Sunday | March 10 8:00 a.m. 12:00 p.m. Documents/2019-GAM... · 2019. 3. 13. · Sunday | March 10...

Sunday | March 10 8:00 a.m. – 12:00 p.m.

Pre-conference Workshop: Lean and Agile Internal Audit: Driving Value Add, Insight, and Productivity in

Internal Audit

James Paterson, CIA

Director

Risk & Assurance Insights Ltd.

Author

Key lean and agile principles and techniques can help create a “step change” in internal audit productivity and added value, while still remaining IIA-compliant. There are tried and tested approaches to creating an audit team culture focused on what really adds value and more aware of waste (beyond benchmarking): “The most dangerous sort of waste is the waste we do not recognize.” Lean and agile creates a framework that is comprehensive, drives continuous improvement, and flushes out blind spots. In this session, participants will:

Understand key lean and agile principles and techniques and how to apply these to the audit function and team culture.

Conduct a brief walk-through on adding value in the planning process and using effective root cause analysis (prevention and detection) to drive assignment productivity.

Learn how to scope and resource assignments effectively, drive “flow” in the assignment delivery process, and write shorter, more impactful audit reports.

James Paterson established a consulting business in 2010 to provide training, development, and coaching in several key areas, including risk assurance mapping, lean/agile auditing, auditing culture, root cause analysis for internal audit, and influencing and political savvy for internal audit. He has conducted open courses with 12 IIA Institutes across Europe, including Belgium, Estonia, Finland, Latvia, Netherlands, Norway, Spain, Switzerland, Sweden, and the UK. Previously, at AstraZeneca Plc, Paterson advanced to CAE after holding various corporate and commercial finance roles, including head of group financial reporting and head of global leadership development programs. He is the author of Lean Auditing.

Sunday | March 10 1:00 p.m. – 5:30 p.m.

CAE Forum and Pulse of Internal Audit (Audit Executive Center CAEs Only)

This session is designated for Chief Audit Executives only. Due to the format of the session, seating capacity in

this session room is limited and available on a first come, first served basis.

CAE Forum Speaker

V.G. Narayanan

Professor of Business Administration Chair, MBA Elective Curriculum

Harvard Business School

Part I: Delve into the Carolina Wilderness Outfitters case study with Harvard Business School Professor V. G. Narayanan, in partnership with the Center for Audit Quality. This dynamic study in fraud will be the focus of our roundtable event.

At the Harvard Business School, Dr. Narayanan teaches Financial Reporting and Control (a first-year required

course), Measuring and Driving Corporate Performance (a second-year elective), Management Control and

Performance Measurement (a doctoral course), and several executive education courses. He holds a Ph.D. in

Business, an M.A. in Economics, and an M.S. in Statistics, all from Stanford University. Dr. Narayanan received

his M.B.A. from the Indian Institute of Management in Ahmedabad, India.

Pulse of Internal Audit Speakers

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA

President and Chief Executive Officer

The Institute of Internal Auditors

Jim Pelletier

Vice President, Standards and Professional Knowledge


Harold Silverman, CIA, CRMA, QIAL

Managing Director, CAE Solution


Part II: Pulse of Internal Audit – Be the first to hear the 2019 report findings and participate in a discussion with peers on cybersecurity and data protection, third-party risks, emerging and atypical risks, and board and management activity. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions.

Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board. Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Today ranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of Corporate Directors (NACD) as one of the most influential leaders in corporate governance. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers has authored two award-winning books: Trusted Advisors: Key Attributes of Outstanding Internal Auditors, which was released in early 2017; and Lessons Learned on the Audit Trail, which is currently available in five languages. Jim Pelletier has more than 15 years of internal auditing experience in both the public and private sectors. In

his current role as the vice president of standards and professional knowledge for The IIA, he provides

direction for The IIA’s Audit Executive Center, the Financial Services Audit Center, the Public Sector Audit

Center, and the Environmental, Health & Safety Audit Center. Prior to joining The IIA, Pelletier served as city

auditor for the city of Palo Alto, CA, and was the chief of audits for the County of San Diego. His diverse

auditing experience also includes roles at the California State University System, PETCO Animal Supplies, State

Street Corporation, and General Electric.

Harold Silverman previously was vice president of internal audit at The Wendy’s Company. Prior to Wendy’s,

he was the vice president of internal audit at Houghton Mifflin Harcourt Publishing Co. Before that, he served

as senior manager of internal audit at Raytheon Co. Prior to Raytheon, Silverman was an internal audit

manager at PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen.

Monday | March 11 8:00 – 9:15 a.m.

General Session 1: Future Innovations with Big Impact: What's Leading the Charge?

Shivvy Jervis

Award-winning Innovation Futurist, Advisor, and Broadcaster

Shivvy Jervis, multi-award winning futurist, industry advisor, and broadcaster, will share insights into future

innovations with big impact, debunk the myths around “disruptive innovation,” and answer the question,

“What’s leading the charge?”

In this session, participants will:

Receive a tip sheet for how to create a true innovation mindset.

Be introduced to applications of technology that need to be on their radar.

Learn about the latest advances in cognitive computing, digital identity, and immersive technologies, which could reinvent how they do business.

Shivvy Jervis was voted one of Europe’s most trailblazing women in digital, TED Global commended her “remarkable ability to analyze the socioeconomic impact of new technologies,” the World Economic Forum cited her as “a thought leader beyond compare,” and Britain’s former Digital Minister considers her “a true expert.” Her research, keynote speeches, and broadcasts have garnered 22 industry accolades, including a national Outstanding Achiever award, nomination as a “Woman of the Year“ by public vote, and recognition as one of Britain’s 10 most influential South Asian women. Jervis currently discusses hot-button industry themes on the NextTech Insider series, hosts live debate broadcasts Ringside Sessions, is fronting a bold new documentary, and contributes as an independent expert to IBM’s Global C-Suite Study Advisory Board.

Monday | March 11 9:15 – 10:05 a.m.

General Session 2: IIA President's Address and Conversation with Commissioner Hester M. Peirce, Securities

and Exchange Commission

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA

President and Chief Executive Officer


Hester M. Peirce, J.D.

Commissioner

U.S. Securities and Exchange Commission (SEC)

The mission of the United States Securities and Exchange Commission (SEC) is to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation. SEC Commissioner Hester Peirce will join IIA President and CEO Richard Chambers for a conversation on the current policy landscape and activities at the SEC. In this session, participants will:

Learn about the SEC’s priorities and policy and enforcement decisions.

Understand the role internal audit plays in SEC discussions and actions.

Explore the role well-designed regulation plays in protecting investors and consumers while promoting financial stability and innovation.

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board. Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Today ranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of Corporate Directors (NACD) as one of the most influential leaders in corporate governance. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers has authored two award-winning books: Trusted Advisors: Key Attributes of Outstanding Internal Auditors, which was released in early 2017; and Lessons Learned on the Audit Trail, which is currently available in five languages.

Hester M. Peirce was appointed by President Trump to the SEC and sworn in on January 11, 2018. Previously,

as senior research fellow and director of the financial markets working group at the Mercatus Center at

George Mason University, Commissioner Peirce explored how financial markets foster economic growth and

how well-designed regulation protects investors and consumers while promoting financial stability and

innovation. Prior, she oversaw financial regulatory reform efforts following the 2008 financial crisis and

conducted oversight of the regulatory implementation of the Dodd-Frank Act as senior counsel on Senator

Richard Shelby’s Committee on Banking, Housing, and Urban Affairs staff. Earlier, Commissioner Peirce was

counsel to SEC Commissioner Paul S. Atkins, a staff attorney in the SEC’s Division of Investment Management,

an associate at Wilmer, Cutler & Pickering, and a clerk for Judge Roger Andewelt on the Court of Federal

Claims.

Monday | March 11 10:10 – 10:20 a.m.

Learn from the Leader – IIA 10 Minute Sessions to Enhance How You Audit

Leveraging Quality to Demonstrate your Value

Determine additional ways to show your value to your organization

Regardless of the size and maturity of your function, learn about resources to assist creating your plan

toward being a trusted advisor

Monday | March 11 10:30 – 11:45 a.m.

General Session 3: From Risk to Opportunity: Leading Through Crisis

Fireside Chat With Cheryl Boone Isaacs

Film Marketing Executive, CBI Enterprises, Inc. Former President, Academy of Motion Picture Arts and Sciences

Moderator:

Nancy Haig, CIA, CCSA, CFSA, CRMA

Director, Internal Audit and Compliance

Alvarez & Marsal

In this ever-evolving and fast-paced business environment, every organization can expect disruption from risk. While businesses hope not to face situations precipitating significant disruption and media coverage, they must be prepared to manage unknown risks in the form of crises on a daily basis. Cheryl Boone Isaacs, film marketing executive and immediate past president of the Academy of Motion Picture Arts and Sciences, will discuss how she led the Oscars through crises that provoked major media attention.

In this session, participants will: Discuss potential impacts a crisis can have on an organization. Examine tactics to address crises to minimize disruption and damage. Explore business recovery strategies after managing through a crisis.

Cheryl Boone Isaacs has been a respected motion picture marketing executive for over 30 years and is the immediate past president of the Academy of Motion Picture Arts and Sciences. Her business, CBI Enterprises, has consulted for MTV Films, Paramount Pictures, Universal Pictures, Lionsgate, and Sony Entertainment, among others. At New Line Cinema, Boone Isaacs and her marketing team helped position the studio as one of just two that had four films open No. 1 at the box-office in 1998, including Rush Hour, whose $33 million opening was, at the time, the largest in company history. Previously, she orchestrated Paramount Pictures’ acclaimed publicity campaigns for Forrest Gump and Braveheart, each of which won multiple Academy Awards. Boone Isaacs is currently an adjunct professor at Chapman University’s Dodge College of Film and Media Arts, and she guest lectures at several other schools.

Nancy Haig is head of internal audit and compliance for a global consulting firm and previously served as vice

president of internal audit for a global pharmaceutical manufacturer. Her expertise includes risk-based

internal audit and compliance in the financial services, health care, pharmaceutical, and professional services

industries. An advocate of the internal audit profession, Haig not only mentors those interested in pursuing a

career in internal auditing, but also serves as a volunteer leader for The IIA on the global and North American

boards as well as on the audit committee and editorial board.

Monday | March 11 12:45 – 1:45 p.m.

CS 1-1: Leveraging Technology to Increase Value: Signature Audits

Arnaud Ruiz, CISA

Senior Manager, IT Advisory and Assurance

Tesla

Practitioners often struggle to meet rising audit client expectations that require internal audit to increase its value delivery and become more relevant to day-to-day business. Some CAEs have been quick to explore new services and delivery models that can provide value to stakeholders beyond assurance, leading to the development of advisory services and consultative reviews. But these efforts have not always considered how to improve existing audits. In this session, participants will:

Become familiar with the concept of signature audits, which seek to increase internal audit’s contributions during regularly scheduled client engagements.

Understand the approach for conducting signature audits.

Learn to combine creative auditing techniques with the use of new technologies and data analytics to identify emerging risks for new products and services.

Arnaud Ruiz is an automotive and technology leader with more than 10 years of experience in IT operations, information security, audit, and compliance. In his current role, he helps Tesla global teams implement secure and stable IT solutions for automotive and energy products. Ruiz is also responsible for IT advisory and assurance services, supporting Tesla in its mission to accelerate the world's transition to sustainable energy.

CS 1-2: Don't Panic! Auditing the Fluid World of Privacy

Jason Burchardt, CPA, CCEP

Senior Director, Global Compliance and Privacy

Perrigo Company PLC

Lucas Morris, CISSP

Senior Manager, Data Privacy

Crowe LLP

Pamela Hrubey, DPH, CCEP, CIPP

Managing Director

Crowe LLP

The world of data and privacy protection has become incredibly fluid, with new regulations and expectations

coming almost weekly. Organizations are working to institute stable and effective programs of establishing,

evaluating, and auditing all of these requirements. We will use a case study to show how we, as both

consultants and internal privacy leaders, used a framework to establish a resilient global assurance program

that supports maintaining stakeholder expectations while minimizing fear, uncertainty, and doubt.


• Identify emerging privacy and data protection-related risk themes and evaluate opportunities for enhancing existing data and protection-related audit programs.

• Apply a resilient privacy and data protection framework to a case study involving a privacy-related scenario.

• Differentiate the applicability of regulatory requirements using a resiliency-focused, risk-based approach.

Jason Burchardt directs compliance and privacy for Perrigo Company, where he has led the development and implementation of a global compliance and privacy program. Burchardt has 20 years of experience in multi-national roles of increasing responsibility with a focus in regulated industries, including pharmaceuticals and medical devices. Throughout his career, he has held roles in corporate finance, external and internal audit, M&A, compliance, and privacy. He has also served on the boards of various non-profit organizations.

Lucas Morris is a senior manager and leader within the cybersecurity and digital risk practices at Crowe. He has over 12 years of information security experience. Morris focuses on helping clients develop more secure environments through penetration testing, implementing data privacy protections, and supporting executive

management as a virtual information security officer. In his free time, he develops new tools and methodology, and also leads and supports collegiate security competitions.

