Sunday May 1, 2016 1:00 - 5:00 PM

WRK-1 CIA Exam Preparation Course: Part 3 — Internal Audit Knowledge Elements Mike Fucilli, CIA, CGAP, CRMA Auditor General Metropolitan Transportation Authority, New York City This Part 3 CIA course is designed to give candidates a high level introduction and overview of the topics covered on the Part 3 CIA exam. The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence. Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the updated Version 4.0 Part 3 IIA CIA Learning System™ self-study print, e-book and online materials. Course topics will include:

Governance/Business Ethics Risk Management Organizational Structure/Business Processes and Risks Communication Management/Leadership Principles IT/Business Continuity Financial Management Global Business Environment

Please note: additional self-study time outside of the classroom will be necessary to prepare for the exam.

Field of Study: Auditing Learning Level: Intermediate

  

WRK-2 Keeping Your Name Out of the Mud and Dollars In Your Pocket: Reputation, Crisis, and Marketing Mike Jacka, CIA Co-Founder, Chief Creative Pilot Flying Pig Audit, Consulting, and Training Services This workshop, divided into two distinct sessions, delves into often overlooked elements of risk – that of an organization’s reputation and the department sometimes responsible for jeopardizing it in the first place. • Reputation Risk – Your Name Is All You Have Reputation risk is often a high priority for executives and board members, and internal auditors are frequently tasked with including this in their audit universe. This session will review what reputation risk means, the impact of other risks on reputation, and developing effective approaches to crisis management resulting from adverse events. Participants will learn how internal audit can assist in mitigating these risks, as well as audit methodologies to adapt and apply to this broad area. • Auditing Marketing Processes – Dollars, Brand, and Reputation Marketing, often responsible for an organization’s brand up to and sometimes including its reputation, represents a significant portion of expenditure. Yet it is often unexplored by internal auditing. This session highlights some things marketing departments do that could expose an organization to risk, mitigation tactics for those risks, and approaches internal audit can use in exploring this important, though often neglected potential playground of risk. Learning Level: Intermediate Learning Field: Management Advisory Services

  

Monday May 2, 2016 8:30 – 9:45 AM

GS 1 Opening Comments IIA North American Board Chairman Perspective - The State of Internal Audit J. Michael Joyce, Jr., CIA, CRMA Chief Auditor & Compliance Officer Blue Cross Blue Shield Association (BCBSA) 2015–16 Chairman, The IIA North American Board In this session, participants will:

Explore emerging issues in the internal audit industry and The IIA’s planned responses to those issues.

Get an overview of The IIA’s North American structure and about services available to all members.

Preview the North American IIA Board Chair’s 2015–16 theme: Make Your Mark. Receive exclusive insights on addressing cybersecurity risks from a seasoned

professional. Mike Joyce has more than 32 years of professional experience. He has served in his current role at BCBSA since 1999, directing the internal audit, national anti-fraud, and compliance staff functions. In addition, Joyce is responsible for development of BCBSA sponsored compliance, anti-fraud, and internal audit related training programs for BCBS licensees. Prior to joining the Association, he served for two years as director of internal audit and controller for Rush Prudential Health Plans (now Unicare), responsible for directing all internal/external financial reporting, treasury, accounts payable, receivable, and payroll functions. Joyce previously held a variety of management positions with the JCPenney Company’s internal audit department, including responsibility for the internal audit activities at the JCPenney Life Insurance Company. He has served in local, regional, national, and international volunteer leadership positions with The IIA for many years, and also serves as the Public Member Commissioner and member of the Finance & Audit Committee for the Commission for Case Manager Certification (CCMC), in Illinois. In addition, he serves on the Advisory Board for DePaul University’s Internal Audit Education Partnership Program (IAEP). Learning Level: Intermediate Field of Study: Business Management & Organization

  

Monday May 2, 2016 10:15 – 11:30 AM

CS 1-1 Internal Auditors' Role in Achieving a Successful Organization Heather Branson Manager, Enterprise Assurance Services Asurion Laurie K. Vrabcak Consultant Vrabcak Consulting In this session, participants will:

Learn what the internal audit department's roles and responsibilities are in an organization.

Understand the importance of the internal audit function to an organization. Discover the role the staff auditor plays in an effective internal audit department.

Heather Branson manages an outsourced internal audit function, helps grow the ERM function, and consults with the business both domestically and internationally to mitigate risk and implement best practices. Prior to joining Asurion, she spent 3 years with Gaylord Entertainment/Ryman Hospitality Properties in risk and assurance services.   Laurie Vrabcak uses her 25+ years of internal audit and risk management experience to assist public companies in building and improving their internal audit and risk management functions. Prior to becoming a consultant, she was the CAE for Gaylord Entertainment, responsible for all aspects of the internal audit function including operational audits, compliance audits, and Sarbanes-Oxley. Previously, she was the chief risk officer for US Bancorp and was responsible for internal audit, regulatory compliance, credit review, ERM, and business continuity planning. Learning Level: Beginner Field of Study: Business Management & Organization CS 1-2 Data Breaches: When Compliance Is Not Enough Matthew Thompson

  

Managing Director, Business Advisory Services Grant Thornton LLP In this session, participants will:

Explore the differences between compliance and security. Learn why compliance with different rules/regulations, such as PCI, HIPAA, and

Sarbanes-Oxley, doesn’t ensure an adequate cybersecurity program. Identify technicalities of each rule/regulation that may leave your data unsecure. Ask the important questions such as what types of data your company wants to

protect, where that data is located, whom the data should be protected from, and the cost your company is willing to pay to protect it.

