2015 acua annual meeting registration brochure

REGISTRATION BROCHURE1

ACUA 2015: SHIFT INTO HIGH GEARSEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA

Shift into High Gear for ACUA’s 2015 Annual Conference in Indianapolis! Please join us September 27 – October 1, 2015 as we race to the winner’s circle with fellow college and univer-sity audit professionals. The 2015 Annual Conference offers opportunities for attendees to learn innovative ideas, share best practices, and take home new ways to tackle challenges.

Monday’s general session speaker will teach us how to influence and persuade by using nonverbal behaviors. Dr. Linda Talley, a renowned expert in leadership development and body language, will explain the nonverbal messages we send and receive. She is a research pioneer in the area of hand gestures, and will help us understand what we are really saying with our hands!

On Tuesday, Ms. Cynthia Cooper, former Vice President of Internal Audit at WorldCom, will share her personal experiences at WorldCom. In addition, she will discuss critical ethics, governance and auditing lessons learned from large corporate scandals. Ms. Cooper will help us understand who commits fraud and why, common threads and root causes of corporate scandals, practical strategies to prevent and detect fraud as well as steps to recognize ethical dilemmas and make the right choices.

Need help understanding governance, academic regulation and revenue genera-tion as it pertains to student-athletes? Mr. Derrick Crawford, Managing Director of Enforcement for the National College Athletic Association (NCAA), will be the speaker for Wednesday’s gen-eral session. Mr. Crawford will reveal the many facets of administering athletics within academics and protecting student-athletes in “The NCAA: Behind the Blue Disk.”

Tuesday afternoon offers several options that should meet every member’s needs. Bonus ses-sions are available for those who desire additional CPE credit, including a Certified Internal Auditor (CIA) exam preparation course. We have a featured speaker, Mr. Danny Goldberg, who will present a double-session (2 CPE each) on soliciting valuable information in an efficient man-ner during audit interviews, as well as a session on maximizing communication and teamwork, and how to optimize confrontation. Alternatively, the wonderful Indianapolis Host Committee will offer several activities on Tuesday afternoon, or you may choose to venture out with a group to see the exciting sites that Indianapolis has to offer.

There will be plenty of networking opportunities during the 2015 Annual Conference. Meet and greet fellow higher education colleagues at the opening reception on Sunday evening. This year, the Monday and Wednesday evening events have a new format! Join us Monday after the educational sessions for Trivia Night Challenge with a reception, graciously hosted by our wonderful vendors and speakers. Wednesday night will be the off-site dinner event at the Dallara IndyCar Factory.

The incredible team of Track Coordinators worked very hard to provide us with concepts we can apply to our practice upon return from the conference. With seven (7) tracks and 56 concurrent sessions, attendees will find plenty of options to meet their continuing professional education needs. Tracks include audit trends and issues, risk management/GRC and QARs, compliance, professional development and leadership, information technology/security, fraud and ethics and roundtables and small audit shop resources. There is something for everyone!

On behalf of ACUA’s Board of Directors, the Professional Education Committee, the 2015 Track Coordinators and the Indianapolis Host Committee, I invite you to Shift into High Gear and register today. Register by August 10, 2015, to take advantage of the early registration discount for ACUA members.

I’ll see you in the winner’s circle at the 2015 ACUA Annual Conference!

Jana M. Briley, Chair Professional Education Committee

The Association of College and University Auditors (ACUA) is an international professional organi-zation serving institutions of higher education around the globe.

Since its establishment in 1958, ACUA has provided its members a colle-gial forum for exchanging and shar-ing knowledge and generating new ideas. ACUA is committed to increas-ing members’ knowledge of auditing, regulatory compliance and risk man-agement in higher education.

Annual Conferences allow members to network and socialize at the same time. The combination of camarade-rie and a focus on issues which relate to internal auditing in higher educa-tion continue to serve as the founda-tion for all ACUA activities.

ACUA CONTINUING EDUCATION CREDITS

Conference participants are eligible to receive a maximum of 26 CPE credit hours. The Asso-

ciation of College and University Auditors (ACUA) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE spon-sors. State boards of Accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered spon-sors may be addressed to the National Registry of CPE Sponsors through its website: www.learningmarket.org.



CONFERENCE EVENTS

THANK YOU TO OUR STRATEGIC PARTNERS

FIRST-TIME ATTENDEES RECEPTION(invitation only)

Sunday, September 27, 2015 5:00 p.m. – 6:00 p.m.

First-time attendees and new members are invited to meet and greet the Board of Directors, past presidents, committee chairs and other ACUA leaders and learn what to expect and how to benefit from the activities and educational opportuni-ties provided by ACUA.

OPENING RECEPTIONSunday, September 27, 2015 6:00 p.m. – 7:30 p.m.

Come enjoy the opening of the Exhibit Hall where you can get reacquainted with longtime ACUA friends and make many new ones before visiting area restaurants for dinner on your own. Come for hors d’oeuvres and beverages while you visit with vendors to learn about their products and services and thank them for helping support this conference through their par-ticipation and funding. Don’t forget to show your school pride by wearing your university/college-emblazoned attire!

MONDAY NIGHT TRIVIA RECEPTIONMonday, September 28, 2015 5:30 p.m. - 7:30 p.m.

This exciting new event will include live trivia, heavy appetizers and drinks, and most importantly, networking! All exhib-itors, sponsors and guest speakers have been invited to host a table and can invite attendees to join them at their table. Form a team with your colleagues, make new friends by sitting at a ran-dom table or join an exhibitor’s team. Will your table be crowned the 2015 Trivia Champions?

BUSINESS MEETING Tuesday, September 29, 2015 10:30 a.m. – 12:00 p.m.

Join the ACUA Board of Directors Tuesday morning for the Annual Business Meeting.

You’ll get to hear what the Board has done and has planned for the coming year. A prize drawing will be held at the start of the meeting. You must be present to win!

OPTIONAL NETWORKING ACTIVITIESTuesday, September 29, 2015 12:30 p.m. – 5:00 p.m.

There are plenty of sights to see during your time in Indianapolis! With the hotel’s downtown location, you will not want to miss out on experiencing all that you can while you visit! Visit the hotel’s activity page to begin your planning. This summer visit the Optional Networking Activities Web page to see some of the best sights as suggested by ACUA’s Indianapolis Host Committee.

LUNCH TABLE TOPICSWednesday, Sept. 30, 2015 12:10 p.m. – 1:10 p.m.

ACUA is hosting roundtable discussions during Wednesday’s lunch. Examples of topics are listed below. Don’t miss this chance to share and discover new infor-mation with your colleagues.

Topics:• ACUA Volunteer Opportunities• NCAA• QAR/Peer Reviews• Large Public Universities• Small Public Universities• Data Analytics• Compliance• Work/Life Balance• International Audits• System Office CAEs

OFF-SITE DINNER EVENTWednesday, September 30, 2015 6:00 p.m. – 10:00 p.m.

While you’re here, feel the rush of adrena-line as you strap on a helmet and slip into a Street-Legal IndyCar 2 Seater and speed past the world famous Indianapolis Motor Speedway! Getting in a race car not your speed? Car simulators, green screen pho-tos, dinner and dancing will all be available for guests to enjoy. The Dallara IndyCar Factory is the destination for race-enthusi-asts, and those who are brand new to the sport, to get their fill of all things IndyCar! Transportation will be provided for attend-ees. Buses will have set times of departure from the hotel for the event and will return from the event at regular intervals begin-ning at 7:30 p.m. For more information, go to http://www.indycarfactory.com.

GOLF ANYONE?How about a game of golf? Doug Horr is organizing two games, one Sunday and the other Tuesday afternoon. Please email Doug at [email protected] or call 305-284-4657, if you are interested in playing.

EXHIBIT HALLSunday through Tuesday visit our vendors in the Exhibit Hall to learn how their prod-ucts and services can assist you.

CONFERENCE ATTIREBusiness casual attire is appropriate for educational sessions. Be sure to pack a sweater or light jacket as meeting room temperatures tend to be cool.

WEATHERIndianapolis has an average high tem-perature in late-September of 78 degrees with an average low of 56 degrees.

http://www.marriott.com/hotels/local-things-to-do/indjw-jw-marriott-indianapolis/

http://www.acua.org/CPE_Events/OptionalNetworkingActivities.asp

http://www.indycarfactory.com



MONDAY, SEPT. 28, 20157:00 a.m. – 8:00 a.m. Continental Breakfast8:00 a.m. – 8:20 a.m. Welcome & Announcements8:20 a.m. – 10:00 a.m. General Session10:00 a.m. – 10:30 a.m. Refreshment Break in Exhibit Hall10:30 a.m. – 12:10 p.m. Track Session 112:10 p.m. – 1:10 p.m. Luncheon in Exhibit Hall1:10 p.m. – 2:50 p.m. Track Session 22:50 p.m. – 3:20 p.m. Refreshment Break in Exhibit Hall3:20 p.m. – 5:00 p.m. Track Session 35:30 p.m. – 7:30 p.m. Monday Night Trivia Reception

TUESDAY, SEPT. 29, 20157:00 a.m. – 8:00 a.m. Continental Breakfast8:00 a.m. – 8:20 a.m. Welcome & Announcements8:20 a.m. – 10:00 a.m. General Session10:00 a.m. – 10:30 a.m. Refreshment Break in Exhibit Hall10:30 a.m. – 12:00 p.m. Business Meeting/Prize Drawing12:30 p.m. – 2:45 p.m. Optional Networking Activities3:00 p.m. – 5:00 p.m. Second Set of Networking Activities

Bonus Sessions (BS)1:10 p.m. – 4:50 p.m. CIA Exam Preparation Course – BS 1

1:10 p.m. - 2:50 p.m. People-Centric Skills: Optimized Audit Interviewing – BS 2A

Here Come the Feds! What a Sponsor Audit Is Looking for & How to Prepare Your Institution – BS 2B

3:10 P.M. - 4:50 P.M. People-Centric Skills: Crucial Communications – BS 3A

Prevent Fraud in Five Critical Areas with Data Analytics – BS 3B

WEDNESDAY, SEPT. 30, 20157:00 a.m. – 8:00 a.m. Continental Breakfast8:00 a.m. – 8:20 a.m. Welcome & Announcements8:20 a.m. – 10:00 a.m. General Session10:00 a.m. – 10:30 a.m. Refreshment Break10:30 a.m. – 12:10 p.m. Track Session 412:10 p.m. – 1:10 p.m. Luncheon1:10 p.m. – 2:50 p.m. Track Session 52:50 p.m. – 3:20 p.m. Refreshment Break3:20 p.m. – 5:00 p.m. Track Session 66:00 p.m. – 10:00 p.m. Off-Site Dinner Event

THURSDAY, OCT. 1, 20157:00 a.m. – 8:00 a.m. Continental Breakfast8:00 a.m. – 9:40 a.m. Track Session 79:40 a.m. – 10:10 a.m. Refreshment Break10:10 a.m. – 11:50 a.m. Track Session 8

BONUS SESSION INFORMATIONTUESDAY, SEPTEMBER 29, 20151:10 P.M. – 4:50 P.M.Additional fees applyCIA Exam Preparation Course** – BS 1Vicki McIntyre, President, FirstPlus Resolutions, Inc.