Pam Hrubey is a managing director in Crowe’s risk consulting practice. She leads Crowe’s privacy and data protection-related solutions, focusing on assisting clients with developing, implementing, and assessing effective privacy and data protection-related strategies across the global enterprise. Hrubey also works with senior leaders to develop and maintain an understanding of the strategic implications of privacy and data protection as it regards protecting the organization’s brand. She specializes in helping clients establish, optimize, and sustain privacy program effectiveness. Hrubey previously served as global leader of clinical data management, deputy chief ethics and compliance officer, chief privacy officer, and head of enterprise risk management for a pharmaceutical company.

CS 1-3: In Conversation With…Effective Approach to Audit Team Transformation

Moderator:

Bill Michalisin

Executive Vice President, Chief Operations Officer


Stacey Schabel, CIA, CPA

Vice President and Chief Audit Executive

Jackson National Life Insurance Company

Making your team one that people look forward to being a part of each day is crucial to talent retention, motivation, and attraction. If your team doesn’t currently fit this mold, team transformation is essential. Teams characterized by positive energy, honest communication, clear expectations, authentic leadership, opportunities for growth and development, challenging projects, and collaboration will attract and retain tomorrow’s leaders while the others struggle to keep up. In this session, participants will:

• Receive tips for creating and fostering a high-functioning team environment, developing a talent pipeline, and inspiring and motivating their team.

• Understand the keys to building and sustaining an effective audit team. • Learn how to structure their audit team for future success without massive hiring and firing.

Bill Michalisin joined The IIA in 2013 as chief marketing officer leading all brand, marketing, communications,

sales, and relationship enablement strategies across all global IIA channels. In 2014, his role was expanded to

include oversight as the executive director of The IIA’s Research Foundation, and in 2015, he assumed the role

of chief officer for IIA operations. In his current role, Michalisin leads all operations and core services offered

to IIA members globally, including Membership, Chapter & Institute Relations, Certifications, Conferences,

Learning Solutions, Partnerships, and Enterprisewide Sales & Business Development. Prior to joining The IIA,

Michalisin was industry marketing leader for consumer and industrial products at Deloitte, which included

responsibilities for cross-functional delivery within aerospace and defense, automotive, consumer products,

process and industrial products, retail and distribution, and travel, hospitality, and leisure sectors. Earlier in his

career, Michalisin was a business process strategy and fraud/forensic investigation consultant at both Deloitte

Consulting and Accenture, providing consulting services to clients in media and entertainment, consumer

products, manufacturing, and financial services.

Stacey Schabel has more than 17 years of audit and risk management experience. She is responsible for a North American group-wide internal audit team that examines and evaluates the key activities and processes supporting the North American operations of Prudential plc, including Jackson National Life Insurance Company. She assists the board, audit and risk committee members, and executive management in protecting the organization’s assets, reputation, and sustainability by assessing and reporting on the overall effectiveness of risk management, control, and governance processes. Schabel serves on The IIA’s Global Financial Services Guidance Committee and is the Chief Audit Executive Engagement Chair for the Lansing, Michigan chapter.

CS 1-4: Assessing Corporate Culture

Linh Truong, CPA, CIA, CISA

Director, Internal Audit

Orthofix Medical

Phil Jackson, CIA

Senior Manager, Audit

Orthofix

The role of culture in company success or failure has become increasingly clear over the past 20 years. Senior management’s aggressive stance on accepting risk for the sake of growing the top line and the resulting downfall is seen in headlines with alarming frequency. The common thread throughout the case studies is corporate culture. Understanding corporate culture extends beyond just interviewing employees to objectively assessing key areas to gauge the level of healthy versus unhealthy traits of organizational culture. In this session, participants will:

Understand the board’s perspectives on their responsibilities for governance as it relates to corporate culture.

Know the key areas an auditor should include in the scope of a corporate culture assessment.

Identify the red flags of an unhealthy corporate culture.

Linh Truong is currently the CAE at Orthofix Medical, a global medical device company. In her 25 years of audit experience, she served as CAE of Kosmos Energy and Alon USA, where she built the internal audit departments of each from ground zero. She has spearheaded fraud risk assessments and ERM initiatives as well as implemented first-year SOX at multiple companies. Truong has worked at Xerox, Credit Suisse Group, and KPMG. Her audit career has provided her the opportunity to live in Germany and Switzerland as well as travel throughout North America, Europe, and parts of Africa.

Phil Jackson has more than 15 years of internal and external audit experience and has served at every level of audit, including CAE. He is currently the senior manager of audit at Orthofix Medical. In his audit career, Jackson has partnered with stakeholders in numerous industries, including transportation, retail, health care, and energy. He also has “real-world” operational experience in technology, foodservice, hospitality, and manufacturing and has owned and operated several small businesses. Jackson’s varied background allows him to share his unique perspective on the diverse characteristics of various corporate cultures.

CS 1-5: Guard Rails for the Digital Revolution

Theresa Grafenstine, CIA, CGAP

Managing Director

Deloitte & Touche LLP

In an increasingly interconnected world, organizations that don’t innovate and broaden their technology footprint risk losing market share. Yet, we routinely hear reports of organizations being breached. Internal audit, like a guard rail, is there to protect while also giving organizations the assurance they need to go fast. To provide value, internal audit must find a balance between providing assurance on important data protection functions while supporting operational innovations that drive new value. In this session participants will:

• Be provided an overview of cyber trends and classic breach tactics. • Review data protection strategies and ways to communicate these strategies with the board and C-

suite. • Discuss operational innovations like robotic process automation, machine learning, and Agile

auditing that are positioned to drive the future of internal auditing.

Theresa Grafenstine supports both commercial and government clients as a managing director in Deloitte’s

risk and financial advisory practice. Previously, as inspector general of the U.S. House of Representatives, she

was responsible for planning and leading independent, non-partisan audits, advisories, and investigations of

the financial and administrative functions of the House. Grafenstine also served at the Department of Defense

Office of the Inspector General, where she led acquisition audits of major weapon systems and was selected

to respond to high-profile Congressional audit requests. She was a founding member of The IIA’s American

Center for Government Auditing (now the Public Sector Audit Center).

CS 1-6: Assurance Mapping: Case Study

Robert Cates, CIA

Auditor Lead

Lower Colorado River Authority

W. Charles Johnson Jr., CIA, QIAL, CFSA, CGAP, CRMA

General Auditor

Lower Colorado River Authority

The Lower Colorado River Authority’s internal audit function developed a maturity model to assess its

assurance groups/second lines of defense. For the past three years, the function has been using this model to

assess LCRA’s assurance groups.


Understand how the assurance group maturity model was developed.

Review three years of results from auditing assurance groups against the model.

Learn how the internal audit function uses the maturity model to lower its audit requirements in related areas.

Receive a copy of the maturity model.

Bob Cates is a 35-year internal auditing professional, having served in management roles with the Texas Department of Transportation internal auditing department, Texas A&M University System internal audit department, and New Braunfels Utilities. He is currently an auditor lead in the auditing services department at the Lower Colorado River Authority, where he has been for the past nine years. Cates served in leadership positions with The IIA’s Austin chapter, as well as on the International Professional Issues Committee and the International Advanced Technology Committee. He served for six years as an officer in the U.S. Army.

Charlie Johnson is an experienced chief audit executive and governance advisor who has been general auditor of the Lower Colorado River Authority for the last 13 years. He previously served as CAE of a large hospital system in New Orleans and in other internal audit leadership positions in banking and insurance. Johnson is a respected risk management, governance, and compliance professional who delivers innovative approaches to internal auditing while maintaining professional standards. His background includes 20+ years directly assisting organizations’ boards of directors and board committees in executing key governance responsibilities. Johnson also was recently appointed chairman of The IIA’s Professional Certification Board.

Monday | March 11 2:00 – 3:00 p.m.

CS 2-1: Delivering Greater Value Through Combined Assurance

Viji Ganesan, CISA

IT Manager

ArcelorMittal

Colleen Knuff, CIA, CRMA, CPA, CISA, NPDP

Senior Director, Product Management

Wolters Kluwer

Many organizations are striving to create a combined assurance process that is pragmatic, collaborative, and efficient. Getting all parties on board and working towards this common goal can be challenging without a clear vision and a well-defined process on how to get there. Learn how one Fortune Global 500 organization has not only implemented a combined assurance strategy, but also created both time and cost efficiencies along the way. In this session, participants will:

• Discover how one Fortune Global 500 organization was able to cut assurance costs by adopting an innovative combined assurance transformation project supported by multiple lines of defense working in a single tool.

• Identify how to consolidate reporting with a shared risk and control framework, remove testing redundancies, and enhance transparency.

• Understand how technology is a key enabler in elevating and optimizing coordination with other lines of defense.

• Gain insights into the challenges they might face and lessons learned by others on their journey towards a combined assurance solution.

Viji Ganesan is an application owner of TeamMate and IT manager for ArcelorMittal’s global assurance function, comprising internal audit, SOX, global risk management, and group security. As the architect of a combined assurance solution for multiple assurance providers, she’s closely involved with professional practices, methodology, external auditor engagement, certifying bodies, and benchmarking. Her responsibilities include reporting KPIs to the CAE, supporting audit committee and management reporting, and contributing to robotic process automation. Ganesan was previously in ArcelorMittal Europe’s performance management group for finance. Prior, she acquired 15+ years of international experience with a large IT consultancy, emphasizing application development, complex transformation projects, technical advocacy for IBM products, training, and software development.

Colleen Knuff has served as a product manager for TeamMate software for almost 20 years. Her focus is to ensure the needs of assurance professionals are met while delivering value based on professional standard requirements, changes to technology, and internal auditor feedback globally. She leads a global product management team focused on innovative solutions to real market problems, with heavy emphasis on voice of

customer, contextual design, and user observation. Previously, as internal audit senior manager with PricewaterhouseCoopers, Knuff worked on a wide variety of internal audit projects, including strategic business processes, operational audits, IT audits, outsource vendor audits, and business operations, across multiple clients. CS 2-2: Use of Fraud Data Analytics to Uncover Fraud Schemes in Core Business Systems Leonard Vona, CPA Chief Executive Officer Fraud Auditing, Inc. Finding fraud schemes hiding within core business systems requires skillful adjustments in your approach and

technique. There is both science and art to using data analytics to search for fraud schemes, which differs

from finding data anomalies. Learn a systematic approach to identifying fraud schemes and their relationship

to data, including planning, pattern recognition, and practical applications of analytics.


Discover how to create a strategic plan for implementing a robust fraud data analytics plan.

Understand how to create a data-intensive fraud audit approach.

Assess the ten steps that comprise a successful fraud data analytics plan.

Receive a practical illustration of a methodology for searching for a pass-through shell company scheme.

Leonard Vona is a forensic accountant with more than 40 years of diversified auditing and forensic accounting experience, including a distinguished 18-year private industry career. He serves as CEO of Fraud Auditing, a firm that advises clients in areas of litigation support, financial investigations, fraud auditing, fraud data analytics, and fraud prevention. Vona is the author of three books published by Wiley: Fraud Risk Assessment: Building a Fraud Audit Program; The Fraud Audit: Responding to the Risk of Fraud in Core Business Systems; and Fraud Data Analytics Methodology: The Fraud Scenario Approach to Uncovering Fraud. CS 2-3: Ethics in Internal Audit: Case-based Learning Patricia Miller, CIA, QIAL, CRMA, CPA, CISA Owner PKMiller Risk Consulting, LLC All internal auditors face ethical decisions over the course of their careers. They need a strong foundation and understanding of ethical expectations. It is also imperative that audit management set the right tone and coach their team so that the right choices are made. In this session, participants will:

Develop an understanding of the nature of ethics, the IPPF, and the Code of Ethics.

Follow a framework for making ethical decisions.

Discuss, in small teams, several different ethical scenarios that internal auditors may face and consider the best choices to make.

Gain an appreciation for the challenges facing internal auditors in their role and in determining how to handle situations uncovered in audits.

Patty Miller is the owner of PKMiller Risk Consulting, LLC and has significant management and consulting experience. In her 14 years with Deloitte, she served as the lead risk services partner on significant technology and consumer clients. Her many IIA volunteer roles have included Chairman from 2008–09, executive committee member, and Chair of the Standards Board. She is a frequent speaker and trainer, and has led and co-authored research projects for The IIA. Miller is the recipient of the William G. Bishop III Lifetime Achievement, Victor Z. Brink, and American Hall of Distinguished Audit Practitioners Awards. CS 2-4: Risk-based Auditing: Approaches and Techniques Lillian Scott, CIA, CCSA, CRMA Vice President, Operational Assurance, Audit Service Group (ASG) Total System Service, Inc. (TSYS) Richard (Rick) Machold, CPA, CIA, CRMA

Chief Audit Executive

Total System Service, Inc.

How do you audit in the midst of major transformation in your company? How can you effectively and

efficiently provide assurance that the key risks facing the company are being covered when your internal

customers are “audit fatigued” from other assurance activities? Why is it important to expand internal audit’s

suite of services to drive value in the midst of disruption and transformation? What are some techniques that

have proven beneficial to fatigued auditees or business areas in transformation?