Matt Thompson has extensive experience working in the cybersecurity, IT risk management, and IT audit arenas, having advised organizations of all sizes, from small private companies to large public companies with locations around the world, across a variety of industries. Thompson’s international client experience includes organizations with locations in South America, Europe, and Asia. Learning Level: Intermediate Field of Study: Social Environment of Business CS 1-3 Combined Risk Assurance: A Holistic Approach to Risk Management and Assurance Activities Urton Anderson, CIA, CCSA, CFSA, CGAP, CRMA Director – Von Allmen School of Accountancy University of Kentucky In this session, participants will:

Discuss how the introduction of formal risk frameworks can still result in ad hoc implementation fraught with ambiguity, duplication of efforts, and ineffective communications.

Examine how various risk models can each be used to obtain role clarity that can improve risk assurance and reduce compliance costs.

Contrast and compare models, such as the 3 Lines of Defense, combined assurance, and the DHHS OIG’s Practical guidance for Health Care Governing Boards on Compliance Oversight.

  

Urton Anderson is EY Professor and Director of Von Allmen School of Accountancy at the University of Kentucky. His research has addressed various issues in internal and external auditing and organizational governance – particularly compliance, enterprise risk management and internal control. Professor Anderson is active in the Institute of Internal Auditors (IIA). In 1997 he was named Leon R. Radde Educator of the Year Award by the IIA. In 2006, the IIA recognized his outstanding contributions to the field of internal auditing by giving him The Bradford Cadmus Memorial Award. He served as the Chair of the IIA’s Committee of Research and Education from 2011-2015 and is currently a member of the Board of Trustees of the IIA Research Foundation. Learning Level: Intermediate Field of Study: Management Advisory Services CS 1-4 Reducing the Cost of Risk to Improve Performance Gary J. Bierc Chief Executive Officer rPM3 Solutions, LLC Johnny Cagle Vice President, Internal Audit Fruit of the Loom, Inc. In this session, participants will:

Learn how to use budget variances as a part of the "Cost of Risk" analysis. Learn how to use correlation between "Cost of Risk" and Revenue to test

forecasts for reasonableness. Understand the value of this different approach to "Top Down Risk-Based

Auditing" for management and the Audit Committee. Gary Bierc invented his company’s patented ARQ™ Risk Accounting business method and founded his company based on it in 2002. He brings more than 30 years of strategy, risk, financial, and performance management experience to the firm. A leader and innovator, Bierc has proven the R-PM™ System by delivering successful solutions to clients of all sizes and sectors of the economy. In his previous role as director of global risk management for Moore Corporation Limited, he was appointed by the CEO as “champion” of Moore’s pioneering ERM initiative. Under Bierc’s leadership and

  

application of ERM, Moore’s most unpredictable business unit converted a $15M operating loss into a $15M operating profit in less than 12 months. Johnny Cagle has a wealth of career experience including internal control, audit, compliance, strategic planning, risk management, financial management, system implementation, process improvement, government contract consulting, and fraud examination. With broad domestic and international internal audit experience, he now focuses on "Top Down Risk-Based Audits" based on COSO’s Internal Control– Integrated Framework model as well as Sarbanes-Oxley and a new concept, Risk Accounting for Internal Auditors. Learning Level: Intermediate Field of Study: Management Advisory Services CS 1-5 – 4-5 (this is a continuation of the Pre-conference session on Sunday) CIA Exam Preparation Course: Part 3 — Internal Audit Knowledge Elements

This Part 3 CIA course is designed to give candidates a high level introduction and overview of the topics covered on the Part 3 CIA exam. The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence. Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the updated Version 4.0 Part 3 IIA CIA Learning System™ self-study print, e-book and online materials. Course topics will include:

Governance/Business Ethics Risk Management Organizational Structure/Business Processes and Risks Communication Management/Leadership Principles IT/Business Continuity Financial Management Global Business Environment

Please note: additional self-study time outside of the classroom will be necessary to prepare for the exam.

Learning Level: Intermediate Field of Study: Auditing

  

Monday May 2, 2016 12:45 – 2:00 PM CS 2-1 Effectively Communicating With Management Chris Schiro Director of Internal Audit Ryman Hospitality Properties Laurel K. Vrabcak Consultant Vrabcak Consulting In this session, participants will:

Learn what constitutes effective communication with management. Identify techniques to communicate clearly and effectively. Discover the importance of your communication in your every day professional

life. Chris Schiro joined the internal audit department of Ryman, then known as Gaylord Entertainment company in 2007 and became director in 2013. Prior to joining the company, he spent five years in public accounting and data analytic roles in the casino and banking industries. Laurel Vrabcak uses her 25+ years of internal audit and risk management experience to assist public companies in building and improving their internal audit and risk management functions. Prior to becoming a consultant, she was the CAE for Gaylord Entertainment, responsible for all aspects of the internal audit function including operational audits, compliance audits, and Sarbanes-Oxley. Previously, she was the chief risk officer for US Bancorp and was responsible for internal audit, regulatory compliance, credit review, ERM, and business continuity planning. Learning Level: Intermediate Field of Study: Communication CS 2-2 10 Questions for your Information Security Officer

  

Jacob Arthur Director, Security and Technical Services FDH Consulting, LLC Tim Agee Director FDH Consulting, LLC In this session participants will:

Learn the most important questions that internal auditors should be asking their organization's information security personnel.

Discover how to assess the status of overall organizational efforts in addressing the areas of highest information security risk.

