2012 governance risk and control conference session and ... documents/2012 grc speaker... · 2012...

© Copyright The Institute of Internal Auditors

2012 Governance Risk and Control Conference

Session and Speaker Information

Sunday August 19, 2012 3:00 – 6:00 PM

WORKSHOP 1

Fraud and Risk Assessment

Dr. Joan Pastor, CSP

Chief Executive Officer

JPA International, Inc.

Learn why fraud and risk self-assessments are important to any fraud program or risk assessment and a highly effective process for facilitation.

Discover a step by-step process for running an FRSA workshop.

Learn some key facilitation tools and dozens of tips and strategies for getting the best quality information.

Learn how to identify significant risks related to fraud exposure through your clients and assess the existence and strength of controls against the fraud risk exposure.

Dr. Joan Pastor has been a professional international speaker, trainer, and coach since 1979 and is well

known for her training, facilitation, and consulting skills. She authored Conflict Management and

Negotiation Skills for Internal Auditors, has published over 30 articles, and is the recipient of numerous

awards, including the American Institute of Certified Public Accountants’ Excellence in Journalism Award.

Joan has also made pioneering contributions related to risk assessment, fraud and business process

management, conflict management and interviewing skills, Sarbanes-Oxley, and mergers and

acquisitions. She and her associates are considered the premier trainers for auditors in all areas of

“people, leadership and management” skills related to the audit, risk and finance professions. She has

developed Audit Training Universities for several Fortune 100 companies. Joan works alongside legal

counsel and executives on potential or discovered fraud situations, and she has been responsible for

uncovering several embezzlement and other fraudulent schemes. She also is a member of the National

Association of Corporate Directors and has provided consultation services to many executive teams and

boards. Joan’s book The White Collar Criminal Revealed will be published in 2013.

Learning Field: Auditing

Learning Level: Beginner


Monday August 20, 2012 8:30 – 9:45 am

GS 1

Sharpening Our Focus on the Road Ahead: Internal Auditing 2020

Richard F. Chambers, CIA, CGAP, CCSA, CRMA

President and Chief Executive Officer

The Institute of Internal Auditors

Richard Chambers has 36 years of internal audit, accounting, and financial management leadership

experience, including a long career in public-sector internal auditing. His public service tenure included

holding chief audit executive positions at three of the U.S. government’s largest organizations. Chambers

also served as vice president of The IIA Learning Center and national practice leader in Internal Audit

Advisory Services for PricewaterhouseCoopers. He has served on numerous boards and panels,

including the U.S. President’s Council on Integrity and Efficiency; the City of Orlando, FL, Audit Board; the

U.S. Government’s Executive Council on Integrity and Efficiency; The IIA’s Internal Audit Standards

Board; and the Board of the Committee of Sponsoring Organizations of the Treadway Commission

(COSO).

Explore potential scenarios for the evolution of the profession in the decade ahead.

Examine the potential role, focus, and structure of internal auditing in 2020.

Address the skills internal auditors will need to develop to succeed in the future.


Learning Level: Intermediate

Monday August 20, 2012 10:15 – 11:30 am

CS 1-1

Leadership Skills for Working with Executives and Audit Committees

Dr. Joan Pastor, CSP

Chief Executive Officer

JPA International, Inc.

● Learn the seven core competencies to effective leadership skills and which skills you need for

working with Audit Committees (AC).


● Learn the gap between CAE and AC expectations, and communications, and how to bridge it.

● Discover what ACs needs to do to be highly effective, and how you can also use your AC to

handle difficult clients.

Dr. Joan Pastor has been a professional international speaker, trainer, and coach since 1979 and is well

known for her training, facilitation, and consulting skills. She authored Conflict Management and

Negotiation Skills for Internal Auditors, has published over 30 articles, and is the recipient of numerous

awards, including the American Institute of Certified Public Accountants’ Excellence in Journalism Award.

Joan has also made pioneering contributions related to risk assessment, fraud and business process

management, conflict management and interviewing skills, Sarbanes-Oxley, and mergers and

acquisitions. She and her associates are considered the premier trainers for auditors in all areas of

“people, leadership and management” skills related to the audit, risk and finance professions. She has

developed Audit Training Universities for several Fortune 100 companies. Joan works alongside legal

counsel and executives on potential or discovered fraud situations, and she has been responsible for

uncovering several embezzlement and other fraudulent schemes. She also is a member of the National

Association of Corporate Directors and has provided consultation services to many executive teams and

boards. Joan’s book The White Collar Criminal Revealed, will be published in 2013.

Learning Field: Personal Development


CS 1-2

Aligning ERM and Internal Audit to Focus on Strategic Risks

Sandra Pundmann, CIA, CPA

Partner, Audit and Enterprise Risk Services

Deloitte & Touche LLP

Elizabeth Truelove McDermott, CPA

Vice President, Audit, Ethics and Compliance Services

DeVry Inc.

Thomas Cheriyan, CISA, CRISC

Director, Business Process Assurance

CDW Corp.

Learn how to facilitate the development of an integrated enterprise risk framework to bridge

organizational barriers.


Understand how to act as a catalyst and enabler by focusing on strategic risks and engaging

senior leaders within the organization talking to each other; developing a common risk language;

and harmonizing the way that risk is identified, assessed, and measured, so that risk intelligence

can be developed across the organization.

Discuss how companies are engaging the board, senior management and their employees to

think differently about risks and how key risk indicators, strategic planning, and analytics are

helping change management’s thinking about risk management.

Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing,

accounting, finance, and information technology. She serves as the leader of the Governance and Risk

and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for

the technology, media, and telecommunications industry. Prior to joining Deloitte and Touche in 1996,

Pundmann served as the vice president and chief audit executive of a Fortune 50 company, where she

oversaw a global internal audit organization of more than 70 internal audit professionals. In addition, she

has served in a variety of finance, risk management, and IT leadership and management capacities.

Elizabeth Truelove McDermott is vice president, Audit, Ethics and Compliance Services at DeVry Inc.

She began her career with DeVry in 1992 as the state licensing specialist. Elizabeth has extensive

experience at DeVry, working across three divisions, including Becker Professional Review, before

assuming her current role. Most recently she served as senior director of internal audit with responsibility

for planning, directing, and administering a comprehensive risk-based internal audit program. She

provided audit leadership in the development, operation and evaluation of the organization risk-

management program, as well as served as the organization liaison to external audit and regulatory

reviews. Elizabeth earned her MBA from Keller Graduate School of Management,

Thomas Cheriyan oversees and directs the internal audit function at CDW, a leading provider of technology solutions for business, government, education and healthcare. Prior to joining CDW, Thomas worked at Deloitte & Touche where he conducted and directed a wide variety of enterprise-wide, strategic-level and operational risk management projects for Fortune 500 companies. In the area of Enterprise Risk Management (ERM), he assisted management to assess and enhance their existing governance practices, roles and responsibilities, risk identification, risk assessment, and risk mitigation strategies. Thomas has an MS in Information Systems Management from Loyola University Chicago and has presented to the Institute of Internal Auditors (IIA) on practical examples of implementing ERM.

