Western New York

IIA Newsletter

October 2016

Follow us!

@WNY_IIA

Check us out on social

media!

LETTER FROM THE PRESIDENT

Hello, Western NY IIA Members! The Chapter ended Q3 2016 with a fantastic half-day event on September 28th at Tewksbury Lodge surrounding Corporate Culture. It was truly a pleasure seeing everyone that attended and catching up with folks at the post-event networking hour! Our Board of Governors is looking very much forward to the upcoming events in Q4, starting with a free, two-hour, members-only webinar on Auditing the CIS Critical Security Controls, which will be presented by Philippe Langlois, Controls Technical Program Manager for the Center for Internet Security. A huge thank you to our partners in the ISACA WNY & Rochester IIA Chapters for helping us make this highly valuable and relevant training available to our members at no cost! Registration for this event is now open to all members of the ISACA and IIA in WNY and Rochester, and is limited to the first 100 registrants, so make sure to see page 2 for instructions on how to secure your spot! Our Newsletter Co-Chairs have also included some preliminary details about the event we have planned for November, and information on the 2016 IT Hacking Conference hosted by the IIA and ISACA Chicago Chapters. We are so happy to recognize Chuck Cino of M&T Bank as our Member Spotlight for October! The IIA WNY Board has selected Chuck to show our appreciation for his frequent and active support of the Chapter’s events over the last 6 years. Not to mention, Chuck’s a pretty cool guy. I have had the pleasure of working on many audits and projects with Chuck over the last 4 years and this recognition is well-deserved. Please join me in congratulating Chuck Cino this month! Our Board would also like to recognize two UB students, Kelsey Messer and Matthew Stollerman, for their achievements this year. Kelsey was the recipient of the 2014 WNY IIA Scholarship, so we are especially proud of her for scoring the highest grade on the CIA exam out of 55,811 candidates! Matthew Stollerman is the third-place winner of the IIA Research Foundation’s Esther R. Sawyer Research Award this year, an award established in 2000 as a tribute to Esther R. Sawyer, an active advocate for the Internal Audit profession. On behalf of the WNY IIA Board of Governors, great job Kelsey and Matthew and congratulations to you both! I am looking forward to catching up with everyone at our events over the next couple months. As always, if you have any questions about anything IIA related, please feel comfortable contacting me or any of our Governors to ask! Thank you, Ashley Kinnear, CFE, CISA

• October Event • The Audit Scope • Member Spotlight • Student Spotlight • Career Center • Items of Note • Training News • Board of Governors

EVENT DETAILS DATE: October 25, 2016

LOCATION: Live Webinar

TIME: 11:30 – 1:30pm

CPE: 2 hours (Auditing & Specialized Knowledge)

COST: Free for members of

the Rochester and WNY Chapters of the IIA and

ISACA

Click here to register for this event!

Auditing the CIS

Critical Security Controls

Philippe Langlois is currently a Technical Product Manager for

the CIS Critical Security Controls. In this role he leads an international community of cyber security experts who develop

best practices known as the CIS Critical Security Controls for Effective Cyber Defense, a set of actions proven to mitigate 85%

of the most prevalent cyber threats. He manages the production, writing, and publication of a range of cyber security resources. Philippe holds a Masters of Infrastructure Protection

and International Security, a BA in Criminology and certifications as a Global Industrial Cyber Security Professional

(GICSP), GIAC Penetration Tester (GPEN) and GIAC Critical Security Controls Certification (GCCC).

The Center for Internet Security’s Critical Security Controls are a

relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess

and improve their current security state. The CIS Controls embrace the Pareto 80/20 Principle, the idea that taking just a small portion of all the security actions you could possibly take, yields a very large percentage of the benefit of taking all those

possible actions.

Philippe Langlois Controls Technical Program Manager,

Center for Internet Security

PLEASE NOTE: Registration will be based on a first-come-first-serve basis and will be limited

to 100 attendees.

Please join us for a FREE *Members Only* Webinar Event:

Western New York Chapter

EVENT CO-HOSTED BY

CSC Top 5 Controls: Inventory of Authorized and Unauthorized Devices. Inventory of Authorized and Unauthorized Software. Secure Configurations for Hardware and Software on

Mobile Devices, Laptops, Workstations and Servers. Continuous Vulnerability Assessment and Remediation

Controlled Use of Administrative Privileges.

