Educational Streams

Richard Dreyfuss
Academy Award-winning Actor

Moderator: Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA
President and Chief Executive Officer
The Institute of Internal Auditors

Session Description Being Finalized​

Richard Dreyfuss has been acting in American theatre and films for 45 years and is one of America’s most versatile and individualistic actors. Early in his career, he appeared in television and in many notable films, including American Graffiti, The Apprenticeship of Duddy Kravitz, Jaws, and Close Encounters of the Third Kind. Dreyfuss won the Oscar for his performance in The Goodbye Girl and he was nominated for his performance in Mr. Holland’s Opus. As a community leader, his current focus and passion is to encourage, revive, elevate, and enhance the teaching of civics in American Schools. He is the founder of the non-profit organization, TheDreyfussInitiative.org. He is a spokesperson on the issue of media informing policy, legislation, and public opinion, both speaking and writing to express his sentiments in favor of privacy, freedom of speech, democracy, and individual accountability. “All people have a right to know who they are and why they are who they are. Clarity of thought and honesty in self-reflection are more than needed utilities — they are the building blocks of our national moral character.” (From: Why I Love My Country.) Dreyfuss serves on the committee for Education with the American Bar Association, has served 12 years on the Board of the National Constitution Center, is a member of the Council on Foreign Relations, and served as senior research advisory member of St. Antony’s College, Oxford University.  

More recently, Dreyfuss portrayed the infamous Bernie Madoff in the critically acclaimed ABC miniseries, Madoff. Some of his upcoming projects include Louisiana Caviar (opposite Cuba Gooding Jr) and The Last Laugh (opposite Chevy Chase).

Richard F. Chambers is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board. Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Today ranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of Corporate Directors (NACD) as one of the most influential leaders in corporate governance. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers has authored two award-winning books: Trusted Advisors: Key Attributes of Outstanding Internal Auditors, which was released in early 2017; and Lessons Learned on the Audit Trail, which is currently available in five languages.

Alice Mariano
Director, Internal Audit
North Carolina Farm Bureau Mutual Insurance Co.
USA

Every internal auditor could use more resources, but the challenge is most acutely faced by the CAE who has only up to about eight auditors. The risks to be addressed keep growing, but there never seems to be enough time or means to obtain, develop, and deploy the limited resources available. This session will focus on approaches a smaller audit group can use, leveraging strategies that have worked and resources available from The IIA.

In this session, participants will:

• Explore using flexible planning tactics.
• Discuss process disciplines that keep everyone on track.
• Identify tools available to CAEs of smaller groups.
• Join in an interactive session designed to allow for sharing great ideas.

Alice Mariano has over 20 years of auditing and accounting experience. She currently leads the internal audit department at North Carolina Farm Bureau Mutual Insurance Co. (NCFBINS) where she started the department 10 years ago. NCFBINS is a single state P&C insurance company with annual direct written premium of over $1 billion. Mariano has approximately eight years of public accounting experience, of which more than six years was spent serving clients’ diverse internal audit needs.

Jamal Ahmed, CIA, CRMA
Vice President, Internal Audit
Day & Zimmermann
USA

The purpose of this presentation is to show how to determine whether or not a company’s business culture facilitates ethical and compliant work practices.

In this session, participants will:

• Understand the process for auditing a culture of ethics and compliance.
• Learn the various components of an ethical culture.
• Understand the role of leadership in developing and maintaining ethical culture.

Jamal Ahmed is vice president of internal audit at Day & Zimmermann, Inc. (D&Z). D&Z’s 43,000 employees, operating from more than 150 worldwide locations, provide industrial, defense, and workforce solutions to a broad base of commercial and government customers.

Ahmed joined D&Z in May 2005 as director of internal audit. In September 2009, he assumed responsibility for running the company’s ethics program in addition to the internal audit function. In February 2014, Jamal was appointed vice president of internal audit. The D&Z ethics program, under Ahmed’s leadership, received an A ranking from Transparency International (TI) in its 2015 Defense Companies Anti-corruption Index. TI evaluated 163 defense companies from 47 countries. D&Z was one of 17 companies to receive an A ranking. This was the second such ranking under Ahmed’s leadership.