This CIA Exam Preparation Course will include a high level introduc-tion and overview of the topics covered on the new three-part CIA exam. The course will reinforce your CIA knowledge, clarify exam topics and build exam-day confidence. Taught by a CIA-certified instructor, each attendee will have the opportunity to work through practice exam ques-tions, learn test taking tips and will receive the updated Version 4.0 of The IIA CIA Learning System™ self-study print and online materials for Parts 1-3. Additional self-study time outside of the classroom will be necessary to prepare for the exam. Course topics will include: Part 1 – Internal Audit Basics Part 2 – Internal Audit Practice Part 3 – Internal Audit Knowledge Elements** On-site registration will not be allowed for this session. This ses-sion will allow for four (4) CPEs.Knowledge Level: BasicAdvanced Preparation: Pre-test before the classField of Study: AuditingPrerequisites: None

FEATURE BONUS SESSION SPEAKERDanny M. Goldberg, Owner, GoldSRD

Danny M. Goldberg is a well-known speaker on internal auditing and people-centric skills. His past experience includes leading the Professional Development Practice at Sunera and founding SOFT GRC, an advisory services and professional development firm. He has over 15 years of audit experience including five years as a CAE/Audit Director. In 2014, he published the book, “People-Centric© Skills: Communication and Interpersonal Skills for Internal Auditors” (Wiley) which will be available at the conference. Goldberg currently works with over 100 professional associations around the world and numerous Fortune 1000 companies, assisting in their professional development efforts. He has been recognized as a top speaker at numerous events over the past

PROGRAM-AT-A-GLANCE



years, including various The IIA events. Goldberg has been named as one of the Fort Worth Business Press 40 Under 40 for 2014. He has also published numerous articles in trade magazines. He holds many certifications and designations including CPA, CIA, CISA, CGEIT, CRISC, CRMA, CCSA and CGMA.

TUESDAY, SEPTEMBER 29, 2015 1:10 P.M. – 2:50 P.M. People-Centric Skills: Optimized Audit Interviewing – BS 2A

A key facet of the audit process is the interview. The ability to solicit valuable information in an efficient manner is a key skill to becoming an effective auditor. This session will take participants through an overview of leading practices in audit interviewing. Participants will learn to maximize their time with clients.After attending this session, participants will be able to: Know how to optimize interviewing. Describe the importance of communication in the role of auditor. Read body language and appropriate word usage.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

TUESDAY, SEPTEMBER 29, 20151:10 P.M. – 2:50 P.M.Here Come the Feds! What a Sponsor Audit Is Looking for & How to Prepare Your Institution – BS 2BRichard Cordova, Executive Director, University of Washington Kimberly Ginn, Principal, Baker TillyKevin Robinson, Executive Director, Auburn University

OIG are the three most feared letters in sponsored research (just beating out COI and RCR). As we move into the new world of the Uniform Guidance and increased accountability and oversight of federal spending, Offices of Inspector General (OIG) and spon-sors have shifted their focus to auditing incurred costs and internal controls. Most of your institutions have likely either experienced an audit, or live in fear of receiving an intent to audit letter. While OIG and sponsor audits are an inevitable and unavoidable component of receiving research funding, they don’t have to be a nightmare. After attending this session, participants will be able to: Determine areas on which federal auditors are most likely to focus, and common findings from the field. Apply best practices for “surviving” a sponsor audit. Identify how internal audit can provide assurance and assess effectiveness of research administration processes to foster a stronger research administration infrastructure.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with risk and internal controls assessments

TUESDAY, SEPTEMBER 29, 20153:10. P.M. – 4:50 P.M.People-Centric Skills: Crucial Communications – BS 3A Danny M. Goldberg, Owner, GoldSRD

Do you have great technical auditors that could improve their com-munication skills? Auditors who can communicate effectively are exponentially more effective than auditors who cannot. This course will give auditors of all levels an outline of how to optimize their communication skills. This course is based on the book, “People-Centric Skills: Interpersonal and Communication Skills for Internal Auditors,” published by Wiley Publications. Participants will learn to maximize their communication, teamwork and confrontation man-agement skills. After this session, speaker Goldberg will be available to sign copies of his book.After attending this session, participants will be able to: Describe how to optimize confrontation. Discuss the importance of communication in the role of auditor. Improve their effective presentation and writing skills.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

TUESDAY, SEPTEMBER 29, 20153:10 P.M. – 4:50 P.M.Prevent Fraud in Five Critical Areas with Data Analytics – BS 3BSheila Hammond, Director of Business Development, Audimation Services, Inc.

Data analytics has proven highly effective in helping internal audi-tors dive deeper into specific risk areas to identify opportunities for fraud, waste and abuse. Higher education institutions that embrace the use of data analytics have identified revenue gains and cost reductions by detecting fraud, minimizing financial leakage and optimizing spending. This session explores how CaseWare IDEA® can be used to analyze massive volumes of data within five key test areas: p-cards, grants, financial aid, accounts payable, and travel and entertainment. Within these five areas, participants will review examples of what to look for and tips for narrowing the population to identify exceptions.After attending this session, participants will be able to: Extract data from various systems or external environments, format the data for analysis and share findings with management and stakeholders within the organization. Define specific indicators on which to pull data to search for potential fraud or policy violations. Automate repeatable tasks to save time and effort, without programming, to facilitate continuous monitoring.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: None



KEYNOTE SPEAKERSHOW TO USE SIX POWERFUL (& SUBTLE) NONVERBAL BEHAVIORS TO INFLUENCE & PERSUADE MONDAY, SEPTEMBER 28, 20158:20 A.M. – 10:00 A.M.Linda Talley, PhD, Linda Talley and Associates, Inc.

Every day we verbally speak to clients and staff, and at the same time we are sending nonverbal messages that either attract them to us or dis-tance them from us. Yes! It is our nonverbal mes-sage that the people around us are reading first and initially responding to. Do we know what non-verbal messages you are sending? Based on her pioneer research in the area of hand gestures, Dr. Linda Talley spells out exactly what we are saying with your hands. In this program, she explains what meaning is cre-ated by our specific hand gestures when communicating with others. The key question: Is it the meaning we wish and intend to send?After attending this session, participants will be able to: Identify the universal validator and discuss touch as the emotional connection. Use space for effect, describe hand gestures that attract and those that create distance. Explain power posing and apply power gazing to motivate yourself for success.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Business Management & OrganizationPrerequisites: None

Linda Talley, PhD, is an expert in leadership development and body language. Dr. Talley’s diverse background includes private practice, university professor, organizational development consultant and busi-ness educator. Her programs include stories and insights from her career to bring relevant and pragmatic examples to her audiences. As a sought after international speaker, Dr. Talley provides insights into human dynamics and leadership effectiveness in a humorous, motivating, and engaging manner. Her presentations include emo-tional intelligence and nonverbal communication presented from a leadership development perspective filled with specific strategies and tactics that can be implemented immediately. Talley holds a PhD in psychology, is an ongoing researcher in the leadership development area, and is published in scientific journals.

ETHICAL LEADERSHIP FOR THE 21ST CENTURY TUESDAY, SEPTEMBER 29, 20158:20 A.M. – 10:00 A.M.Cynthia Cooper, CEO, CooperGroup, LLC

Cooper was named one of Time magazine’s Persons of the Year for her role in unraveling the fraud at WorldCom, one of the largest corpo-rate frauds in history. She was featured as one of twenty-five influential working mothers in Working Mother magazine and has appeared on pro-grams including Fox Business’ “America’s Nightly Scoreboard”, PBS’s “TAVIS SMILEY,” NBC’s “TODAY” and CNBC’s “Squawk Box”. Cooper will share her personal experiences at WorldCom as well as critical ethics, governance and auditing lessons learned from some of the largest corporate scandals. After attending this session, participants will be able to: Describe who commits fraud and why. Identify 10 steps to recognize ethical dilemmas, and make the right choices. Describe common threads and root causes of corporate scandals, and develop practical strategies to help prevent and detect fraud in their organizations. Discuss the rise and fall of WorldCom: what went wrong?Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: Behavioral EthicsPrerequisites: Experience with forensic accounting and fraud risk mitigation

Cynthia Cooper is an internationally recognized speaker, best-selling author and consultant. She consults with organizations around the world and serves as CEO of the CooperGroup. Cooper previously served as Vice President at MCI where she and her team helped the company move forward and successfully emerge from bankruptcy. Cooper received the Maria & Sidney E. Rolfe Award for contributions to educating the public about economics, business and finance. She previously served as a member of the Standing Advisory Group of the Public Company Accounting Oversight Board (PCAOB) and as Chairman of the Board of Regents for the Association of Certified Fraud Examiners. She currently serves on advisory boards for Louisiana State University and Mississippi State University.



SAVE THE DATE!

THE NCAA: BEHIND THE BLUE DISKWEDNESDAY, SEPTEMBER 30, 20158:20 A.M. – 10:00 A.M.Derrick Crawford, Managing Director of Enforcement, NCAA

More than 90 cents of every dollar the National College Athletic Association (NCAA) spends bene-fits member colleges and universities through direct distributions to individual campuses and confer-ences, the funding and administration of national championships, and other direct student-ath-lete support, such as the Student Assistance and Academic Enhancement funds in Division I. The remaining resources are used to help run the day-to-day operations of the association and pay for other programs and services.

According to the most recent data, only 23 universities (all in Division I) generated more revenue than they spent. Every other athletics department in the country is subsidized by its college or university. Together, these funds totaled $90.7 million for the 2012-13 sea-son, which is an increase of approximately $14 million from the previous year.

The NCAA Enforcement Group is paying close attention to potential cases of academic misconduct, and has established a unit within the department to specifically focus on that topic. The NCAA infractions process works to maintain a level playing field for all student-athletes by enforcing membership-created rules to ensure fair competition and protect the well-being of student-athletes. The NCAA national office enforcement staff seeks and processes information about pos-sible rules violations.

After attending this session, participants will be able to: Identify recent restructuring in the NCAA to preserve and improve the model of collegiate athletics. Identify the infraction process, from the investigation and the actions taken in finding a violation, to the appeal process.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Regulatory EthicsPrerequisites: None

Derrick Crawford presently serves as Managing Director of Enforcement for the NCAA and is responsible for providing leader-ship and oversight of the NCAA’s investigations and processing func-tion. Prior to his employment with the NCAA, Crawford served as Associate Vice President for Diversity, Educational Equity & Ombuds at California State University San Marcos from 2011-2013 and as the Chief EEO & Diversity Officer for The Citadel in Charleston, South Carolina from 2010-2011.