Understand how to focus on true information security risk and not just on checking the regulatory compliance box.

Jacob Arthur has experience and expertise in the areas of information security governance and management, penetration testing, social engineering, intrusion detection and response, IT risk assessment, business continuity, PCI, and HIPAA. Prior to joining FDH, Arthur owned an independent consultancy focused on systems management and security. Timothy Agee’s expertise includes IT audit, IT risk assessment, information security, regulatory compliance, business continuity, PCI, HIPAA, and systems implementation. Prior to joining FDH, he served as the director of information services for Saint Thomas Cardiology Consultants and the director of information systems for Gospel Advocate Company. Learning Level: Intermediate Field of Study: Auditing CS 2-3 Supporting the Legal Process to Combat Against and Recover Fraud Losses Ed Maluf, J.D. Partner Seyfarth Shaw LLP In this session, participants will:

  

Discuss what happens when you “pull the alarm,” and the matter converts from a routine audit to a legal case.

Review how to support the litigators when they start investigating the discrepancies already identified.

Receive advice on how to help the lawyers prepare their case, and your role in preserving and presenting evidence.

Consider what happens if there is a referral to an outside agency, such as law enforcement or the tax authorities, and the resultant effect on your role.

Edward Maluf practices within his firm’s Intellectual Property Practice Group. He has 25 years of experience representing emerging and mature technology companies, content creators and owners, and holders of internationally recognized brands in connection with a variety of transactional and litigation matters. Throughout his career, he has represented apparel companies, luxury goods manufacturers, publishers, consumer electronics firms, mobile communications carriers, banks, and others protecting and capitalizing on their valuable patents, trademarks. and copyrighted works. Maluf specializes in intellectual property and technology, lectures frequently on these topics, and advises his clients as an outside general counsel. Learning Level: Intermediate Field of Study: Specialized Knowledge and Applications CS 2-4 Auditing Your Company's Mobile Devices Matt Thompson Managing Director, Business Advisory Services Grant Thornton LLP In this session, participants will:

Understand the basics of mobile devices. Understand the risks associated with mobile devices. Discuss best practices for securing an organization’s use of mobile devices. Identify methods for auditing an organization’s use of mobile devices.

Matt Thompson has extensive experience working in the cybersecurity, IT risk management, and IT audit arenas, having advised organizations of all sizes, from small private companies to large public companies with locations around the world, across a

  

variety of industries. Thompson’s international client experience includes organizations with locations in South America, Europe, and Asia. Learning Level: Intermediate Field of Study: Social Environment of Business

  

Monday May 2, 2016 2:30 – 3:45 PM

CS 3-1 Professional Skepticism: Foundation of Objectivity Timothy H. Staggs, CIA Vice President, Internal Audit and Compliance Healthcare Realty Trust In this session, participants will:

Expand your understanding of how professional skepticism impacts an auditor’s objectivity.

Gain awareness of various theoretical approaches to skepticism. Learn practical ways to improve professional skepticism and objectivity.

Tim Staggs oversees and directs his organization’s internal audit and compliance functions including oversight of the company's Sarbanes-Oxley testing. He has nearly 30 years of experience in managerial accounting, auditing, and compliance. Staggs’ career has spanned a variety of industries from music to health care, and business types from non-profit to both private and public corporations, and he is a frequent speaker and author on his topics of expertise. Learning Level: Intermediate Field of Study: Specialized Knowledge and Applications CS 3-2 Electronic Crimes Todd Hudson Special Agent in Charge United States Secret Service In this session, participants will:

Hear a brief history of the Secret Service and its evolution since its establishment in 1865.

Gain an understanding of the trends and tactics in cyber crime that law enforcement is witnessing with advice for auditors and IT professionals conducting their own preliminary investigations on what they might expect to see.

  

Learn about the Secret Service’s Electronic Crimes Task Force network, including its purpose, methodology, partners, and structure.

Discuss risk mitigation policies and strategies that can be implemented to better safeguard company assets.

Todd Hudson has served in his current role since 2012. Prior to that, he was the executive assistant to the director in Washington, D.C. for two years. Hudson began his career as a special agent in the New York Field Office in 1993, after having served two years as a tax accountant with Arthur Andersen & Co. In 2000, Hudson transferred to the vice presidential protective division in Washington, D.C.. where he served for three years becoming the assistant to the special agent in charge of polygraph operations. In 2004, Hudson became the assistant special agent in charge, polygraph program manager to oversee administrative, operations, and compliance matters. He returned to the field in 2005 as an assistant to the special agent in charge in Los Angeles supervising access device investigations and overseeing recruiting efforts. Three years later, Hudson was promoted back to Washington, D.C., as the assistant special in charge of Congressional Affairs, coordinating and monitoring appropriations and legislative initiatives. Learning Level: Intermediate Field of Study: Management Advisory Services CS 3-3 Fraud Risk Assessment Gerard Zack, CIA, CRMA Managing Director - Global Forensics BDO Consulting, a division of BDO USA, LLP In this session, participants will:

Expand the arsenal of tools to identify and effectively assess fraud risks facing your organization.

Learn how to customize a fraud risk assessment framework to suit your organization’s needs and operational characteristics.

Explore methods of integrating fraud risk assessment into your overall risk management practices.

Learn how to identify the drivers of fraud risk.