• Understand the characteristics of an audit engagement that may be ideal for a particular technique or tool.

• Review case studies to determine the ideal audit approach. • Develop ideas for reporting assurance and consulting components using a principle-based framework. • Discuss the audit skills that are optimal for executing each audit technique.

Lillian Scott has 20 years of experience in process re-engineering, large-scale program management, organizational transformation, risk management, internal audit, and regulatory compliance. She is vice president of operational assurance for TSYS ASG, having held several consulting and director roles across the organization to implement enterprise tools, re-engineer processes, and champion change. Notably, Scott assisted the CAE with transforming the internal audit department from a traditional control testing function to

being perceived as a trusted partner to the business. Previously, at Accenture, she provided business consulting services to the utilities, retail, government, and financial services industries. Scott served one term as vice president of The IIA’s Columbus, GA chapter and is currently a member of the Board of Governors.

Rick Machold has more than 30 years of management and consulting experience across multiple industries

and disciplines, including internal audit, enterprise risk management, process design and improvement,

change facilitation, forensic accounting, and financial statement audit. He was previously head of enterprise

risk at Invesco Ltd., with global responsibility for the company’s ERM efforts. While under Machold’s

stewardship, Invesco’s ERM program earned a “Strong” rating from Standard & Poor’s. He is a frequent

speaker, lecturer, and author and won Interntal Auditor magazine’s Ted Keys Award for Most Outstanding

Article in 2016 for “The Four Hats of Risk Management.”

CS 2-5: Auditing at the Speed of Risk

Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA President and Chief Executive Officer The Institute of Internal Auditors In the 21st century, risks emerge at warp speed, often catching organizations unaware and unprepared. The consequences can be devastating. To protect and enhance value, internal auditors must elevate their capability to audit at the speed of risk. In this session, participants will:

• Gain insights into the dynamic nature of risk in the 21st century and the velocity with which it can approach unsuspecting organizations.

• Understand the compelling need and effective strategies for internal auditors to identify emerging risks long before they present a clear and present danger to their organizations.

• Discuss disruptive risks facing the auditing profession, the organizations it serves, and how these disruptive forces may impact its ability to serve organizations in the decade ahead.

• Discover effective strategies to audit smarter, better, and faster — to audit at the speed of risk.

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board. Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Today ranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of

Corporate Directors (NACD) as one of the most influential leaders in corporate governance. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers has authored two award-winning books: Trusted Advisors: Key Attributes of Outstanding Internal Auditors, which was released in early 2017; and Lessons Learned on the Audit Trail, which is currently available in five languages. CS 2-6: Getting Your Phone to Ring: Lessons Learned in Building Partnerships With Management Rachel Tressy, CPA Senior Vice President and Chief Auditor Voya Financial As auditors, strong partnerships with business management are instrumental to our success. This session will highlight some lessons learned while successfully (and not-so-successfully) building relationships with key business partners through the years on the audit trail. In this session, participants will:

Learn strategies for building and maintaining strong relationships with business management.

Share successes and failures learned in being a trusted business advisor.

Understand how to get their business partners to put them on speed dial. Rachel Tressy is chief audit executive for Voya Financial. She has held this position since August 2018 and is responsible for providing internal audits and advisory services in the evaluation of Voya’s internal control environment. Prior to joining Voya, she spent 15 years at Cigna in both audit and business roles. Throughout her career, Tressy has actively built relationships with her business and audit partners to demonstrate the value that strong partnerships bring to organizations. She started her career at Ernst & Young in audit and advisory services.

Monday | March 11 3:10 – 3:20 p.m.


Audit Excellence – Training Options from The IIA

High-quality training courses that bring you up-to-date on current issues, leading-edge thought, and

best practices

Wide range of comprehensive training courses for internal auditors at various career levels

Monday | March 11 3:30 – 4:45 p.m. CS 3-1: RPA and Analytics for the Small Audit Department Jeff Mitch, CPA Manager, Internal Audit American Eagle Outfitters Inc. Jonathan Kostuch, CPA Director, Internal Audit American Eagle Outfitters Inc. Beth Bodner, CPA Vice President, Global Audit American Eagle Outfitters Inc. With new technologies available, the audit function is set up for exciting and innovating change. However, these technologies can be overwhelming for small audit shops. There are strategies for developing an internal audit culture of innovation that can unlock the value of analytics, visualization, and even robotics without requiring the investment of a prohibitive amount of resources. In this session, participants will:

• Understand how small audit shops can leverage data analytics tools to enhance the value they can bring to their organizations.

• Learn ways to leverage data analytics tools for “quick wins” and other ways to help even the smallest audit shop become innovative.

• Develop ideas for integrating RPA into the audit plan. • Discover what it takes to create a culture of innovation that is committed to bringing innovation

success.

Jeff Mitch is an internal audit manager at American Eagle Outfitters (AEO). In this role, he utilizes data analytics tools to further enhance the value and efficiency that internal audit can deliver to the organization. Throughout his career, Mitch has demonstrated his abilities as an astute and reliable problem solver. Prior to AEO, he worked for PricewaterhouseCoopers.

Jon Kostuch is director of internal audit at American Eagle Outfitters (AEO), overseeing the department’s risk assessment, analytics, operational audit, and IT audit functions. He developed AEO internal audit’s data analytics program from the ground up, and he sees innovation as an imperative for audit shops continuing to evolve as a value-based partner to executive management. Prior to AEO, Kostuch worked in risk assurance at PricewaterhouseCoopers. Beth Bodner is vice president of global audit at American Eagle Outfitters (AEO). She redeveloped and

oversees the internal audit department, building bench strength and integrity, enhancing the risk-based

model, and forging strong partnerships within the organization. She and her team are often approached by

company business leaders to perform audits and process reviews within their areas. Bodner previously

oversaw AEO’s accounting operations, general accounting, and financial reporting. In her 25 years in retail,

including Foot Locker and Jo-Ann Stores, Bodner led internal audit, business practices and procedures, logistics

control, DC operations, reverse logistics, and all facets of accounting and accounting operations.

CS 3-2: Meet the Authors: How Sawyer's Will Support CAEs in Their Roles Dan Clayton, CIA, CPA, CKM Director of Strategy and Knowledge Management, System Audit Office University of Texas System Paul Sobel, CIA, QIAL, CRMA Vice President and Chief Risk Officer Georgia-Pacific, LLC With the significant updates and changes to Sawyer’s 7th Edition, internal auditors at all levels can find guidance to help them perform their jobs better and chart a course towards achieving the mission of internal audit — to enhance and protect organizational value. The presenters will help participants utilize the newly structured book as a valuable resource of leading practices for strategic planning, evaluating audit products and services, and performing risk-based audits. In this session, participants will:

Understand how to define the value of internal auditing and deliver the products and services that create that value in a changing world of ERM, GRC, and technology transformation.

Learn how to establish a vision, strategy, and structure for setting up or improving an internal audit function.

Use maturity models and other leading tools to better perform internal audit projects.

Discover how Sawyers 7th Edition can frame the questions and discussion the CAE and auditor must have as they move forward into the next decade of uncertainty.

Dan Clayton has spent the last decade in internal audit professional practices and function development, staying abreast of governance, risk, and internal audit industries and topics, along with developing frameworks, models, and procedures to elevate internal audit practices. His field of interest is risk assessment and ERM. Over the last 10 years, he has led or participated in updating risk assessment models, audit and audit committee reporting deliverables, and audit and consulting methodologies. Clayton built a knowledge management structure for a team of 300+ auditors, including resource development processes that captured research, audit planning, and other data to elevate and codify a standard library of materials. Clayton has published articles in trade publications, including Internal Auditor magazine, and currently serves on The IIA’s CREA Committee, which reviews research and content development for the Internal Audit Foundation and IIA Bookstore. He also serves on Utah Valley University’s Internal Audit Advisory Board. Paul Sobel is vice president and chief risk officer for Georgia-Pacific. He also serves as chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). He’s authored or co-authored

four books: Managing the Risk of Uncertainty; Auditor’s Risk Management Guide: Integrating Auditing and ERM; Internal Auditing: Assurance and Consulting Services; and Enterprise Risk Management: Achieving and Sustaining Success. Sobel has served in many IIA leadership roles, including Chairman of the Board in 2013–14. In 2012, he was recognized in Treasury & Risk magazine’s list of 100 Most Influential People in Finance. In 2017, he received The IIA’s Bradford Cadmus Memorial Award and was inducted into The IIA’s American Hall of Distinguished Audit Practitioners. CS 3-3: Hiring and Retaining the Right Talent: Panel Discussion Moderator: Julie Scammahorn, CIA, CRMA

Chief Auditor, Compliance, AML & CBNA

Citigroup

Mary McNiff

Chief Auditor

Citigroup

Shellie Rayford, CISA, CAMS

Chief Auditor, Global Consumer Banking Centralized Activities and Issue Validation

Citi

Heather Haboush

Chief Auditor, Chief Operating Officer

Citi

According to The IIA’s 2018 Pulse of Internal Audit report, finding and attracting talent with the right skills

remains challenging for CAEs, especially as business operations, disruption, and the audit function continue to

evolve. Additionally, a limited talent pool means top talent can be difficult to retain. Learn how strategies for

hiring, developing, and retaining talent can ensure that adequate skills are in place to address new and

emerging risks.


Discuss top skills to seek when recruiting talent.

Review factors to consider when hiring the right talent.

Consider successful strategies for retaining top talent.

Evaluate the key attributes associated with women in the profession and how they align with key competencies needed to be a successful leader.

Julie Scammahorn, as chief auditor for Citibank, N.A., is responsible for the rigorous evaluation of financial, operational, and administrative controls, governance, and risk management practices as well as adherence to

laws, regulations, and Citigroup and Citibank, N.A. policies. As regional chief auditor for North America, she oversees program assurance provided over Citi’s businesses across the region. As chief auditor for compliance and anti-money laundering, she provides oversight, direction, subject matter expertise, and audit assurance for compliance at Citigroup. Early in her career, Scammahorn held general auditor and SVP roles at American Express and NationsBank/Countrywide Financial/Bank of America. She previously served in the USMC. She is a member of The IIA’s Financial Services Advisory Board. Mary McNiff joined Citigroup in 2012 and is responsible for the internal audit department, which includes the delivery of audit assurance on governance, risk management, and the control environment. Previously, she served as the CAO for Latin America and Mexico at Citigroup, responsible for key strategic projects, including governance and control; business, process, and system transformations; and productivity. Significant components of this role focused on addressing important regulatory matters and transformation within the region. McNiff’s professional experience has focused on significant business/process/people transformations within the financial services industry, with the delivery of large group-wide projects, and process re-engineering. She held senior internal audit positions across several large financial institutions around the world gaining experience of all financial products across investment banking and consumer activities. Prior to joining Citi, McNiff was the managing director for change at Lloyds Banking Group, responsible for leading a key part of the largest data migration in Europe involving the transformation of 63 million customer records from three systems down to one. She also spearheaded a process simplification program across the organization. Before Lloyds, McNiff was a key member of the internal audit leadership team at both Barclays and JPMorgan. Shellie Rayford has 20+ years of internal and external audit experience in financial services. She has held various leadership roles at Citi, providing internal audit coverage for the mortgage and retail banking businesses. As chief auditor for global consumer banking, Rayford oversees coverage of cross-functional activities, as well as internal and regulatory issue validations. She manages a team of 50 audit professionals and has site leadership responsibilities for a 130+-person audit team. Rayford also provides insight on business processes and internal audit coverage for key operations as a primary interface with investors, state examiners, rating agencies, and regulators. She was previously a senior auditor with PricewaterhouseCoopers. Heather Haboush brings more than 20 years of experience in financial services to her role as chief operating officer for internal audit at Citi. Her key responsibilities include executing internal audit’s multi-year strategy, driving ongoing internal audit process improvements, and ensuring efficient deployment of internal audit resources. Most recently, as finance lead for Citi’s global functions, including finance, risk, legal, HR, compliance, and internal audit, Haboush spearheaded global projects that increased efficiency and supported finance transformation initiatives. Previously, she led the corporate planning team in FP&A, holding responsibility for the annual budget and strategic plan. Haboush also has experience in investment banking and strategic planning for an internet startup.

CS 3-4: Internal Audit Strategic Planning: Foundation for Continuous Improvement Moderator:

Basil Woller, CIA, CRMA

Principal, Owner

Basil Woller and Associates, LLC

Panelists:

Anthony Reyes, CIA, CISA, CISSP

Chief Audit Officer

Black Knight, Inc.

Lore de la Bastide

Vice President and General Auditor

Consolidated Edison, Inc.

A panel discussion facilitated by Basil Woller, CIA, CRMA. Three CAEs who have effectively integrated strategic planning into the fabric of their organizations will discuss methods and approaches they utilized to support continuous improvement. In this session, participants will:

• Hear each panelist describe their strategic planning process. • Be provided examples of top-level strategic plans, initiatives, and supporting SWOT analyses. • Take away valuable insights for supporting continuous improvement.

