1

New York Chapter of the Institute of Internal Auditors www.nyiia.org

NEW YORK REPORTSPLATINUM AWARD CHAPTER November 2012

Knowledge Through Sharing and Learning

Let me start off by saying that, on behalf of the IIA New York Chapter I

express my sincerest hope that its members and their loved ones are

recovering from the recent events of superstorm Sandy. I am proud to say

that the Chapter’s Board of Governors has approved a donation to the

American Red Cross relief fund in the amount of $1,000.

We have held three successful workshops so far this Chapter year. The November

workshop was attended by 75 people who got to see representatives from the IIA, Grant

Thornton, and Televance present a wide range of topics. The varied-topic approach

continues in December, as technology experts from AIG will discuss emerging IT risks.

Following the morning presentation, the luncheon topic will be “Implementing Effective

Privacy Monitoring,” presented by KPMG. To finish the day off, representatives from

Honkamp Krueger will present on construction auditing for the afternoon portion of the

workshop. See pages 7-11 in this newsletter for more specific details and speaker

backgrounds.

Registration is also open for our January workshop, where Dr. Glenn Sumners from

Louisiana State University will be with us to conduct a full day session on data analytics. Dr.

Sumners is the Director of the LSU Center of Internal Auditing, and was recently named by

the IIA as an inaugural inductee of the American Hall of Distinguished Audit Practitioners.

Lastly, be on the lookout for the registration launch of our upcoming Government Audit

Conference. The second annual event will be held on Monday, February 1 at Hotel Penn.

Best regards,

Brian Mannix, President

IIA New York Chapter

2

Pictures from the November Workshop

We had 75 in attendance for our November 16th workshop at Baruch College. Representatives fromthe IIA Research Foundation, Grant Thornton and Telavance spoke throughout the day. Topics

covered included Preparing Internal Auditors for the Future, State of Internal Audit and Internal auditof AML & OFAC. Slides from the presentations will be available on our website soon.

3

In This IssuePage

President’s Message 1

NY Chapter Information2012/2013 Chapter Officers2012/2013 Committee Chairs

Upcoming Events and Workshops

45

Schedule 2012 – 2013December WorkshopJanuary Workshop

67

12

Certification InformationCIA / CGAP Review Course FlyerCRMA CertificationiPace Online Course

141617

Member NewsMember BenefitsSocial Media Update

1920

Share your Knowledge 20Membership Update 21Employment Opportunities 21Academic Relations Committee 22

4

2012 - 2013 IIA NY Chapter Officers

PresidentBRIAN MANNIX

New York Life Insurance Company(212) 576-5928

E-Mail: bmannix@nyl.com

Executive Vice PresidentSCOTT KENNEYDeloitte & Touche

(212) 436-2103E-Mail: skenney@deloitte.com

Vice President-Professional DevelopmentRAQUEL OQUENDO

Columbia University Medical Center(212) 305-9622

E-Mail: rm2698@mail.cumc.columbia.edu

Vice President - Professional ServicesCARMEN CACEDA

Email: Carmen_Caceda@msn.com

Vice President & SecretaryELEONORA PECHENIK

E-mail: epechenik.iia@gmail.com

Vice President – TreasurerJUAN PEREZ

New York Life Insurance Company212-576-7984

Email: juan_h_perez@newyorklife.com

Immediate Past President(2010-2011 Chapter Year)

JOHN FITZPATRICKAccume Partners

(516) 670-6761E-Mail: jfitzpatrick@accumepartners.com

5

2012 – 2013 IIA NY ChapterCommittees

CAP ReportingOfficer: Brian MannixChair: Linda Tan

Audit:Officer: Brian MannixChair: Ines Janssen

Nominating:Officer: Brian Mannix Chair:John Fitzpatrick, DianeNapolitano

Volunteer:Officer: Brian MannixChair: Debra Soumare

Long Range Planning:Officer: Scott KenneyChairs: Paul Flora, Nick DiMola

General Auditors’Roundtable:Officer: Scott KenneyChair: PauletteMullings Bradnock

Business and Industry:Officer: Scott KenneyChairs: Stacey Guardino, UdayGulvadi, Patrick Glenn, TraceyThomas/AlexCacanando/Jessica Rodgers

Special Events:Officer: Scott KenneyChairs: Stacey Guardino, UdayGulvadi, Patrick Glenn, TraceyThomas