  

Gerry Zack provides proactive fraud and compliance risk advisory services, as well as investigative services for his clients. He also designs and implements fraud and compliance awareness training programs. Prior to joining BDO Zack had his own fraud risk advisory practice, and previously served as an audit manager for Grant Thornton. Zack also has served on the faculty of the Association of Certified Fraud Examiners since 2006 and as 2015 Chair of the ACFE's Board of Regents. He has written three published books on fraud prevention and investigation. Learning Level: Intermediate Field of Study: Management Advisory Services CS 3-4 Performing High-Impact Business Process Audits Amanda McElroy Manager FedEx Services In this session, participants will:

Discuss developing a risk-based approach to operational audits. Learn to effectively use resources and data for value-added results. Identify opportunities for increased efficiencies and effectiveness.

Amanda McElroy has over 18 years of auditing experience with FedEx and has been in management for nine years. She manages a diverse group of integrated auditors, responsible for auditing all aspects of the FedEx Express division of FedEx Corporation. McElroy also leads the Control Self Monitoring Advisory Board for FedEx Express field operations.   Learning Level: Intermediate Field of Study: Management Advisory Services

  

Monday May 2, 2016 3:55 – 5:10 PM CS 4-1 Information Technology Audits: Understanding the Purpose of the IT Audit and Identifying the Key Control Activities Tim Agee Director, Risk and Compliance FDH Consulting, LLC Taylor Ezell Manager, Risk and Compliance FDH Consulting, LLC. In this session, particpants will:

Discover the purpose of IT audit and how it can both compliment and support financial audit.

Learn about how the various layers of system architecture (i.e., application, database, operating system) can affect the scoping of an IT audit.

Examine the major categories of IT general controls and gain an understanding of the key types of control activities within each area.

Timothy Agee’s expertise includes IT audit, IT risk assessment, information security, regulatory compliance, business continuity, PCI, HIPAA, and systems implementation. Prior to joining FDH, he served as the director of information services for Saint Thomas Cardiology Consultants and the director of information systems for Gospel Advocate Company. Taylor Ezell’s skills and experience includes regulatory compliance (Sarbanes-Oxley and HIPAA), business continuity, IT risk assessment, and overall information security. Ezell has been with FDH for six years, serving in a variety of roles within the consulting group. Learning Level: Intermediate Field of Study: Management Advisory Services CS 4-2 Auditing the Governance, Management, and Monitoring of Third-Party Vendors

  

Roy Shelton, CIA Manager, Information Systems Audit Shaw Industries, Inc. In this session, participants will:

• Explore the importance of assessing various aspects of vendor risk and potential failures of improperly assessing risk.

• Learn who should be responsible for vendor assessments within your organization.

• Gain an understanding of how to conduct vendor assessments. • Learn the benefits of effective vendor risk management.

Roy Shelton manages the IT internal auditing function for Shaw Industries, Inc. Prior to joining Shaw, he was senior IT audit manager with SunTrust Bank, responsible for audits of third-party vendor management and fraud detection. He previously served as assistant vice president of IT audit for Unum, and held a post as adjunct professor of accounting at the University of Tennessee in Chattanooga. Earlier in his career, Shelton worked as a consultant for Price Waterhouse on computer system security. Learning Level: Intermediate Field of Study: Business Management & Organization CS 4-3 Conducting Fraud Investigations and Interviews Melissa Mitchell Director of Loss Prevention LifeWay Christian Resources Wayne Hoover Senior Partner Wicklander-Zulamski & Associates In this session, participants will:

Hear how fraud investigations are conducted in a variety of business environments.

Discover how to uncover and identify each piece of the puzzle.

  

Learn how to ask the questions to gain the information you need without compromising a fraud case.

Melissa Mitchell joined LifeWay in 2001 after holding various loss prevention roles with retailers including Service Merchandise, Cato, Rose's Stores, Revco Drug, and TJ Maxx. Mitchell is a longtime member of the National Retail Federation loss prevention (LP) advisory council and recently joined the editorial board of LP Magazine. She also serves on the International Association of Interviewers advisory board and sits on the LP memorial fund committee for the LP Foundation. Wayne Hoover is a Certified Forensic Interviewer and started his career with WZ in 1991. He has conducted thousands of interviews and interrogations for both the private and public sectors. Hoover has also conducted well over 1,000 seminars on interview and interrogation techniques around the world for professional and trade associations including the International Law Enforcement Educators Trainers Association (ILEETA) Conference and of which is he a member, National Child Advocacy Conference, National Retail Federation, Retail Industry Leaders Association, Federal Law Enforcement Training Center, and numerous chapters of the Association of Certified Fraud Examiners, among many others. Hoover was a member of the Illinois Fire & Police Commissioners Association for six years and police commissioner for the North Aurora (Illinois) Police Department. He serves as senior editor and publisher for the CFInsider Journal. Learning Level: Intermediate Field of Study: Management Advisory Services CS 4-4 Auditing Techniques Jeffrey F. Rooks, CIA, CRMA Director, FDH Resource Frasier, Dean & Howard, PLLC In this session, participants will:

Understand the uses, objectives, and expected outcomes of interviews at each stage of the audit model and identify best practices for planning and conducting interviews.

Create a narrative or flowchart for process documentation.

  

Master process walk-throughs and discuss developing and using audit programs. Identify control objectives, risks, and controls and review a risk matrix. Determine which controls are key controls, whether they should be tested during

an audit Explore tools that automate the audit process. Examine methodologies used to gather audit evidence, including sampling. Compare and contrast sampling and testing methodology.