Basil Woller is one of the leading and most recognized external quality assessment (EQA) specialists in the internal auditing profession, with more than 35 years of experience in internal auditing and risk management, including risk identification, assessment, mitigation, corporate governance, and ethics and compliance. Woller led the global EQA services practice for Protiviti from 2006 to 2009 and played an active role in monitoring and executing EQA services on a firm-wide basis. He was also responsible for Protiviti’s peer review program related to its internal audit practice. Prior to this, Woller was the senior executive at El Paso Corporation, responsible for all aspects of a global internal auditing function, including the ethics and compliance program. He is a recognized thought leader in the internal auditing profession and is a frequent speaker on the topic of internal audit quality. He authored the current version of The IIA’s Quality Assessment Manual and recently published an article in Internal Auditor magazine entitled “Integrating the Core Principles Into Your QAIP.” Woller has personally been involved in executing over 250 quality assessments including both full scope reviews and validations of management’s self-assessment. He has served on The IIA’s Board of Directors and as chair of the Global Finance Committee.

Anthony Reyes is chief audit officer for Black Knight, a premier provider of integrated software, data, and

analytics to the mortgage industry. As the internal audit department’s leader, he’s responsible for establishing

and managing processes that bring a systematic, disciplined approach to evaluating and improving the

effectiveness of the organization’s governance, risk management, and internal control environments. He also

develops and executes the company’s internal audit plan. Reyes previously served as chief audit executive for

Pinnacle West Capital, where he set strategy and led audit services operations. He’s experienced in internal

audit solutions, enterprise risk services, and IT audit controls — particularly in security controls.

Lore de la Bastide, as vice president and general auditor at Consolidated Edison, is responsible for activities

that provide independent and objective assurance of the adequacy and effectiveness of internal controls that

govern the operations of the company, its subsidiaries, and its affiliates. She is also responsible for adding

value to improve the effectiveness of the organization’s governance, risk management, and internal control.

De la Bastide joined the company as part of the management intern program. Her 34 years of experience in

various areas of the business include corporate accounting, construction and maintenance services, central

field services, customer operations, and supply chain.

CS 3-5: Role of Artificial Intelligence and Automation to Assess Emerging Risks

Manuel Coello Senior Director, Data Analytics CVS Health Steve Biskie Director, Risk Advisory Services RSM US LLP We often hear stories about the benefit of data analytics (DA) in the fieldwork/testing phases of an audit; however, some of the easiest/quickest wins can actually be made when applying DA to the planning process. Participants in this session will see first-hand — through the use of real-life examples applicable to most organizations — how, where, and when DA can be applied to the audit planning cycle. In this session, participants will:

• See examples of DA for audit planning and brainstorm ideas for DA within their own audit planning processes.

• Learn about the use of, and techniques for, DA supporting the core audit processes that occur before fieldwork.

• Walk away with a 5-step checklist for implementing DA in their organization. • Create a project plan for implementing DA for audit planning within the next 30 days.

Manuel Coello has a 20-year background in data analytics, automated audit processes, system implementations, and operations with Big Four and Fortune 500 companies, including CVS Health, GE, Stanley Black & Decker, Northrop Grumman, and EY. Passionate about maximizing audit impact by leveraging data, technology, and analytics, he is an internationally recognized expert in continuous auditing, analytics, and audit automation. While at Stanley Black & Decker, he won an ACL Impact Award for North America for the implementation of a continuous auditing program. Coello’s worldwide experience has spanned the Americas, Europe, Africa, and Asia.

Steve Biskie has been working in audit, compliance, and IT risk management for over 23 years. His IT experience includes public accounting, private industry, and specialized risk management consulting firms. Considered an international expert in SAP audit and risk management issues, Biskie has published numerous audit-related topics for SAP Professional Journal and written articles for SAP GRC Expert. He authored Surviving an SAP Audit and was an expert reviewer for Security, Audit, and Control Features: SAP ERP (Third and Fourth Editions). He is a thought leader in audit analytics and continuous monitoring, and is a four-time IIA All Star speaker. CS 3-6: CAE Communications and Common Audit Committee Questions About Cybersecurity

Yulia Gurman, CIA, CPA Director, Internal Audit and Corporate Security Packaging Corporation of America Board and audit committee interest in cybersecurity continues to increase. Many boards and audit

committees have added directors with information technology expertise to monitor organizations’

cybersecurity and technology risk management. CAEs need to include appropriate cybersecurity coverage in

their audit committee communications and be prepared to answer questions.


Discuss lessons learned and how we made improvements in our communications to the audit committee regarding cybersecurity.

Review resources to help CAEs incorporate cybersecurity risks in their risk assessment processes, audit plans, and appropriate communications.

Prior to joining PCA, Yulia Gurman served as vice president of internal audit at Retail Properties of America,

Inc. (RPAI), where she established the internal audit function soon after RPAI went public. She had

responsibilities over internal audit, internal controls, and ERM. Gurman also served as director of internal

audit at OfficeMax, where she managed a team responsible for operational, financial, and compliance audits

throughout the organization. She began her career as an external auditor at a public accounting firm, where

she performed financial audits. Gurman has previously spoken at SuperStrategies conferences, the CAE

Master’s Program, The IIA’s International Conference, the IIA–Chicago Chapter Annual Seminar, and the

American Accounting Association’s Annual Meeting.

Tuesday | March 12 8:30 – 9:45 a.m. General Session 4: Leading Change – Achieve What Matters Most Mike Evans Award-winning Author, Speaker and Executive Consultant QuestMark Internal audit leaders must cultivate and intensify the qualities of agility, flexibility, resiliency, and

perseverance to effectively adapt and thrive in times of constant change. They must also understand that

there is a critical difference between leading and managing change, and an appropriate ratio required to

accelerate change.


Hear tips for avoiding the primary pitfalls and traps that sabotage most change efforts.

Discover how to foster collaboration, camaraderie, and teamwork to establish unshakable trust and credibility.

Understand how to identify the root cause of undesired cultural beliefs and actions and how to infuse desired beliefs and actions.

Mike Evans has served in executive leadership and consulting roles with Kotter International, FranklinCovey,

and Tom Peters Company, working alongside such world-renowned thought leaders as Dr. John Kotter, Dr.

Stephen Covey, Tom Peters, Jim Kouzes, Hyrum Smith, Steve Farber, and Chris McChesney. A best-selling

author and award-winning speaker, Evans partners with organizations worldwide and in virtually every

industry, consulting with senior teams, facilitating custom workshops, delivering keynote speeches, and

providing coaching on shaping an optimal culture, flawlessly executing key strategies, igniting leadership

capacity, amplifying employee engagement, and cultivating peak performance. His personal mission is to help

individuals, teams, and organizations accelerate their ability to achieve more than they ever believed possible.

Tuesday | March 12 10:00 – 10:10 a.m.


Develop a Credible Team with Global Certifications

Determine what knowledge and skillsets internal auditors should possess

Understand what global internal audit certifications demonstrate

Tuesday | March 12 10:15 – 11:30 a.m. CS 4-1: Innovation Through Deployment of Robotic Solutions Mark Robinson, FCCA Head of Internal Audit, U.S. Commercial, Global Operations, and Latin America Smith & Nephew Organizations are starting to leverage robotics solutions to support their strategies for delivering commercial and operational efficiencies. This session provides an overview of an (ongoing) journey to build an enterprise-level robotics solution and examines key areas to consider as that journey develops. We will talk about progressing from a proof of concept to developing and deploying an enterprise-level robotics/automation Center of Excellence; we also examine the implications of this for internal audit. In this session, participants will:

Receive a brief overview of the journey at Smith & Nephew, including proof of concept/value and engagement with senior management.

Discover how to develop an enterprise-level robotics/automation strategy aligned with overall corporate strategy and key pillars of the strategy.

Turn strategy into action by identifying opportunity, aligning with ongoing transformation initiatives, and considering scalability and changes to existing processes.

Discuss governance controls and considerations for internal audit. Mark Robinson is a proven business advisor who gained 22 years of experience in finance, commercial, and operational competencies in roles as a controller, internal auditor, and business advisor in large multinationals across the medical devices, oil and gas/energy, FMCG, and services sectors. A commercial-minded, delivery-focused individual, he offers expertise in risks and controls, as well as exemplary communication skills across all levels of the organization. Most recently, Robinson took on the role as digitization lead for Smith & Nephew’s global business services. CS 4-2: Regulators to Innovators: Internal Audit Dichotomy Moderator: Princy Jain, CIA, CCSA, CRMA Partner PwC Julie Scammahorn, CIA, CRMA

Chief Auditor, Compliance, AML & CBNA

Citigroup

Tinh Vy Head, Internal Audit Stripe Inc. Michelle DeBella, CPA Vice President, Finance Lyft Panelists from banking, tech, and Fintech companies across both regulated and unregulated industries will

discuss how their internal audit leaders align their function’s activities within their environments. Certainly,

banks are on one side of regulatory expectations, whereas tech companies are on the opposite side. However,

Fintech companies stand right in the middle —driven by tech innovation, but in a regulated environment; they

will share their perspective.


Discuss board and management expectations from internal audit in regulated and unregulated industries.

Understand what regulators expect from banking and Fintech companies’ internal audit and how the CAE balances regulator, management, and stakeholder requirements.

Compare and contrast bank, tech, and Fintech companies’ internal audit plans, skill requirements, future resource needs, and independence and objectivity expectations.

Gain insights into regulator and management expectations for Lines of Defense, as well as how CAEs see the future of internal audit in their respective sectors.

Princy Jain has more than 20 years of experience serving technology-sector companies and has spent the past 10 years serving public and venture-backed companies by providing his expertise within internal audit, Sarbanes-Oxley compliance, risk management, and related consulting services across a range of industries including semiconductor, electronics, consumer electronics, internet, software, and more. Jain is an active public speaker on topics including internal audit, Sarbanes-Oxley, and more, and has contributed as a co-author on several guidance publications produced by The IIA. He is an active volunteer at The IIA, serving on The IIA’s North American and Global Boards. He also serves on the Northern California’s Board of Ascend, an organization dedicated to leveraging the leadership and global business potential of Pan-Asians. Julie Scammahorn, as chief auditor for Citibank, N.A., is responsible for the rigorous evaluation of financial, operational, and administrative controls, governance, and risk management practices as well as adherence to laws, regulations, and Citigroup and Citibank, N.A. policies. As regional chief auditor for North America, she oversees program assurance provided over Citi’s businesses across the region. As chief auditor for compliance and anti-money laundering, she provides oversight, direction, subject matter expertise, and audit assurance for compliance at Citigroup. Early in her career, Scammahorn held general auditor and SVP roles at American Express and NationsBank/Countrywide Financial/Bank of America. She previously served in the USMC. She is a member of The IIA’s Financial Services Advisory Board. Tinh Vy has more than 15 years of experience in audit management and governance at companies such as Square, Visa, LinkedIn, and Sun Microsystems. As head of internal audit at Stripe, a technology company that

builds economic infrastructure for the internet, he ensures the successful execution of internal audit strategies and plays an active role on the management risk committee, while partnering with legal and compliance teams on cross-functional initiatives to manage legal and regulatory risks. At Square, Vy established the internal audit function. Previously, he served in various internal audit, revenue operations, and compliance capacities at Visa. Michelle DeBella is currently a vice president of finance for Lyft, reporting to the CFO and helping the ridesharing company grow its finance and internal audit functions. She was chief audit executive for Uber from 2017 until January 2019. Previously, she served as the CAE of HP and Hewlett Packard Enterprise, as well as the vice president of enterprise financial reporting for HP. DeBella began her career in public accounting with EY. She serves on the Board of Governors for the San Jose chapter of the IIA. CS 4-3: Shaping a New World for Top Audit Talent Moderator: Dan Zitting Chief Customer Experience Officer ACL Services Ltd. James Wilson Director, Internal Audit Vail Resorts Todd Hoffine, CPA Partner AquantUs LLC Stephen Wang, CIA, CRMA, CBIP, CISA, CRISC Partner, Advisory Services EY We’re at a point in the audit profession where the old way of doing things isn’t going to cut it anymore — especially if you want to attract bright new minds. Dan Zitting, chief customer experience officer at ACL, will discuss how technology can transform your organization into a dynamic, agile, and “exciting” environment that will attract top talent — in spite of the talent shortage. In this session, participants will:

Uncover some theories on why they’re having problems attracting top audit talent.

Learn how to leverage technology to drive organizational change.

Receive actionable tips on how to get management buy-in for software purchase.

Be armed with the skills to deal with change management related to new technology.

Discover how to be differentiated as a top employer.

Jim Wilson has more than 18 years of experience leading internal audit, SOX compliance, and internal audit

transformation for both public and private companies across diverse industries. As part of his current role at

Vail Resorts, he serves as the team’s professional practice leader, reimagining the team’s audit methodology

and processes. Wilson began his career, and boomeranged, with EY prior to founding internal audit

departments for two companies. He is passionate about coaching and inspiring individuals and teams to reach

their full potential.