He is currently D&Z’s representative on the Defense Industry Initiative (DII). Ahmed has been a guest speaker at DII and Ethics and Compliance Association (ECA) and The Institute of Internal Auditors (IIA) events.
Prior to joining D&Z, Ahmed served as manager of corporate policies and practices for Air Products and Chemicals (APCI). At APCI, he also had other positions of increasing responsibilities within the internal audit function, including developing a work process for compliance with the Sarbanes-Oxley Act. 

Lenny Block, CIA, CPA
Vice President, Internal Audit
Nasdaq
USA

In today’s interconnected world, multinational organizations must remember that one country’s way of performing audits is not the ONLY way. Internal audit teams, with members outside of the U.S., are challenged to report results to multiple regulators and process data in and from multiple countries. Find out the steps a U.S.-based organization’s audit team takes to manage this effectively using analytics and harnessing the power of technology.

In this session, participants will:

• Learn a process that ensures regional and local regulatory requirements are addressed for international engagements.  
• Gain best practices around leveraging analytics to gather data, ensure evidence is available, and satisfy regulators.
• Develop an audit plan for multi-country board reporting.
• Overcome cultural differences to ensure the audit message is consistent across the whole organization.

Lenny Block is vice president of internal audit at Nasdaq. He brings over 35 years of professional experience in internal audit, business process reengineering, database design, and project management. Block has extensive practical experience managing all phases of an internal audit, ensuring regulatory compliance, operational effectiveness, and financial reporting integrity for Nasdaq-owned entities worldwide. He also leads internal audit’s data analytics program and donates his expertise to the corporate ethics team on Foreign Corrupt Practices Act (FCPA) Compliance. Prior to Nasdaq, Block worked in multiple industries, including non-profit, mortgage-backed securities, and telecommunications. Block holds professional licenses both as a CPA and CIA. He is also a member of the adjunct faculty for The University of Maryland and Southern New Hampshire University, teaching subjects such as auditing, accounting information systems, and fraud examination.

Komitas Stepanyan
Deputy Head, Internal Audit
Central Bank of Armenia
Armenia

The term cybersecurity sounds very attractive and everyone wants to use this term. Lots of people talk about cybersecurity; however, only some of them pay some attention to cybersecurity governance. On the one hand, it’s a challenge for top management to govern cybersecurity; on the other hand, it’s a challenge for internal audit to give appropriate assurance on cybersecurity. The question is, should internal audit give assurance on cybersecurity? If yes — how?

In this session, participants will:

• Discover what cybersecurity governance is.
• Uncover cybersecurity governance challenges
• Learn internal audit’s role in cybersecurity governance.
• Understand cybersecurity maturity assessment.

Komitas Stepanyan is deputy head of the internal audit department in the Central Bank of Armenia. He is a board member and head of the Training and Certification Committee in IIA–Armenia. He is a holder of two international certificates: Certification in Risk Management Assurance (CRMA) and Certified in Risk and Information Systems Control (CRISC). In 2005, he earned his PhD degree. Stepanyan is also graduate of a Public Policy and Public Administration Certificate Program the Fletcher School of Law and Diplomacy at Tufts University.

Stepanyan started his career in a U.S.-based IT company. In 2005, he moved to the Central Bank of Armenia as a senior administrator of information security, responsible for implementation of BS7799/ISO17799 (ISO 27001) in the CB RA. From 2007–16 he was head of the IT audit division. Stepanyan is one of the key players in CB RA who pushes forward IT/cybersecurity governance at the Central Bank of Armenia. He is a trusted adviser for the board and top management on cybersecurity issues.

Zachary Bonomo
Senior Manager, Internal Audit Risk Consulting
KPMG, Toronto
Canada

John Heaton
Partner
KPMG, Toronto
Canada

Joleen Young
Director
KPMG LLP, Toronto
Canada

There is a significant global movement toward real-time payment (“RTP”) systems and global reach is accelerating. While RTP is a new capability for North America., numerous countries already have real-time retail payments systems (U.K., Mexico, Australia), and many existing systems are in the process of being modernized (Canada, U.S.). This session will outline the impact to major financial institutions and what internal audit’s role should be in the journey.

In this session, participants will:

• Explore the major changes that come with payment modernization and what that means for their organization.
• Identify which significant risks highlighted in this session are most applicable to their organization.
• Determine what changes are required to their current internal audit strategy based on the impacts of these changes.
• Examine the current change management plan (if one exists) at their organization to prepare for payment modernization.