Jeffrey Rooks is experienced in maximizing the value and resources of internal audit functions. He has made significant inroads in internal audit strategic planning, creating internal audit shared-service environments, leveraging external audit reliance on internal audit work, and removing compliance cost redundancies. Rooks has combined financial skills acquired from a Big 4 (EY) organization as a trained auditor with communication and educational experience gained as an executive recruiter and accounting professor. He has positioned audit as a strategic business partner, transforming audit departments, and executing international compliance investigations and global reviews. Learning Level: Intermediate Field of Study: Auditing

  

Tuesday May 3, 2016 8:30 – 9:30 AM

GS 2 What Every Internal Auditor Needs to Know About Cyber Crime Scott E. Augenbaum Special Agent Federal Bureau of Investigation In this session, participants will:

Understand how social media platforms are involved in a majority of cyber crime/data breach investigations.

Learn some of the risks associated with the "bring your own device" concept. Hear about non-technical and lost cost steps any organization can implement

that will reduce their attack surface. Find out what the FBI is doing with their network of cyber task forces to keep

citizens safe from cyber criminals. Scott Augenbaum started his career in 1988 with New York Field Office as a support employee. In 1994 he became a Special Agent working on domestic terrorism, white collar and hate crimes, and computer crime investigations. In 2003, he was promoted to Supervisory Special Agent at FBI Headquarters in Washington’s Cyber Division, Cyber Crime Fraud Unit, responsible for managing the FBI's Cyber Task Force Program and Intellectual Property Rights Program. In 2006, he moved to manage the FBI’s Memphis Division Computer Intrusion/Counterintelligence Squad. Over the past 10 years, he has provided hundreds of computer intrusion threat briefings to educate communities on emerging computer intrusion threats and how to avoid being the victim of a data breach. Learning Level: Intermediate Field of Study: Social Environment of Business

  

Tuesday May 3, 2015 10:15‒11:30 AM CS 5-1 Identifying the Critical Elements to Prepare GREAT Workpapers David Matsumoto, CIA Consulting Manager FDH Consulting, LLC In this session, participants will:

Transform your workpapers from good to great. Identify components of audit workpapers based on the Internal Professional

Practices Framework. Implement workpaper characteristics needed and most valued by reviewers and

CAEs. Analyze workpaper concepts and theories, including critical elements for

application in any fieldwork setting. David Matsumoto manages internal audit outsourcing, cosourcing, and related engagements. He has been an active internal audit professional in the retail, university, and telecommunications industries, as well as with Deloitte LLP, for over a decade. He has a passion for process improvement, technology, human resources, investigations, and civil law. Learning Level: Intermediate Field of Study: Communications CS 5-2 Digital Forensics Using Data Analytics Jeremy Clopton Senior Managing Consultant BKP, LLP. In this session, participants will:

Learn new methods for using data analysis for fraud prevention and detection in internal audit.

  

Explore success stories where data analysis has been used for internal control testing, transaction testing, and risk management

Learn a simple six-phase process to implement data analytics in your organization.

Jeremy Clopton specializes in data analytics with applications in investigations, fraud prevention, continuous auditing, internal controls, and risk assessment. He has experience with ACL, IDEA and Tableau software for analysis, data visualization, visual analytics, and dashboard development for a variety of industries. Clopton’s project experience includes the development of continuous auditing programs for Fortune 500 companies, development of analytics for compliance with anti-bribery and corruption regulations and investigative experience working with criminal justice organizations. He contributes to the Association of Certified Fraud Examiners’ magazine and a variety of blogs on the topic of data analytics. Learning Level: Intermediate Field of Study: Statistics CS 5-3 Controlling the Cost of Contract and Procurement Fraud Courtenay M. Thompson Jr. Consultant Courtenay Thompson & Associates In this session, participants will:

Evaluate case studies of internal control breakdowns, identifying measures that can be implemented to reduce the cost of contract and procurement fraud.

Identify the most effective data analytics model for the objective. Employ data analytics techniques for contract-related fraud. Identify methods for proving the existence of kickbacks and bid-rigging. Evaluate a model for controlling contracts. Examine a practical approach on dealing with gifts and entertainment.

Courtenay Thompson designs and presents courses on fraud prevention, detection, and investigation for business and government organizations worldwide. His experience prior to entering the consulting field included public accounting, internal auditing, and investigations with exposure to cases ranging from fraudulent financial reporting to embezzlement and insurance fraud, loan fraud, kickbacks, and bribery. For 13 years,

  

Thompson served as editor of Internal Auditor magazine’s "Fraud Findings" column. In addition to fraud-related training, he offers courses on construction auditing, health benefits, data mining, internal auditing, and increasing personal effectiveness. Learning Level: Intermediate Field of Study: Specialized Knowledge and Applications CS 5-4 Getting Started With Continuous Auditing and Monitoring Chase Whitaker, CIA Director, Internal Audit Hospital Corporation of America In this session participants will:

Chart a course for the future with a continuous auditing and monitoring maturity model.

Investigate factors increasing demand for continuous analysis plus guidance and definitions.

Employ continuous auditing and monitoring solutions for human resources and payroll, procurement, and IT.

Explore and mitigate challenges for successful development and implementation of data analysis audit processes.

Chase Whitaker has more than 25 years of experience as a certified public accountant, certified internal auditor, and trainer in public accounting and internal audit. He leads the internal audit IT strategy at HCA and the department’s continuous auditing and monitoring initiatives. He is a frequent presenter and speaker at numerous industry events on topics including continuous auditing and monitoring. Learning Level: Intermediate Field of Study: Auditing CS 5- 5 through CS 8-5 CIA Exam Preparation Course: Part 2 — Internal Audit Practice Vicki McIntyre, CIA, CFSA, CRMA President

  

FirstPlus Resolutions, Inc.