Todd M. Hoffine has 20+ years of Big Four accounting and auditing experience. He is a partner with AquantUs, an executive recruiting firm. Previously, at The Coca-Cola Company, Hoffine developed and implemented the strategy and approach for the corporate audit department’s data analytics activities; established regional audit departments in India, China, and the Philippines; and led numerous transformation, cost saving, and best practice initiatives. Prior, as an audit senior manager with Deloitte, Hoffine served public and private manufacturing and retail clients, participated in IPOs and domestic and international M&A transactions on both the buy and sell-side, and was a designated derivatives specialist for the Atlanta office. Stephen Wang is a principal in EY’s advisory services practice. He has more than 20 years of experience providing hands-on leadership, solving complex business problems, engaging diverse teams, and championing people development. Wang’s background has encompassed leading internal audit transformations, performing enterprise risk assessments, managing risk in business and IT processes, conducting SOX 404 audits, and facilitating service organization reporting for clients in various industries, including telecom and technology. He is passionate about using data, analytics, and visualization to increase business performance. Dan Zitting provides executive leadership for strategy, products, marketing, and customer success as chief customer experience officer at ACL, a leading provider of SaaS solutions for enterprise governance, risk management, and compliance (GRC) solutions globally. Dedicated to advancing cloud and “big data” technologies that help corporations and governments perform better while operating with integrity, Zitting has been covered as a thought leader in The Wall Street Journal, CFO Magazine, Bloomberg, Reuters, The Street, and CNBC. He previously spent 10 years in professional services, including four years with Ernst & Young. Zitting also co-founded Linford & Company LLP, a GRC consulting services provider, and founded Workpapers.com, which was ultimately acquired by ACL. CS 4-4: Tools and Strategies to Make Data Analysis Work Jan Beckmann Owner Jan Beckmann Training & Consulting Have you tried implementing data analysis into your audit approach but were frustrated with the time it takes to complete, lukewarm results, employee turnover, and audits that feel like they go on forever? Jan Beckmann spent more than 20 years creating and testing procedures to really make data analysis work in an internal audit approach. She has put those key tools and approaches together to help you. In this session, participants will:

Understand the need for adjusted timelines, scheduling, and management communication.

Learn what templates, guidelines, and reporting are suggested for quality results.

Gain a clear approach for how to select, develop, and retain great data analysts. Jan Beckmann blends her unique combination of humor, energy, and technical knowledge to provide powerful training and consulting. Based in St. Louis, she spent 20 years in the audit profession with Deloitte, Anheuser-Busch, ACL, and BrownSmithWallace and built a go-to data analysis practice. Her business and leadership skills combine with a pragmatic approach her clients love. CS 4-5: PwC's 2019 State of the Internal Audit Profession Study Greg Jordan Senior Vice President, and Chief Audit Executive Nationwide Insurance Jeff Dougher Director, Internal Audit Intel Maribess Miller Director and Audit Committee Chair, Zix Corporation Director and Nominating & Governance Committee Chair, Triumph Bancorp Director and Audit Committee Chair, Midmark Corporation Mike Maali Internal Audit, Compliance, and Risk Management Solutions Leader PwC Verne Klunzinger Internal Audit, Compliance, and Risk Management Solutions Partner PwC For 15 years, PwC has conducted its State of the Internal Audit Profession study. Based on a combination of online surveys and personal interviews with CAEs, CFOs, and audit committee members, the study addresses their perspectives on the challenges and opportunities of the profession. The 2019 study is based on the premise that organizations with risk programs with strong digital DNA are better positioned along their digital transformation journey. In this session, participants will:

• Learn what comprises an organization’s digital DNA and application to the internal audit function. • Understand what risks have a greater potential impact on the internal audit function and how internal

audit can prepare to address these risks.

• Determine what immediate next steps can be taken to help the organization move faster towards full transformation and its rewards.

• Obtain a view of how the digital IA function of the future looks very different, in terms of business model, customer experience, operations, and ways of working.

Greg Jordan has held several business and finance leadership roles at Nationwide. As SVP and CAE, he

oversees Nationwide’s office of internal audit, including reviewing and communicating the results of internal

audit work and serving as a business partner and strategic advisor on various business cabinets. Jordan was

previously VP and CFO for exclusive channel western operations and VP of product management for

Nationwide Financial’s fixed and offshore annuities. Earlier, he was VP of strategic planning, VP of operations,

and controller at Midland Life Insurance Company/Swiss Re, and a senior manager in EY’s insurance and

financial services practice group. Jordan is a member of The IIA’s International Exam Development Committee.

Jeff Dougher is an internal audit director at Intel, overseeing operational and financial audits related to

product development, acquisitions, trade, treasury, tax, and all activities in Asia. He is also responsible for the

organization’s operations, including audit committee coordination, system implementation, global

benchmarking, and other activities. Dougher previously worked in Deloitte’s advisory and assurance function.

Maribess Miller was a partner with PwC for 25 years, including serving as North Texas market managing

partner for eight years. Since 2010, she has been a director of Zix Corporation, and currently serves as its audit

committee chair and on its compensation committee. Since 2014, Miller has been a director of Triumph

Bancorp, and currently chairs its nominating and governance committee and is an audit committee member.

She is also a board member and audit committee chair for Midmark Corporation. She is past Board Chair of

the Texas Health Institute and served on the Texas State Board of Public Accountancy and on the boards of the

TCU Neeley School of Business and the NACD’s North Texas Chapter.

Mike Maali leads PwC’s internal audit, compliance, and risk management solutions, overseeing teams that advise clients on their risk and compliance programs; conduct audits; deliver monitoring, surveillance, and testing solutions; and develop internal controls for business performance issues and IT systems, all through the use of technology and data. For nearly 30 years, Maali has delivered a range of risk management, external audit, and internal audit services to leading global and national organizations. His expertise includes implementing and optimizing enterprisewide risk management programs and systems, as well as performing risk assessments for organizations across industries and translating the results into efficient, risk-based plans for internal audit, risk, and compliance functions. Verne Klunzinger is a partner at PwC, increasing clients’ digital acumen through risk-related work, including ERM and compliance; auditing; delivery of monitoring, surveillance, and testing solutions; and development of internal controls for business performance issues and IT systems. His background encompasses external and internal auditing for multinational and domestic organizations, both large and small, in diverse industries. Klunzinger has 20+ years of experience in building teams and managing large-scale, global internal audit functions that are strategically aligned and add value within their organizations. He focuses on tech enablement of internal audit in advanced analytics, digital technologies, and GRC. He was previously a CAE and compliance leader for several multinational, public companies.

CS 4-6: Stakeholder Management in Chaotic Times Kris Shellum-Allenson Vice President and Chief Audit Executive CVS Health Anne DeTraglia, CIA, CFE Senior Director, Fraud Risk Management NIKE, Inc. Building a successful relationship with business leadership allows internal audit to provide value-added consultation to influence and strengthen operational efficiencies and effectiveness, promote best practices, provide opportunities for cost savings, and enable standardization and globalization of processes. Alignment of internal audit department structure with senior leadership facilitates appropriate levels of support. It’s also important to promote appropriate risk management awareness and risk mitigation with senior leadership. In this session, participants will:

Learn how to think about client relationship management in internal audit as a process to be managed, including the use of metrics.

Discover ways to respond in good times and in “bad” times.

Discuss how to create a virtuous circle with business partners to ensure consistently open lines of communication that provide new insights on improving audit quality.

Kris Shellum-Allenson has 25+ years of global finance, procurement, internal audit, and risk experience. As CAE for CVS Health, she led 100+ internal audit executives in value-added risk and compliance assurance and consulting activities. As VP and CAE for Sears Holdings, she led a team that transformed and increased the value of the store audit function, established an in-house offshore team to improve SOX compliance cost efficiency, and executed a data analytics strategy to address significant logical access requirement issues. As VP and CAE at Sun Chemical Group, she implemented JSOX requirements, led the Six Sigma organization, supported SAP implementation, led fraud investigations, and positioned internal audit to add talent to the finance organization.

Anne DeTraglia is the senior director of fraud risk management at NIKE, Inc. She previously worked in the aviation and retail industries with United Airlines, Sears Holdings, and The Home Depot. Much of her career has been focused on internal audit and operations, working across the organization with diverse constituent groups to achieve the organization’s objectives.

Tuesday | March 12 12:45 – 1:45 p.m. CS 5-1: Turning Automation and Data Analytics Into an Advantage Bryan Blick Vice President and Global Head of Data Analytics, Internal Audit BlackRock Carole Switzer Co-Founder and President Open Compliance & Ethics Group (OCEG) Charmian Simmons, CRMA, ACAMS, CISA Risk Market Development Manager Refinitiv Workflow and intelligent automation is offering auditors new methods and tools to increase productivity, expand risk coverage, and do more with less. Coupled with growing demand for innovative data analytics to handle unstructured data, minimize repetitive tasks, and transform audit execution and departmental operations, striking the right balance is critical for management to advance audit, prepare for future risks, and reinforce the function’s role as a trusted advisor. In this session, participants will:

• Learn about current best practices in audit automation, GRC strategy and systems, and outputs from the recently issued Open Compliance & Ethics Group (OCEG) GRC Strategy Technology survey as it relates to GRC systems and automation.

• Gain awareness of ways forward and requirements to create a self-service data analytics solution to drive efficiencies, reduce manual repetitive tasks, and embed an innovative mindset in auditors.

• Learn from real-life cases and success stories on automation and data analytics in audit, and gain tips to assess what is the best balance in both for their organization.

Bryan Blick leads BlackRock internal audit’s data analytics (DA) program, with responsibility for managing the global DA team, developing and executing against team strategy, and championing the use of DA throughout internal audit. During his tenure, the DA team has doubled its coverage of audit reviews, implemented a self-service DA program, developed tools for audit leadership to better monitor and manage ongoing audits, and shared its analytics work with first and second line functions to further enhance BlackRock’s control environment. Previously, Blick oversaw DA coverage of risk management audit as a senior manager in internal audit at Morgan Stanley. He also held roles in risk management and risk analytics at FINRA and KPMG. Carole Switzer runs OCEG, a nonprofit think tank that provides open source standards to help organizations achieve principled performance by integrating the governance, assurance, and management of performance, risk, and compliance. She is a recognized leader in corporate governance, risk management, and compliance (GRC). She hold a GRC Professional (GRCP) certification, is frequently published in leading business magazines, and lectures on GRC internationally. In 2010, Switzer was honored with a lifetime membership in the Institute

for Risk Management. She has held the top level AV rating for outstanding attorneys for more than 25 years and is identified as such in the Martindale-Hubbell Bar Register of Preeminent Women Lawyers. Charmian Simmons is a Risk Expert in Market Development at Refinitiv. Charmian has over 18 years of experience in internal audit and IT advisory, primarily in the financial sector. She is CRMA, CAMS and CISA certified. Charmian was previously with Thomson Reuters as a Market Development Manager responsible for providing expertise and analyzing key policy/regulatory/cultural/technology drivers transforming the industry. Charmian was also the Head of Audit NA at Lloyds Banking Group, a Vice President in Internal Audit at Morgan Stanley covering institutional securities, and with PWC’s Global Risk Management Services, providing IT advisory and assurance services for 5 years. CS 5-2: Innovation in Audit: Future-focused Auditors Discuss What Is Next Moderator: Andrew Struthers-Kennedy, CRMA, CISA Managing Director Protiviti Gerard Morisseau, CISSP, CIPP Senior Audit Director Microsoft Corporation David Malcom, CIA Managing Director, Global IT Audit Accenture Chris Kyriakakis Vice President, Internal Audit Capital One A forward-looking audit function should provide insight, oversight, and foresight around an organization’s current and future risks and controls. Cutting-edge technologies, data analytics, and transformative audit approaches and methodologies enable and accelerate how internal audit functions operate — now and for the future. Join Protiviti’s Michael Thor for an interactive panel discussion with audit executives who are shaping the next generation of internal audit in their organizations. In this session, participants will:

• Discuss adopting an Agile approach to auditing along with innovative approaches to audit reporting.

• Leverage advanced technologies (including RPA, AI) for improved auditing, insights, and decision making.

• Brainstorm how to put innovation front and center as well as how to manage talent in the age of digital disruption.

Andrew Struthers-Kennedy is a managing director, leading Protiviti’s global IT audit practice. He works with clients across industries to deliver outsourced and co-sourced internal audit services, as well as technology and risk management consulting services. Struthers-Kennedy also works with organizations to establish the platform for delivery of next-generation internal audit and risk management services through the use of analytics, automation, and other emerging tools. He is on the board of his local IIA chapter and is a frequent speaker at IIA and other professional association events. Gerard Morisseau is responsible for overseeing the company’s programs for cybersecurity, Microsoft IT, Office

365, artificial intelligence, and Microsoft retail stores. During his time in internal audit, he has contributed to

the security certifications of all major cloud services at Microsoft. Morisseau joined the information security

team at Microsoft in 2007 as a program manager. In this role, he was responsible for leading security

assessments and for developing the organization’s vendor security maturity assessment program.