Zachary Bonomo is an advisory senior manager in the KPMG Toronto office, where he serves primarily Canadian banks, broker dealers, trust and financing companies, and insurers, as well as schedule 2 foreign banking institutions. He also contributes to the Global SIFI working group for IFRS 9 Impairment, assisting in the development of testing programs for the global banking industry served by KPMG. He has over 10 years of professional experience in the financial services industry in areas of internal audit, regulatory and compliance advisory services, assurance, and risk management. He has a strong understanding of the operations in capital markets, retail and commercial banking, compliance functions, and risk management. His most recent experience included leading IFRS 9 implementation testing for a major Canadian bank — spanning both retail and non-retail portfolios — as well as leading the payments strategy review for internal audit at one of Canada’s largest banks.

Over the course of his career at KPMG, Bonomo has supported large financial services organizations in both Canada and the U.S. with planning and implementing programs to comply with new and existing laws and regulations. He has been involved in the planning, execution, and reporting of financial, regulatory compliance, and SOX readiness audits, providing him with extensive experience with risk-based audits and compliance engagements. Most recently, Bonomo has been engaged in helping large financial institutions adapt their internal audit strategies and focus in light of the major industry changes on the horizon.

John Heaton – Bio Being Finalized

Joleen Young – Bio Being Finalized

Moderator:
Moderator Being Finalized

Panelists:
Robin Brown Ellis
Manager, Risk Advisory Services
Dixon Hughes Goodman LLP
USA

Valentina Kostenyuk
Senior Internal Auditor
Avangrid Renewables
USA

Jingwen (Grace) Wu
Compliance Officer
Silicon Valley Bank
USA

The session will be facilitated by Seth Peterson with a panel of three individuals in the internal audit field who represent varying career paths towards leadership within the millennial generation. The session will be highly interactive, with facilitated Q&A throughout the session. A key focus will be from the millennial perspective, but the interactive nature of the session will showcase ways to leverage strengths and drive internal audit careers towards success at any level.

The goal of the session is to provide a variety of perspectives on diversified paths towards growth and leadership, and how to overcome the challenges associated with them. In addition to the varying paths towards leadership, the panelists also come from different cultures and backgrounds (two are first-generation immigrants to the U.S.), which presents unique challenges, opportunities, and an emphasis on diversity and a global mindset. The panelists will also share their experiences in the early stages of their careers and the unique challenges facing young professionals in the workforce. Through the sharing of each panelist’s background and experience, the session will highlight the various opportunities available to help catapult leadership experience. Specifically, the panelists will discuss their experiences within The IIA’s Internal Audit Education Partnership (IAEP) program (Grace Wu), Chapter leadership (Valentina Kostenyuk), and IIA committee service (Robin Brown).

The session will conclude with a Q&A portion where the audience will ask questions of the panelists.

In this session, participants will:

• Learn the steps the presenters took to take their career to the next level.
• Hear about the roadblocks they faced and how organizations can help overcome roadblocks.
• Understand how diversity and a global mindset play a vital role in an internal audit career.
• Assess key ways of defining their career.
• Discover how the panelists got involved in The IIA and how volunteering with The IIA helped their career.

Robin Brown Ellis– Bio Being Finalized

Valentina Kostenyuk has been in the internal audit field for over seven years, focusing on operational auditing and SOX compliance across multiple segments of the energy industry. She is passionate about the profession and was featured in Internal Auditor magazine’s “2015 Emerging Leaders.” Kostenyuk currently serves as a district representative for West Coast chapters and is on the Portland chapter’s Board of Governors, having previously served as chapter president. She is also a member of The IIA’s Young Professionals Task Force and serves as chair of the Professional Development Subcommittee, spearheading development of a national mentorship program for young professionals in The IIA.

Jingwen (Grace) Wu is chair of The IIA’s Young Professionals Task Force. With five years of experience as an internal auditor and compliance professional, she is a compliance officer with the corporate compliance and risk and governance group at Silicon Valley Bank (SVB). Previously, Wu was a senior auditor with eBay internal audit and an advisory consultant at Deloitte & Touche LLP, serving clients across various sectors, including financial services, energy, and high-tech.

Linda Tuck Chapman
President, Ontala
Adjunct Faculty, Wharton Executive Education
Canada

Regulatory compliance is challenging, but effective management and oversight of critical relationships throughout their lifecycle is essential for survival. The role of internal audit remains unchanged, but IA must move beyond four principles of “completeness, compliance, risk-centric, and risk-adjusted.” In this landscape of rapidly evolving threats, uncharted technologies, and increasingly complex operational ecosystems, senior management and boards must rely on IA to get ahead of the curve and help strengthen third-party risk management practices.