Government AuditCommittee: Ed Icasiano, EllenIssacs

History:Officer: Scott KenneyChairs: TBD

Academic Relations:Officer: Scott KenneyChairs:Rachel Bond, , OlgaDavis, Jennifer Morris, CherylLovell, Altagracia Rodriguez

Annual Audit Seminar:Officer: Raquel M. OquendoChairs: Uday Gulvadi, CarlosGarcia, Andrew Goldberg,Rachel Bond, Erin Morrow

Workshops:Officer: Raquel M. OquendoChairs: Rachel Bond, AdwaitTare, Uday Gulvadi, JimMcCabe, Anthony Canton,Cheryl Lowell

Luncheon:Officer: Raquel M. Oquendo

Newsletter:Officer: Carmen CacedaChair: Dainora Tommasino

Social Media/Communications:Officer: Carmen CacedaChairs: Aleksandra Terzano

Public Relations, Advertisingand Employment:Officer: Carmen CacedaChair: Andrew Goldberg

Subscription:Officer: Carmen CacedaChair: Bill MorelloCIA Exam:Officer: Eleonora PechenikChair: Olga Davis

Membership:Officer: Eleonora PechenikChairs: TBD

Outreach:Officer: Eleonora PechenikChairs: TBD

Awards Dinner:Officer: Eleonora PechenikChairs: Mariaelena Deloux,Kathy Rennert

Diversity:Officer: Eleonora PechenikChairs: Junny Rivera

Social:Officer: Eleonora PechenikChairs: Coryse Farris

Financial Reporting: Officer:Financial Controls:Officer: Juan PerezChairs: Melissa Teti, AnthonyPorcoiAwards and Gifts:Officer: Juan PerezChair: Carlos Garcia

6

IIA NY Chapter 2012 – 2013Workshops / Luncheons

September 14, 2012Location: Baruch College

AM: Protiviti, Third Party RiskManagementLuncheon: IIA Global HeadquartersKevin Mayeux, EVP, CO for NA Ops andGeneral Counsel for IIA GlobalHeadquartersPM: Eisner Amper LLP, RiskAssessments/Privacy, data security andbreach response compliance /BusinessContinuity and disaster recovery

October 19, 2012Location: Hard Rock Café

AM session: Crowe UnderstandingFraud and Current Statistics, BehavioralElements of Fraud, Expanding the fraudtriangle, Developing a best in class fraudrisk assessment, Business Practicesand EthicsLuncheon: Deloitte An Overview offraud, the FCPA and UK Bribery ActPM: Deloitte Role of Internal Auditors inMitigating Potential Corruption Risk

November 16, 2012Location: Baruch College

AM: IIA Research Foundation,Preparing Internal Auditors for theFutureLuncheon: Grant Thornton, State ofInternal AuditPM: Telavance, Internal audit of AML &OFAC

December 7, 2012Location: United Federation of Teachers(UFT)

AM: AIG/Protiviti, Emerging ITRisk/TrendsLuncheon: KPMG, ImplementingEffective Privacy MonitoringPM: Honkamp Krueger ConstructionAuditing Risks for 2013 and Beyond

January 11, 2013Location: Baruch College

Full Day Session: LSU, Analytics

February 15, 2013Location: United Federation of Teachers(UFT)

AM: Protiviti, Regulatory Hot TopicsLuncheon: Grant Thornton, VendorRisk ManagementPM: Grant Thornton, Social Media

March 22, 2013Location: Baruch College

AM: Goldman Sachs, ContinuousMonitoringLuncheon: Win the room-Publicspeaking to One or a MillionPM: AIG, Enterprise Risk Management

April 12, 2013Location: Hard Rock Café

AM: Experis, the Risk SurroundingCloud ComputingLuncheon: TBDPM: Sabre Holdings, Moving IA alongthe continuum

May 17, 2013Location: United Federation of Teachers(UFT)40th Annual Audit Seminar

7

IIA NY ChapterDecember 2012 Workshop

Date: Friday, December 7, 2012Times: 8:30 AM – 4:30 PMLocation: United Federation of Teachers

52 BroadwayNew York, NY 10004

CPE: 7 credits will be awarded for the full day workshop3 credits will be awarded for half-day workshop1 credit for luncheon workshop

~~Registration is open~~

Members: $175 Non-Members: $195Luncheon Only (Members): $60 Luncheon Only (Non-Members): $70

½ day with Lunch (Member): $90 ½ with Lunch (Non-Member) $100½ day without Lunch (Member): $80 ½ day without Luncheon Non-Member: $90

AM: 8:30 am - 11:30am (3CPE)

Presentation Topic: Emerging IT Risk

Vito J. DePalo, Director of Technology Audit - Vito J. DePalo joined AmericanInternational Group as Director of Technology Audit in August 2012. Mr. DePalo has24 years of global experience having served in various Information Technology auditroles for Salomon Brothers, of which 3 of his 7 years were spent as a systemsprogrammer, Bank of America, Credit Suisse, Lehman Brothers, Barclays Capital andthe Depository Trust and Clearing Corporation.