Presented by:

“THE AUDIT SCOPE” (UPCOMING EVENTS)

NOVEMBER

High Impact Report Writing (4 CPE) Presented By: Carole Buncher & Associates Hosted By: The IIA WNY Chapter

Date/Location: Details to follow shortly.

Topic: Carole will be presenting to members on: • How unconscious biases can influence the audit process • Effective audit report writing and communicating conclusions. About the Presenter: Carole Buncher and Associates: The Competency Company™ (Washington, D.C.) is a woman-owned, small business dedicated to delivering world-class training and consulting services to learners—regardless of age or experience level - with a special focus on audit training. Visit their website here. Note: Ashley Hubbard, IIA WNY Secretary, will send out a memo when registration opens.

"Cyber Civil War: Are You - Team lnfoSec or Team Audit?“ Annual IT Hacking Conference Co-Hosted By: The Chicago IIA and ISACA Chapters Date: November 3 & 4 Location: Summit West, Chicago, IL Topic: This 16 CPE conference is loaded with presenters who have been featured at Black Hat, Def Con and other national and international events. Topics include: • “How to Prepare for Audit Committee/BoD Expectations from Cybersecurity & Audit” • “Hacking Hospitals” • “DevSecOps: The Marriage of SecOps and DevOps”

About the Presenters: This year’s conference welcomes many fantastic presenters, including: • GreyCastle Security • Protiviti • The Federal Trade Commission Note: To register, please visit: 3rd Annual IIA/ISACA IT Hacking Conference. Attendance is limited to 220 participants for this year’s conference, so sign up soon!

WNY Member Spotlight

Chuck Cino, CPA, CRMA Chuck has been a member of the WNY IIA for over 6 years and is a regular participant in chapter events. Born and raised in North Tonawanda, Chuck attended North Tonawanda High School before pursuing a Bachelor’s degree in Business Administration, with a concentration in Accounting, at Niagara University. Chuck began his career in accounting through an internship with the New York State Department of Taxation and Finance before joining a local CPA firm Lumsden & McCormick, LLP as an accounting intern. In 2010, Chuck accepted a full-time position with First Niagara Bank in their Internal Audit department, specializing in commercial lending, before transitioning to M&T Bank’s Internal Audit function in 2013. As a Supervising Senior Auditor with M&T, Chuck is an integral part of the Capital Adequacy and Finance portfolios, where he has gained expertise with BASEL III, CCAR and DFAST, and has led many special projects to oversee the bank’s regulatory reporting. Chuck is a Certified Public Accountant and has also achieved his Certification in Risk Management Assurance (CRMA). When Chuck isn’t at work, he enjoys spending time with his wife and getting out on his motorcycle with his father and brother. Chuck is a lifetime Buffalo sports fan and 11-year Season Ticket Holder for the Buffalo Sabres.

Thank you for being a member, Chuck!

Student Spotlight The WNY IIA would like to congratulate two University at Buffalo students who were recently recognized by the IIA for the following achievements:

Kelsey Messer, CPA, CIA, CRMA The candidate who scored the highest in the CIA exam will receive the William S. Smith Award, named in honor of William S. Smith, CIA, The IIA's first chairman of the Board of Regents. In 2015, a total of 55,811 candidates took the CIA exam and 3,690 took a specialty exam. For a complete listing of award recipients, click HERE.

Matthew Stollerman The Internal Audit Foundation Board of Trustees established this award in June 2000 as a tribute to the memory of Esther R. Sawyer and her contributions to and support of the profession of internal auditing. Although Esther Sawyer was not an internal auditor, she was a gracious ambassador who enjoyed explaining the role of modern internal auditing to those she met. She was an advocate for internal audit curricula in colleges and universities and promoted internal auditing as a lifetime career.

CIA High Exam Grade 2014 WNY IIA Scholarship Recipient

University at Buffalo

Third Place, 2016 IIA Research Foundation’s Esther R. Sawyer Research Award winner

University at Buffalo

WNY IIA – CAREER CENTER

Audit Career Center If you are looking launch your internal audit career or are seeking qualified employees, you've come to the right place. The IIA's Audit Career Center is a proven source for résumé posting and focused candidate searches. The Career Center receives 10,000 unique visitors monthly. To contact The IIA's Audit Career Center, please call +1-888-575-9675 or email iiawnychapter@outlook.com. Job Seekers Are you seeking a job in internal auditing? IIA members may post their résumés and search for job opportunities in the Audit Career Center. Employers and Agencies Are you an employer or agency looking to fill open positions in your audit department? Post job openings and search résumés matching your criteria in the Audit Career Center. If you have any questions, please email ClientServ@YourMembership.com. IIA Career Opportunities Check out the latest job openings at The IIA and find out why the Institute is selected year after year as one of the top 100 companies for working families in Central Florida. IIA Fellowship Program Learn more about The IIA's Fellowship Program: Developing Tomorrow's Thought Leaders Today.