Crawford was employed by the NFL as Senior Manager for Player Liaison from 1998-2000, and as Counsel for Policy & Litigation from 2000-2008. Crawford finished his NFL career serving as Director of Human Resources for NFL Media from 2008-2009. Crawford was employed by the NCAA as an Enforcement Representative from 1996-1998, served as an Assistant Attorney General in the Alabama Attorney General’s Office in 1996 and was a Special Agent of the FBI from 1991-1995.

Crawford received his undergraduate and law degrees from the University of Alabama, and is a member of the Alabama State and District of Columbia Bars. Crawford is a Life Member of Alpha Phi Alpha Fraternity, enjoys playing tennis and is an avid traveler, having visited 30 countries. Crawford is a native of Auburn, Alabama.

2016 MIDYEAR CONFERENCEAPRIL 10-13, 2016PORTLAND MARRIOTT DOWNTOWN WATERFRONTPORTLAND, ORE.

2016 ANNUAL CONFERENCESEPTEMBER 11-15, 2016

LOEWS MIAMI BEACH HOTELMIAMI BEACH, FLA.

MIAMIPORTLAND

7 REGISTRATION BROCHURE

2015 TRACK MATRIX

TRACKS TRACK A TRACK B TRACK C TRACK D

Audit Trends & IssuesRisk Management/

GRC & QARsCompliance

Professional Development &

Leadership

TRACK COORDINATORS

Brian Campbell and LaDonna Flynn

Allen Amyotte and Janet Bishop

Jana Clark and Katrina McNair

Marie Jackson and Gregory Wilson

SESSION 1 Monday,Sept. 28

10:30 a.m.-12:10 p.m.

Auditing Controlled Substance Compliance:

Is Diversion Happening at Your Institution?

Kimberly New

Get Strategic Liz Meyers

Seven Things University Auditors Should Know About

Tax: Tax Just for Auditors Steve Hoffman

Making the Leadership Connection

Kathy Davanzo

LUNCH


1:10 p.m.-2:50 p.m.

Agile Auditing Raven Catlin

Organizational Change Management: A Best Practice to Effective ERM Implementation

Christine Ackerman, Anita Ingram

Integrating Internal Audit & Compliance: Opportunities &

Challenges Byron Morgan

Leadership: When the Going Gets Tough

Lori Cox

BREAK


3:20 p.m.-5:00 p.m.

Auditing Academic Processes: Proactively Addressing This

Emerging Risk Area Leigh Goller,

Raina Rose Tagle

Leveraging Enterprise Risk Management Processes in

Internal Audit Allen Amyotte, Yat-Sing Cheng

A Practical Approach to Performing a Title IX and Clery

Act Combined Audit Nancy Nasca

For Hire: IA, DEG, CERT, EXP, WAVe Rachel Snell

WEDNESDAY

SESSION 4 Wednesday,

Sept. 30 10:30 a.m.-12:10 p.m.

Best Practices in Your Capital Improvement Program Rob Broline, John Croy

Linking Internal Audit Strategic Planning with the Quality Assurance Review (QAR) Leigh Goller, Mike Somich

Auditing PCI Compliance Tim Marley

Break Down the Barriers: Be a Partner!

Clay Dean, Len Ohnstad

LUNCH


Sept. 30 1:10 p.m.

-2:50 p.m.

College & University Reputation Auditing

Bradley Brooks, Kenneth Ramaley

So You Need a Quality Assessment Review (QAR)?

Jim Sleezer

SBIR Fraud & Your Institution: A Guide to What Can Go Wrong

Paul Coleman

How to Need a Waiting Room in Internal Audit

Mary Barnett, Whit Madére

BREAK


Sept. 30 3:20 p.m.

-5:00 p.m.

Auditing Investment Operations: Do You Know Where Your

Money Is Going? Kimberly Burkette, Bob Hoster,

John Kiss, Elizabeth Walsh

Using Data Analytics as a Management Tool to Identify

Organizational Risks Mathew Anderson, Christopher Knopik,

Ryan Merryman

Standards & Guidance for the Professional Practice of

Internal Auditing: What You Need to Know

Sam McCall

Identifying & Developing Top Internal Audit Talent for

Today & Beyond Robert Berry

THURSDAY

SESSION 7 Thursday,

Oct. 18:00 a.m.

-9:40 a.m.

Keep It Rolling: A Four-Year Approach to Auditing

Scholarships & Financial Aid Brian Daniels,

Aparna Yellapantula

Close the Loop: Make Your Internal Audit Assessments

Inform Your Institutional ERMPhillip Draber

Being a Team Player: New Ways to Collaborate

with Athletics Martina Buckley,

Justin Noble

Works Like a Charm: Combined Shops of Audit,

Compliance & Privacy! Sonal Shah

BREAK

SESSION 8 Thursday,

Oct. 110:10 a.m. -12:10 p.m.

Pushing the Rewind Button: Lessons Learned from

Reengineering John Curran, Brenda Muirhead

Enhancing Your Institutional Process through Enterprise Risk

Assessment (ERA) Chibuike Azuoru

Auditing Solutions for Higher Education Issues

Cathy Miller, Joe Reed

Awesome Auditing with Interns & Undergraduate

Students Christopher Beard

Book Signing – Steve Hoffman

SHIFT INTO

HIGH GEAR


2015 TRACK MATRIX

TRACK E TRACK F TRACK G TUESDAY BONUS SESSIONS

Information Technology/Information Security

Fraud & EthicsRoundtables & Small

Shop Resources

Amy Hughes and Calvin Wendelboe

Jason Farber and Verlisa Richards Madden

Heather Lopez and Monique Taylor

IT Governance: Fact or Fiction (as directed

through CoBIT 5.0) Jim Sorell

Utilizing Data Analytics to Find & Prevent Fraud, Waste & Abuse in

Higher Education Bryan Callahan

IT Auditors & Directors Roundtable

Patrick Jenkins

IT Audit & Top IT Risks in 2015 & Beyond

Randy Armknecht, David Kupinski, Eric Vyverberg

Retaliation at the University: The Consequences of Reporting

$2.3 Million in Fraud Amy Block Joy

Mid-Size Shop Roundtable (4-8 Auditors) John Curran,

Brenda Muirhead

Increasing Higher Education Audit Effectiveness with Data

Analytics: A Practical Approach Steven Zapolski

Everything You Wanted to Know about Fraud Investigation, but

Were Afraid to Ask John Straub

New Chief Audit Executive Roundtable

Chris Beard, Pam Doran, Gail Klatt, Valla Wilson

What IT Areas to Audit? Kevin Keough

Lie to Me: Secrets of Linguistic Lie Detection

Nejolla Korris

Third Party Risk Management Roundtable

Mark Bednarz

Cybersecurity Breach! Is Your Institution Prepared?

Mike Cullen, David Overton

Incorporating Forensic Accounting Techniques into

College & University Auditing Collin Greenland

Large Shop Roundtable (9+ Auditors) Don Guyton

Evaluating & Managing Third Party IT Service Providers:

Getting the Assurance You Need? Kevin Secrest

Fraud Education & Awareness Ralph Kimbrough Jr.,

Joe Reed

Ethics Roundtable Melissa Hall

Information Security: Assurance through the Strategic, Tactical &

Operational Lens Nicole Schultz

Anatomy of an Academic Fraud Jeremy Clopton

Small Shop Roundtable (1-3 Auditors)

LaDonna Flynn, Julia Hann

Auditing Cloud Computing in the Real World Tom Salzman

Your Ethical Compass: What’s Really True North? Marion Candrea,

Jana Dean

Small Shop Quality Assurance Review (QAR)Phill Armanas

Book Signing – Amy Block Joy

Bonus Session 1 1:10 p.m.-4:50 p.m.

CIA Exam Preparation Course Vicki McIntyre

Bonus Session 2 1:10 p.m. -2:50 p.m.

Bonus Session 3 3:10 p.m. -4:50 p.m.

People-Centric Skills: Optimized Audit

Interviewing Danny Goldberg

People-Centric Skills: Crucial

Communications Danny Goldberg

Here Come the Feds! What a Sponsor Audit Is

Looking for Richard Cordova, Kim Ginn, Kevin Robinson

Prevent Fraud in Five Critical Areas with

Data AnalyticsSheila Hammond

Book Signing – Danny Goldberg



TRACK SESSIONS

Monday, September 28, 2015 10:30 a.m. – 12:10 p.m.A.1 Auditing Controlled Substance Compliance: Is Diversion Happening at Your Institution? – AUDIT TRENDS & ISSUESKimberly S. New, Drug Division Specialist, Diversion SpecialistsDiversion, theft of drugs by healthcare per-sonnel, is universal in healthcare facilities in the United States. Some of the risks associ-ated with diversion include patient harm, negative publicity, financial loss and civil and regulatory liability. Every facility must have a formal program to address this continuous challenge. Regular auditing of drug usage for possible diversion is an essential com-ponent of a diversion program. This session will focus on the role of the internal audi-tor in drug diversion surveillance including an examination of the use of data analytics programs.After attending this session, participants will be able to: Define the scope of the healthcare facility drug diversion problem in the United States. Outline controlled substance regulatory requirements with which facilities must comply. List key data analytics reports available for auditing for controlled substance diversion.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: None

B.1 Get Strategic – RISK MANAGE-MENT/GRC & QARSLiz Meyers, CEO, Focus On Risk Enterprises, LLCInternal audits are risk-based but still not hav-ing the impact we desire and deserve. Where are we going wrong? Surveys continue to show that internal audits are not focusing on strategic business risks to the degree execu-tives believe they should. The presenter will

discuss ways internal audit can become more strategic with their departments and audits to improve perceptions and increase the influ-ence on the success of our organizations.After attending this session, participants will be able to: Explain why being risk-based may not be enough. Strategically develop your team. Summarize and assess strategic business risksKnowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with risk-based audit practices

C.1 Seven Things University Auditors Should Know about Tax: Tax Just for Auditors – COMPLIANCESteve Hoffman, The Tax Translator, The Ordinary Success ProjectAuditors play an important role in tax risk management at their university. While they are working on an issue, a tax matter may be present at the same time. This session will provide auditors with an understanding of tax issues. Topics covered will include: sales tax, unrelated business income tax, taxable and nontaxable fringe benefits, international stu-dent tax liabilities, independent contractors, and university tax issues. An update on cur-rent tax law changes and impacts on colleges and universities will also be presented at this session. Following this session, the pre-senter will do a book signing.After attending this session, participants will be able to: Describe various ways taxes can impact an institution from a financial, reputation and/or media risk. Discuss techniques to use when conducting an audit to expose tax gaps. Construct a successful tax compliance program at their university.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: TaxesPrerequisites: Experience with tax issues

D.1 Making the Leadership Connec-tion – PROFESSIONAL DEVELOPMENT & LEADERSHIPKathryn Davanzo, Senior Partner, Coda Partners, Inc.Explore your leader self-identity and gain new insights about how to be a more effec-tive leader. In this interactive session, Kathy Davanzo will share evidence and stories to demonstrate how a strong leader self-identity – a clearly articulated Leader P.O.V.® (point of view) – defined by a clear intention to lead, high self-efficacy, high self-consistency, high self-construal as a leader and a high degree of self-esteem about one’s leadership value creates a greater connection to one’s team, and greater and sustained influence on team results and culture.After attending this session, participants will be able to: Describe how a strong leader self-identity increases the effectiveness of leaders and their followers. List the elements of a strong leader self-identity and how to develop one using the meta-competencies of examination, exploration, enlistment and execution. Describe their leadership intention.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: Personal DevelopmentPrerequisites: Experience as a leader