Learning Field: Management Advisory Services



CS 1-3

Detecting Fraud in Credit Card Data

Phillip W. Hurd, CISA, CISSP

Chief Audit Executive and Director, Internal Auditing

Georgia Institute of Technology

Examine the role of credit cards in our society and their use as “purchasing controls” in corporate

government and higher education.

Discuss common fraud schemes used with purchasing cards and how to use data analytics with

these schemes and analyze control structures.

Identify how to retrieve level III credit card data.

Discover how to use common data analytics to identify signature-based fraud

Identify card-based CC and PC controls

Phil Hurd is a well known Southeast regional speaker on internal control structures, ethics, leadership,

fraud, and motivation. Phil presents his message in a folksy, comedic, and inspiring manner. A

recognized expert in fraud detection, Phil tells the stories of how he and his team uncovered several

multimillion dollar fraud schemes, analyzed the controls, and assisted in the prosecution. He and his team

have assisted the State of Georgia numerous times in removing the “bad apples” from the university

system.



CS 1-4

New Technology is Changing Business Processes, Risks and Controls. How Will That Impact

You?

Norman Marks, CRMA, CPA

Vice President

SAP

Learn why 2011 has been called the "most radical period of change in the history of digital

computing."

Explore how mobile technology, big data, augmented reality, the cloud, and in-memory computing

are changing business processes.

Discover what that means with respect to risks and controls.


Norman Marks is an influential blogger and recognized thought leader in the areas of internal auditing,

governance, risk management, compliance, enterprise performance, and business intelligence. He

served as vice president of Internal Audit for Business Objects before the company was acquired by SAP

in 2008. Norman has been a chief audit executive of major global corporations since 1990. He authored

two of the most downloaded IIA products: Sarbanes-Oxley Section 404: A Guide for Management by

Internal Controls Practitioners and The GAIT Methodology. Norman is editor of Internal Auditor

magazine's Corporate Governance department. He serves as a member of the review boards of several

audit and risk management publications, and he has authored several award-winning articles. He is also

an Honorary Fellow of the Institute of Risk Management and a Fellow of the Open Compliance and Ethics

Group (OCEG)



Monday August 20, 2012 12:45 – 2:00 pm

CS 2-1

Governance, Risk, and Control (GRC): What is it? How is it Different than Enterprise Risk

Management (ERM)?

Dr. Glenn Sumners, CIA, CFE Director, Center for Internal Auditing College of Business Louisiana State University

Dr. Jared Soileau, CIA, CCSA, CPA, CISA

Visiting Assistant Professor, Accounting

Louisiana State University

What are the differences and similarities between GRC and ERM?

How are internal audit activities involved in the GRC process?

How is internal audit involved with the ERM process?

What activities internal audit functions are performing to evaluate the Governance and the ERM

processes?

Identification of any leading practices noted.

Dr. Glenn Sumners is a Louisiana State University faculty member and also the director of the LSU

Center for Internal Auditing. He was named Educator of the Year in 1987 by the IIA and received the


LCPA Lifetime Achievement in Accounting Education Award in 1999. In 2006, Glenn received the

Bradford Cadmus Memorial Award from the IIA. In 2012, he was inducted into the IIA American Hall of

Distinguished Audit Practitioners. He is a member of the IIA Society Emeritus. Eighteen students from the

LSUCIA Program have won international awards for the highest CIA exam score. Glenn provides quality

assurance reviews, consulting, and training to internal audit groups and audit committees and has made

over 1,200 presentations in the last 25 years.

Dr. Jared Soileau teaches accounting information systems at Louisiana State University and assists with

the LSU Center for Internal Auditing. Prior to obtaining his Ph.D. from The University of Memphis, Jared

worked in various audit capacities with Ernst & Young LLP, Alcatel Inc., Avery Dennison, and FedEx

Services. He has provided CIA exam review training for multiple IIA chapters and research interests that

include internal auditing, corporate governance, and enterprise risk management.



CS 2-2

Be at the Table: Tips and Techniques for Auditors to Promote Effective and Efficient Enterprise

Risk Management

Carin Salonia, MS, PMP

Assistant Vice President, Internal Audit Management Advisory Services

The Hartford Financial Services Group Daniel Seabra Assistant Director, Internal Audit Management Advisor Services The Hartford Financial Services Group

Learn the attributes of effective risk management.

Practice developing an ERM risk governance audit program.

Find out how to move risk assessments from project exercise to embedded business process.

Promote sustainable risk management programs and behaviors within the business.

Carin Salonia is assistant vice president of internal audit management advisory services at The Hartford.

Carin has led a team of audit professionals during significant organizational process redesign (finance,

business, and IT), implementing coordinated audits involving assurance, advisory and consultative

services in business, finance and technology. An accomplished presenter, Carin is a member of

Toastmasters International; an active member of PMI; Six Sigma Green Belt; and Change Management


Certified. She currently serves on the board of directors as COO and vice president for the Southern New

England Chapter for Project Management.

Dan Seabra is assistant director of Internal Audit Management Advisory Services at The Hartford and has

over 8 years of audit experience in insurance and financial services. Dan has held a number of positions

within The Hartford's Internal Audit Department including SOX control design and testing, P&C and

Corporate Audit.



CS 2-3

Enhancing Management’s Internal Control Capabilities

Jacqueline Wagner, CIA, CPA

Consultant

Ernst & Young LLP

Bavan Holloway, CIA, CPA

Vice President

Corporate Audit, Office of Internal Governance

The Boeing Co.

Gain an understanding of how an initial investment in training can lead to a stronger control

environment/

Learn about the roles and responsibilities of management, Internal Audit and related functions in

the overall assessment and oversight of controls/

Explore different approaches to strengthen and enhance the management control environment

Increase efficiency by partnering with management to embed control monitoring within their

processes/

Learn how Internal Control Maturity can be factored into Internal Audit's risk assessment and

audit planning processes.

Jacquie Wagner is a consultant with Ernst & Young's Risk Advisory Practice. She is an experienced

internal audit executive who works with Ernst &Young teams to provide internal audit services and

insights around leading internal audit practices to global clients. Previously, Jacquie was general auditor

at several Fortune 100 companies to include financial services, oil and gas, and automotives industries.

In her role as general auditor, she directed the development and execution of risk based audit plans

across the organizations. She has extensive experience working with audit committees and various

regulatory agencies and has led both SOX and operational risk activities in several organizations. Jacquie


is a member of The Institute of Internal Auditors (IIA) and has served as chairman of the board,

committee chairperson for several international committees and a member of the Research Foundation.