This Part 2 CIA course is designed to give candidates a high level introduction and overview of the topics covered on the Part 2 CIA exam. The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence. Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the updated Version 4.0 Part 2 IIA CIA Learning System™ self-study print, e-book, and online materials. Course topics will include:

Managing the Internal Audit Function Managing Individual Engagements Fraud Risks and Controls

Please note: additional self-study time outside of the classroom will be necessary to

prepare for the exam. Vicki McIntyre has helped CIA candidates successfully pass their exams for more than four years, having taught The IIA's CIA Learning System through two California universities and at seminars and conferences. As a CIA and CPA, McIntyre manages her own internal audit and risk management consulting services firm. Her background includes internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has served as a regulatory bank examiner, and as a senior leader of both finance risk management. She also performs quality assessments of internal audit activities and is a passionate IIA volunteer leader.

  

Tuesday May 3, 2016 12:45 – 2:00 PM CS 6-1 Properly Prepared Workpapers - What Reviewers and CAEs Value David Matsumoto, CIA Consulting Manager FDH Consulting, LLC In this session, participants will:

Identify and implement workpaper characteristics needed and most valued by reviewers and CAEs.

Identify, analyze, evaluate, and document sufficient information to achieve the engagement objectives.

Document sufficient, reliable, and relevant information to support conclusions and engagement results.

Create world-class workpapers through in-depth practice exercises.

David Matsumoto manages internal audit outsourcing, cosourcing, and related engagements. He has been an active internal audit professional in the retail, university, and telecommunications industries, as well as with Deloitte LLP, for over a decade. He has a passion for process improvement, technology, human resources, investigations, and civil law. Learning Level: Intermediate Field of Study: Communications CS 6-2 Business Email Compromise: The New Billion Dollar Problem Donald McCarthy Vice President of Operations myNetWatchman LLC In this session, participants will:

Gain an understanding of the phenomenon that has resulted in more than a billion dollars lost globally to business email compromise, or BEC.

  

Learn how BEC has led the world's most talented workforce of thieves and fraudsters to your front door.

Explore BEC from the inside out to get the information needed to develop highly effective countermeasures to this most prevalent information security threat.

Discuss the most effective tool for solving the problem already exists within organizations: business process.

Mac McCarthy oversees all operations of intelligence production, gathering, enrichment and delivery of myNetWatchman LLC. Prior to accepting the role of vice president of operations, McCarthy served in the roles of information security manager, director of compliance, and operations manager. Before joining the myNetWatchman team, he worked as a senior information security analyst in health care and academia. McCarthy is served as an NCO with the United States Army in many leadership roles during both combat and peacetime operations. Learning Level: Intermediate Field of Study: Management Advisory Services CS 6-3 Building Fraud Detection Into Routine Audit Activities Courtenay M. Thompson, Jr. Principal Courtenay Thompson & Associates In this session, participants will:

Review a step-by-step approach to increase detection, including how to relate program steps to fraud occurrences.

Discuss roles and responsibilities for detection, and why auditors don’t detect fraud.

Identify typical barriers to fraud detection. Learn how to create an environment for dealing with fraud including

understanding behavioral red flags. Courtenay Thompson designs and presents courses on fraud prevention, detection, and investigation for business and government organizations worldwide. His experience prior to entering the consulting field included public accounting, internal auditing, and investigations with exposure to cases ranging from fraudulent financial reporting to embezzlement and insurance fraud, loan fraud, kickbacks, and bribery. For 13 years,

  

Thompson served as editor of Internal Auditor magazine’s "Fraud Findings" column. In addition to fraud-related training, he offers courses on construction auditing, health benefits, data mining, internal auditing, and increasing personal effectiveness. Learning Level: Intermediate Field of Study: Management Advisory Services CS 6-4 Incorporating Data Analytics into the Audit Process Jeremy R. Clopton Senior Managing Consultant, Forensics & Valuation Services BKD, LLP In this session participants will:

Understand the basic principles of data analytics as applied to internal audit.  Explore how data analytics has been used for internal control testing, transaction

testing, and risk management.  Learn a simple six-phase process to implement data analytics in your

organization. Jeremy Clopton specializes in data analytics with applications in investigations, fraud prevention, continuous auditing, internal controls, and risk assessment. He has experience with ACL, IDEA and Tableau software for analysis, data visualization, visual analytics, and dashboard development for a variety of industries. Clopton’s project experience includes the development of continuous auditing programs for Fortune 500 companies, development of analytics for compliance with anti-bribery and corruption regulations and investigative experience working with criminal justice organizations. He contributes to the Association of Certified Fraud Examiners’ magazine and a variety of blogs on the topic of data analytics. Learning Level: Intermediate Field of Study: Statistics

  

Tuesday May 3, 2016 2:30 – 3:45 PM CS 7-1 Working With Management to Develop Specific, Strong Internal Controls Jeff Rooks, CIA, CRMA Director FDH Resources, LLC, A Division of Frasier, Dean & Howard PLLC In this session, participants will:

Identify and analyze risks. Practice identifying the elements of and then developing a clearly worded control,

written with specificity and clarity. Learn why consulting with management, which is responsible for writing controls,

is key in understanding how to test them. Understanding ownership of the control, what actions it calls for, how they are to

be carried out and how frequently. Participate in a group exercise to practice writing a clearly worded control.