E.1 IT Governance: Fact or Fiction (as directed through CoBIT 5.0) – INFORMATION TECHNOLOGY/ INFORMATION SECURITYJim Sorrell, IT Auditor, Tennessee Board of Regents-SWIAWith the release of CoBIT 5.0, an IT gover-nance program is now required to ensure a “continuing improvement” of internal con-trols to address risks. What does this mean? What series of events occurred to make this requirement a reality? It is imperative we understand the answers to these questions to ensure the validity and success of our IT gov-ernance programs. Many colleges are imple-menting an IT governance structure without a solid blueprint of what needs to be done. As

SESSION 1



TRACK SESSIONS

a result, many risks are still not being prop-erly addressed.After attending this session, participants will be able to: Describe the series of events that led to the birth of IT governance. List the needs to be addressed to meet this challenge. Improve auditing practices by learning about IT governance and what needs to be in place to ensure it works effectively.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with CoBIT and IT goverance

F.1 Utilizing the Power of Data Ana-lytics to Find & Prevent Fraud, Waste & Abuse in Higher Education – FRAUD & ETHICSBryan Callahan, Senior Managing Consultant, BKD, LLPAccording to the Association of Certified Fraud Examiners’ (ACFE) “2014 Report to the Nations on Occupational Fraud and Abuse,” it is estimated the average organization loses five percent of its annual revenue to fraud. This session is designed to update you on current trends related to fraud and ways your institution can try to mitigate fraud risk.After this session, participants should be able to: Describe recent fraud trends in general and in higher education. Describe common challenges in utilizing data analytics and how to overcome them. Integrate data analytics into a risk management program to uncover fraud, waste and abuse.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: Specialized Knowledge and ApplicationsPrerequisites: Experience with the ACFE’s “2014 Report to the Nations on Occupational Fraud and Abuse,” and fraud risk mitigation

G.1 IT Auditing Roundtable – ROUNDTABLES & SMALL SHOP RESOURCESPatrick A. Jenkins, Director, IT Audits, University System of GeorgiaThis roundtable provides on open forum for IT auditors and directors to discuss emerg-ing and hot topic issues relevant to auditing information systems and information security in the higher education industry. Registrants will be polled for discussion topics in the weeks prior to the conference. Prior year roundtables have invoked insightful discus-sion on numerous topics.After attending this session, participants will be able to: List topics of interest to their institutions, security audit techniques for strategic third parties or advising on security incident response plans. Identify and address IT risks and current initiatives within other institutions and compare your organization against them. Analyze IT risk priorities, audit plan development and continuous auditing to increase coverage and value within the higher education environment.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with IT audit practices

Monday, September 28, 2015 1:10 p.m. – 2:50 p.m.A.2 Agile Auditing – AUDIT TRENDS & ISSUESRaven Catlin, CEO, Raven Global TrainingJack be nimble, Jack be quick. Auditing today is coined with buzz words like “con-tinuous,” “dynamic” and “ongoing” as it relates to everything from risk assessments to controls monitoring and reporting. But what does that really mean, and how do you really do it? This provocative address defines and promotes the speaker’s original ideas (book publication expected in 2016) on Agile Auditing™.

After attending this session, participants will be able to: Create meaningful, realistic and achiev- able audit project plans. Identify and overcome typical obstacles encountered during the audit life cycle. Complete audit projects ahead of budgeted time and reduce audit costs.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

B.2 Organizational Change Man-agement: A Best Practice to Effective Enterprise Risk Management (ERM) Program Implementation by Leverag-ing Risk Management and Internal Audit Resources – RISK MANAGE-MENT/GRC & QARSChristine Ackerman, Assoc. VP and Director of Internal Audit, University of Cincinnati Anita Ingram, Asst. VP and Chief Risk Officer, University of CincinnatiThis session will describe how organizations can build a successful case and framework for enterprise risk management by explor-ing the often underutilized partnership and collaboration between the chief risk officer and lead internal audit executive. The pre-senters will demonstrate how to develop a strong methodology and approach to risk mitigation.After attending this session, participants will be able to: Build a successful case and framework for ERM with a defined approach, assessment tools and outcomes. List key collaboration and consultative techniques deployed in the partnership between risk management and internal audit to gain top-level support and build consensus with institutional stakeholders for ERM. Navigate the challenges and pitfalls of implementing and sustaining a successful ERM program.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: None

SESSION 2



TRACK SESSIONSC.2 Integrating Internal Audit & Com-pliance: Opportunities & Challenges – COMPLIANCEByron Morgan, Chief Audit Executive, University of MemphisThis session will cover the opportunities and challenges of integrating internal audit and compliance within a higher education insti-tution. There is a growing trend within higher education to combine or integrate audit and compliance, which seems to be driven in part due to budgetary constraints and the increased emphasis to “do more with less” confronting many internal audit offices within the current higher education economic environment. After attending this session, participants will be able to: Identify the issues when internal audit and compliance is combined within a university. List the different views and approaches for integrating audit and compliance. Describe "best practices" for integrating audit and compliance.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Administrative PracticePrerequisites: None

D.2 Leadership: When the Going Gets Tough – PROFESSIONAL DEVELOPMENT & LEADERSHIPLori K. M. Cox, Director, Internal Audit, Pima Community CollegeIt has often been quoted that the true mea-sure of an individual is not behavior during a time of comfort and convenience, but at times of challenge and controversy. This can be particularly true for leaders. There is a wealth of information regarding leadership skills and characteristics necessary to lead well. However, in times of crises, challenge and controversy, leading well can be partic-ularly difficult. This session will address prac-tical tools and techniques for leading effec-tively in these situations.After attending this session, participants will be able to: Identify tips for leading well through crises, challenge and controversy.

Recognize the key question to ask yourself when addressing leadership challenges. Recall practical tools and techniques for “protecting” themselves as a leader.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Personal DevelopmentPrerequisites: None

E.2 IT Audit & Top IT Risks in 2015 & Beyond – INFORMATION TECHNOLO-GY/INFORMATION SECURITYRandy Armknecht, Associate Director, ProtivitiDavid Kupinsk, Managing Director, ProtivitiEric Vyverberg, Associate Director, ProtivitiIT audit functions today need to support the risk assessment, the analytics process and the integrated audit. How can internal audit departments at higher education orga-nizations help management assess critical emerging risks such as data security, privacy and cybersecurity? In this session, we will highlight case studies at two higher educa-tion organizations where we have helped implement additional controls/processes around data security.After attending this session, participants will be able to: Explain year over year IT audit trends, including findings from recent industry surveys. Conduct an IT risk assessment using a repeatable framework and develop an IT audit plan including hours, size, significant projects and governance. Discuss leading practices in auditing data security, privacy and cybersecurity.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

F.2 Retaliation at the University: The Consequences of Reporting $2.3 Mil-lion in Fraud – FRAUD & ETHICSAmy Block Joy, Faculty/Specialist Emeritus, University of California, DavisThis real life retaliation case study will pres-ent a first-person account about the danger of speaking out in the workplace. In 2006,

the presenter, a faculty member at a major public university, discovered apparent fraud in her federal grant funds. When her report of the fraud, which followed university proce-dure, was ignored, she blew the whistle. The misuse of government funds was substanti-ated by campus authorities. Eleven months later, when the $2.3 million fraud findings were about to be released to the public, she became the target of an elaborate smear campaign and a number of terrifying activ-ities. This presentation chronicles how far some high level officials will go to silence the truth and how to overcome these efforts. Following this session, the presenter will do a book signing.After attending this session, participants will be able to: Recall different strategies that can protect the whistleblower or reporter from retaliation. Identify institutional safeguards to put in place before, during and after the whistle is blown. Describe to their workforce essential resources for the reporting of fraud and misconduct.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Behavorial EthicsPrerequisites: None

G.2 Mid-Sized Shop Roundtable (4-8 Auditors) – ROUNDTABLES & SMALL SHOP RESOURCESJohn Curran, University Director of Internal Audit, University of KansasBrenda Muirhead, Chief Auditor, University of OregonIn this mid-size shop roundtable, the facilita-tors will discuss issues facing internal audit shops that have four to eight staff members. Before the conference, participants will be surveyed by email to identify discussion top-ics of interest. Participants will hear how other audit shops of similar size are addressing issues of concern while gaining knowledge of best practices that will assist in enhancing audit department development.



TRACK SESSIONSAfter attending this session, participants will be able to: Identify and adopt best practices that will benefit their mid-size shop. Discuss emerging risks for universities of comparable size. Develop and strengthen their mid-sized audit shop professional network.Knowledge Level: OverviewAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

Monday, September 28, 2015 3:20 p.m. - 5:00 p.m.A.3 Auditing Academic Processes: Proactively Addressing This Emerging Risk Area – AUDIT TRENDS & ISSUESLeigh Goller, Director, Internal Audits, Duke UniversityRaina Rose Tagle, Partner, Baker TillyHigh-profile instances of academic fraud and its intersection with athletic programs have highlighted this area of risk for universities, impacting accreditation and damaging rep-utations. Boards increasingly inquire about how internal audit can address this emerging risk area. This session will cover an approach to reviewing auditable risks and related con-trols in academic administrative processes, ways in which internal audit departments are assessing the design and effectiveness of academic processes, and common chal-lenges and lessons learned from auditing academic processes and working with aca-demic leaders.After attending this session, participants will be able to: Identify auditable risks and related controls in academic processes. Describe how internal audit departments can provide assurance over risks related to academic processes. Test common challenges encountered when auditing academic processes and working with academic leaders.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

B.3 Leveraging Enterprise Risk Management (ERM) Processes in Internal Audit – RISK MANAGEMENT/GRC & QARSAllen Amyotte, Director, Audit, University of CalgaryYat-Sing Cheng, Associate Director, ERM, University of CalgaryAn effective ERM process can truly be a primary source for the development of the annual audit plan. It can also provide critical context and linkage for audit reports and in scoping engagements. The leads for internal audit and ERM will jointly speak on the ERM program at the University of Calgary and on how this program is effective for all parties concerned.After attending this session, participants will be able to: Apply working knowledge of ISO 31000 in the implementation of ERM in a mid-size to large-size research university. Use the concept of risk tolerance at a strategic level. Integrate residual risk determinations into the annual internal audit planning process.Knowledge Level: AdvancedAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with ERM and audit plan development

C.3 A Practical Approach to Performing a Title IX & Clery Act Combined Audit – COMPLIANCENancy Nasca, Manager, Institute Audit, Compliance and Advisement, Rochester Institute of TechnologyIn recent years, issues relating to campus safety have received increased governmen-tal scrutiny, resulting in the enactment of the Violence Against Women Reauthorization Act (VAWA), the Campus Sexual Violence Elimination (SaVE) Act, as well as multiple governmental advisories, all of which have affected the interpretation of the require-ments of existing legislation (Title IX, Clery Act). This session will provide attendees with an overview of the key requirements of the sexual harassment component of Title IX, Clery Act and other related regulations and guidance.