Bavan Holloway is vice president of corporate audit, Office of Internal Governance for The Boeing

Company, the world’s leading aerospace company. Bavan is responsible for all corporate audit activities,

including review of internal control systems, overall process assessments ensuring effectiveness, and the

Boeing Enterprise Auditor Program, the company’s leadership development program. Previously, Bavan

was director of finance for the 777 program at Boeing Commercial Airplanes (BCA), responsible for

leading the development and integration of program business plans. Prior to that, Bavan held several

executive positions in finance supporting BCA and its commercial aviation services division. She joined

Boeing in 2002 and served as the assistant corporate controller and chief accountant directing the

management of financial accounting and external financial reporting. She also developed internal controls

and disclosure practices, working with the company’s business unit CEOs, CFOs and other stakeholders,

to ensure compliance. Prior to joining Boeing, Bavan was a partner at KMPG LLP and served clients in

Chicago and New York.



CS 2-4

Best Practices on the Use of Data Mining to Combat Fraud

Felicia A. Hawkins

Manager, Countermeasures and Performance Evaluation

Office of Inspector General, U.S. Postal Service

Gain insights on how to implement a data mining and predictive analytics program to help combat

fraud.

Learn how to build a data mining team and discuss the best place to start building fraud models.

Discuss effective ways the data mining team can work with internal and external stakeholders to

build fraud models that can be used by multiple and diverse users.

Felicia A. Hawkins manages the operations of the countermeasures and performance evaluation team

and oversees the data mining support functions. Felicia is responsible for the data warehouse, reporting,

and the data mining model performance and life cycle. She has been with the OIG for the U.S. Postal

Service for 15 years and has worn many hats starting as as audit/evaluator for 10 years within the Office

of Audit. She was also a member of the professional development team and a manager with the Risk

Analysis Research Center.


Learning Field: Specialized Knowledge and Applications


Monday August 20, 2012 2:30 – 3:45 pm

CS 3-1

Internal Audit: Thought Leadership for Effective Crisis Management

Sanjay Patel, MSC, MBA

Chief Financial Officer, Health Information Technology, Governors Office

State of Illinois

Understand the meaning behind a crisis situation.

Explore examples of effective and ineffective crisis management.

Discover the roles can internal audit play in crisis management?

Learn strategies to proactively manage crisis situations.

Sanjay Patel partners with the Governor’s office to ensure state agencies comply with Section 1512(c)

reporting requirements of the American Recovery & Reinvestment Act (ARRA) of 2009. Sanjay has

assisted many clients with Sarbanes-Oxley Section 404 compliance and business process improvement

projects. He has over 20 years of progressive experience within the public and private sectors. Sanjay

has also developed and delivered numerous presentations and training programs on a variety of

professional development topics.



CS 3-2

Integrating IT into the ERM Process

Xenia Ley Parker, CIA, CFSA, CISA, CGEIT, CRISC

Senior Director, IT Internal Audit

Marsh & McLennan Companies

Learn why IT has become a critical aspect of business and operational risk and why the IT/ERM

integration effort is such a challenge

Uncover various options for developing the IT subject matter.


Discover where and how it fits into the organizational “big picture.”

Learn why ERM teams are often devoid of IT expertise with several generic examples based on

real life experiences.

Engage in a Q&A session with fellow participants.

Xenia Ley Parker is senior director, MMCo Internal Audit, responsible for information technology audit

worldwide. She joined Marsh Inc. in 2004 as Sarbanes-Oxley PMO for IT globally. Xenia is author of

Information Technology Audits, published by CCH annually within their online Accounting Research

Manager (ARM). She was a senior consultant with MIS Training Institute, with over 29 years of

experience in IT and auditing. Xenia spent 14 years with Coopers & Lybrand and 3 with Ernst & Young.

Co-author of C&L's Handbook of IT Auditing, she wrote the technology aspects of the original 1992

COSO study: Internal Control-Integrated Framework. Previously she was associate director, production,

of the Unix-based data center for CBS/AT&T Venture One videotex field test. Xenia is a frequent

presenter at major conferences; a member of ISACA and The IIA, has served on The IIA’s International

Advanced Technology and Professional Issues Committees, and currently serves on The IIA New York

Chapter Board of Governors. She received IIA-New York Chapter's 2010 Thomas A. Johnson Lifetime

Achievement Award, the 1993 International IIA Auditing and Technology Award, among others. She has

written numerous IIA monographs and participated in development of several GTAGs on IT Audit-related

subjects.



CS 3-3

Choices in Risk Management

Sally Dix, CIA, CRMA

Vice President, Standards and Guidance


Charles Locasto, CRMA Vice President MetLife

Sandra Pundmann, CIA, CPA

Partner, Audit and Enterprise Risk Service

Deloitte & Touche LLP


Norman Marks, CRMA, CPA

Vice President

SAP

Does "business maturity" figure significantly in a successful risk management strategy

implementation? If so, is this a major consideration in the choice of risk management model?

Who should "own" risk management, and how does the answer to this question affect the risk

management approach and odds of a successful short and long term RM strategy?

Are there good examples of hybrid RM strategies where management has chosen to combine

what they feel are the best features of different RM frameworks/approaches?

What role does internal audit play that makes the best contribution when management is

designing its RM stategy? What is internal audit's most effective role in supporting an on-going,

successful risk management strategy?

Sally Dix and her team are responsible for liaising with the IIA volunteer structure to support The IIA’s

process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics,

Standards and Guidance). She has been tasked with the aspirational goal of leading the evolution of her

Standards & Guidance team in delivering thought leadership to the internal audit profession. She is a

member of The IIA’s strategic task force to develop the capability to be agile in the development of

guidance/knowledge to keep internal audit professionals current and relevant. In her current role, she had

the opportunity to participate in chief audit executive roundtables in Orlando, Chicago and New York City,

where internal audit practitioners provided candid feedback on exposure draft issues to COSO and the

PwC authors of the new COSO IC framework. Her career in internal audit prior to joining The IIA in

October 2011 involved leading internal auditing and compliance organizations in medium to large publicly

traded companies in the high tech and telecom industries (ATMEL Corporation; AT&T Wireless; Verizon

Wireless; and AirTouch Communications, spin-off of Pacific Telesis Group).

Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.

Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing,

accounting, finance, and information technology. She serves as the leader of the Governance and Risk

and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for

the technology, media, and telecommunications industry. Prior to joining Deloitte and Touche in 1996,

Sandy served as the vice president and chief audit executive of a Fortune 50 company, where she


oversaw a global internal audit organization of more than 70 internal audit professionals. In addition, she

has served in a variety of finance, risk management, and IT leadership and management capacities.

Norman Marks is an influential blogger and recognized thought leader in the areas of internal auditing,

governance, risk management, compliance, enterprise performance, and business intelligence. He

served as vice president of Internal Audit for Business Objects before the company was acquired by SAP

in 2008. Norman has been a chief audit executive of major global corporations since 1990. He authored

two of the most downloaded IIA products: Sarbanes-Oxley Section 404: A Guide for Management by

Internal Controls Practitioners and The GAIT Methodology. Norman is editor of Internal Auditor

magazine's Corporate Governance department. He serves as a member of the review boards of several

audit and risk management publications, and he has authored several award-winning articles. He is also

an Honorary Fellow of the Institute of Risk Management and a Fellow of the Open Compliance and Ethics

Group (OCEG)

Learning Field: Business Management and Organization

Learning Level: Advanced

CS 3-4

Audit Smarter, Not Longer! IT Audit Case Study

Ross Elliott Wescott, CIA

Chief IT Auditor

Portland General Electric Company

Discuss whether technology use has brought efficiency and effectiveness to internal audit in such

a way that its removal would hamper internal audit functionality.