In this session, participants will:

• Learn about current and emerging best practices in third-party risk management.
• Discover how new services and technologies mean new risks in uncharted waters.
• Know what senior management and the board should be asking about critical third parties.
• Hear ideas and tips from those in the trenches and across the sector.
• Discuss lessons learned.

Linda Tuck Chapman is an expert advisor, author, president of ONTALA, and adjunct faculty for Wharton Executive Education’s Advanced Risk Management Program. She specializes in third-party risk management, governance, and optimization in the financial services sector. Her new book “Third Party Management — Driving Enterprise Value,” published by RMA, is available on Amazon.com.

Manfred Kraff
Director-General, Internal Audit Service and Internal Auditor, European Commission
Belgium

Our external environment (political and business) is constantly changing. The changes brought about by the ongoing fourth industrial revolution create challenges to stay up-to-date through IA tools and methodologies. Future provision of assurance will be different and will depend on stakeholders’ expectations, which must be addressed. Finally the need to future proof the internal audit skillset will be examined. The presentation is based on the results of a one-day conference on the same topic held in November 2018.

In this session, participants will:

• Better understand the potential impact the changes in the external environment will have on our IA world.
• Learn how certain practitioners are using new tools and methodologies to keep pace with the fourth industrial revolution.
• Examine what sort of assurance will be provided by the first and second lines of defense and what will be the future role of IA.
• Learn how to ascertain and understand stakeholders’ expectations.
• Examine what skillsets will be required to future-proof that of the internal auditor.

Manfred Kraff was born in Saarburg (Germany) in 1959. He graduated in Public Administration and Economic Sciences and completed his PhD in Economics at the University of Freiburg.

His professional career started in 1981 as an official of the German administration. From 1983 to 1988, Dr. Kraff was an official of the European Commission and worked particularly as an assistant to the director of the Directorate ‘Employment’ in DG ‘Employment, Industrial Relations, and Social Affairs’.

In 1988, he joined the European Court of Auditors, initially as an assistant and later as a principal administrator in a variety of domains. From 1990 to 1994, he held the position of the second attaché in the Cabinet of Prof. Friedmann, German member of the European Court of Auditors.

In 2003, he was nominated head of the Division ‘Coordination of the Statement of Assurance (DAS)’, and in 2008, he took over the position as director of the Directorate ‘Audit and Audit Supervision — Financial and Compliance Audit’. In 2012, Dr. Kraff returned to the European Commission as deputy director-general of DG Budget and accounting officer of the Commission. In 2017, he was nominated director-general of the internal audit service of the European Commission.

From 2007 to 2012, he was a member of the compliance audit sub-committee of the International Organisation of Supreme Audit Institutions and, from 2013 to 2017, he collaborated with the International Public-Sector Accounting Standards Board (IPSASB), first as an observer and then as member in the Consultative Advisory Group.

Tichaona Zororo, CIA, CRMA, CISA, CISM, CRISC, CGEIT
Director, Enterprise Governance of IT
South Africa

The growth and importance of social media is readily apparent. In the past years, social media has explosively grown to a business and social imperative, disrupting traditional corporate and social engagement models. There are benefits and risks associated with the ever-increasing use of social media. The new technology recently challenged regulators to develop rules and regulations for governing its use by providers, guiding enterprises, and protecting individuals.

In this session, participants will:

• Understand local and international social media trends, statistics, failures, and successes.
• Create a social media governance and auditing business case — a case study of two CEOs of world-renowned airlines.
• Develop social media policy, strategy, processes, and procedures aligned to core enterprise activities and in compliance with rules and regulations.
• Establish and clearly define social media roles and responsibilities, including the role of the board, senior business executives, content managers, compliance, and monitoring.
• Understand social media content management steps from content development, review, and approval.
• Recognize social media logical access governance and management.
• Understand 20 social media auditing test procedures.
• Learn how to write a social media auditing report that will grab the attention of the board and executive management.
• Review international regulations governing the use of social media, such GDPR, Data Protection Act, Protection of Personal Information, Personal Data Protection Act, and Defamation Act.
• Discover social media red lights.

