assistant General Auditor CITGO Petroleum
Understand that authorized or un-authorized, these devices exist and most people have them.
Learn how to find out what devices are on your network.
© Copyright The Institute of Internal Auditors
Discuss what types of data your company allows on these devices and the latest attacks against
these devices
Review the latest mobile threats, attacks, and some current methods of protecting these devices
and your data.
Norman Comstock is a managing director at UHY Advisors in Houston, Texas. He leads advisory and
assurance services for IT strategy, IT governance, IT risk assessment, software selection/implementation,
documenting and testing IT general controls and application controls, and evaluating information security
strategy. He is also the firm’s national practice leader for governance, risk, and compliance. Norman was
president of GCRM Solutions, LLC before it merged with UHY Advisors in 2006. In the 15 years prior to
UHY Advisors, he was a principal with three other consulting firms providing technology and management
consulting services to Fortune 1000 companies. Norman held audit, accounting, and finance roles of
increasing responsibility at Texaco, Inc. and Compaq Computer Corporation. He began his career in
finance at Oppenheimer & Company. Norman is an adjunct professor at the C.T. Bauer School of
Business, University of Houston, where he teaches business ethics, advanced internal audit, and
governance, risk, and compliance.
Richard Peters specializes in information security and payment card industry (PCI) compliance. He brings over 13 years of experience managing, performing and delivering cost effective internal controls and information technology (IT) security solutions. This experience includes technology risk management, IT auditing, IT security assessments, internal auditing, attack and penetration testing services and security analysis in domestic and global entities in the energy, technology, financial and manufacturing industries. He is a professor at the University of Houston in the areas of information security.
Jamie DuBray is currently the Assistant General Auditor at CITGO Petroleum Corporation. Prior to
joining CITGO more than 5 years ago, Jamie had internal audit experience with Valero Energy
Corporation and Tesoro Petroleum Corporation as well as positions within information technology and
public accounting. Jamie has 13 years of audit experience and 10 years of experience in the petroleum
refining industry.
Learning Field: Specialized Knowledge and Applications
Learning Level: Intermediate
Tuesday August 21, 2012 3:55 – 5:10 pm
CS 8-1
Internal Audit - Perspectives of a Chief Compliance Officer
Jon Rydberg, CMA, PMP, CPIM
Vice President, Internal Audit
© Copyright The Institute of Internal Auditors
Smith & Wesson
Understand the how the chief compliance officer and chief audit executive work together to
protect the organization.
Establish a common definition of value and value destruction
Discuss the roles the COO and CAE in protecting against value destruction.
Explore a case study, When Sales Mask Performance.
Jon Rydberg is responsible for internal audit (ATF, FCPA, Import / Export, SOX). In addition, he was
responsible for implementing the organization's risk management infrastructure, ethics program and the
continuous controls monitoring program. Prior to joining Smith & Wesson, Jon was CEO of Orchid
Advisors, a consulting firm specializing in the achievement of corporate strategic objectives. He also
served as a managing director for Protiviti where he co-led the manufacturing industry practice and
served on the supply chain leadership team. Jon previously worked for Ernst & Young, United
Technologies, and Ensign-Bickford Aerospace & Defense. Jon is currently a member of the Department
of Homeland Security Critical Manufacturing Sector Board. He has previously served in leadership roles
for The IIA and APICS.
Learning Field: Business Management and Organization
Learning Level: Intermediate
CS 8-2
A Risk Manager’s View on ERM
Carol Fox, ARM
Director, Strategic and Enterprise Practice
RIMS, The Risk Management Society
Hear an experienced risk practitioner's insights on making enterprise risk management a
strategic business discipline.
Expand your understanding of how enterprise risk management can create as well as protect
value.
Learn how high-performing organizations are using risk management to reduce uncertainties and
increase the odds of success.
Discover how to forge a collaborative alliance between internal audit and risk management for
your organization's success.
Carol Fox is director of strategic and enterprise risk practice for RIMS, a global not-for-profit association dedicated to advancing risk management for organizational success. Founded in 1950, RIMS produces
© Copyright The Institute of Internal Auditors
networking, professional development and education opportunities for its membership of more than 10,000 risk management professionals who operate in more than 120 countries. Prior to joining RIMS in 2010, Carol was senior director of risk management at Convergys Corporation, a publicly traded, global relationship management company. A graduate of Miami University (Ohio), she serves on the advisory board for its Center for Business Excellence. She also holds the Associate in Risk Management (ARM) designation from The Institutes. Carol has authored and contributed to numerous published articles and whitepapers on a variety of risk management topics and currently serves as vice chair on the U.S. Technical Advisory Group for the international ISO 31000 risk management standard implementation projectTreasury & Risk named Carol as one of its 2011 100 Most Influential People in Finance.