Learn how one organization’s internal audit department has used technology to accomplish

multiple objectives, such as:

Shrink audit project overhead and increase efficiency, effectiveness, and timeliness in the

field.

Access corporate data in such a way as to greatly cut sampling requirements.

Bypass IT and the operating departments to gain data independence.

Ross Wescott is responsible for managing all IT internal control audits and special projects in the

information systems areas of PGE. In addition, as the senior member of the staff, he assists the director

of internal audit in internal audit strategy, methodology, and tool use. Prior to joining PGE, he held similar

positions at Louisiana Pacific Corporation and NW Natural Gas Company. Currently, he is a member of


the ISACA Credentialing Board and Cloud II Task Force and serves as the Audit Committee Chair for a

nearly $1B Credit Union.



Monday August 20, 2012 3:55 – 5:10 pm

CS 4-1

Auditing Governance: If There's a Will, There's a Way

Hal Garyn, CIA

Vice President, North American Audit Services


Discuss what is or can be meant by governance.

Identify areas in a company where "governance" audits can be performed.

Challenge participants to potentially rethink their annual audit plans.

Offer ideas on ways to successfully audit governance.

Hal Garyn has 30 years of professional experience, predominantly focused on the financial services

industry with emphasis on the disciplines of risk management, internal auditing, strategic planning,

mergers and acquisitions, investor relations, and corporate governance. In his current role as Vice

President - IIA North American Services, he is responsible for chief audit executive services, quality

services, and global advocacy. Previously, Hal served on The IIA’s Global Audit Committee, Ethics

Committee, and Nominating Committee, as well as The IIA’s North American Board and Nominating

Committee and has held numerous leadership officer roles within five U.S. IIA chapters.



CS 4-2

An Overview of the OCEG GRC Capability Model

Jason Mefford, CIA, CRMA, CPA, GRCP, CICA

President

Mefford Associates


M. Jane Diaz GRCP, CCEP, CICA Senior Internal Auditor Ventura Foods, LLC

Gain a brief explanation of the Open Compliance and Ethics Group (OCEG) GRC Capability

model.

Learn how the GRC framework was developed by an open source think tank of end use

companies and service providers and was designed to be applied to all organizations.

Find out how the framework can be applied by GRC professionals to design and implement a

robust GRC function.

Tap into tools available from OCEG for use by internal auditors on how to audit a GRC function.

Jason Mefford is a sought after advisor and speaker on ethics, corporate governance, GRC, and internal

audit topics. He is currently the president of Mefford Associates, a professional training, coaching and

boutique advisory firm. Jason has been the chief audit executive at two multi-billion dollar manufacturing

companies. Prior to that he was a manager at both Arthur Andersen and KPMG, performing internal and

external audits and advisory services for clients in various industries. Jason is active in The Institute of

Internal Auditors where he has served in various volunteer leadership positions at the local and

international level. He serves on the leadership council for the Open Compliance and Ethics Group

(OCEG) a non-profit think tank that helps organizations drive “Principled Performance” by enhancing

corporate culture and integrating governance, risk management, and compliance processes.

Jane Diaz is responsible for the day to day operations of the Ethics and Compliance at Ventura Foods,

LLC. She leads the company's annual company-wide Employee Survey and is responsible for the

administration and maintainance of the policy management cycle and processes. Prior to joining Ventura

Foods, LLC, Jane was an internal audit supervisor at Farmers Insurance Group Federal Credit Union

where she directed and managed the internal audit activities. She is a former tax auditor for the state of

California where she also instructed various sales and use tax xeminars for new business owners.



CS 4-3

Governing with ITIL and COBIT

Pam Nigro, CISA, CGEIT, CRISC Manager Health Care Service Corp


Learn the primary focus of ITIL - Service Support Management and Service Delivery Management

Expand your understanding of COBIT’s focus on definition, implementation, auditing, measurement

and improvement of controls

Discover how when implemented effectively, both COBIT and ITIL provide the necessary framework

of an IT GRC program that enables the IT organization to govern itself.

Pam. Nigro is the manager of the iInternal controls, IT policy, and risk management teams at Health Care Service Corporation (HCSC operates the Blue Cross and Blue Shield plans in Illinois, New Mexico, Oklahoma and Texas). She has over 20 years of experience working in information technology, ultimately becoming a subject matter expert in IT general controls. Prior to HCSC, Pam’s experience in the systems and process assurance (SPA) practice at PwC focused on services related to controls around IT management. She served both audit and non-audit clients. As a consultant, she helped HCSC develop its control framework using ITIL and COBIT.

Learning Field: Computer Science


CS 4-4

The Auditor’s Role in Helping Management Understand How to Prevent and Detect Fraud Harriet Richardson, CIA, CGAP, CPA Audit Manager City of Berkeley, CA

Discuss examples of fraud in private and public sector organizations and what allowed them to

occur.

Explore examples of how auditors can do a better job of explaining to management what allowed

organizational fraud to occur.

Share ideas about how auditors can help management better understand the reasons behind

auditors' recommendation for preventing fraud and detecting it if it does occur.

Harriet Richardson has more than 25 years of performance audit and management analysis experience

in federal, state, and local governments, and currently manages the performance audit function in the

Berkeley City Auditor’s Office. Her previous audit experience includes the Washington State Auditor’s

Office; the City and County of San Francisco; the Atlanta City Auditor’s Office; King County, Washington;

and Fort Lewis, Washington. Harriet’s a frequent conference presenter and is a current member of the

Association of Local Government Auditors’ Professional Issues Committee and the Association of

Government Accountants’ Financial Management Standards Board.




Tuesday August 21, 2012 8:30 – 9:45 am

GS 2

Providing Assurance Over Risk Management: It's Not an Option Anymore

Paul Sobel, CIA, CRMA, CPA

Vice President and Chief Audit Executive

Georgia Pacific LLC

Better understand the assurance and consulting requirements of the Standards.

Learn an approach for evaluating the overall risk management program, leveraging concepts

from ISO 31000 and other sources.

Evaluate the maturity of the risk management program to help provide better advice on improving

sustainability of the program.

Consider what resources are needed to provide assurance over risk management.

Paul Sobel leads the global internal audit activity for Georgia-Pacific, LLC, a diversified forest products

company based in Atlanta. He previously served as the chief audit executive for three public companies

in the energy and publishing industries. He is a frequent speaker on governance, enterprise risk

management (ERM), and internal audit topics. Sobel recently co-authored a book titled Enterprise Risk

Management: Achieving and Sustaining Success. Previously he authored Auditor’s Risk Management

Guide: Integrating Auditing and ERM and coauthored Internal Auditing: Assurance and Consulting

Services. He currently serves on The IIA’s Board of Directors as senior vice chair.