Jeff Rooks consults with hundreds of local, national, and global organizations in the areas of staffing, human capital, outsourcing, and internal audit. He has assisted organizations in creating internal audit shared-service environments, leveraging external audit reliance on internal audit work, and removing compliance cost redundancies. Rooks has combined his financial skills as a trained auditor for a Big 4 organization with communication and educational experience gained as an executive in both the staffing and accounting industries. Rooks serves as an accounting professor with Lipscomb, a leader in the business community, with demonstrated abilities and a proven track record. He helps clients see audit as a strategic business partner, and works to find the right talent to transform audit departments, and executes international compliance investigations and global reviews. Learning Level: Intermediate Field of Study: Management Advisory Services CS 7-2 An Internal Audit IT Perspective on Cybersecurity T. Mark Buford

  

Senior Vice President, Chief Audit Executive Community Health Systems In this session, participants will:

Define the threat landscape. Review what to expect if your organization suffers a cyberattack. Explore options in responding to a cyberattack. Learn what you can do to protect your IT Security environment and internal

audit's role in IT cybersecurity. Mark Buford joined CHS in 1986 as Corporate Controller. He was promoted to vice president and chief accounting officer in 1988 and again to senior vice president in 2010 and continued in that role until 2012 when he transferred to the internal audit department as senior vice president. Learning Level: Intermediate Field of Study: Social Environment of Business CS 7-3 Business Resiliency: Risk Accounting for Internal Auditors Danny Shaw National Practice Leader - IT Risk Advisory Services Experis Finance In this session, participants will:

Learn how actual and budget income statements can be used to calculate a "Cost of Risk" for an organization or entity.

Review an example of an internal audit organization already using "Cost of Risk" as a method to replace judgmental or subjective probability and materiality assessments.

Discuss using budget variances as a part of the "Cost of Risk" analysis. Learn how to use correlation between "Cost of Risk" and Revenue to test

forecasts for reasonableness. Understand the value of this approach to "Top-Down Risk-Based Auditing" for

management and the Audit Committee. Danny Shaw has more than 30 years’ experience in technology and security risk management. He has provided business systems and related accounting technology

  

services to companies including the largest professional services firm in the world, a Fortune 500 company, in industries including banking, manufacturing, and health care. He has led business consulting efforts for global and municipal organizations including speaking on technology risk management on multiple client roundtable and industry related events. Shaw has been published in Compliance Week, Business Continuity and Internal Auditor magazine. Learning Level: Intermediate Field of Study: Management Advisory Services CS 7-4 Root Clause Analysis: A Problem Solving Methodology Jim Rose, CIA Director Navigant Healthcare Consulting In this session, participants will:

Gain a basic understanding of root cause analysis approaches and tools/. Understand how to advocate for better root cause analysis within your

organization. Learn to identify the near misses that foreshadow greater risk impact events. Add value and deliver insights through your assurance and advisory

services engagements. Jim Rose specializes in health care disputes, investigations, and compliance with 20 years of federal, state, and private sector experience in compliance, ERM, internal audit, data governance, and process improvement. He began his career as a foreign service officer with the Office of the Inspector General of the U.S. Agency for International Development, reviewing foreign economic assistance programs around the world. He also worked as director of financial audits with the auditor of public accounts of the Commonwealth of Kentucky and then as director of performance audits. For 15 years, Rose served as CAE at Humana, and most recently as vice president and chief audit officer. He previously served as co-lead of the Data Analysis and Review Committee of the Healthcare Fraud Prevention Partnership sponsored by the U.S. Department of Health and Human Services and U.S. Department of Justice. Rose is a volunteer level at the national level for The IIA, and has authored guidance on root cause analysis, maturity models, and assessments of the control environment. In addition, Rose is serving his second three-year term on the Audit Committee of the

  

United Nations World Food Programme, based in Italy – a $5+ billion global humanitarian organization. Learning Level: Intermediate Field of Study: Management Advisory Services

  

Tuesday May 3, 2016 3:55-5:10 PM CS 8-1 Developing Persuasively Worded Findings Jeff Rooks, CIA, CRMA Director FDH Resources, LLC, A Division of Frasier, Dean & Howard PLLC In this session participants will:

Identify and develop the elements of a clearly worded finding. Develop findings that can be supported by sufficient, reliable, relevant, and

useful information. Examine the qualities required by the International Professional Practices

Framework. Explore the five elements of a good finding, focusing specifically on

developing the Criteria, Condition, and Cause. Develop persuasively worded findings to communicate the results of

engagements, including the auditor’s opinion or conclusion through group exercises.

Jeff Rooks consults with hundreds of local, national, and global organizations in the areas of staffing, human capital, outsourcing, and internal audit. He has assisted organizations in creating internal audit shared-service environments, leveraging external audit reliance on internal audit work, and removing compliance cost redundancies. Rooks has combined his financial skills as a trained auditor for a Big 4 organization with communication and educational experience gained as an executive in both the staffing and accounting industries. Rooks serves as an accounting professor with Lipscomb, a leader in the business community, with demonstrated abilities and a proven track record. He helps clients see audit as a strategic business partner, and works to find the right talent to transform audit departments, and executes international compliance investigations and global reviews. Learning Level: Intermediate Field of Study: Communications CS 8-2

  

Cracking the Cyber Security Code to Provide Transparency to the Audit Committee Aaron Shapiro Director, Cybersecurity & Privacy PwC In this session, participants will:

Understand the types of activities in which you should expect your security organization to be engaged.