David Malcom leads Accenture’s global IT internal audit function as a managing director within the firm’s internal audit organization. He is responsible for identifying, evaluating, and reporting on IT risk to Accenture senior leadership and the Audit Committee of the Board of Directors. Previously, as chief information security officer (CISO) for Hyatt Hotels Corporation, Malcom was responsible for implementing and overseeing the security program for 500+ properties in 46 countries and collaborating on the design and development of innovative, secure solutions to enhance guest experiences. Prior to Hyatt, Malcom led Accenture’s IT internal audit team for five years. He also has extensive experience as an IT risk consultant with the Big Four.

Chris Kyriakakis joined Capital One's internal audit department in 2012 and currently oversees technology and

enterprise services audit, leading audit services that address technology risk across the company, engaging in

mergers and acquisition activity, and providing thought leadership on emerging technologies. Prior to joining

Capital One, Kyriakakis was a partner at Frazier & Deeter (F&D) where he established and led the firms risk

advisory practice. While there, he functioned as the CAE for several mid-market public companies for which

F&D headed their internal audit function. Kyriakakis also spent 11 years at Deloitte & Touche during which

time he held a national role related to Sarbanes Oxley services and supported the FS lead partner with the

rollout of internal audit services at large financial services and banking targets in the Atlanta/Birmingham

marketplace. Kyriakakis is also a former IS inspector with the Public Company Accounting Oversight Board

(PCAOB) where he assisted with the development and delivery of Sarbanes-Oxley inspection programs. He is a

qualified instructor for the AICPA and for ISACA, delivering multiple training seminars over the years.

CS 5-3: In Conversation With…Navigating the Politics of Internal Audit

Moderator: Cyndi Plamondon, CIA, QIAL, CISA, CCSA, CGAP, CFSA, CRMA Senior Vice President and Chief Knowledge Officer The Institute of Internal Auditors Dominique Vincenti, CIA, CRMA, CPBPM Global Head, Internal Audit and Chief Audit Executive UBER The word “politics” in the workplace generally resonates negatively. Saying someone or a group of people is political often evokes images of back-room dealing, manipulation, hidden agendas for personal gain, power struggles, and pressure. However, organizational politics are important, and you and your team must build these critical skills or the likelihood of you as a leader and your internal audit shop as a valuable business partner will be greatly diminished. In this session, participants will:

Understand the definition of organizational politics and its various facets.

Follow a framework designed to address all aspect of organization politics thoughtfully.

Receive examples of tools and technique to use to improve their political skills.

Cyndi Plamondon has responsibility for global revenues comprising more than US$16 million and leads a professional staff of more than 45 members in the areas of professional standards and assessments, professional and stakeholder relations, governance, and quality assessments. Prior to her most recent appointment, she served as vice president of global professional certifications, responsible for the administration, development, and execution of 12 certification exams in 20 languages delivered in 165 countries. Prior to that, she held posts including vice president of professional practices overseeing the development and distribution of standards and guidance for internal audit professionals around the world; vice president of educational programs; and manager of quality assurance reviews. As a member of the internal audit profession, Plamondon was director of internal audit for PSS World Medical Inc. and inspector general for the University of North Florida (UNF). She also worked in internal auditing for Prudential Insurance Co. for nearly 10 years in both the insurance and financial services areas. Plamondon regularly facilitates seminars and speaks at conferences on behalf of The IIA. She is a certified course developer/designer and has received The Institute’s Distinguished Faculty Member designation. Dominique Vincenti became Uber’s global head of internal audit and chief audit executive after nine years as

Nordstrom’s vice president of internal audit. Her 25-year background includes internal audit management

positions with prominent international retailers as well as a chief officer position at The IIA where she oversaw

professional and technical practices, including standards, technical guidance, certification, advocacy, and

research. Vincenti represented the internal audit profession and directed technical discussions on governance

and risk management with the U.S. SEC, International Organisation of Securities Commissions, International

Organisation of Supreme Audit Institutions, and European Commission. She also represented The IIA and

provided technical support to COSO task forces for COSO ERM 2004, COSO Monitoring, and COSO ICFR-SPC.

CS 5-4: Innovative Approach to Audit Reports

Neil Frieser, CIA, CPA

Senior Vice President, Internal Audit

Frontier Communications

This session will delve into developing new and innovative internal audit report formats using best practices examples and graphical elements to aid in presentation format. In this session, participants will:

Learn about an innovative approach to developing audit reports for operational and implementation audits.

Obtain a clear understanding of the linkage between findings, maturity, and overall report ratings.

Take away best practice examples for organizing and presenting content within audit reports. Neil Frieser is senior vice president of internal audit for Frontier Communications, an $8 billion company with customers in 29 states. Previously, as vice president of internal audit for Warner Music, he managed Viacom’s global Sarbanes-Oxley compliance function. Earlier in his career, he was CFO for Simon & Schuster’s medical publishing operations and an audit and transaction support manager with PricewaterhouseCoopers. Frieser is currently vice chairman of the North American Board and a member of the Global Board of The IIA. The author of multiple articles on corporate governance and compliance, he has chaired, since 2016, an annual conference focused on cybersecurity collaboration between the government and the private sector. CS 5-5: Made-to-Measure, a Tailored Approach to Cybersecurity Assurance Daniel J. Desko, CISA, CISSP, CTPRP Shareholder, Cybersecurity and IT Risk Advisory Services Schneider Downs Jon Coughlin Technology Audit Director, Infrastructure and Security PNC Financial Services

Internal audit functions are feeling increased pressure from boards of directors and audit committees to gain better assurance over the cyber-posture of their organizations. This is a difficult proposition while facing many challenges such as the cyber-talent shortage and budget constraints in a tightening economy. A one-size-fits-all strategy is clearly not an optimal approach for assessing cybersecurity risks. So what is the best way to tackle the cybersecurity conundrum? In this session, participants will:

Learn how to define their organization’s risk profile, honestly assess their current capabilities to better focus their efforts, and go beyond a compliance-based “checklist” approach.

Understand the technical skill sets required to assess the most prevalent threats and discuss cutting-edge tools and techniques that enhance cybersecurity testing.

Develop ideas about how innovative tools such as AI, machine learning, and RPAs can enable the internal audit team.

Dan Desko manages and leads a team of IT audit, cybersecurity, and risk professionals with diverse experience and skill sets as a leader in the IT risk advisory services practice at Schneider Downs. He is also responsible for project delivery, management, and overall quality control. Desko currently serves a wide range of clients across multiple industries and many IT platforms and systems. Prior to his career in audit and security, he worked in the technology departments of a Fortune 500 manufacturer and a Fortune 50 health care insurance provider. Jon Coughlin is responsible for leading audit coverage of the technology infrastructure and security functions at PNC Financial Services. Since joining PNC in 2012, he has had accountability for leading the audit team’s coverage of infrastructure, security, fraud, technology risk management, and technology project auditing at various points. Prior, he was senior manager within the enterprise risk services function at Deloitte & Touche. During his time in public accounting, Coughlin focused on technology audit (external and internal), technology risk management, and security governance. Throughout his 17+ years of broad, global experience, he has delivered technology, risk, and control related services in the financial services, healthcare, retail, and manufacturing industries.

CS 5-6: Driving Impact and Influence with Issues Management Eric Reeves, CIA, CRMA Senior Vice President and Audit Director Bank of America Brenton Farwell, CISA Senior Vice President, Senior Audit Director Bank of America Audit departments are uniquely positioned to see the entire organization from their third line of defense seat. Though they typically identify and validate issues, then move to the next engagement, it is critical that audit leaders think more broadly about risks and their potential impacts on other areas. When audit management advances beyond simply identifying issues and incorporates routines of thematic issue analysis and broader applicability, they can play a more strategic role for their organization. In this session, participants will:

Think more strategically about issue identification, explore methods of analyzing issues across their organization to look for broader themes, and assess methodologies that can be applied to enhance issue reporting.

Learn ways to implement management routines to look at critical issues across other areas of their organization.

Identify opportunities to drive changes in management more broadly in their communication of risks.

Eric Reeves has 23 years of banking and financial industry experience. As an audit director at Bank of America, his responsibilities with the CFO audit and model audit teams include audit plan ownership, board and senior management reporting, financial plan management, and regulatory reporting. He also leads a team in managing issue remediation, validation, and reporting, and helps direct the Capital Adequacy Process / Comprehensive Capital Analysis and Review (CAP/CCAR) audit team. Reeves previously led teams providing anticipatory and additive audit coverage by pinpointing critical areas of focus and evaluating emerging and existing business risks, industry trends, and changing regulatory requirements. He also held positions at legacy MBNA in card issuance, operations finance, and payment services. Brenton Farwell is responsible for global audit coverage of global technology and operations as a senior audit director at

Bank of America. His team provides independent assessments of internal business controls and processes, as well as

makes recommendations in support of the company’s risk framework and business strategy. Farwell has 15+ years of

experience in IT and has held numerous leadership positions in technology and security. He worked in global information

security at Merrill Lynch for five years before joining BOA’s corporate audit organization in 2012. After leaving BOA, he

returned in 2014 to head the information and cyber security program for corporate audit.

Tuesday | March 12 2:00 – 3:00 p.m. CS 6-1: Transformation Journey to Automation and Continuous Monitoring David Chavez Vice President and Chief Financial Officer, Latin America Marathon Petroleum Corporation This session aims to provide the audience with a practical pathway for transforming their internal audit

function to focus on robotics, analytics, and continuous monitoring. Presenters will walk through examples, as

well as share quick wins and small failures along the journey of transformation.


Learn how to kick off their transformation journey.

Determine the proper milestones and objectives of their transformation plan.

Define success for their transformation effort and how to measure it.

Explore the technology options available to them.

David Chavez has extensive experience implementing ERP and GRC strategy, internal control frameworks, ERM, SOX, corporate compliance, controllership, and internal audit functions. He is currently a VP and CFO at Marathon Petroleum. Previously, as chief audit officer at Andeavor, he oversaw assurances, ERM, analytics, and process assessments to identify and manage business risk and deliver organizational effectiveness and efficiency. Prior, Chavez was the CAE at DreamWorks Animation SKG and managed engagements for Fortune 100 companies as a national leader of Deloitte’s GRC technology practice. Additionally, he managed the SOX

program and served as head of ERM and GRC at Dell Computers. He also spent several years at GE, Genpact, and EY. CS 6-2: Auditing Culture Wieke Scholten Head, Audit Behavioral Risk Royal Bank of Scotland Erica O'Malley, CPA Organizational Strategy Leader, Strategy and Transformation Grant Thornton Sue Jex Director and Head of People, Culture, and Organization Business Risk Services Grant Thornton Culture is a hot topic for internal audit across many sectors and across most geographies. However, it is a topic that is difficult to approach, as culture itself is seemingly intangible, sometimes operating at a hidden level. How should internal audit respond to the genuine challenge the business has, and how can successful internal audits be delivered, with structured issues and actions against controls? In this session, participants will:

• Research recent trends in the inclusion of risk culture and culture in internal audit plans across sectors and geographies.

• Identify the various business drivers of culture and suggest approaches to internal audit. • Evaluate recent trends in the risk assessment of culture across sectors and countries in each of the

culture drivers collected electronically using surveys. • Define an approach to design effectiveness and operating effectiveness, as well as sets of metrics that

can be used for continuous monitoring of risk culture and culture. • Provide case studies to highlight approaches and challenges.

Wieke Scholten heads a team within internal audit at RBS that assesses area-specific subcultures that could result in undesirable outcomes such as misconduct, poor decision making, and poor risk management; the team also conducts deep-dive reviews in high-risk areas to impact adverse ‘local climates,’ mitigate behavioral risk, and prevent future issues. Previously, Scholten was a senior supervisor of behavior and culture at the Dutch financial supervisor (DNB). Earlier, she provided organizational consulting on leadership and behavioral change, primarily in the health care industry. As an organizational and social psychologist with a PhD in behavioral science, Scholten’s research has focused on preventing unethical behavior. Erica O’Malley, a partner in Grant Thornton’s organizational strategy practice, is a dynamic leader who works closely with clients to increase business performance by creating and promoting high-performing cultures and inclusive work environments that drive strategic results. Her client experience includes future operating model

design, talent retention design, alignment of organizational culture following M&A and divestitures, assessment of the impact of culture on behavior and results, creation of an employee brand promise through people alignment, development of inclusion strategy, maximization of employee alumni relations to drive strategy, and translation of values to behaviors and outcomes. O’Malley is also a certified culture facilitator. Sue Jex is the culture lead of Grant Thornton’s business risk services team. She designed the firm’s culture audit methodology and has undertaken culture audits and HR value-added audits across many organizations, liaising at the board level to link strategy and the achievement of business goals with culture. Previously, at HSBC, she developed, implemented, and delivered an integrated and holistic approach to culture and client service that propelled the bank from the bottom to the top of the industry customer satisfaction index in just two years. Jex also helped to develop the brand and marketing strategy of HSBC globally, leading to the launch of “The world’s Local Bank.” CS 6-3: Perspectives of a World-class Rotational Internal Audit Program Vijayant Sitani, CA Chief Audit Executive PACCAR Over the past 40 years, PACCAR’s rotational internal audit program has had more than 300 internal auditors rotate in, and then back out, to the business. Almost every current PACCAR leader was a rotational internal auditor at some point in their career. In the same time, PACCAR’s guest auditor program has had more than 2,000 business managers participate in an audit project. In this session, participants will:

Gain insights into how PACCAR’s rotational internal audit program drives their talent management and leadership development process.