Mr. DePalo is a Certified Information Systems Auditor (CISA) and is certified in Riskand Information Systems Control (CRISC). He obtained a BBA degree inManagement Information Systems at Pace University.

8

Mr. DePalo is a member of the Institute of Internal Auditors (IIA), the SecuritiesIndustry and Financial Markets Association (SIFMA) and the Information TechnologyAudit group (iTAG) which is a technology audit focus group comprised of Directors ofIT audit from the largest Financial Services Institutions.

Internal Audit Division – Operations and Systems (O&S)

The O&S division oversees AIG’s technology operations and is made up of thefollowing departments: Application Development and Maintenance, DataManagement, IT Security Risk and Compliance, Infrastructure, OperationsDevelopment and Strategy and Governance.

O&S partners with all of AIG’s businesses to create efficient, customizable,reliable and secure business processes and technology solutions to enable thegrowth of the business.

Carly Darnell, IT Audit Manager. Life and Retirement Group Carly Darnell joinedAmerican International Group as an IT Audit Manager in October 2010. Mrs. Darnellhas 10 years of Information Technology audit experience having previously workedfor PricewaterhouseCoopers (PwC) in both external and internal audit capacities forclients within the Financial Services and Oil and Gas industries.

Mrs. Darnell is a Certified Information Systems Auditor (CISA) and obtained a BBAdegree in Business Honors and Management Information Systems at The Universityof Texas.

Sumukh Shah, IT Audit Manager. Asset Management Group Sumukh Shah is an ITAudit Manager for AIG within the Asset Management Group, managing the regionaltechnology team. He is responsible for the IT application integrated and pre-implementation audit for the Asset Management Group.

Prior to joining AIG, Sumukh has spent 10 years in various Operation and InformationTechnology audit roles for JPMorgan Chase and PwC. He has also instructedcourses for Mainframe and AS/400 systems focusing on the identification of processrisks and related controls as they relate to General IT Controls and businessprocesses it supports (e.g., trading systems).Sumukh is a Certified Information Systems Auditor (CISA). He is a graduate ofMumbai University, with a B.S. in Information Technology and received a M.S. inComputer Science from New York Institute of Technology. Sumukh is currentlypursuing a MBA at Baruch College with a concentration in Finance and CIS.

9

Patricia Voight, IT Audit Manager. Corporate Systems and IT Security, Risk, andCompliance Patricia Voight joined American International Group as IT Manager inJune 2012. Ms. Voight has 20+ years of global experience having served in variousInformation Technology audit roles for Morgan Stanley and Bank of America, as wellas systems development, risk management, and IT support roles for Panacya,Computer Associates, Tivoli, GTE Data Services, and Harris Corporation.

Ms. Voight is a Certified Internal Auditor (CIA), Certified Information Systems Auditor(CISA), Certified Anti-Money Laundering Specialist (CAMS), Certified in theGovernance of Enterprise Information Technology (CGEIT), Certified in Risk andInformation Systems Control (CRISC), Certified Six Sigma Green Belt with Design forSix Sigma (DFSS), and Financial Industry Regulatory Authority (FINRA) Series 7licensee. She obtained an MBA degree at the University of South Florida and a BSdegree in Computer Science at the Florida Institute of Technology.Ms. Voight is a member of the Institute of Internal Auditors (IIA), Information SystemsAudit and Control Assurance (ISACA), Association of Certified Anti-MoneyLaundering Specialists (ACAMS), and Association of Certified Fraud Examiners(ACFE).

Michael Money, Director. Michael Money is a Director in Protiviti’s InformationSecurity & Privacy Solutions Practice based in New York City. Mr. Money is aCertified Information Privacy Professional (CIPP), Certified Information SystemsProfessional (CISSP), PCI Qualified Security Assessor (QSA)and CertifiedInformation System Auditor (CISA). He has over 20 years’ experience directing andconsulting on information technology risk, secure system implementation & operation,developing & executing global security & privacy programs, assessment and control.He has an undergraduate degree from Fairfield University and a MBA from theUniversity of Houston at Clear Lake. He is an author of several publications and afrequent speaker at industry conferences.