After attending this session, participants will be able to: Identify synergies within key Title IX and Clery Act requirements to facilitate a combined compliance audit approach. Use available tools and resources to facilitate the planning and performance of Title IX and Clery Act compliance audits. Implement a framework to assess the adequacy of the university’s Title IX and Clery Act policies and procedures.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

D.3 For Hire: IA, DEG, CERT, EXP, WAVe – PROFESSIONAL DEVELOP-MENT & LEADERSHIPRachel Snell, Director, Internal Audit, Coast Community College DistrictCurrent communication is reduced to text messages, acronyms, Skype and FaceTime. It is increasingly difficult to convince manage-ment that internal auditors (IA) Will Add Value (WAVe). With our DEGrees, CERTifications, and EXPerience, we traverse the waters of organizational perplexities and political com-plexities using traditional talk to champion our cause. So, stop convincing! All this can be accomplished in a style that’s right 4U! After attending this session, participants will be able to: Evaluate the WAVe message and offer ways in which traditional techniques can be re-tooled to bridge the communication gap between the hipsters and mainstreamers. Translate audit speak into a message that is worthy of being heard. Apply the power of observation and link it to audit value.Knowledge Level: OverviewAdvanced Preparation: NoneField of Study: CommunicationsPrerequisites: None

SESSION 3



TRACK SESSIONSE.3 Increasing Higher Education Audit Effectiveness with Data Analytics: A Practical Approach – INFORMATION TECHNOLOGY/INFORMATION SECURITYSteven Zapolski, Market Development Consultant, TeamMateThis presentation is designed to help auditors and higher learning institutions bridge the gap between data analytic theory and appli-cation. The emphasis of this presentation is to discuss real world application of data analytics.After attending this session, participants will be able to: List ways to save time and improve efficiency. Describe mechanisms to reduce exposure to risk. Detect more fraud.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

F.3 Everything You Wanted to Know about Fraud Investigation, but Were Afraid to Ask - FRAUD & ETHICSJohn H. Straub, President, Straub Accounting, LLCConducting fraud investigations is a seri-ous endeavor that requires unique skills and training to avoid adverse consequences for the investigator and other parties involved. There are many misconceptions regarding the role of the investigator with respect to gathering evidence, reporting and defending findings. This session dispels misconceptions and delivers best practices in the investigative process to participants interested in improv-ing their investigative skills. Information pre-sented is based on actual cases experienced by the presenter and delivered in a manner to enhance recall by using clear examples and definitions.After attending this session, participants will be able to: Organize and plan quality fraud investigations to report and defend investigation findings. Collect incontrovertible evidence, and avoid false positives.

List activities that can potentially place the investigative team and other parties in harm’s way.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with financial forensic techniques and protocols in investigation, evidence collection, reporting and defending findings

G.3 New Chief Audit Executive Round-table – ROUNDTABLES & SMALL SHOP RESOURCESChristopher Beard, Director, Office of Compliance and Internal Audit Services, BYU-HawaiiPam Doran, Executive Director of Audit and Assurance Services, University of South CarolinaGail Klatt, Associate Vice President, Internal Audit, University of MinnesotaValla Wilson, Associate Vice Prsident of Internal Audit, UT Southwestern Medical Center This roundtable will focus on topics rele-vant to those who have been appointed as new chief audit executives (CAE), internal audit directors or those interested in becom-ing CAEs. Each of the facilitators will share their backgrounds and perspectives on rel-evant and timely topics to facilitate dynamic conversation.After attending this session, participants will be able to: Identify strategies used to develop risk assessments and audit universes. Build the audit department’s reputation based on integrity and trust. Demonstrate insight into CAE roles from an insider’s perspective.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience in managing and/or directing audit functions

Wednesday, September 30, 2015 10:30 a.m. - 12:10 p.m.A.4 Best Practices in Your Capital Improvement Program – AUDIT TRENDS & ISSUESRob Broline, Director, Construction Risk Advisory Services, McGladrey LLP John Croy, National Director, Construction Risk Advisory Services, McGladrey LLPTo stay competitive with other institutions, colleges and universities are upgrading and expanding their campus facilities. Facilities and internal audit departments are taking progressive steps to monitor construction activities to ensure there is compliance with agreements and meeting industry standards. In doing so, colleges and universities have established programs to determine if their capital improvement program is operating in an efficient and effective manner. Attendees will gain an understanding of how institutions are establishing best practices in monitoring costs and managing the processes related to their capital improvement programs. This includes assessing the best forms of delivery methods and benchmarks for architectural engineering fees and construction costs.After attending this session, participants will be able to: Use benchmarks to monitor costs and demonstrate methods to detect fraud waste and abuse. Analyze what to look for in contracts and contract negotiations. Describe the internal audit department’s involvement in the capital improvement program.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

B.4 Linking Internal Audit Strategic Planning with the Quality Assurance Review (QAR) – RISK MANAGEMENT/GRC & QARSLeigh Goller, Director of Internal Audits, Duke UniversityMichael Somich, Executive Director, Internal Audits, Duke University

SESSION 4



TRACK SESSIONSWhile our office was scheduled to do a five-year quality assessment review in fall 2014 (self-assessment with external validation), we decided to prepare a strategic plan (Vision 2020) in advance of the external team visit-ing our institution. The presenters will discuss the process they followed in developing the strategic plan, integrating it with the external review and the outcomes of the combined processes.After attending this session, participants will be able to: Reiterate the process of strategic planning and the involvement of senior leaders in the strategic planning processes. Apply the strategic plan draft in the external quality assessment review process. Describe the quality assessment review and strategic planning results to senior management and board.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Administrative PracticePrerequisites: None

C.4 Auditing PCI Compliance – COMPLIANCETim Marley, IT Audit Director, University of OklahomaCompliance with the Payment Card Industry Data Security Standard (PCI DSS) is a com-plicated, but necessary process. Don’t let the technical requirements intimidate or confuse you. Attend this session to learn about the newest version of the standards and how to audit your organization’s state of compliance with these requirements.After attending this session, participants will be able to: Explain why the PCI DSS presents unique challenges for higher education and review the changes specific to version 3.0. Explain the Payment Card Industry Internal Security Assessor (PCI ISA) program and why it should be considered as a possible source of credentialed training for their team. Demonstrate audit compliance with the PCI DSS using established tools provided by the Payment Card Industry Security Standards Council (PCI SSC).

Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with PCI DSS and security standards

D.4 Break Down the Barriers: Be a Partner! – PROFESSIONAL DEVELOP-MENT & LEADERSHIPClay Dean, Director of Internal Audit, Kennesaw State UniversityLen Ohnstad, Associate Director of Internal Audit, Kennesaw State UniversityThe presenters will discuss innovative meth-ods the internal audit department can use to break down barriers and enhance communi-cation between managers and internal audit. They will also discuss how you can enhance communication during audits, and gain a better reception of audit findings and rec-ommendations, identify methods to improve management’s perception of internal audit, and develop and provide services to help managers identify their department’s risks, implement strong internal control, and be better prepared for a future audit.After attending this session, participants will be able to: Review the benefits of internal audit customer service with managers and auditors. List methods to increase employee compliance with policies and procedures. Tell managers how to accomplish their goals and objectives.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: CommunicationsPrerequisites: None

E.4 What IT Areas to Audit? – INFORMATION TECHNOLOGY/ INFORMATION SECURITYKevin R. Keough, Senior Information Systems Auditor, Indiana UniversityThe Big Ten Conference institutions par-ticipated in a survey of their IT audit plan-ning processes. The information gathered in this survey will be presented. The Big Ten Conference IT auditor group is a collabora-tive group of lead IT auditors that meet face-to-face annually, and on quarterly conference

calls to share knowledge and experiences of how they are meeting the IT audit chal-lenges at their institution. Each institution’s IT risk assessment processes, communications, rankings and prioritization of IT audit topics will be covered.After attending this session, participants will be able to: Classify the Big Ten Conference institution's IT audit shop sizes, reporting structures and the size and makeup of the institutions they serve. Describe the IT audit planning and risk assessment process used at Big Ten Conference institutions. List the IT audit selection processes used at Big Ten Conference institutions.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with IT auditing

F.4 Lie To Me: Secrets of Linguistic Lie Detection – FRAUD & ETHICSNejolla Korris, CEO, InterVeritas InternationalGathering truthful information is an integral part of any corporate environment. If honesty is always the best policy, why don’t we always get it? How important is it for us to learn the truth from our employees, managers and clients? This introduction to linguistic lie detection will help participants become more effective in all business relationships. The presenter will provide an overview of how lin-guistic lie detection is used in business, audit and investigative areas. Session participants will learn the basics of information gather-ing and how to interpret the information they receive. Linguistic lie detection basics will be applied to a variety of high-profile media cases to illustrate examples of deception.After attending this session, participants will be able to: Describe how a truthful person speaks versus an untruthful person, and report how often deception is used in the workplace. List specific linguistic triggers that indicate deception. Relate how linguistic lie detection is used for human resources, audit and investigative areas.



TRACK SESSIONSKnowledge Level: BasicAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: None

G.4 Third Party Risk Management Roundtable – ROUNDTABLES & SMALL SHOP RESOURCESMark Bednarz, Partner, O'Connor Davies LLPThird party risk management is rapidly growing in importance as institutions turn to outsource providers to reduce operating costs, and design approaches to use spe-cialists to accomplish strategic initiatives. Amid the benefits of outsourcing, there lies a significant risk.After this session, participants will be able to: Create a continuous vendor risk management program. Discuss rating external relationships and classifying data. Identify approaches to potential issues.Knowledge Level: OverviewAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

Wednesday, September 30, 2015 1:10 p.m. – 2:50 p.m.A.5 College & University Reputation Auditing – AUDIT TRENDS & ISSUESBradley W. Brooks, Professor, Queens University of CharlotteKenneth Ramaley, Managing Director, Ramaley Group LLCA school's reputation is one of its most critical assets. However, many institutions of higher education are vulnerable to reputation risks. While auditors have traditionally provided assurance on financial risks, operational risks and compliance risks, reputation risks have remained more nebulous. The presenters will describe an actionable approach to enable college and university auditors to clearly identify and elucidate critical risks to school reputations, and to provide effective com-mentary on reputation-focused controls. No prior exposure to reputation risk auditing is

assumed, although experience with assessing other types of operational risks will be helpful.After attending this session, participants will be able to: Identify the critical drivers and vulnerabilities of reputation risk for colleges and universities. Describe the functions of effective reputation controls, including approaches to testing them. Integrate reputation considerations into existing audit plans.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