WNY CHAPTER ITEMS OF NOTE

Your WNY IIA Chapter has partnered with Gleim to ensure your success on the CIA exam! Working together, we will provide you the necessary study tools to prepare for this difficult exam. Gleim has been preparing candidates for success with their extensive self-study course for the CIA exam for over 30 years! The Gleim Review System enables you to identify your weak areas so you know where to focus your efforts and GUARANTEES that you will pass each exam part the first time. Our goal is that you achieve success while minimizing your frustration, cost, and time. As a member of the Chapter, you are eligible for 20% off all the Gleim CIA Review materials, as well as Gleim CPE. To take advantage of the reduced prices and to place your order, log into the Members Only section of the Chapter website. Please contact our Gleim representative, Melissa Leonard, with any questions regarding the Gleim materials or discounts available. Call her at 800.874.5346, ext. 131, or via email at melissa.leonard@gleim.com. Visit gleim.com/cia for more information on the CIA Exam or how Gleim can help you pass. For more information, visit the Chapter website here.

UPCOMING WEBINARS

12-October-2016 Guidance Webinar: What You Need to Know Now About the Revised Standards 18-October-2016 Members-only Webinar: Leveraging Data to Manage Your Fraud Risk 20-October-2016 Members-only Webinar: EHS and Internal Audit: A Natural Partnership 15-November-2016 Members-only Webinar: Auditing at the Speed of Risk

Hosted by IIA North America:

Internal Auditor Magazine Scholarships

Internal Auditor will offer six, $1,000 essay scholarships throughout 2016. Essay questions will be based on the current Internal Auditor issue. The students who write the most informative and intuitive essays on internal audit subjects will be selected as the winner. Winning essays will be published on InternalAuditor.org and reference both the chapter and university with which the winner is associated.

In addition, the three finalists for each scholarship will be given a free, one-year student membership to The Institute of Internal Auditors. Scholarship winners will be notified within the month following the application period.

Students will download the scholarship application form to get started. Once they have completed their essay, they will submit both the completed application form and their essay to Scholarship@theiia.org.

The scholarship essay topics and submission periods are as follows:

1 February 2016 – 31 March 2016: How does the 2015 International Professional Practices Framework (IPPF) differ from earlier versions? Why are these changes important?

1 April 2016 – 31 May 2016: What are the most important soft skills internal auditors need to develop to be successful in today's business environment and why?

1 June 2016 – 31 July 2016: How can internal audit functions use analytics to improve efficiency?

1 August 2016 – 30 September 2016: What is the Internet of Things, and what are the risks/opportunities it presents to organizations?

1 October 2016 – 30 November 2016: How can internal auditors work with the second line of defense when conducting compliance risk assessments?

1 December 2016 – 31 January 2017: How can internal auditors best communicate difficult findings/messages to their customers and stakeholders?

Book Item No: 1195 Member Price: $40.00 / Nonmember Price: $50.00Visit www.theiia.org/bookstore

CRMA Exam Practice Questions If earning your CRMA designation is one of your professional development goals, this guide will help you get there faster.

Certification in Risk Management Assurance® (CRMA®) Exam Practice Questions is designed to help you prepare for the CRMA exam. The book provides 150 practical scenario-based questions as well as those of a more theoretical nature. Suggested solutions provide reference to specific sections of the CRMA Exam Study Guide (www.theiia.org/bookstore, item #1130) and the reference appendix offers sources for further study.

Within this comprehensive collection, the questions cover the four domains in the CRMA exam:

• Domain I: Organizational Governance Related to Risk Management

• Domain II: Principles of Risk Management Processes

• Domain III: Assurance Role of the Internal Auditor

• Domain IV: Consulting Role of the Internal Auditor

After reviewing the questions in each domain, you will have a clearer understanding of the exam content. This analysis and reflection will help you determine when you are ready to sit for the actual CRMA exam.