Tuesday August 21, 2012 10:15 – 11:30 am

CS 5-1

Case Study: Corporate Governance Start-Up

Nick Moscaritolo, CPA, CFE

Vice President, Internal Assurance

JDA Software Group

Starting an ERM program and extracting a risk-based audit plan from the results.

Solving small department/start-up common issues.

Transitioning from a co-source to internal audit model.

Best practices for auditing and reporting in a small audit team environment.

Nick Moscaritolo has over 15 years of experience in the internal and external audit field. Nick started his

career at Arthur Andersen, moved to Arizona Public Service Company, and later, Starwood Hotels &

Resorts. Currently, Nick is the vice president of internal assurance and chief audit executive at JDA

Software Group. Nick has spoken at the last 2 MIS Training Institute SuperStrategies conferences.



CS 5-2

Risk Management Strategy: The Right Approach for Your Organization

Sally Dix, CIA, CRMA

Vice President, Standards and Guidance


Understand how identifying and implementing the right specific strategies and approaches for

your organization and its unique culture matter.

Learn how to combine theoretical knowledge and real world experience

Share new tips for making risk management work for your organization.

Discover how an approach tailored to your organization can make the difference in the success or

failure of risk management at your organization.


Sally Dix and her team are responsible for liaising with the IIA volunteer structure to support The IIA’s

process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics,

Standards and Guidance). She has been tasked with the aspirational goal of leading the evolution of her

Standards & Guidance team in delivering thought leadership to the internal audit profession. She is a

member of The IIA’s strategic task force to develop the capability to be agile in the development of

guidance/knowledge to keep internal audit professionals current and relevant. In her current role, she had

the opportunity to participate in chief audit executive roundtables in Orlando, Chicago and New York City,

where internal audit practitioners provided candid feedback on exposure draft issues to COSO and the

PwC authors of the new COSO IC framework. Her career in internal audit prior to joining The IIA in

October 2011 involved leading internal auditing and compliance organizations in medium to large publicly

traded companies in the high tech and telecom industries (ATMEL Corporation; AT&T Wireless; Verizon

Wireless; and AirTouch Communications, spin-off of Pacific Telesis Group).



CS 5-3

Case Study: How Elster Group Integrates Multiple Compliance Initiatives on a Single Technology

Platform

Malte H. Globig, CIA, Dipl-Kfm

Senior Manager, Internal Audit

Elster Group SE

Hear how this multi-national engineering company meets compliance requirements for a diverse

group of stakeholders with a consolidated, single solution.

Learn how "narrow" technology requirements for a Sarbanes-Oxley compliance project were

developed into a "big tent" philosophy to allow internal auditors and risk managers collaborate on

an integrated GRC platform with operational and financial managers on a global scale.

Walk away from this session understanding how consolidating compliance for multiple business

applications into your existing GRC solutions provides Elster’s stakeholders with real-time insight

to improve business governance and process transparency.

Malte Globig is responsible for the internal audit function at Elster Group's businesses in the Americas.

He also serves as the company's internal GRC technology champion, spearheading the innovative use of

software applications to address today's governance, risk and compliance management challenges. Prior

to joining Elster Group, he led operational efficiency projects as a Six Sigma Black Belt at UnitedHealth

Group and provided business process improvement consulting services to clients in the utility and

financial services industries.




CS 5-4

IA and Fraud Risk Assessment and Management

Annie Dugas, CA, DIFA, CFE

Director, Investigative & Forensic Services

Raymond Chabot Grant Thornton Consulting Inc

Christian Asselin, CA, CMA, CFE

Chief Audit Executive

Natural Resources Canada

Discover a framework and practical approaches to conducting effective fraud risk assessments.

Understand why greater expectations are being placed on internal auditors to integrate value-

added fraud risk and control assessments and strengthen their organizational fraud risk

management practices.

Dive into topics such as: designing an appropriate approach to fraud risk assessments, identifying

key elements of a fraud risk management program, defining the role of internal audit, and

developing a continuous auditing approach to managing the risk of fraud.

Annie Dugas is a director with the investigative and forensic consulting division of Raymond Chabot

Grant Thornton Consulting Inc. in Ottawa, Canada. Annie has extensive work experience in the

assurance and forensic advisory fields, including fraud prevention, detection, and investigation for

government and large private sector enterprises in Canada and internationally. Annie continues to

actively raise awareness and provide leadership to internal auditors and audit committee members on

their roles and responsibilities with regard to conducting fraud risk assessments and strengthening their

organization’s fraud risk management programs.

Christian Asselin is responsible for the internal audit branch of a department that has an annual budget

of around $3.3B and 4,000 full-time employees. Prior, Christian worked for the Office of the Comptroller

General of Canada as senior director, liaison and intelligence. In his role, Christian oversaw and

facilitated the collection, integration and analysis of audit related information to support proactive, efficient

and effective internal audit practices across the federal government. Previously he had experience as

director of investigation and forensic audits with the Office of the Auditor General of Canada (OAG) and

chief audit executive at the Public Health Agency of Canada.




Tuesday August 21, 2012 12:45 – 2:00 pm

CS 6-1

How a Small Audit Department Enhances Corporate Governance through a Broader, More

Strategic Focus on Risk

Kaveh Rikhtegar, CA, CISA

Director, Internal Audit

Canadian Commercial Corp.

Use a risk based approach linked to the ERM to complete the annual audit plan.

Build an effective internal audit organizational structure, tools, and processes.

Implement an effective risk-based approach in planning, executing, and reporting audit activities.

Create an effective reporting structure to the audit committee.

Kaveh Rikhtegar has worked as a director with internal audit/controls in both the public and private

sectors for the past 15 years at Canada Post, Office of the Auditor General of Canada and more recently

at Canadian Commercial Corporation. Kaveh has made an extensive number of presentations on internal

audit and controls at various conferences and events throughout North America.



CS 6-2

Enterprise Fraud Risk Management

Paul E. Zikmund, MBA, MAcc, MBEC, CFE, CFD

Director, Global Integrity and Forensic Audit

Bunge Ltd.

Learn why managing the risk of fraud is a critical component to any ERM program.

Gain a foundation to a fraud-free environment through the development, implementation, and

maintenance of an effective anti-fraud program and controls framework.

Hear about the elements of a comprehensive enterprisewide risk management framework that

includes steps to deter, detect, investigate, and remediate incidents of fraud within an

organization.


Paul E. Zikmund serves as director of global integrity & forensic audit of Bunge in White Plains, New

York. He is responsible for managing and conducting investigations of fraud and misconduct,

implementing fraud detective techniques, administering the company’s fraud risk assessment process,

and managing anti-fraud programs and controls designed to reduce the risk of fraud within the company.