Learn best practices for establishing a rotational internal audit program, and how to create a culture in which high-potential employees compete for open rotational audit positions.

Explore how to maximize the rotational auditor’s time in internal audit and place them back in the business.

Discuss how to develop a guest auditor program that helps other business leaders gain the needed exposure to take on additional responsibilities in the business.

Vijayant Sitani has more than 23 years of experience in internal audit, controls, and risk management. He presently heads the global internal audit function of PACCAR, a world-leading Fortune 150 manufacturer of medium and heavy-duty trucks sold under the Kenworth, Peterbilt, and DAF brands. Sitani previously spent over three years with McDonald’s Corporation as a director of internal audit responsible for operational and financial audit. Earlier in his career, he served for more than nine years in various audit roles with Stanley Black and Decker and also spent seven years in public accounting. CS 6-4: Managing and Delivering Internal Audit’s Data and Analytic Needs

David Dunn, CIA, CPA, CITP, CGMA Executive Vice President, Assistant General Auditor The PNC Financial Services Group Derrick Thomas, CISA, CISSP, CGEIT Senior Vice President and Director, Advanced Data and Analytics Solutions The PNC Financial Services Group Balancing all the requests of your internal business units is vital for the success of your internal audit data analytics function. Learn about our journey to building a data analytics function that enhances audit service delivery. In this session, participants will:

Understand common pitfalls to watch out for while meeting client needs.

Review steps for enhancing end-user experience levels and timelines.

Analyze the value of building once and showcasing often, including obtaining buy-in and identifying stakeholders to champion their effort.

David Dunn is responsible for leading the internal audit function for PNC’s information technology as assistant

general auditor for The PNC Financial Services Group. He was previously senior vice president and senior audit

director of global technology and operations for Bank of America. Dunn’s 24+ years of experience in

technology, audit, and financial services include The Royal Bank of Scotland, where he served as head of

operational risk management (ORM) and as director of ORM technology and the Basel II program. Earlier, he

held senior leadership positions at Capital One Financial, PeopleSoft, and Corning.

Derrick Thomas is a director in charge of the advanced data and analytic solutions (DAS) team within PNC’s technology audit group. His team is responsible for data analysis, data procurement, code review, and infrastructure management functions within the internal audit department, as well as for the department’s advanced analytic development, including robotics process automation (RPA), machine learning, and other emerging analytic hot topics. He is an accomplished accounting, audit, project management, and risk professional and specializes in data analytics, IT audit, risk management, and security. Thomas is also an adjunct-instructor and speaker for several professional service organizations, including The IIA and ISACA.

CS 6-5: The Future of Internal Audit: Innovative Approaches to Audit Operations Dennis A. Stankiewicz Vice President, and Chief Audit Executive UnitedHealth Group Julie Connors Senior Vice President, Audit and Chief Risk Officer Interpublic Group Lisa Hartkopf Americas IA Leader EY The rapid pace of change in the global marketplace suggests there is one certainty for all organizations: the status quo is no longer acceptable. Many companies are embracing new technologies, restructuring business models in response to changing risk profiles, and using alternative strategies to satisfy resource needs. This panel discussion will highlight the future of IA, innovative approaches to risk assessment, continuous control monitoring, and digitized reporting, yielding positive results. In this session, participants will:

• Learn about the future of IA and leading practices that help practitioners gain value from their IA function.

• Discover how companies are taking new approaches to risk assessment, continuous control monitoring, and digitized reporting.

• Understand how to apply these approaches to their own organizations.

Dennis Stankiewicz is the chief audit executive for UnitedHealth Group. He has held this position since August 2016 and is responsible for providing internal audits, consulting, and advisory services in the evaluation of the UnitedHealth Group’s risk management, control, and governance processes. Previously, Stankiewicz was a partner at Deloitte & Touche LLP. Julie Connors has more than 25 years of experience in internal audit, enterprisewide risk management services, and SOX readiness consulting. She oversees global audit and risk strategies, including corporate compliance, investigations, business continuity, crisis management, and other key governance initiatives, as SVP and audit and chief risk officer for Interpublic Group. Previously, Connors was a partner and key leader Deloitte & Touche’s enterprise risk services practice, helping build the firm’s advanced risk methodologies and leading teams serving some of its largest clients. She also led an initiative to bring Deloitte’s Women’s Initiative Network (WIN) programming to clients.

Lisa Hartkopf is with EY’s advisory practice and also serves as EY’s Americas internal audit leader. She has more than 22 years of public accounting experience, working in assurance, transaction, and advisory services. Hartkopf leads the innovation, thought leadership, methodology, client service, and go-to-market growth initiatives around internal audit services in the Americas and works with clients to maximize the operational

effectiveness and efficiency of processes, risks, and controls, primarily with automotive, consumer products, and diversified industrial manufacturing companies. She has also assisted clients in their implementations of Sarbanes-Oxley, Japanese Financial Instruments and Exchange Law (J-SOX), and ERM programs. CS 6-6: Building a More Agile and Relevant Internal Audit Function Tim Berichon, CPA Chief Audit Executive Cooper Tire & Rubber Company In today’s environment, internal audit is vulnerable — vulnerable to complacency and insignificance. Internal auditors need to break out of their historical frame of reference and embrace agility. The 2018 IIA Pulse results show that less than half of CAEs consider their internal audit functions to be very or extremely agile, and stakeholder engagement could be improved. In this session, participants will:

Understand how to build a more agile internal audit function that allows them to say yes to what matters most.

Be able to deliver on “non-traditional” management requests that matter.

See the Top 10 strategic initiatives that allowed Cooper Tire & Rubber to build a more agile and relevant internal audit function.

Tim Berichon has 30 years of diverse, global experience in internal and external audit, business finance, sales, product marketing, and software consulting. He is head of internal audit at Cooper Tire in Findlay, Ohio. He joined Cooper Tire after serving as head of internal audit at Grace Construction Products (GCP) in Boston, Massachusetts and senior director of internal audit at Tyco International in Princeton, New Jersey. While at Tyco, Berichon also served two years as business unit CFO of Sub-Sahara Africa based in Johannesburg, South Africa. He began his career at PwC.

Tuesday | March 12 3:10 – 3:20 p.m. Learn from the Leader – IIA 10 Minute Sessions to Enhance How You Audit CAE Alignment: Defining Alignment in a Dynamic Risk Landscape

Determine ways to better engage and strengthen relationships with key stakeholders

Learn about findings from the 2019 Pulse of the North American Profession survey

Discover insights to maximize resources around emerging organizational risks

Tuesday | March 12 3:30 – 4:30 p.m. CS 7-1: Digital Auditor Hype Check: Separating Automation Myths From Practical Realities Donald Gallien, CPA, CISA, CRCM, CISSP Vice President, and Portfolio General Auditor American Express Joe Pizzuto Vice President, General Auditor, and Head of Strategic Risk Management General Motors Paul Wigham, CRMA, CMIIA Senior Managing Director, General Insurance, Internal Audit Group AIG Michael Smith, CPA Partner KPMG Intelligent automation is on everyone’s radar. Automation centers of excellence are popping up everywhere. Without conventional wisdom to guide them, internal auditors are engaging with these technologies in radically different ways. And rumors abound. Will automation bring a Utopian future where auditors focus on the “fun parts” of the job? Are automated audits a pipe dream? Will automation disrupt the traditional three lines of defense? We’ll use real examples to separate hype from reality. In this session, participants will:

• Develop ideas on how the auditor of the future looks, discuss the myths of automation and analytics, and understand what is achievable and even desirable.

• Learn how internal functions are leveraging automation and analytics to enhance the value of the audit process.

• Recognize opportunities and pitfalls inherent in automation technology from an auditor’s perspective. • Relate automation experiences from other internal auditors and business criteria for successful

automation use cases to their own departments and organizations.

Donald Gallien is a vice president, portfolio general auditor at American Express. He leads audit teams

performing information technology audits and data analytics for the internal audit group. Previously, he was a

senior vice president, treasury systems at Countrywide Financial Corporation, where he led the corporate

treasury information technology function. He was also a manager in Deloitte & Touche's enterprise risk

services practice, and held other audit positions in industry and government.

Joe Pizzuto manages a global team of audit professionals providing independent, objective assurance on the effectiveness of GM’s risk management, governance, and controls. He’s also responsible for managing GM’s strategic risk management function, assisting management and the Board in evaluating strategic and operating risks, and maintaining an effective ERM framework. Previously, as CAE at GE Capital, Pizzuto led a

team of more than 350 audit professionals based in 16 countries worldwide. Prior to GE, he spent 18 years with Citigroup and its predecessor companies, including serving as chief auditor of Citibank. He was also chief auditor of Smith Barney and managing director of internal audit for Citigroup Latin America.

Paul Wigham joined AIG in 2013 in London as audit managing director for EMEA, then assumed additional responsibility for audit coverage of the global claims and operations function. He moved to New York in 2016 to assume the role of senior managing director for general insurance, which he continues today. Wigham, who has worked in the financial services sector for almost 30 years, has experience across a range of banking, asset management, and insurance businesses, holding senior internal audit roles in New York, London, Ireland, Kuwait, and Saudi Arabia.

Mike Smith has worked extensively with internal audit and SOX departments constantly challenged to do more with less. His passion for using emerging technologies to drive real business results led him to become KPMG’s intelligent automation leader for internal audit, serving clients that use robotic process automation, cognitive automation, and artificial intelligence to improve risk, assurance, and cost outcomes. Smith’s innovative work to help auditors through every phase of the intelligent automation journey has resulted in time saved, improved assurance, and increased insights. As a frequent presenter and author on the subject of intelligent automation, he enjoys separating fact from fiction using real stories and practical examples.

CS 7-2: Agile Internal Audit: From Pilots to Transformation Sarah Adams, CISA and CRISC Managing Director Deloitte Jeffrey Jarczyk, CPA Executive Vice President and Chief Auditor Fidelity Investments Jim Tringali Senior Vice President Fidelity Investments Christine Meuse Audit Vice President, Innovation and Enablement Fidelity Investments Ranjani Narayanan Senior Manager Deloitte

So you’ve completed your pilots and tailored your approach based on lessons learned. Better, faster, happier. Now is the time to transform your function. From risk assessment, to organizational structure, to measuring performance when the focus shifts to team, to staying compliant with standards, to all the other activities a high-performing IA function needs to tackle… join the CAE of Fidelity Investments as he shares their journey to becoming fully Agile. In this session, participants will:

• Understand what benefits may be gained by implementing Agile within IA. • Learn what challenges they may face and what strategies they can use to overcome them as they

continue their Agile journey to full transformation. • Reference use cases of practical applications of Agile to their IA department, not just projects.

Sarah Adams has over 30 years of audit, technology, operations, and IT risk and controls experience. As a

managing director at Deloitte & Touche LLP and the global leader of Deloitte’s IT internal audit practice, she

currently leads the Deloitte Agile IA initiative, developing methodology and working with clients to transform

their internal audit practices by applying agile techniques. Previously, Adams was global audit director for The

Walt Disney Company and internal audit assistant vice president for the Americas Division of Westpac Banking

Corporation. She has also developed and presented training programs for The IIA and ISACA.

Jeff Jarczyk is the chief auditor of FMR LLC, Fidelity Investments’ parent company. He leads FMR LLC’s internal audit function in adding value to and protecting Fidelity by providing risk-based and objective assurance, advice, and insight. His team of business operations and technology auditors cover all of Fidelity’s business units and functions. Jarczyk also chairs the Auditor Independence Committee responsible for ensuring Fidelity remains independent of its external audit firms. He previously served as chief accounting officer of FMR LLC and led teams in Fidelity’s internal audit function. Earlier in his career, Jarczyk served in audit partner roles at Arthur Andersen and Deloitte.

Jim Tringali has more than 30 years of audit and risk management experience in brokerage, banking, and asset management. As a senior vice president at Fidelity, he leads a team responsible for audits of the firm’s distribution businesses, encompassing the firm’s retail and institutional brokerage businesses, as well as workplace and healthcare offerings. Tringali previously held leadership roles in audit and risk management at Barclays Capital and Lehman Brothers. Christine Meuse leads Fidelity corporate audit’s innovation and enablement function, which encompasses audit’s agile transformation, center of innovation, operations, recruiting, onboarding, and associate development. In a previous audit capacity, she supported Fidelity’s distribution businesses and oversaw audits of the defined contribution, defined benefit, trust company, and retail businesses. Roles prior to Fidelity included internal audit at Boston Financial Data Services and audit assurance with Ernst & Young.