B.5 So You Need a Quality Assess-ment Review (QAR)? – RISK MANAGE-MENT/GRC & QARSJim Sleezer, Retired, Oklahoma State University/A&M SystemThe IIA Standards (1300) require that the chief audit executive must develop and maintain a quality assurance and improvement program (QAIP) that includes both internal and exter-nal assessments. An external assessment – a Quality Assessment Review (QAR) – must be conducted at least once every five years by a qualified, independent assessor or assess-ment team. The presenter will provide an overview of QAIPs, including discussion of QAR and options for meeting this standard.After attending this session, participants will be able to: Recognize components of a good QAIP. Discuss options for completing internal and external assessments. Build a plan to prepare their institutions for a QAR.Knowledge Level: OverviewAdvanced Preparation: NoneField of Study: Administrative PracticePrerequisites: None

C.5 SBIR Fraud & Your Institution: A Guide to What Can Go Wrong – COMPLIANCEPaul J. Coleman, Consultant, Georgia Tech Department of Internal AuditingEleven federal agencies provided $21 bil-lion in awards through the Small Business Innovation Research (SBIR) program. Many

states also provide matching funds for SBIR awards. Program guidelines and the impact to your institution by businesses that misap-propriate university research and resources will be discussed. Diversion of resources can be caused by university employees who do not disclose their work or where employees have an interest in the SBIR business.After attending this session, participants will be able to: Identify the program elements for SBIR award, including how their institutions can transfer research technology to companies through SBIR awards. Recognize best practices and red flags that will identify if their institutions are at risk of the diversion of resources by undisclosed work for SBIR companies. Discuss the need to add SBIR education and identification as part of your risk assessment, compliance reviews and internal control reviews.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: Regulatory EthicsPrerequisites: Experience with SBIR and risk assessments

D.5 How to Need a Waiting Room in Internal Audit – PROFESSIONAL DEVELOPMENT & LEADERSHIPMary Barnett, Investigations and Special Projects Auditor, Virginia Community College System Whit Madére, Director, Internal Audit, Virginia Community College System Wouldn’t it be great to have a waiting room full of people? We think it could happen! We are working toward creating a department so awesome that people are vying for our atten-tion. We want to provide management and the board with whatever they need to make the campuses so awesome that they have students and donors sitting in their waiting rooms wanting to get on board. We’re eager to share with you the ideas we’ve got that are going to help us get there. We’re eager to find out what awesome ideas you have, too.

SESSION 5



TRACK SESSIONSAfter attending this session, participants will be able to: Develop a repertoire of value-added projects for their institutions. Identify and target those areas where internal audit can do the most good in the least amount of time. Maintain adherence with the standards while expanding the scope of services offered by internal audit.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

E.5 Cybersecurity Breach! Is Your Institution Prepared? Tips & Audit Techniques for Incident and Breach Response – INFORMATION TECHNOL-OGY/INFORMATION SECURITYMike Cullen, Senior Manager, Baker Tilly David Overton, Director of Information Security, Saint Leo UniversityCybersecurity at higher education institutions is a challenging, complex area. Since many colleges and universities have multiple decen-tralized IT units, cybersecurity must address myriad IT risks, such as data security and pri-vacy, and face enormous changes as more operations and processes are automated, outsourced (e.g., cloud), and mobilized (e.g., bring your own device). Therefore, 100 per-cent prevention of incidents and breaches is not practical or possible. This means insti-tutions need a robust incident and breach response plan.After attending this session, participants will be able to: List the goals of an incident and breach response plan that will meet regulatory and legal requirements and mitigate risks. Restate key aspects of the plan and how they can audit those, including roles and coordination in the plan, timing of steps and specific steps needed for certain types of incidents. Describe leading practice incident/ breach response methods to take back to their campuses based on cases presented.

Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with IT auditing and security protocols

F.5 Incorporating “Cutting Edge” Forensic Accounting Techniques & Methodologies into College & Univer-sity Auditing – FRAUD & ETHICSCollin Anthony Greenland, Chief Internal Auditor, Kaizen Management ConsultantsThis presentation is designed to introduce, sensitize and inspire higher education audi-tors to integrate forensic accounting tech-niques and methodologies into their routine audit activities to enhance their effectiveness in fraud deterrence, prevention, detection and reporting. This session will include dis-cussions on forgery, forensic authentication and handwriting analyses. Simulated case studies will be presented in this session.After attending this session, participants will be able to: Define, describe and explain the concept of forensic accounting and computer forensics, and demonstrate the use of interviewing/interrogation techniques. Build the essential elements of a forensic audit and demonstrate how it is conducted. Integrate into audit assignments applicable “cutting edge” forensic accounting methodologies, techniques and technology.Knowledge Level: AdvancedAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: Experience in forensic accounting

G.5 Large Shop Roundtable (9+ Audi-tors) – ROUNDTABLES & SMALL SHOP RESOURCESDon Guyton, Chief Audit Executive, University of Houston SystemChief audit executives and directors who manage internal audit functions at large public and private universities will gather and discuss important topics of common interest. Participants at this roundtable will compare notes and exchange solutions to the prob-lems they face. Prior to the conference, the

facilitator will poll participants to identify and prioritize discussion topics.After attending this session, participants will be able to: Apply their knowledge of audit issues affecting large colleges and universities. Access networks created with peers at larger institutions.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

Wednesday, September 30, 2015 3:20 p.m. - 5:00 p.m.A.6 Auditing Investment Operations: Do You Know Where Your Money Is Going? – AUDIT TRENDS & ISSUESKimberly Burkett, Manager, Baker TillyBob Hoster, Director of Internal Audit, Bucknell UniversityJohn Kiss, Senior Manager, Baker TillyElizabeth Walsh, Senior Audit Manager, Stanford UniversityInvestment and endowment operations can be one of the more challenging areas to audit in an institution. Having an awareness of general investment controls, as well as indus-try practices and regulations, is necessary to conduct a thorough review of the intricacies of investment and endowment operations. This presentation will shift into overdrive and take a comprehensive look at key investment and endowment operational areas, as well as leading industry practices to help conduct an effective audit.After attending this session, participants will be able to: Describe a general overview of key investment and endowment operational areas, focusing on valuable controls and leading industry practices. Analyze due diligence considerations for investment and endowment activities. Describe additional control considerations related to alternative investments and tax implications.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

SESSION 6



TRACK SESSIONSB.6 Using Data Analytics as a Management Tool to Identify Organizational Risks – RISK MANAGE-MENT/GRC & QARSMathew Anderson, Senior Manager, Clifton, Larson, Allen, LLP Christopher Knopik, Principal, Clifton, Larson, Allen, LLPRyan Merryman, Senior Manager, Clifton, Larson, Allen, LLPThe presenters will introduce a method apply-ing data analytics, demonstrate its capabili-ties and explain how it can be used to effi-ciently and effectively identify risk.After attending this session, participants will be able to: Recognize where data analytics can be used to better identify various risks in an organization. Apply the use of data analytics through a case study to efficiently and effectively identify risk.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: None

C.6 Standards & Guidance for the Pro-fessional Practice of Internal Auditing: What You Need to Know – COMPLIANCESam M. McCall, Chief Audit Officer, Florida State UniversityAs a member of the IIA Guidance Task Force that developed the definition of internal auditing, the presenter will discuss the devel-opment of current internal auditing standards and guidance as well as their applicability to fraud, compliance and information technol-ogy, the three lines of defense, and how this fits in with providing assurance and consult-ing services.After attending this session, participants will be able to: Apply the standards and guidance for internal auditing as issued by the IIA. Explain the framework for the professional practice of internal auditing. Identify recent changes to the required elements of internal auditing.

Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with the IIA Standards

D.6 Identifying & Developing Top In-ternal Audit Talent for Today & Beyond – PROFESSIONAL DEVELOPMENT & LEADERSHIPRobert Berry, Director of Audit, University of North FloridaFinding and retaining audit professionals can be a daunting task. Thorough resume reviews and interviews alone will not guarantee attracting top prospects. Organizations must keep talented professionals engaged. The employer/employee relationship is a two-way process that requires time and attention to be meaningful for both parties. This session provides a talent management methodology designed to help maximize the employer/employee relationship.After attending this session, participants will be able to: Develop talent management processes that are tailored for your organization. Assess, develop and deploy talent based on individual and organizational needs. Describe and deploy talent retention strategies.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: Personnel/HRPrerequisites: Familiar with human resource regulations

E.6 Evaluating & Managing Third Party IT Service Providers: Are You Really Getting the Assurance You Need to Mitigate Information Security & Privacy Risks? – INFORMATION TECHNOLO-GY/INFORMATION SECURITYKevin Secrest, IT Audit Manager, University of PennsylvaniaMany organizations have adopted processes and controls for evaluating how third party IT service providers address information secu-rity and privacy risk, but appear to struggle to get an appropriate level of assurance from providers on an ongoing basis. This presen-tation will cover arming organizations with

the ability to implement practical strategies for evaluating and managing third party IT service providers' information security and privacy risk.After attending this session, participants will be able to: List options for evaluating and managing third party IT service providers' information security and privacy risk. Compare the intended uses of different reports offered by IT service providers to demonstrate effective information security and privacy controls, and determine the most appropriate type of report to request. Describe internal audit's role in evaluating and managing third party IT service providers.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

F.6 Fraud Education & Awareness – FRAUD & ETHICSRalph Kimbrough Jr., Audit Manager, University of KentuckyJoe Reed, Senior Director, University of KentuckyThis presentation focuses on the University of Kentucky’s fraud program and the role of internal audit regarding fraud education and awareness. Such things as special commit-tees, policies, training, surprise audits and the university hotline are utilized. The pre-senters will discuss how internal auditors can increase an employee’s awareness of fraud.After attending this session, participants will be able to: Describe an awareness of fraud training programs and train university faculty and staff on fraud prevention and detection techniques. Critique with session attendees regarding their experiences of fraud awareness. Develop a continuous fraud prevention and detection awareness training program.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None



TRACK SESSIONSG.6 Ethics Roundtable – ROUNDTA-BLES & SMALL SHOP RESOURCESMelissa B. Hall, Associate Director, Forensic Audits, Georgia Institute of TechnologyGot ethics? How can we ensure that all of our faculty and staff have ethics? The media headlines are filled with frauds occurring on campus and are usually the result of unethi-cal decisions which impacts all of us. One of the first challenges of dealing with unethical decision-making is recognizing that there is a problem.After attending this session, participants will be able to: Identify areas where ethical challenges exist on campuses. Describe and develop the methods used to assess the ethical culture of institutions and the strategies for effectively changing the ethical culture of institutions. List methods used by peers to promote more ethical cultures on campuses.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

Thursday, October 1, 2015 8:00 a.m. – 9:40 a.m.A.7 Keep It Rolling: A Four-Year Ap-proach to Auditing Scholarships & Fi-nancial Aid - AUDIT TRENDS & ISSUESBrian Daniels, Associate Director of Internal Audit, Virginia Tech Aparna Yellapantula, Staff Internal Auditor, Virginia TechThe presenters will provide a brief introduc-tion to the student financial aid process, from the student application through the awarding and monitoring of various aid possibilities. They will walk through the audit methodol-ogy at Virginia Tech and how the internal audit department collaborated with man-agement to outline the scope of audits to cover all the processes of financial aid in four annual audits. Participants will walk away with an improved understanding of the scope of activities covered by these units on their campuses and how they can add value to the process.