Prior to joining Bunge, Paul worked as the senior director, forensic audit in Princeton, New Jersey, and

the director of litigation support services at Amper, Politziner, & Mattia, LLP, in Philadelphia where he was

responsible for developing, implementing, and administering fraud risk management services to Tyco and

to clients. He possesses nearly 20 years of experience in this field and has effectively managed global

fraud and forensic teams at various Fortune 500 companies.



CS 6-3

Honorably Retiring “Controls” and Promoting “Risk Treatments.” It’s Time.

Tim J. Leech, CIA, CRMA, FCA, CFE

Managing Director Global Services

Risk Oversight Inc.

Review the history and definition of “controls” and “risk treatments.”

Learn why it’s time to retire “controls” and promote “risk treatments”: the business case for

change.

Disvoer “Optimizing risk treatments” – practical strategies to add exponentially more value

Share what needs to happen to retire “controls” and promote the use of “risk treatments”

Tim Leech is managing director of global services at Risk Oversight Inc., which focuses on helping

companies more effectively manage risk and assurance to meet escalating due diligence expectations

and add real value. He has over 25 years of experience in the ERM, internal audit, and forensic

accounting fields, including expert witness testimony in civil and criminal proceedings and global

experience helping public and private sector organizations with internal audit transformation initiatives

and the design, implementation, and maintenance of integrated GRC/ERM frameworks. He is co-author

with his daughter, Lauren Leech of Preventing the Next Wave of Unreliable Financial Reporting: Why

U.S. Congress Should Amend Section 404 of the Sarbanes-Oxley Act, and author of a new Risk

Oversight Inc. white paper challenging traditional approaches to ERM titled The High Cost of the ERM

Herd Mentality.




CS 6-4

Crisis Management: A New Playbook

Jason Ackerman, CIA, CRMA, MBA, CFE, RISC, CGEIT

Chief Audit Executive

Georgetown University

Monica Modi Dalwadi, CIA, CPA, MBA, CFE

Director

Baker Tilly

Review details of some of the latest news-making company crises, particularly those affecting

higher education in the form of abuse allegations and inadequate emergency action procedures

in the face of these incidents.

Learn more about the challenges that arise in the aftermath of a crisis such as negative financial

impact, reorganization, unwanted media attention, reputational damage and pressure to prevent

reoccurrences.

Explore case studiesto learn how to take an active approach to mitigating the risk around

potential crisis at your organization.

focus on lessons learned — positive and negative — from recent athletics program scandals and

discuss the role that internal audit can serve in managing crisis, along with the necessary steps to

take to evaluate whether your organization has preventive measures and a sound post-crisis

action plan.

Jason Ackerman has 16 years of leadership experience providing goverance, risk, and compliance

solutions. His internal audit experience includes work with organizations in the Americas, Europe, Africa,

and Asia. Jason previously worked at major international consulting firms providing investigation,

transaction advisory, technology commercialization, and strategy optimization services. His clients

included non-profits, federal government agencies, and Fortune 500 companies in industries including, oil

& gas, utilities, railroad, manufacturing, mining, cable television, hospitality, financial services, and

pharmaceuticals. Jason has participated as a presenter for various webinars sponsored by The IIA.

Monica Dalwadi is a member of Baker Tilly’s risk advisory services and internal audit practice with 10

years of experience. Monica’s primary focus is internal auditing on a wide range of business issues and

regulatory compliance matters, corporate governance, and internal control structures, including crisis

management reviews. Prior to joining the firm, Monica worked in the internal audit department of a

financial institution where she led risk assessment activities and audited lending, deposits, and trusts. Her


client base includes higher education institutions, financial services companies, government contractors,

and not-for-profit institutions, including the World Bank, The Catholic University of America, Sevenson,

Howard Hughes Medical Institute, The JBG Companies, Princeton University, Children’s National Medical

Center, and The George Washington University. Monica has co-authored numerous research papers that

have been published in trade publications and has delivered many presentations on internal audit-related

topics at conferences and IIA chapter meetings.

Learning Field: Business Management



CS 7-1

Is IT Governance Really Auditable?

Tim Penrose, CIA, CISA, CIPP, PMP

Senior Director, IT Audit

TIAA-CREF

Expand your knowledge and understanding on the meaning of "IT Governance."

Gain insights into specific approaches and available guidance when assessing IT governance

within your organization.

Explore some of the potential pitfalls when completing an audit focused on your senior

leadership.

Tim Penrose leads the IT audit and data analytics functions within the internal audit division at TIAA-

CREF, responsible for the IT audit plan, integrated audits, and data analytics in support of audit, fraud,

investigations, and continuous auditing. Prior to joining TIAA-CREF, he was a senior manager with Ernst

& Young LLP’s Advisory Services practice, primarily focused on IT risk transformation. Prior to Ernst &

Young LLP, Tim was an assistant vice president and management associate at Citigroup, serving as a

risk and control officer as well as a technical project manager. He also has prior experience with Intel and

the National Security Agency (NSA).




CS 7-2

Leveraging the Three Lines of Defense for Effective Risk Coverage Charles Locasto, CRMA Assistant Vice President MetLife

The benefits of a three lines of defense model.

Operating models for coordinated risk and control activities.

World class risk and control frameworks and methodologies.

World class risk and control platforms.

How to implement frameworks whether a big or small audit shop.

Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.



CS 7-3

Time to Get Real — Refocusing Controls to Fight Modern Threats

Daimon Geopfert, CISSP, CISM, CISA, GCIH

National Leader, Security & Privacy Consulting

McGladrey

Vincent J. Schira, CPA, CISA, CISSP IT Audit Program Leader Domino’s Pizza Inc.

Learn about real-world hacking demonstrations that show controls bypass methods.

Discuss the topic of cracking and re-using "strong" passwords.

Hear about bypassing intrusion detection systems.

Ask whether evading anti-virus can compromise "protected" systems.

Find out how social engineering methods abuse social media.

Gain recommendations on how to implement more robust controls.


Daimon Geopfert is the national leader of security and privacy consulting for McGladrey. He specializes

in penetration testing, vulnerability and risk management, security monitoring, incident response, digital

forensics and investigations, and compliance frameworks within heavily regulated industries. Daimon has

over 17 years of experience in a wide array of information security disciplines. He serves as the firm’s

national leader for the security and privacy practice, responsible for the development of the firm’s overall

strategy related to security and privacy services and applicable methodologies, tool kits and engagement

documentation.

Vincent Schira is a seasoned professional with experience in financial and IT audit and joined Domino’s

Pizza Inc. in April 2010. Prior to working for Domino’s Pizza he held leadership positions in accounting,

materials & logistics management, and internal audit within the automotive industry. Leading the IT audit

function at Domino’s publicly traded entity, he is responsible for planning and executing a wide variety of

technology related audits. Last year Vince presented to the Internal Audit Executive Study Group of the

National Restaurant Association on key audit concepts in data warehousing and the results of a disaster

recovery benchmark study he conducted. His current areas of focus include consumer data privacy, food

traceability software, and serving on the company’s data governance council. Vince also works part time

as a firefighter and EMT for the City of Novi, Michigan.