Learn how various stakeholders should be expected to support the CISO. Explore the cybersecurity questions that audit committees/boards are asking of

CAEs and CISOs. Discuss how organizations are able to measure the capabilities of Information

Security functions. Aaron Shapiro has more than ten years of experience in security governance and management, third-party risk, HIPAA compliance, ISO 27001/2, the NIST Cybersecurity Framework, third-party assurance reporting, and compliance readiness. He has worked with multiple Fortune 500 organizations in assessing security programs against industry and compliance frameworks and develops custom strategies to mature organizations’ security posture while aligning with organizations’ people and culture. Learning Level: Intermediate Field of Study:  Communications CS 8-3 The Many Faces of Fraud in the Health Care Industry Kimberly Hatley Vice President Hospital Corporation of America (HCA) In this session, participants will:

Discover emerging fraud risks in the health care industry and internal audit’s role in identifying, communicating, and — more importantly — combating them.

Hear case studies of actual health care frauds and evaluate your organization's controls.

Participate in an interactive session and share examples of lessons learned.

  

Kim Hatley oversees HCA's companywide anti-fraud program and was the lead internal audit investigator in the largest procurement fraud perpetrated against the company. She is responsible for leading the talent management initiatives (recruiting, hiring, training, and education) for one of the largest internal audit functions in the state of Tennessee. Hatley also directs the execution of financial education programs for hospital executives. She joined HCA in 1995, after working for Price Waterhouse in both the audit and tax departments. Learning Level: Intermediate Field of Study: Management Advisory Services CS 8-4 Corporate Governance: You Know It Is There, but How Do You Audit It? Mike Fucilli, CIA, CGAP, CRMA, QIAL Auditor General Metropolitan Transportation Authority, New York City In this session, participants will:

Learn why it is important for auditors to have a handle on their organization’s corporate governance structure and a framework for an audit plan.

Review legal and cultural norms and ethics that determine what companies can do and who controls them.

Explore how corporate governance control is exercised. Discuss how the risks and return from the activities governance undertakes is

allocated. Mike Fucilli leads a staff of 85 professionals for a public sector organization with revenues in excess of $15 billion. He has 36 years of internal audit experience in the private and public sector in industries including banking, defense contracting, and transportation. Fucilli currently sits on The IIA Research Foundation Board of Trustees and served numerous other leadership roles for The IIA. He is a frequent speaker at industry conferences on topics including COSO, risk assessment, internal controls, and quality assurance. Fucilli is an adjunct professor for Pace University where he teaches the CIA review class using The IIA’s CIA Learning System®. Learning Level: Intermediate Field of Study: Business Management & Organization

  

Wednesday May 4, 2016 8:30-9:45 AM GS 3 Economics of Healthcare Reform William B. Rutherford Chief Financial Officer & Executive Vice President HCA In this session, participants will:

Review some of the macroeconomics that is stimulating the national debate on healthcare.

Review early trends and impact of the Affordable Care Act. Review how reform will impact healthcare provisions in the future.

Bill Rutherford has management responsibility for the company’s treasury department, office of the controller, IT, government programs, strategic resource group, and Parallon, a provider of health care business and operational services. Learning Level: Intermediate Field of Study: Economics

  

Wednesday May 4, 2016 10:00-11:15 AM GS 4 Invest in Yourself Lawrence J. Harrington, CIA, QIAL, CRMA Vice President, Internal Audit Raytheon Company In this session, participants will:

Review statistics on the underwhelming amount and quality of training companies make available on an annual basis to their employees. 

Talk about the inadequate ratio of time internal auditors spend on learning in a constructive, conducive environment.

Discuss the need to stay educated and informed to live up to the rising expectations of leadership and stakeholders.

Explore opportunities individuals have to not only stay relevant but get ahead of the learning curve by understanding today’s environment of risk.

Larry Harrington has more than 25 years of experience in auditing and finance. He started his career in public accounting and has served in the fields of retail, financial services, insurance, manufacturing, and technology. Harrington has held key leadership roles in finance, human resources, and operations, and has been chief audit executive for several Fortune 500 companies including Staples, Aetna, and LTV. He is an active volunteer for The IIA, currently serving as chairman of the Global Board of Directors. He previously served as senior vice chair of the Global Board of Directors, and as chairman of The IIA's North American Board of Directors. Harrington is a frequent speaker at seminars on auditing, change management, negotiation, and people development and motivation.

Learning Level: Intermediate Field of Study: Personnel/ HR

  

Wednesday May 4, 2016 1:00-3:30 PM CAE Roundtable (Invitation Only) Moderator: Robert King, Chief Audit Executive FedEx The session will focus on being intentional in positioning the internal audit department as a business partner within the organization. Topics for discussion during this event include:

Becoming a trusted advisor. Effectively communicating IT security and other enterprise risks to management

and the board. Ensuring effective external audit collaboration while still addressing other risks to

the organization. Communicating audit results concisely and effectively to all stakeholders.

Robert A. King is responsible for leading and directing the organization’s worldwide internal audit organization in proactively and independently identifying and assessing key business risks for the corporation. In addition, he serves on the Information Technology Oversight Committee of the FedEx Board of Directors. King has more than 30 years of auditing, accounting, and IT experience. He has been a leader in developing and promoting best practices as an integral part of the internal audit department and ensuring the audit organization is a catalyst for improving the quality of controls, operations, and strategies. King is a frequent speaker within the audit industry on topics including audit committee effectiveness, fraud auditing, and best practices in internal audit. He serves on the Advisory Board of Louisiana State University E.J. Ourso College of Business Center for Internal Auditing and the Accounting Advisory Board of Christian Brothers University. Learning Level: Advanced Field of Study: Auditing