New Release From The IIA Research Foundation

2015

-123

3

Get Involved:

Junior Achievement of WNY Program List: Kindergarten – 12th grade

*The programs listed below are some of our most popular; for a complete list please go to www.jawny.org.

10

2016-2017 Board of Governors

* - Denotes Board of Governor Position per By-laws

Position Name Contact Information

Ashley Kinnear, CISA, CFE (585) 429-3133

Wegmans Food Markets Inc. Ashley.Kinnear@wegmans.com

Daria Adolph, CIA, CMA (716) 206-9019

Derrick Corporation daadolph@derrick.com

Michael Hennessy (716) 342-3446

Key Bank michael_hennessy@keybank.com

Ashley Hubbard (716)842-5046

M&T Bank ahubbard@mtb.com

Mariya Balicki, CPA, CIA, CGMA (716) 842-5971

M&T Bank mbalicki@mtb.com

Leonard Soldano, CISA, CTGA, ISA, PCIP (716) 839-6947

M&T Bank lsoldano@mtb.com

Deborah Kassirer, CPA, CIA, CRMA, CCSA (716) 845-5788

Roswell Park Cancer Institute Deborah.Kassirer@RoswellPark.org

Heidi Martin - PwC (716) 855-5925 heidi.a.martin@us.pwc.com

Kate Sheer - M&T Bank (716) 842-5636 ksheer@mtb.com

Advocacy Chair* Slaven Dreno, CIA, CISA - M&T Bank (716) 848-5311 sdreno2@mtb.com

Maureen Cilano, CPA, CRMA, CCIPA (716) 926-2000 ext. 1362

Evans Bank mcilano@evansbank.com

Budgeting & Reporting Committee Chairperson Brittany Barr - Key Bank (716) 848-8457 Brittany_Barr@keybank.com

Stacey Chaffee - HSBC (716) 841-2615 stacey.m.chaffee@us.hsbc.com

Slaven Dreno, CIA, CISA - M&T Bank (716) 848-5311 sdreno2@mtb.com

John Taggart - First Niagara john.taggart@fnfg.com

Brian Steinmetz, CIA, CISA - Evans Bank (716) 926-2040 Bsteinmetz@evansbank.com

Maureen Dunn, CCSA - Evans Bank (716) 926-2005 Maureen/ (716) 878-9658 Jeff

Jeffrey Barnett, CIA, CCSA - Benderson Development mdunn@evansbank.com effbarnett@benderson.com

Meetings & Attendance Margaret McWilliams, CIA, CISA, CRISC (716) 857-7019

Coordinator* National Fuel mcwilliamsm@natfuel.com

Membership Chairperson* James Bandinelli - M&T Bank (716) 842-5618 jbandinelli@mtb.com

Patrick Byrne - M&T Bank (716) 842-5571 pbyrne@mtb.com

Tom O'Connor, CISA - M&T Bank (716) 842-5869 to'connor@mtb.com

Stephanie Coughlin - Evans Bank (716) 926-2040 x3723 scoughlin@evansbank.com

Michael Buziak - First Niagara (716) 848-8469 michael.buziak@fnfg.com

Ellen Janicki, CIA, CRMA (716) 842-2316

M&T Bank ejanicki@mtb.com

Amy Olsen, CPA (716) 713-9632

KPMG LLC amyolsen@kpmg.com

John D'Angelo (716) 842-5551

General Auditor, M&T Bank jdangelo@mtb.com

Eugene Cullen, CCSA, CRMA (716) 845-8374

VP of Audit and Advisory Services, Roswell Eugene.Cullen@RoswellPark.org

Neil Frieser, CPA, CIA (203) 614-5028

Frontier Communications Neil.Frieser@FTR.com

Lindsay Prichard (585) 423-8946

Xerox lindsay.prichard@xerox.com

Donna Wiley

IIA

Second Past President *

Third Past President *

Academic Relations Co-Chairs*

Associate Trustee*

Northeast District #3

Board Member*

Board Member*

Board Member*

Seminar and Events Co-Chairs*

Website and Survey Administration Chair*

Northeast District Advisor

President*

Vice President*

Treasurer*

Secretary*

Immediate Past President*

Chapter Support - IIA HQ Donna.wiley@theiia.org

Certifications Chair & CIA Co-Chairs*

Newsletter Chairs

Financial Controls Committee

9/29/2016