CS 7-4

Emerging Technology Risks - "Smart Phones, iPads and Blackberries, Oh My!"

Norman Comstock, CIA, CRMA, CCSA, CISA, CGEIT, CISSP

Managing Director

UHY Advisors

Richard Peters, CISA, CISSP, QSA Senior Manager UHY Advisors

Jamie DuBray, CIA, CPA, CISA, CISSP, CGEIT Assistant General Auditor CITGO Petroleum

Understand that authorized or un-authorized, these devices exist and most people have them.

Learn how to find out what devices are on your network.


Discuss what types of data your company allows on these devices and the latest attacks against

these devices

Review the latest mobile threats, attacks, and some current methods of protecting these devices

and your data.

Norman Comstock is a managing director at UHY Advisors in Houston, Texas. He leads advisory and

assurance services for IT strategy, IT governance, IT risk assessment, software selection/implementation,

documenting and testing IT general controls and application controls, and evaluating information security

strategy. He is also the firm’s national practice leader for governance, risk, and compliance. Norman was

president of GCRM Solutions, LLC before it merged with UHY Advisors in 2006. In the 15 years prior to

UHY Advisors, he was a principal with three other consulting firms providing technology and management

consulting services to Fortune 1000 companies. Norman held audit, accounting, and finance roles of

increasing responsibility at Texaco, Inc. and Compaq Computer Corporation. He began his career in

finance at Oppenheimer & Company. Norman is an adjunct professor at the C.T. Bauer School of

Business, University of Houston, where he teaches business ethics, advanced internal audit, and

governance, risk, and compliance.

Richard Peters specializes in information security and payment card industry (PCI) compliance. He brings over 13 years of experience managing, performing and delivering cost effective internal controls and information technology (IT) security solutions. This experience includes technology risk management, IT auditing, IT security assessments, internal auditing, attack and penetration testing services and security analysis in domestic and global entities in the energy, technology, financial and manufacturing industries. He is a professor at the University of Houston in the areas of information security.

Jamie DuBray is currently the Assistant General Auditor at CITGO Petroleum Corporation. Prior to

joining CITGO more than 5 years ago, Jamie had internal audit experience with Valero Energy

Corporation and Tesoro Petroleum Corporation as well as positions within information technology and

public accounting. Jamie has 13 years of audit experience and 10 years of experience in the petroleum

refining industry.

Learning Field: Specialized Knowledge and Applications



CS 8-1

Internal Audit - Perspectives of a Chief Compliance Officer

Jon Rydberg, CMA, PMP, CPIM

Vice President, Internal Audit


Smith & Wesson

Understand the how the chief compliance officer and chief audit executive work together to

protect the organization.

Establish a common definition of value and value destruction

Discuss the roles the COO and CAE in protecting against value destruction.

Explore a case study, When Sales Mask Performance.

Jon Rydberg is responsible for internal audit (ATF, FCPA, Import / Export, SOX). In addition, he was

responsible for implementing the organization's risk management infrastructure, ethics program and the

continuous controls monitoring program. Prior to joining Smith & Wesson, Jon was CEO of Orchid

Advisors, a consulting firm specializing in the achievement of corporate strategic objectives. He also

served as a managing director for Protiviti where he co-led the manufacturing industry practice and

served on the supply chain leadership team. Jon previously worked for Ernst & Young, United

Technologies, and Ensign-Bickford Aerospace & Defense. Jon is currently a member of the Department

of Homeland Security Critical Manufacturing Sector Board. He has previously served in leadership roles

for The IIA and APICS.

Learning Field: Business Management and Organization


CS 8-2

A Risk Manager’s View on ERM

Carol Fox, ARM

Director, Strategic and Enterprise Practice

RIMS, The Risk Management Society

Hear an experienced risk practitioner's insights on making enterprise risk management a

strategic business discipline.

Expand your understanding of how enterprise risk management can create as well as protect

value.

Learn how high-performing organizations are using risk management to reduce uncertainties and

increase the odds of success.

Discover how to forge a collaborative alliance between internal audit and risk management for

your organization's success.

Carol Fox is director of strategic and enterprise risk practice for RIMS, a global not-for-profit association dedicated to advancing risk management for organizational success. Founded in 1950, RIMS produces


networking, professional development and education opportunities for its membership of more than 10,000 risk management professionals who operate in more than 120 countries. Prior to joining RIMS in 2010, Carol was senior director of risk management at Convergys Corporation, a publicly traded, global relationship management company. A graduate of Miami University (Ohio), she serves on the advisory board for its Center for Business Excellence. She also holds the Associate in Risk Management (ARM) designation from The Institutes. Carol has authored and contributed to numerous published articles and whitepapers on a variety of risk management topics and currently serves as vice chair on the U.S. Technical Advisory Group for the international ISO 31000 risk management standard implementation projectTreasury & Risk named Carol as one of its 2011 100 Most Influential People in Finance.



CS 8-3

Using Computer Forensics to Manage Controls

Bill Perry

Private Investigator, Security Consultant/Instructor and Chief Compliance Officer

Bill Perry & Associates

Learn to examine the different areas that exist in the "information age" for control

Understand why cell phones are important to "internal audits"

Discuss ways to protect your data

Bill Perry has lectured several professional organizations, including seminars for Busey Bank on identity

theft, First Community Bank on fraud and computer security, SW Chapter of IIA on Internal Corruption,

and presently working on developing a seminar on business ethics and workplace violence. Bill has been

recognized by I.C.E., a division of Homeland Security for his outstanding diligence and expertise in

locating and documenting electronic evidence.He has also worked with the Cape Coral Police for five

years as a crime analyst, computer forensics examiner and served as a member of their elite hostage

negotiations team.

Learning Field: Computer Science


CS 8-4


What Does An Internal Auditor Really Need to Know About Crisis Management

Annie Searle

Principal

Annie Searle & Associates LLC

The role of the crisis management team and its intersection with market, credit and operational

risk.

The characteristics of an ideal crisis management team member.

The scope of decisions made at the crisis management team level, as well as those delegated to

the incident/event management team.

The challenges of timely crisis management in an era of mobile devices and social media.

Annie Searle is principal of Annie Searle & Associates LLC, also known as ASA Risk Consultants, an

independent consulting and research firm, serving businesses and organizations that are part of the

nation’s critical infrastructure. She is the author of two books, Advice From A Risk Detective for the

general public; and Reflections on Risk for risk professionals, both available through Amazon. Annie is an

affiliate faculty member at the University of Washington’s School of Information, where she teaches

courses on operational risk. She is a lifetime member of The Institute of American Entrepreneurs, and

one of 20 inaugural inductees in 2011 into the Hall of Fame for Women in Homeland Security and

Emergency Management. Since 2007, she is one of roughly 50 thought leaders who meet each June at

New York University for its Global Roundtable on Public-Private Preparedness. Earlier, Searle spent 10

years at Washington Mutual Bank (WaMu) responsible for business continuity, disaster recovery,

technology risk and compliance, technology change management, and for vendor and application

information security. As senior vice president for Enterprise Risk Services, Annie and her teams

redesigned and rebuilt those programs to world-class status, utilizing a federated model in partnership

with the bank’s lines of business. She also chaired WaMu’s Crisis Management Team and was the

executive sponsor of the bank’s technology innovation program.