Luncheon Workshop: 12:30pm – 1:30pm (1CPE)

Presentation Topic: Implementing Effective Privacy Monitoring

Brian T Geffert, Principal in KPMG’s Advisory Services Practice - Brian isexperienced with various areas of Information Technology Management, InformationSecurity and Information Privacy with particular specialization in the fields of IT riskmanagement and business enablement

10

Brian has substantial experience leading and coordinating IT Advisory engagementsacross several industries, including Healthcare, Financial Services and U.S. FederalGovernment, with a focus on Information Protection, Security, Privacy and Continuity.He has also served as principal on several IT Advisory engagements withresponsibility for assisting clients in developing and implementing processes toprotect information assets, design enterprise security, privacy and continuity strategy.

PM: 1:30pm – 4:30PM (3CPE)

Presentation Topic: Construction Auditing Risks for 2013and Beyond – What, Why, and How This Will Impact my Organization

Matt R. Gardner, CCA, CICA, Risk Advisory Services Manager. During his career,Matt has significant expertise managing a wide variety of private and publiccompanies in the risk advisory suite of services. This includes various cost recoveryengagements for the world's largest organization (Walmart Stores, Inc.), several otherFortune 100 companies, and various colleges and universities throughout the U.S.and Europe.

Matt has a broad range of experience in construction audit across several industriesincluding retail, manufacturing, entertainment, healthcare and transportation. He alsohas in-depth experience in cost segregation studies, contract compliance andverification, risk analysis/management, variance analysis, SAS70 and SSAE16reviews, agreed upon procedures reviews, budget and budget variance analysis,Sarbanes Oxley compliance, cost engineering, and contact administration.

Specialties: Construction audits, SAS70, SSAE16 reviews, cost recovery reviews

Ryan J. Hauber, MBA, CFE, CCA, CCP Partner. Results-oriented internal auditexecutive and anti-fraud specialist with 15+ years of global experience assessing,advising, developing and managing internal audit groups, fraud prevention andcompliance programs. Proven track record of developing and mentoring specialinvestigation/anti-fraud units for a wide variety of organizations.

A licensed CFE in all 50 states, Ryan is a speaker on fraud, forensic accounting andindustry hot topics throughout the United States. Ryan started his career inprofessional services working in progressive roles for a Top 5 public accounting firmalong with several years of internal audit management experience with a nationwidemulti-billion dollar retailer.

11

Specialties: Consulting in general business, growth strategies and strategic planningfor organizations in the public and private sectors both domestically and abroad;Extensive experience with regulatory compliance, fraud, forensic, internal controls,construction auditing and investigative engagements from start-ups to the world'slargest retailers; Cost recovery, business consulting and process improvementinitiatives

For more information: http://www.cvent.com/d/jcq3p9

To register: http://www.cvent.com/d/jcq3p9/4W

12

IIA NY ChapterJanuary 2013 Workshop

Date: Friday, January 11, 2013Times: 8:30 AM – 4:30 PMLocation: Two Baruch College

55 Lexington Avenue Room 14-220New York, NY 10010

CPE: 7 credits will be awarded for the full day workshop3 credits will be awarded for half-day workshop1 credit for luncheon workshop

~~Registration is open~~

Members: $175 Non-Members: $195Luncheon Only (Members): $60 Luncheon Only (Non-Members): $70

½ day with Lunch (Member): $90 ½ with Lunch (Non-Member) $100½ day without Lunch (Member): $80 ½ day without Luncheon Non-Member: $90

Glenn Sumners, DBA, CIA, CFE will facilitate a full day workshop on Analytics. He ison the faculty of Louisiana State University (LSU) and Director of the LSU Center forInternal Auditing.

The workshop on analytics will include a discussion of the significant benefits of usinganalytics as an audit tool. Coverage will include the various types of analytics andthe advantages and limitations.

AM 8:30 am - 11:30am (3CPE)

Steps in analytics Examples of analytics/used in business

Luncheon Workshop: 12:30pm – 1:30pm (1CPE) Importance of the monitoring function and management

13

PM 1:30pm – 4:30PM (3CPE) Limitations in analytics (i.e., why people do not use analytics) Fraud and analytics Examples of use of analytics

More Information: http://www.cvent.com/d/gcq3pp

To Register: http://www.cvent.com/d/gcq3pp/4W

14

15

16

CRMA® Professional Experience Recognition has been extended toDecember 31, 2012

Time is running out to apply for the Certification in Risk ManagementAssurance (CRMA) credential and still qualify under the Professional

Experience Recognition (PER) provision for those in North America. For alimited time before the official exam for this new certification is launched in

2013, interested candidates have until December 31, 2012, to useeducation, certification(s) held, and experience within the 5 domains of the

CRMA to attain a minimum of 155 points required to achieve thedesignation without having to sit for the exam.