Tichaona Zororo is an IT advisory executive with EGIT | Enterprise Governance of IT (Pty) Ltd., an IT advisory firm based in South Africa. He has several years of in-depth and global experience in mainstream IT, IT auditing, security, governance, and risk across private and public sectors. Zororo is an advisor to a number of boards, boards of directors, and IT and business leaders across the globe on the utilization of disruptive technologies to create and preserve stakeholder value, governance, and management of enterprise IT, IT risk, cybersecurity, IT auditing, IT modernization, and digital transformation. He is involved in the development of ISACA white papers and COBIT 5 publications. A renowned COBIT expert, advisor, and accredited trainer, Zororo is credited for being the first COBIT 5 Certified Assessor in Southern Africa as well as the first African and person from Africa to sit on the ISACA Board of Directors and to chair its Audit and Risk Committee. He was voted the best speaker at Africa CACS and Asia CACS 2017. Zororo is a recipient of the prestigious ISACA Harold Weiss Award for Outstanding Achievement for exceptional dedication and achievement that far exceeds the norm in IT governance. He has served on the ISACA Framework Committee, CGEIT Test Enhancement Subcommittee, and the External Advocacy Committee. Zororo is a Board Member of ISACA, chairs the ISACA Audit and Risk Committee, sits on numerous Audit Committees, and is immediate past president of the ISACA South Africa Chapter.

Dan Healy
Managing Director, Internal Audit
Guggenheim Partners                         
USA

Dan Healy frequently is asked to assist with investigating complex fraud and embezzlement schemes for a large worldwide nonprofit. This work frequently exposes him to emerging and evolving approaches being successfully employed to steal from organizations. He will present a recent case involving a $500,000 loss that was so ingenious the Secretary of State requested that Healy develop the case study to teach organizations to defend against this specific fraud. Practical approaches for auditors will be provided.

In this session, participants will:

• Gain exposure to new, emerging complex fraud schemes.
• Learn how to design an audit plan to identify anomalies that could signal a fraud scheme is taking place.
• Gain interview techniques that have been successful in helping uncover fraud within an organization.
• Understand how to document the investigation and what not to do during the investigation.

Dan Healy is currently a managing director of internal audit at Guggenheim Partners, a New York and Chicago based global investment and advisory firm with more than $300 billion in assets under management. Before joining Guggenheim, he led the internal audit departments of two multinational Fortune 500 companies. His previous roles included working as a corporate investigator at a large international bank where he was responsible for investigating fraud and embezzlement claims for 66 branches and two operations centers in Central New York. After leaving the bank, Healy worked as a vice president of international audit at Cendant Corporation. There, he discovered and helped investigate a complex $5 million embezzlement scheme perpetrated by the former Chairman of the Board of Directors.  

Rick Machold
Chief Audit Executive
TSYS
USA

Lillian Scott
Director, Audit Services
TSYS
USA

Many first-line functions are dealing with the real problem of audit fatigue from clients, regulators, external assessors, and internal audit. This session will explore the real journey of a financial services company (TSYS) in its journey of integrated assurance and its influence in the creation of a risk-based audit plan.

In this session, participants will:

• Follow the journey of the development of an integrated assurance mapping plan.
• Discuss how an integrated assurance team was formed to support risk review meetings and issue consolidation.
• Distinguish between those who ‘self-identify’ risks and assurance providers. 
• Discuss how integrated assurance influences the audit plan.  
• Assess how integrated assurance can influence the audit plan.
• Follow a principles-based framework for conducting blended engagements, while ensuring compliance with The IIA’s Standards.
• Develop ideas for reporting the assurance and consulting components of blended engagements.

Rick Machold – Bio Being Finalized

Lillian Scott holds a Bachelor of Science degree in Marketing from North Carolina Agricultural & Technical State University. She has nearly 20 years of experience in business consulting, process re-engineering, organizational change management, and program management. She is currently a director in audit services for TSYS, where she is responsible for risk-based operational assurance activities across all lines of business. Prior to joining TSYS, she worked as a business consultant at Accenture. Her professional experience spans over five industries, including utility, oil, retail, government, and financial services. Throughout her career, Scott has created and re-engineered business processes End to End (E2E) to ensure organizations function more effectively and efficiently as well as to help create a strong risk and compliance culture across the enterprise. She has spent the past five years specializing in risk management. She uses her experience and learnings from Certification in Risk Management Assurance (CRMA) and Certification in Control Self-Assessment (CCSA) to help organizations make the connection between what they do every day (controls) to mitigate risks in order to achieve their business objectives. 