Ranjani Narayanan specializes in enterprisewide risk management and risk consulting services. She serves clients across the consumer and industrial products, technology media, and telecommunications industries. Narayanan provides information technology risk services to clients of various sizes and risk profiles. She has served in several roles during her tenure, including risk management, internal audit, governance, cybersecurity, and finance transformation. Narayanan has led large IT internal audit functions, both

outsourced and co-sourced, and has extensive knowledge of Sarbanes-Oxley’s requirements for internal controls over financial reporting.

CS 7-3: Why Don’t They Listen? You Aren’t Persuading!

Brian Tremblay, CIA, CISA

Director, Internal Audit Acacia Communications We often ask ourselves why auditees and colleagues simply won’t do what in some cases is required of them,

either due to audit findings/results, company policy, or even laws and regulations. Internal audit teams,

particularly those who engage directly with stakeholders on these matters, seem to continually struggle not

only with getting required actions from their stakeholders, but also with getting the most prudent

recommendations implemented. Why? It comes down to one word — persuasion.


Understand why stakeholders resist recommendations from internal audit professionals.

Learn why an ability to persuade is a core competency all internal audit professionals need.

Identify simple techniques that can help them persuade stakeholders to their ‘side’ and deliver better value.

Hear real-world examples of how to use these tactics in action.

Brian Tremblay leads all activities of the internal audit function at the high-tech semiconductor company. He

has spoken on the topic of branding at several conferences, believing a strong brand can be a significant asset

to an internal auditor’s success. Prior to joining Acacia, Tremblay was director of internal audit at Iron

Mountain, overseeing all audits and projects within North America as well as liaising with global quality

managers. Prior to Iron Mountain, he served as senior manager at Houghton Mifflin Harcourt, where he built

out an internal audit department and executed a Sarbanes-Oxley implementation. Tremblay also previously

worked at Raytheon and Deloitte.

CS 7-4: Audit Findings: Observations and Follow-Up Charlene Chan Business Assessment, Audit Director Oracle Scott Owens, CPA Director and Business Operations Advisor Oracle

Are there opportunities for your internal audit department to increase its effectiveness in working with the

audit committee and management process owners? Are your audit observations and recommendations useful

and a good source of information? This presentation will answer these questions, providing insights and

leading practices to simplify, standardize, and enhance your audit observation and follow-up processes. We

will also discuss the value proposition and impact/benefits to audit committees, executive management,

auditees, and the internal audit organization.


Learn how to provide the audit committee and executive management with timely and relevant information for effective risk management oversight.

Gain tips on engaging process owners with meaningful observations and employing a simple, collaborative follow-up process to ensure timely completion of action plans.

Discover how to empower internal audit with tools and methodologies that drive efficiencies and increase audit effectiveness.

Charlene Chan has more than 15 years of combined internal audit, external audit, and revenue operations experience. In her current role as a business assessment and audit director at Oracle, she directs project teams to perform global process reviews, conducts global risk assessments, and provides subject matter advisory services to improve the company’s operations. Chan has led investigation projects that helped to improve various compliance/control processes. She also managed the implementation and customization of an audit tool for Oracle’s internal audit department, working with the product development, product strategy, and IT infrastructure teams.

Scott Owens is a business operations advisor of business assessment and audit at Oracle. He has extensive

experience leading teams in large technology companies and consulting firms. Owens recently led the

successful transformation of a highly complex tax function. He brings technical and business acumen that

enables him to understand the needs of organizational leaders and stakeholders to drive tactical change in

operations.

CS 7-5: Cybersecurity: Beyond the Buzzword

Brian L. Kirkpatrick, CIA, CRMA

Managing Director, Risk Advisory Services

BDO

Andrew Belsick, CISA, CISM, CRISC, CCSFP

Director, Information Security Governance, Risk and Compliance

Dick's Sporting Goods

Cybersecurity presents major risks to businesses of all sizes across all industries. These risks include data breach costs, regulatory fines, and reputational impact. Despite the frequency and scale of these attacks, many companies remain naive about their own level of risk and unsure of how to protect themselves.

Misperceptions about the level of technical knowledge required and uncertainty over who is responsible within the company often add to the confusion. In this session, participants will:

Describe today’s cybersecurity challenges.

Recognize regulatory requirements associated with specific industries and types of data.

Understand risks pertinent to their environment and identify actionable steps to manage or mitigate these risks.

Brian Kirkpatrick has more than 19 years of experience delivering internal audit, compliance, and consulting services and solutions. He has expertise in consulting and performing internal audit services (including external quality assessment reviews), enterprise risk management (ERM), Sarbanes-Oxley (SOX) including SOX readiness and compliance management services, finance and performance management, and business risk assessments. Kirkpatrick’s clients include middle market and Fortune 500 companies across a broad range of industries, including manufacturing and distribution, IT services, health care, transportation, energy, and property management services. Previously, with a Big Four public accounting firm, he provided internal audit services to various middle market and global diversified companies. Andrew Belsick has over 12 years of experience delivering value-added IT advisory and assurance services. His

background has spanned IT risk assessments, IT audits, Sarbanes-Oxley compliance, HIPAA compliance, third-

party risk management, security/control assessments, PCI compliance, policy/standard development, and SOC

reporting. Belsick has led engagements across several technology platforms and also delivered risk advisory

services to identify and map technology risks to key business risks, including information ownership and data

governance initiatives. Prior to joining BDO, he managed the information security governance, risk, and

compliance team at a Fortune 500 retail company. Belsick’s experience encompasses a broad range of

industries, including retail, healthcare, financial services, and manufacturing.

CS 7-6: Auditing Change: How to Survive (and Thrive!)

Martin Rubenstein, CIA, CPA, CFE

Chief Audit and Evaluation Executive, Integrity Officer Transport Canada An effective role in change management empowers internal audit to move from the back room into the board

room. Involvement in the change and transformation agenda enables internal audit to add considerable value

to an organization. Transport Canada’s internal audit function was involved at the beginning of a significant

change initiative that helped ensure the development of sound controls for the $1.5 billion Ocean’s Protection

Plan program, a multi-department, multi-stakeholder, “nation-to-nation” partnership.


Understand where internal audit fits into the transformation/change agenda.

Learn how to provide “real-time assurance” or “continuous auditing” on soft controls such as governance, accountability, risk management, and stakeholder engagement.

Develop a more fluid approach to periodic/dashboard reporting versus “end of audit reporting.”

Determine how to balance having a seat at the management table with the independence of the audit team.

Martin Rubenstein has 25+ years of experience in audit, evaluation, investigations, and risk-based management. At Transport Canada, he provides insight on the effectiveness and adequacy of departmental risk management practices, controls, and governance processes. He also oversees TC’s Integrity Framework (prevention, detection, and investigation of fraud and misconduct). Additionally, as the Canadian representative on the Board of External Auditors for the Organization of American States, Rubenstein advises on organizational affairs promoting greater efficiency, effectiveness, and economy. He was previously CAE for Canadian Institutes of Health Research, audit manager for Foreign Affairs and International Trade Canada, and director of internal audit at Carleton University and Natural Resources Canada.

Wednesday | March 13 8:30 – 9:45 a.m. General Session 5: Sound Bites: Disruptive Technologies and The Impact on Auditing

Session Facilitator:

Harold Silverman, CIA, CRMA, QIAL

Managing Director, CAE Solution


Disrupting Internal Audit: From Analytics to Assurance

Brian Foster, CIA, CPA

General Manager, Internal Audit

Microsoft Corporation

As you’ve likely heard, we’re in the midst of the fourth industrial revolution, and the pace of change is faster

than ever before. Business is changing, and audit along with it. Ten years from now, the internal audit

profession will look dramatically different than it does today. Though many audit organizations already do a

good job with data analytics, we’ve only just scratched the surface of how we can (and should) use

technology.


Learn what they should already be doing to prepare for changes in the profession.

Understand the steps to take to prepare for coming disruption.

Hear tips on how technology can, and should, be used to provide assurance.

Transforming Internal Audit Using New Technologies

Stephen Mills, CIA, CCSA, ACA

Managing Director

Promontory Financial Group, LLC (an IBM Company)

Emerging technologies represent a transformational opportunity for the internal audit profession to realize

the vision of internal audit as a pro-active, insightful, and future-focused activity. The alternative will be to

become increasingly irrelevant.


Learn how new technologies can transform existing practices for risk assessment, audit testing, and reporting.

Discover how new technologies will impact all facets of an internal audit function, including management, staffing, process, and tools.

Reinforce the urgency to proactively embrace change.

Understand the linkage between the use of new technologies and application of the Core Principles for the Professional Practice of Internal Auditing.

Disruptive Technologies and Mitigating Emerging Risks

Christa Steele

CEO, Corporate Board member & Advisor to public and private companies

Owner

ChristaSteele.com

The internal auditor is the first line of defense to the boardroom. The role of an auditor is changing. Learn about what’s at stake for you and your company in the digital age. Move from getting educated on new technologies and learning through use cases to demonstrating expertise and leading implementation. In this session, participants will:

Walk away with helpful tips for enhancing communication with their board audit chair.

Be empowered to move beyond monitoring governance, risk, and controls to giving a prognosis.

Gain insights into earning a seat at the table during strategic planning with their C-suite.

Harold Silverman previously was vice president of internal audit at The Wendy’s Company. Prior to Wendy’s,

he was the vice president of internal audit at Houghton Mifflin Harcourt Publishing Co. Before that, he served

as senior manager of internal audit at Raytheon Co. Prior to Raytheon, Silverman was an internal audit

manager at PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen.

Stephen Mills has extensive global experience, having lived and worked in Asia, Europe, and the U.S. As a

managing director in Promontory Financial Group’s New York office, he advises clients in the areas of internal

audit and internal control frameworks, risk management, corporate governance, regulatory relationships,

compliance transformation, quality assurance and compliance testing, and regulatory compliance, including

BSA/AML and sanctions, mortgage servicing and loss mitigation practices, and model validation. Previously,

Mills spent nearly 20 years in global positions with American Express as a senior member of the global internal

audit team. He was general auditor of the company’s major U.S. and international bank subsidiaries, with

responsibility for global internal audit regulatory relationships.

Brian Foster has been with Microsoft nearly 20 years in a variety of roles. In addition to internal audit, he has

served as the controller for several of Microsoft’s business units, including Office, Windows, Cloud &

Enterprise, Devices, and Gaming. Within The IIA, Foster previously served on the Board for the Puget Sound

Chapter in North America, and has been serving IIA Global since 2009 on the Professional Issues Committee,

the Professional Certifications Board, and currently on the IT Guidance Committee.

Prior to joining Microsoft, Foster was a divisional controller and corporate accounting manager at a leading

entertainment and educational software company from 1996 to 1998, and spent 1994 to 1996 with Deloitte

and Touche, serving clients in a variety of industries, including technology, retail, manufacturing, food and

consumer products, and healthcare.

Christa Steele became the youngest CEO in the U.S. to lead a $3.5 billion asset size bank with $500 million in market cap and revenue in excess of $120 million annually; she improved core earnings 43% in one year, doubled bank value in less than two years, and led the bank’s sale for a premium. Steele has since focused on digital technology initiatives. She is a well-known speaker and thought leader of blockchain technology, digital disruption, and why artificial intelligence, big data, and the use of predictive analytics must be considered when evaluating a company’s overall digital and corporate strategy. Steele is a partner of an investment bank with ten U.S. locations and serves on the board of several organizations.

Wednesday | March 13 10:15 – 11:30 a.m. General Session 6: Deploying a Disruptive Mindset: Workforce of the Future Seth Mattison Co-founder and Chief Officer Luminate Labs We are entering the greatest period of business transformation the world has ever known. The rigid models, historical

paradigms, and long-standing rules of engagement and power we’ve come to count upon for decades are no longer

reliable against the winds of change. In their wake, a new future is a being created, one fueled by openness, connection,

transparency, and shared power. The connected age of the network is upon us. Navigating this transformational shift

mandates a new level of personal courage, self-awareness, and influence from leaders today.


Expand their understanding of the forces impacting the new state of work.

Be equipped with practical tools and techniques to deepen their connection to lead those around them.

Amplify their capacity to positively effect change and activate high performance for themselves, their teams, and their organizations.

Seth Mattison is an Internationally renowned expert and author on workforce trends, generational dynamics, and business strategy. As Co-Founder and Chief Movement Officer of Luminate Labs, Seth advises many of the world’s leading brand and organizations on the key shifts happening around talent management, change and innovation, leadership, and the future of work. His ideas have been featured in such publications as The Wall St. Journal, Forbes, The Huffington Post, and The Globe and Mail and was recently named to the Editors’ Picks for Speakers to Watch in 2017. For the past decade Seth has shared his insights with thousands of business leaders around the world and has received accolades from many of the world’s best brands including: MasterCard, Johnson and Johnson, Microsoft, Kraft Foods, AT&T, PepsiCo, GE Energy, Cisco, State Farm, Merrill Lynch, Dow, and Disney.

Online registration is available at www.theiia.org. Please call +1-407-937-1111, or email [email protected] for assistance if needed.

mailto:[email protected]

Date post:	03-Jan-2021
Category:	Documents
Upload:	others
View:	4 times
Download:	0 times