After attending this session, participants will be able to: List federal requirements for scholarships and financial aid. Describe various components of their institutions’ scholarship and financial aid programs. Critique how Virginia Tech has implemented a rolling, four-year approach to covering the required elements.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

B.7 Close the Loop: Make Your In-ternal Audit Assessments Inform Your Institutional ERM & Improve GRC Out-comes – RISK MANAGEMENT/ GRC & QARSPhillip Draber, Director, Risk and Assurance Services, Edith Cowan UniversityMost internal audit reports do not provide any explicit comment on the appropriateness of assessed levels of risk, particularly at the institutional level. This presentation show-cases one institution's approach to improving its internal audit reports by making explicit comments on assessed levels of risk based on the effectiveness of controls. The link between risk management and audit planning will be used to consider the inputs, processes and outputs required to form a multi-purpose opinion. There will be a discussion of some of the governance, risk and compliance (GRC) outcomes achieved as a result of this change in reporting.After attending this session, participants will be able to: Apply knowledge to prepare internal audit control assessments that link back to management’s risk assessments by strengthening the nexus between risk management and internal audit. Develop audit committee and board reports that contribute to GRC out comes by providing assurance on the effectiveness of documented risk treatments. List value-added opportunities for internal audit.

Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with risk and controls assessments

C.7 Being a Team Player: New Ways to Collaborate with Athletics – COMPLIANCEMartina Buckley, Manager, Baker TillyJustin T. Noble, Audit Director, Texas Tech University SystemThe presenters will outline new and unique ways internal audit (IA) can collaborate with the athletic program and add value to insti-tutions as well as help prevent compliance, financial, operational and reputational risks. The presentation will also provide an over-view and updates of the NCAA DI Manual and ACUA Audit Guidelines.After attending this session, participants will be able to: Plan with athletic programs to accomplish institutional oversight and establish a relationship with athletic administrators. List resources to help athletics programs achieve their objectives. Identify unique opportunities for internal audit to provide support to athletics and their institution including media rights audits and academic integrity reviews.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Management Advisory ServicesPrerequisites: None

D.7 Works Like a Charm: Combined Shops of Audit, Compliance & Privacy! – PROFESSIONAL DEVELOPMENT – LEADERSHIPSonal J. Shah, Senior Director, Compliance and Ethics, Stanford UniversityHaving skill sets of audit, compliance and pri-vacy in the same office allows for in-house learning and cross training for the staff, and a better understanding of addressing risk for the higher education organization. It’s a win-win! The presenter will clarify the roles, responsibilities and work products of the diverse members of the combined shops and

SESSION 7



TRACK SESSIONSdiscuss opportunities for these employees to further their careers.After attending this session, participants will be able to: List the commonalities of the three functions of audit, compliance and privacy. Identify the organizational advantage of putting these functions in the same department under the same leader and appreciate the benefits gained from this collaboration. Describe why combining these shops would be envisioned as an effective use of resources.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Business Management & OrganizationPrerequisites: None

E.7 Information Security: Assurance through the Strategic, Tactical & Oper-ational Lens – INFORMATION TECH-NOLOGY/INFORMATION SECURITYNicole Schultz, Audit Lead, University of CalgaryInformation technology organizations are inundated with requests, events and incidents. In light of this, root cause analysis becomes a critical function for the IT organization, espe-cially within information security. Examining IT security controls strategically, tactically and operationally can break down root causes and demonstrate that IT security is not simply a technical control. In resource-constrained environments, IT audits should not only iden-tify control issues but provide value to the organization. The participants will analyze a specific case study to determine how to scope, plan and conduct fieldwork and do a walk-through of a facilitated management self-assessment of information security.After attending this session, participants will be able to: Recall the relationship between strategic, tactical and operational information security functions. Describe security maturity benchmarks and their impact on planning internal audits.

Plan and conduct fieldwork for an IT security control audit.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience in IT audit and IT security assessment

F.7 Anatomy of an Academic Fraud – FRAUD & ETHICSJeremy Clopton, Senior Managing Consultant, BKD, LLPThe presenter will discuss the use of some relevant indicators of academic fraud based on the Cadwalader Report, Investigation of Irregular Classes in the Department of African and Afro-American Studies at the University of North Carolina [UNC] at Chapel Hill and how data analytics can be proactively used to detect and monitor for instances of poten-tial academic fraud. Colleges and universities should consider whether similar academic violations could exist on their own campuses. To do so, it is necessary to understand how academic fraud can get a foothold, and the lessons learned from UNC’s experience are a good starting point.After attending this session, participants will be able to: Illustrate various motives and rationale behind academic fraud. Recognize red flags and appropriate actions to take. Describe tools and methods for detecting and preventing fraudulent behavior.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Specialized Knowledge & ApplicationsPrerequisites: None

G.7 Small Shop Roundtable (1-3 Auditors) – ROUNDTABLES & SMALL SHOP RESOURCESLaDonna Flynn, Director of Internal Audit, Pittsburg State University Julia Hann, Internal Audit Director, Georgia College and State UniversityThis will be a two-part roundtable. The first part of the session will focus on helping small shops be more effective in managing their

audit shop. The first presenter will facilitate various techniques through the audit process in creating efficiency and effectiveness in small shops. The topics covered will include a range of tools, including audit planning to mitigate risks, ways to add value, student interns, and managing crises against your audit plan. The second part of the session will focus on optimizing audit programs. The next pre-senter will lead the discussion to optimize the institution’s potential with audit programs. Participants should come prepared with one hard copy of an audit program. Participants will collaborate in small groups to determine common themes and best practices for audit program design and writing. After attending this session, participants will be able to: Identify tools for their small shop operations. Describe key components of an audit program. Apply knowledge from small shop peers regarding audit programs and operations.Knowledge Level: BasicAdvanced Preparation: Bring a hard copy of a favorite audit program.Field of Study: AuditingPrerequisites: None

Thursday, October 1, 201510:10 a.m. – 11:50 a.m.A.8 Pushing the Rewind Button: Les-sons Learned from the Reengineering of Two University Internal Audit Func-tions – AUDIT TRENDS & ISSUESJohn Curran, University Director of Internal Audit, University of KansasBrenda Muirhead, Chief Auditor, University of OregonImagine rebuilding an internal audit depart-ment from the ground-up – what would the finished product look like, and what road-map would you use to get there? This was the opportunity recently presented to the chief audit executives for the University of Kansas and the University of Oregon. They will share lessons learned from their experiences and provide a change model that others can use

SESSION 8



TRACK SESSIONSto 1) reconceptualize internal audit’s purpose to address emerging risks and challenges; 2) reconnect with stakeholders to build organi-zational relevance; 3) redefine key processes to heighten effectiveness; and 4) reallocate financial and personnel resources to maxi-mize audit coverage and efficiencies.After attending this session, participants will be able to: Examine the foundational elements of an internal audit department. Apply an organizational change model to assess internal audit’s effectiveness and identify areas for improvement. Utilize established practices in stake holder engagement, staff selection and training and risk assessment.Knowledge Level: OverviewAdvanced Preparation: NoneField of Study: Business Management & OrganizationPrerequisites: None

B.8 Enhancing Your Institutional Process through Enterprise Risk Assessment (ERA) – RISK MANAGE-MENT/GRC & QARSChibuike U. Azuoru, Internal Audit Director, Southeastern Louisiana UniversityAn enterprise risk assessment (ERA) identifies and prioritizes an entity’s risks by department and is based on management’s input and objective detailed analysis. The ERA serves to align business processes, internal audit and management focus to the critical issues that may prevent the institution from achieving its objectives.After attending this session, participants will be able to: Recall global risks that may affect multiple departments or cross-functional processes and identify unknown risk or risk areas not yet communicated to the institution’s senior management. Describe accountability and ownership for mitigating risks down to the departmental and process levels and share information between inter-dependent departments and cross-functional areas. Develop an ERA final report for senior management and a three-five year strategic internal audit plan.

Knowledge Level: AdvancedAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with risk assessment

C.8 Auditing Solutions for Higher Edu-cation Issues – COMPLIANCECathy Miller, Principal Business Auditor, University of Kentucky Internal AuditJoseph Reed, Senior Director, University of Kentucky Internal AuditThis presentation focuses on applying pro-active internal auditing approaches to trends discerned from higher education emerging risks, client calls and hotline opportunities. Participants will learn how to use current events and the higher education culture to identify issues needing effective resolution. The presenters will discuss various audit approaches used to address and resolve higher education issues, and will engage participants in considering how to implement these various audit strategies in their own college and university settings. As a result, participants will be able to identify issues and appropriate resolutions.After attending this session, participants will be able to: List the elements of an effective compliance program. Debate pros and cons of management collaboration with departmental responsibilities. Analyze hotline effectiveness and utilization.Knowledge Level: IntermediateAdvanced Preparation: NoneField of Study: AuditingPrerequisites: Experience with higher education auditing and hotline management

D.8 Awesome Auditing with Interns & Undergraduate Students – PROFES-SIONAL DEVELOPMENT & LEADERSHIPChristopher Beard, Director of Compliance and Internal Audit Services, BYU-HawaiiThis session will focus on principle-centered leadership development for auditors who use or are considering the use of undergrad-uate student employees or interns in their audit department. Participants will be able to

explain key concepts needed to effectively use these employees in a structured environment.After attending this session, participants will be able to: Recall basic audit skills. List goal-oriented objectives for students to achieve maximum learning and productivity. Use adequate coaching and mentoring to develop appropriate skill sets.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Personal DevelopmentPrerequisites: None

E.8 Auditing Cloud Computing in the Real World – INFORMATION TECH-NOLOGY/INFORMATION SECURITYTom Salzman, IT Audit Manager, Illinois State UniversityWhat is cloud computing? What are the risks? Why should we care about it? How can we audit this thing without doing too much or doing too little? Come to this session and get your answers. You may even be thinking: “We don’t need to worry about cloud computing; we don’t use it”. Think again. Any department that wants to save money (and they all do) is looking into using the cloud, often without authorization or without others knowing it.After attending this session, participants will be able to: Explain the different types of cloud computing (there’s more than one? Oh yes!). Discuss and clarify why auditors should care and how they can conduct risk- based auditing of this new technology.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None



TRACK SESSIONSF.8 Your Ethical Compass: What's Really True North? – FRAUD & ETHICSMarion Candrea, Audit Manager, Financial Operational Audits, Rutgers UniversityJana Dean, Financial and Operations Audit Manager, Michigan State UniversityThis session will cover how to apply the International Professional Practices Framework (IPPF) Code of Ethics within your audit team and your ethical responsibilities as an auditor. Case studies will be used to create learning dialogue on appropriate audit team behavior. This session will also delve into the ethical challenges unique to higher education. Using experiences from their own audit shops, the presenters will aim to engage in a discussion which transports participants into the role of faculty, hoping to gain an appreciation of the varying ethical dilemmas of faculty and staff.After attending this session, participants will be able to: Review The IIA’s IPPF Code of Ethics and higher education’s unique stakeholders and their differing views. Describe expected ethical behavior for audit teams and auditor accountability. Use decision-making strategies to analyze and resolve ethical dilemmas.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: Regulatory EthicsPrerequisites: None

G.8 Small Shop Quality Assurance Reviews – ROUNDTABLES & SMALL SHOP RESOURCESPhill Armanas, Manager, Audit and Risk Management, University of South AustraliaThe IIA Standard 1300 Quality Assurance and Improvement Program (QAIP) calls for internal audit functions to have an external review every five years. Small internal audit shops are often faced with a difficult task in ensuring they meet the standards and imple-ment a suitable QAIP. This may be due to limited resources, expertise and simply time available. The presenter has conducted numerous quality assurance reviews (QARs) in Australia and the U.S. Drawing upon this experience, the presenter will provide his interpretation of how a small internal audit function might efficiently and effectively implement a QAIP and attain ”general con-formance” with the IIA Standards.After attending this session, participants will be able to: Recall the requirements of the IIA Standard 1300. Describe how a small internal audit function can implement a QAIP, and initiate a QAR. Debate what is required to achieve ”general conformance” with the standards.Knowledge Level: BasicAdvanced Preparation: NoneField of Study: AuditingPrerequisites: None

Photo courtesy of Lavengood Photography.