Wednesday August 22, 2012 8:30 – 9:45 am


GS-3 Vendor Contracts and Risk Assessment: Lessons Learned from Fraud Convictions Moderator: Frank Lazzara Managing Director FTI Consulting Panelist: Dr. Susan Margiero, CFA, FRM Managing Director Forensic & Litigation Consulting

Annie Dugas, CA, DIFA, CFE

Director, Investigative & Forensic Services

Raymond Chabot Grant Thornton Consulting Inc

Paul E. Zikmund, MBA, MAcc, MBEC, CFE, CFD

Director, Global Integrity and Forensic Audit

Bunge Ltd.

Discussion of best practices for selecting and monitoring service providers within an enterprise risk management framework

How to vet related party transaction disclosures to prevent problems

How to identify and mitigate conflicts of interest such as when a customer has an equity stake in a vendor

When to use independent experts to conduct investigative due diligence on the vendor and key persons

Understanding bribery and anti-money laundering issues when dealing with non-US vendors

Discussion of lessons learned from prominent fraud convictions that involved service providers and what internal auditors should do as a result

Frank Lazzara has over 20 years of experience in public accounting, internal audit, financial operations

consulting and private industry expertise. He is responsible for facilitating all aspects of litigation support

and forensic engagements including planning, accounting research, fieldwork coordination, managing

client and counsel relationships, the drafting and submission of expert reports, and the preparation of

testifying expert witnesses. Prior to joining FTI Consulting, Frank supervised teams in the execution of

internal and independent audits. His private industry experience is in telecommunications where he

served as CFO and controller for a competitive local exchange carrier. He has served as an internal


auditor for Goldman Sachs with an emphasis in compliance and internal controls reviews. While at

Goldman Sachs, he supported the firm’s internal control environment by devising and implementing fraud

prevention initiatives. He also has public accounting experience with PricewaterhouseCoopers and

international experience investigating alleged violations of the Foreign Corrupt Practices Act in Asia and

Europe. Lazzara has led cases involving NYSE regulatory compliance examinations, and has advised on

high profile securities litigation cases involving the interpretation and expert application of Generally

Accepted Accounting Principles (“GAAP”) and auditor compliance with Generally Accepted Auditing

Standards (“GAAS”).

Dr. Susan Mangiero is a CFA charterholder and a certified Financial Risk Manager. She has provided expert testimony and behind-the-scenes forensic analysis, calculation of damages and rebuttal report commentary for various investment governance, performance, risk and valuation matters. She has more than 20 years of experience in capital markets, global treasury, asset-liability management, portfolio management, economic and investment analysis, derivatives, financial risk control and valuation, including work on trading desks for several global banks, in the areas of fixed income, foreign exchange, interest rate and currency swaps, futures and options. Susanhas provided insights about asset allocation, fiduciary duties, risk management, modeling, hedge effectiveness and valuation best practices for consulting clients and employers that include General Electric, PricewaterhouseCoopers, Mesirow Financial, Bankers Trust, Bank of America, World Bank, Pension Benefit Guaranty Corporation, RiskMetrics, U.S. Department of Labor, Northern Trust Company and the U.S. Securities and Exchange Commission. She is the author of Risk Management for Pensions, Endowments and Foundations. Her articles have appeared in Expert Alert (American Bar Association, Section of Litigation), Hedge Fund Review, Investment Lawyer, Valuation Strategies, RISK, Financial Services Review, Journal of Indexes, Family Foundation Advisor, Bankers Magazine, Expert Evidence Report and the Journal of Compensation and Benefits. Susan is a frequently invited speaker and has keynoted or led workshops for organizations such as the Stable Value Investment Association, Harvard Law School, Florida Public Pension Trustees Association, New York State Department of Insurance, Association of Public Pension Auditors, AICPA - Employee Benefits Section, National Association of Corporate Directors and Financial Executives International.

Annie Dugas is a director with the investigative and forensic consulting division of Raymond Chabot

Grant Thornton Consulting Inc. in Ottawa, Canada. Annie has extensive work experience in the

assurance and forensic advisory fields, including fraud prevention, detection, and investigation for

government and large private sector enterprises in Canada and internationally. Annie continues to

actively raise awareness and provide leadership to internal auditors and audit committee members on

their roles and responsibilities with regard to conducting fraud risk assessments and strengthening their

organization’s fraud risk management programs.

Paul E. Zikmund serves as director of global integrity & forensic audit of Bunge in White Plains, New

York. He is responsible for managing and conducting investigations of fraud and misconduct,

implementing fraud detective techniques, administering the company’s fraud risk assessment process,

and managing anti-fraud programs and controls designed to reduce the risk of fraud within the company.


Prior to joining Bunge, Paul worked as the senior director, forensic audit in Princeton, New Jersey, and

the director of litigation support services at Amper, Politziner, & Mattia, LLP, in Philadelphia where he was

responsible for developing, implementing, and administering fraud risk management services to Tyco and

to clients. He possesses nearly 20 years of experience in this field and has effectively managed global

fraud and forensic teams at various Fortune 500 companies.

Learning Field: Behavioral Ethics


Wednesday August 22, 2012 10:15 – 11:30 am

GS-4

Ethics and Managing Risk: A Preventive Maintenance Approach

Dr. Christopher Bauer, CSP, HSP, CFS

Founder

Bauer Ethics Seminars

Identify at least four common but often unseen or ignored “red flags” for ethics risks in themselves

and their organizations.

Articulate a minimum of four values keys to the development of a culture of ethics and values.

Articulate the financial and strategic value of implementing truly effective ethics training into an

organization’s risk management strategy.

Christopher Bauer is a licensed psychologist with over 25 years of experience as a speaker, trainer, author, and consultant on professional ethics and values-driven business strategies. Between coaching, speaking and consulting, he has worked with front-line workers to senior executives and everyone in between. Clients of Dr. Bauer have run the gamut from small and medium sized businesses and organizations to every level of staff and management at Fortune 500 corporations. Although ethics and fun aren’t words normally heard in the same sentence, Dr. Bauer has been helping individuals and organizations build and maintain great professional ethics, all while having a great time. Dr Bauer’s articles on how to build and maintain great professional ethics have appeared in such journals as CEO Refresher, CFO Magazine, Financial Executive, Internal Auditor, and many others. The latest edition of his book, Better Ethics NOW: How To Avoid The Ethics Disaster You Never Saw Coming has been a business ethics Top Seller on Amazon.com, and he publishes a free “Weekly Ethics Thought” seen by thousands of readers worldwide.

Learning Field: Behavioral Ethics


2012 governance risk and control conference session and ... documents/2012 grc speaker... · 2012...

Documents