Learning Field: Management Advisory Services
Learning Level: Intermediate
CS 8-3
Using Computer Forensics to Manage Controls
Bill Perry
Private Investigator, Security Consultant/Instructor and Chief Compliance Officer
Bill Perry & Associates
Learn to examine the different areas that exist in the "information age" for control
Understand why cell phones are important to "internal audits"
Discuss ways to protect your data
Bill Perry has lectured several professional organizations, including seminars for Busey Bank on identity
theft, First Community Bank on fraud and computer security, SW Chapter of IIA on Internal Corruption,
and presently working on developing a seminar on business ethics and workplace violence. Bill has been
recognized by I.C.E., a division of Homeland Security for his outstanding diligence and expertise in
locating and documenting electronic evidence.He has also worked with the Cape Coral Police for five
years as a crime analyst, computer forensics examiner and served as a member of their elite hostage
negotiations team.
Learning Field: Computer Science
Learning Level: Intermediate
CS 8-4
© Copyright The Institute of Internal Auditors
What Does An Internal Auditor Really Need to Know About Crisis Management
Annie Searle
Principal
Annie Searle & Associates LLC
The role of the crisis management team and its intersection with market, credit and operational
risk.
The characteristics of an ideal crisis management team member.
The scope of decisions made at the crisis management team level, as well as those delegated to
the incident/event management team.
The challenges of timely crisis management in an era of mobile devices and social media.
Annie Searle is principal of Annie Searle & Associates LLC, also known as ASA Risk Consultants, an
independent consulting and research firm, serving businesses and organizations that are part of the
nation’s critical infrastructure. She is the author of two books, Advice From A Risk Detective for the
general public; and Reflections on Risk for risk professionals, both available through Amazon. Annie is an
affiliate faculty member at the University of Washington’s School of Information, where she teaches
courses on operational risk. She is a lifetime member of The Institute of American Entrepreneurs, and
one of 20 inaugural inductees in 2011 into the Hall of Fame for Women in Homeland Security and
Emergency Management. Since 2007, she is one of roughly 50 thought leaders who meet each June at
New York University for its Global Roundtable on Public-Private Preparedness. Earlier, Searle spent 10
years at Washington Mutual Bank (WaMu) responsible for business continuity, disaster recovery,
technology risk and compliance, technology change management, and for vendor and application
information security. As senior vice president for Enterprise Risk Services, Annie and her teams
redesigned and rebuilt those programs to world-class status, utilizing a federated model in partnership
with the bank’s lines of business. She also chaired WaMu’s Crisis Management Team and was the
executive sponsor of the bank’s technology innovation program.
Learning Field: Management Advisory Services
Learning Level: Intermediate
Wednesday August 22, 2012 8:30 – 9:45 am
© Copyright The Institute of Internal Auditors
GS-3 Vendor Contracts and Risk Assessment: Lessons Learned from Fraud Convictions Moderator: Frank Lazzara Managing Director FTI Consulting Panelist: Dr. Susan Margiero, CFA, FRM Managing Director Forensic & Litigation Consulting
Annie Dugas, CA, DIFA, CFE
Director, Investigative & Forensic Services
Raymond Chabot Grant Thornton Consulting Inc
Paul E. Zikmund, MBA, MAcc, MBEC, CFE, CFD
Director, Global Integrity and Forensic Audit
Bunge Ltd.
Discussion of best practices for selecting and monitoring service providers within an enterprise risk management framework
How to vet related party transaction disclosures to prevent problems
How to identify and mitigate conflicts of interest such as when a customer has an equity stake in a vendor
When to use independent experts to conduct investigative due diligence on the vendor and key persons
Understanding bribery and anti-money laundering issues when dealing with non-US vendors
Discussion of lessons learned from prominent fraud convictions that involved service providers and what internal auditors should do as a result
Frank Lazzara has over 20 years of experience in public accounting, internal audit, financial operations
consulting and private industry expertise. He is responsible for facilitating all aspects of litigation support
and forensic engagements including planning, accounting research, fieldwork coordination, managing
client and counsel relationships, the drafting and submission of expert reports, and the preparation of
testifying expert witnesses. Prior to joining FTI Consulting, Frank supervised teams in the execution of
internal and independent audits. His private industry experience is in telecommunications where he
served as CFO and controller for a competitive local exchange carrier. He has served as an internal
© Copyright The Institute of Internal Auditors
auditor for Goldman Sachs with an emphasis in compliance and internal controls reviews. While at
Goldman Sachs, he supported the firm’s internal control environment by devising and implementing fraud
prevention initiatives. He also has public accounting experience with PricewaterhouseCoopers and
international experience investigating alleged violations of the Foreign Corrupt Practices Act in Asia and
Europe. Lazzara has led cases involving NYSE regulatory compliance examinations, and has advised on
high profile securities litigation cases involving the interpretation and expert application of Generally
Accepted Accounting Principles (“GAAP”) and auditor compliance with Generally Accepted Auditing
Standards (“GAAS”).