HOTEL & GROUND TRANSPORTATION INFORMATION

onsidered the crown jewel of Marriott Place Indianapolis, the JW Marriott Indianapolis connected Downtown is a landmark amid the five Marriott hotels to the Indiana Convention Center. The luxury hotel in Downtown

Indianapolis soars 33 stories above the city and boasts one of the largest Marriott ballrooms in the world, offering more than 103,000 sq ft of meeting, banquet and exhibit space, as well as two full-ser-vice restaurants. Adjacent to the convention center, just steps from White River State Park, the Indianapolis Zoo, and many museums, its location is unparalleled. The Downtown Indianapolis hotel is in the heart of world-class shopping and dining, near the State Capitol, Lucas Oil Stadium and Bankers Life Fieldhouse. Guest rooms fea-ture Marriott’s signature REVIVE® bedding, 40” LCD high-definition TVs, marble vanities, plush towels and breathtaking views of a gor-geous art-filled plaza. Come relax and unwind at the JW Marriott Indianapolis, the largest JW Marriott in the United States.

Used with permission from the JW Marriott Indianapolis.

RESERVATIONSTo prevent attendees from having to stay at an overflow hotel, par-ticipants will need to register for the conference to receive the hotel reservation link, which is provided on the confirmation page when registering online. If you register using the PDF form, once your completed form is received and processed, you will be sent a confir-mation email with the link to make your hotel reservation.

Check-in time is 3:00 p.m. and check-out time is 12:00 p.m.

ROOM RATE: $175 single/double, plus tax (17%)

The cut-off date for reservations is Friday, Sept. 4, 2015.

JW Marriott Indianapolis | 10 S. West St. | Indianapolis, IN | 46204

TRANSPORTATIONTAXISTaxis from the airport are approximately $38 each way, plus gratuity.

SHUTTLE SERVICEThe JW Marriott Indianapolis does not provide complimentaryairport shuttle service.

Go Express Travel offers $10 service to downtown Indianapolis.

For more information or to book your shuttle service please, visit http://goexpresstravel.com/indy_express.

PARKINGValet Parking – $42 per day, per vehicle and includes in/out privileges.

On-Site Parking – $37 per day, per vehicle and includes in/out privileges.

Please speak with the concierge for more information on location and costs.

The cut-off date for reservations is Friday, Sept. 4, 2015.

Photo courtesy of Carl Van Rooy Photography.

http://www.marriott.com/hotels/travel/indjw-jw-marriott-indianapolis/

http://goexpresstravel.com/indy_express



ANNUAL CONFERENCE INFORMATION

Registrations processed on-site may cause a delay at the time you check in at the registration desk. If you need to register after Sept. 4, 2015, please bring your completed registration form and payment directly to the conference.

WHO SHOULD ATTEND Internal Auditors, Risk Managers, IT Security Professionals, Chief Business Officers, Controllers, Ethics and Compliance Auditors, Governmental Auditors and IT Auditors

FULL REGISTRATION FEES INCLUDE:• Instructional materials and handouts• Sunday Opening Reception• Daily Continental Breakfasts• Daily Refreshment Breaks• Monday Evening Event• Monday and Wednesday Lunches• Wednesday Off-Site Dinner Event

SINGLE DAY REGISTRATION FEES INCLUDE:Monday or Wednesday:• Instructional materials and handouts • Continental breakfast, refreshment breaks, luncheon and evening eventTuesday or Thursday:• Instructional material and handouts• Continental breakfast and refreshment breaks

GUEST REGISTRATION FEES INCLUDE:• Sunday Opening Reception• Wednesday Evening Event

REGISTRATION CONFIRMATIONFor those registrations received prior to Sept. 4, 2015, ACUA will send a confir-mation letter by email or U.S. mail. When you receive your confirmation letter, please check the spelling of your name, address and the events for which you have registered to ensure that they are correct. If there is an error, please contact the ACUA Executive Office at 913-895-4784. The information on your confirmation letter will be the information used for your name badge. If you do not receive a confirmation letter within three weeks of registering, please contact our office to confirm receipt of your registration.

REGISTRATION CANCELLATION POLICYWritten notice of cancellations received on or before Aug. 10, 2015, will be fully refunded. Cancellations received from Aug. 11 to Sept. 4, 2015, will be refunded less a $100 processing fee. On or after Sept. 5, 2015, cancellation refund requests will be considered on a case-by-case basis. Substitution of registrants is allowed.

QUESTIONS?For more information about our cancella-tion policy, complaints or questions about registering, please contact the ACUA Executive Office at 913-895-4620 or via email [email protected].

IMPORTANT DATES:EARLY REGISTRATION DEADLINE: AUG. 10, 2015 LATE REGISTRATION & HOTEL RESERVATION DEADLINE: SEPT. 4, 2015 ON-SITE REGISTRATION: AFTER SEPT. 4, 2015

Photo courtesy of Indianapolis Motor Speedway.

Photo courtesy of VisitIndy.com.



REGISTRATION FORM

STEP 1 – NAME BADGE & ROSTER INFORMATION (List as you would like to appear on your name badge)

Name _________________________________________________________________________________________________________________________

Preferred First Name for Badge ____________________________________________________________________________________________________

Job Title (limited to 35 characters) __________________________________________________________________________________________________

Institution ______________________________________________________________________________________________________________________

Mailing Address _________________________________________________________________________________________________________________

City, State/Province _______________________________________________ Zip Code __________________________ Country ____________________

Phone __________________________________________________________ Fax ___________________________________________________________

Email (required) ____________________________________________________________________________________________________________

Are you a first-time attendee? Yes No

Are you interested in being a proctor? Yes NoACUA fully complies with the legal requirements of the ADA and the rules and regulations thereof. Please specify any special needs or dietary needs/allergies: Vegetarian Vegan Gluten Free Diabetic Kosher Other:

STEP 2 – LIABILITY WAIVER AND EMERGENCY CONTACTPlease read and sign. I agree and acknowledge that I am undertaking participation in ACUA events and activities as my own free and intentional act and I am fully aware that possible physical injury might occur to me as a result of my participation in these events. I give this acknowledgement freely and knowingly and that I am, as a result, able to participate in ACUA events and I do hereby assume responsibility for my own well-being. I am aware that photographs will be taken during the conference and may be published in the College and University Auditor or on the ACUA website.

Signature Date

Emergency Contact Name/Relationship/Phone

Please use a separate form for each registration; a photocopy of original is acceptable. Please type or print and be sure to include your email address. To register online, please visit the Annual Conference Web page of the ACUA website at www.acua.org.

STEP 3 – REGISTRATION FEES Received by Received by August 10 Sept. 4ACUA Member – Full Conference $950 $1,100Indianapolis IIA Chapter Members $950 $1,100AHIA Members $950 $1,100Non-Member Institution – Full Conference $1,100 $1,250Single-Day registration – Member Mon. or Wed. $395 $395Single-Day registration – Member Tue. or Thu. $240 $240Single-Day registration – Non-Member Mon. or Wed. $445 $445Single-Day registration – Non-Member Tue. or Thu. $265 $265

Single-Day Registrants only. Please indicate which day(s) you plan to attend:

Monday, September 28 Tuesday, September 29 Wednesday, September 30 Thursday, October 1

Registrations received after September 4 will be processed on-site.

Tuesday Bonus Sessions1:10 p.m. - 4:50 p.m. CIA Exam Preparation Course – BS 1 $595

Other Bonus Sessions - $50 BOGO (Buy one, get one free!) $50

1:10 p.m. - 2:50 p.m. People-Centric Skills: Optimized – BS 2A

1:10 p.m. - 2:50 p.m. Here Come the Feds! – BS 2B

3:10 p.m. - 4:50 p.m. People-Centric Skills: Crucial Communications – BS 3A

3:10 p.m. - 4:50 p.m. Prevent Fraud in Five Critical Areas with Data Analysis – BS 3B

Guest Registration $200 (includes Monday Opening Reception and Wednesday Evening Events)

Guest Name:

www.acua.org



STEP 4 – SESSION/EVENT REGISTRATION

SESSION REGISTRATION

Choose only one track per session (see matrix and write in number/letter code on the corresponding line below).

Session 1

Session 2

Session 3

Session 4

Session 5

Session 6

Session 7

Session 8

PLEASE INDICATE WHICH EVENTS YOU WILL BE ATTENDING

Sunday Opening ReceptionMonday LuncheonMonday Trivia Night ReceptionWednesday LuncheonWednesday Evening Event

STEP 5 – PAYMENT INFORMATIONTOTAL PAYMENT DUECheck enclosed (please make checks payable to ACUA in U.S.

currency via a U.S. bank)

Purchase Order (PO) enclosed

MasterCard VISA American Express Discover

Card No.

Exp. Date

Name as it appears on the card

Signature

Cancellation Policy: Written notice of cancellations received on or before August 10, 2015, will be fully refunded. Cancellations received from August 11 - September 4, 2015, will be refunded less a $100 processing fee. On or after September 5, 2015, cancellation refund requests will be considered on a case-by-case basis. Substitution of registrants is allowed.

STEP 6 – SEND YOUR REGISTRATIONTo register, complete this registration form and return it, along with the appropriate registration fee to:

ACUA Executive Office P.O. Box 14306 Lenexa, KS 66285-4306

FAX 913-895-4652

Online Registration

Registrations can be completed and submitted online via the ACUA website at www.acua.org. A link to the registration form is located on the Annual Conference Web page under the CPE Events menu.

2015 acua annual meeting registration brochure

Documents