For more information visit https://na.theiia.org/Pages/IIAHome.aspx

17

18

19

Members Benefits

As a valued member of the Institute of Internal Auditors and the New YorkChapter, I’d like to remind you of just some of the benefits that are available toyou as members. Membership entitles you to: Member Only Discounts through the IIA’s Affinity Program-The IIA has

partnered with a select host of companies to provide our members withspecial discounts on products and services. These companies include: Dell,Geico, Hertz and Omni Hotels, among others.

Member Only Discounts on Training through the Institute and the NewYork Chapter- As a member of the IIA, you are entitled to valuable guidance,training, and services at discounted prices including :

o Workshopso Conferenceso Seminars

o Webinars, webcasts and e-learning opportunities

o Vision University

Member Only Rates on Items in the IIA Bookstore and ProfessionalCertification Exam Fees

Instant Access to Valuable Reference Tools and Resources for theProfession- These include:

o Professional Practice Frameworko Practice Advisorieso Subscription to Internal Auditor Magazine

Extensions Extensions on Membership Dues: We understand that it may be difficult for

your company to process your membership renewal at this time. If that is the case,we will grant all terminating members a complimentary extension until February 1,2013. You do not have to do anything for this automatic membership extension totake effect.

Extensions on Conference Early Bird Specials: We hope that you haveseen the recent email offering an early bird extension for the 2013 General AuditManagement (GAM) Conference. For members of the Northeast Region, we areextending the discount code EXT0313 to December 31, 2013. Use Discount CodeEXT0313 when registering online or by calling +1-407-937-1111.

We hope that you take advantage and enjoy the many benefits the Institute ofInternal Auditors and the New York Chapter Please visit the IIA athttp://www.theiia.org/ for the latest information on member benefits or athttps://www.theiia.org/index.cfm?act=form.newmember to become a newmember and take advantage of significantly reduced membership rates.

We look forward to seeing you and your colleagues at our upcoming events.

20

Social Media UpdateWe invite our members of the IIA New York Chapter to share your knowledgeand enhance networking opportunities to. Please join the NY IIA ChapterLinkedIn group. Follow us on the following sites:

http://www.linkedin.com/groups?gid=2280322&trk=myg_ugrp_ovr

Other IIA sites to follow:

http://www.facebook.com/TheInstituteofInternalAuditors

http://twitter.com/#!/theiia

Share Your KnowledgeNew York Chapter is full of experienced auditors; this is an opportunity for

members to share and learn from each other. You can contribute in any of thethree ways:

Expertise Stories Books

Wisdom, tip, insight ortechnique that you’ve

found improves your auditprocess or saves you time.

How did you get to where youare today?

What have you beenreading? We’ll choose twoeach month and list them.

For other members interested in submitting information to be published in ournewsletter, please send an email to our VP of Professional Services andNewsletter Officer Carmen Caced at Carmen_Caceda@msn.com by the 20th ofeach month.

21

Membership UpdateNot receiving Chapter e-mails and Workshop notifications? Please UPDATE YOUR

IIA PROFILE! Log onto http://www.theiia.org using IIA Member ID and Password.

1.

2.

3.

Volunteer Corner

If you are interested in volunteering for our chapter, please reach out to ourVolunteer chair, Debra Soumare @ debra.stbernard@aeroflex.com

Employment OpportunitiesIf you are looking for a new opportunity, we currently have new job posting on ourwebsite. http://www.nyiia.org/careers/index.php

Individuals or organizations interested in posting job opportunities should submit acondensed job description to the Employment Officer, Carmen Caceda@ Carmen_Caceda@msn.com

22

Academic Relations Committee

The chapter's Academic Relations Committee presents internal audit related subjectmatter to students at local college and university career fairs.

Below is the current schedule of events coming up for the Schools in the area. If you areinterested in participating in any of these events, please contact Scott Kenney @skenney@deloitte.com

If interested, your organization can take the opportunity to have any open positionscommunicated at these events. If interested, contact Scott Kenney @skenney@deloitte.com

Also, if anyone with Student Internship opportunities, please contact our AcademicRelations Committee Officer Scott Kenney @ skenney@deloitte.com