Dr. Susan Mangiero is a CFA charterholder and a certified Financial Risk Manager. She has provided expert testimony and behind-the-scenes forensic analysis, calculation of damages and rebuttal report commentary for various investment governance, performance, risk and valuation matters. She has more than 20 years of experience in capital markets, global treasury, asset-liability management, portfolio management, economic and investment analysis, derivatives, financial risk control and valuation, including work on trading desks for several global banks, in the areas of fixed income, foreign exchange, interest rate and currency swaps, futures and options. Susanhas provided insights about asset allocation, fiduciary duties, risk management, modeling, hedge effectiveness and valuation best practices for consulting clients and employers that include General Electric, PricewaterhouseCoopers, Mesirow Financial, Bankers Trust, Bank of America, World Bank, Pension Benefit Guaranty Corporation, RiskMetrics, U.S. Department of Labor, Northern Trust Company and the U.S. Securities and Exchange Commission. She is the author of Risk Management for Pensions, Endowments and Foundations. Her articles have appeared in Expert Alert (American Bar Association, Section of Litigation), Hedge Fund Review, Investment Lawyer, Valuation Strategies, RISK, Financial Services Review, Journal of Indexes, Family Foundation Advisor, Bankers Magazine, Expert Evidence Report and the Journal of Compensation and Benefits. Susan is a frequently invited speaker and has keynoted or led workshops for organizations such as the Stable Value Investment Association, Harvard Law School, Florida Public Pension Trustees Association, New York State Department of Insurance, Association of Public Pension Auditors, AICPA - Employee Benefits Section, National Association of Corporate Directors and Financial Executives International.
Annie Dugas is a director with the investigative and forensic consulting division of Raymond Chabot
Grant Thornton Consulting Inc. in Ottawa, Canada. Annie has extensive work experience in the
assurance and forensic advisory fields, including fraud prevention, detection, and investigation for
government and large private sector enterprises in Canada and internationally. Annie continues to
actively raise awareness and provide leadership to internal auditors and audit committee members on
their roles and responsibilities with regard to conducting fraud risk assessments and strengthening their
organization’s fraud risk management programs.
Paul E. Zikmund serves as director of global integrity & forensic audit of Bunge in White Plains, New
York. He is responsible for managing and conducting investigations of fraud and misconduct,
implementing fraud detective techniques, administering the company’s fraud risk assessment process,
and managing anti-fraud programs and controls designed to reduce the risk of fraud within the company.
© Copyright The Institute of Internal Auditors
Prior to joining Bunge, Paul worked as the senior director, forensic audit in Princeton, New Jersey, and
the director of litigation support services at Amper, Politziner, & Mattia, LLP, in Philadelphia where he was
responsible for developing, implementing, and administering fraud risk management services to Tyco and
to clients. He possesses nearly 20 years of experience in this field and has effectively managed global
fraud and forensic teams at various Fortune 500 companies.
Learning Field: Behavioral Ethics
Learning Level: Intermediate
Wednesday August 22, 2012 10:15 – 11:30 am
GS-4
Ethics and Managing Risk: A Preventive Maintenance Approach
Dr. Christopher Bauer, CSP, HSP, CFS
Founder
Bauer Ethics Seminars
Identify at least four common but often unseen or ignored “red flags” for ethics risks in themselves
and their organizations.
Articulate a minimum of four values keys to the development of a culture of ethics and values.
Articulate the financial and strategic value of implementing truly effective ethics training into an
organization’s risk management strategy.
Christopher Bauer is a licensed psychologist with over 25 years of experience as a speaker, trainer, author, and consultant on professional ethics and values-driven business strategies. Between coaching, speaking and consulting, he has worked with front-line workers to senior executives and everyone in between. Clients of Dr. Bauer have run the gamut from small and medium sized businesses and organizations to every level of staff and management at Fortune 500 corporations. Although ethics and fun aren’t words normally heard in the same sentence, Dr. Bauer has been helping individuals and organizations build and maintain great professional ethics, all while having a great time. Dr Bauer’s articles on how to build and maintain great professional ethics have appeared in such journals as CEO Refresher, CFO Magazine, Financial Executive, Internal Auditor, and many others. The latest edition of his book, Better Ethics NOW: How To Avoid The Ethics Disaster You Never Saw Coming has been a business ethics Top Seller on Amazon.com, and he publishes a free “Weekly Ethics Thought” seen by thousands of readers worldwide.
Learning Field: Behavioral Ethics
Learning Level: Intermediate