Scott is currently a member of the Board of Governors of the Columbus Chapter of The Institute of Internal Auditors (IIA) as well as a board member for Girls Inc. of Columbus and Phenix-Russell.

Sara Crowe
Director
Microsoft
USA

David Koppy
Senior Manager
Grant Thornton
USA

Chris Smith
Partner
Grant Thornton
USA

The proliferation of social media as a communication medium creates exciting opportunities to engage with customers. Simultaneously, social media presents new challenges to address while managing organization and reputation risk. As organizations adapt to changing expectations, the pace of technological and social change has outpaced organizations’ capabilities to responsibly manage this powerful medium. Join us for an in-depth discussion around the implications of social media and learn strategies for improving profitability and managing risk.

In this session, participants will:

• Learn how social media impacts the organizational risk portfolio and identify best practices for ensuring a sound social media program. 
• Identify the core components of a comprehensive social media program.
• Analyze how social media execution aligns to each stage of the customer journey.
• Identify key areas of how social media impacts an organization’s risk portfolio.
• Determine best practices and considerations for oversight of a social media program.

Sara Crowe – Bio Being Finalized

David Koppy is a senior manager with Grant Thornton’s strategy practice, specializing in customer and growth strategy. His areas of expertise include marketing and sales strategy, digital strategy and commerce, go-to-market and product launch strategy, and process optimization and improvement. In addition to these core areas, his project experience includes modern marketing strategy, international expansion strategy, partner sales channel incentives, customer service optimization, and organizational design. Koppy has led numerous social networking and digital strategy engagements across the hospitality, gaming, technology, and retail industries.
               
Chris Smith – Bio Being Finalized

Stacey Schabel, CIA
Vice President and Chief Audit Executive
Jackson National Life Insurance Company
USA

The war on talent is real. Making your team one that people look forward to being a part of each day is crucial to talent retention, motivation, and attraction. If your team doesn’t currently fit this mold, team transformation is essential. Those teams which are characterized by positive energy, honest communication, clear expectations, authentic leadership, opportunities for growth and development, challenging projects, and collaboration will attract and retain tomorrow’s leaders while the others are struggling to keep up. This session will provide a road map for team transformation, based on my personal experience. 

In this session, participants will:

• Gather tips for creating and fostering a high-functioning team environment.
• Explore the keys to creating the mix of skills and abilities that make an audit team effective.
• Investigate how to structure your audit team for success — how to move from the team structure you have today to the one you need for tomorrow without massive hiring and firing.
• Recognize the keys to sustained team motivation.
• Understand why a talent pipeline is important and how to build one.

Stacey Schabel is responsible for the North American group-wide internal audit team that examines and evaluates key activities and processes supporting the North American operations of Prudential plc, which includes Jackson National Life Insurance Company. She assists the Board, Audit, and Risk Committee members and executive management in protecting the assets, reputation, and sustainability of the organization through assessment and reporting of the overall effectiveness of risk management, control, and governance processes. Schabel is a member of The IIA’s Global Financial Services Guidance Committee, The IIA Chief Audit Executive Engagement Committee Chair for the Lansing, Michigan Chapter, as well as a CPA and FINRA Series 6 registrant.

Peter Elam
Head, Internal Audit
Novartis
Switzerland

The question of how to have a successful career in internal audit is one that preoccupies those at all levels in the profession. The speaker will seek to provide a personal practical perspective, leveraging 13 years of experience in two major multinationals at regional manager and chief audit executive level, regarding how auditors can develop the skills and experience needed to become managers as well as how audit managers can grow into chief audit executives.

In this session, participants will:

• Examine the typical career paths for those in internal audit.
• Identify the key skills and experiences needed to grow to more senior positions.
• Learn how to leverage training and other learning opportunities to develop these key skills and experiences.
• Determine for themselves and for their audit staff what the key next steps are to ensure successful development.

Peter Elam has been head of internal audit of Novartis since 2010, with responsibilities including enterprise risk management, and reporting to the CEO and the Chairman of the Audit Committee. He began his career with the Royal Dutch Shell Group of Companies in 1995 in London in group strategy. He then moved to the Netherlands, working in various finance and management roles in the headquarters of the global exploration and production business, in the Groningen natural gas production unit, and at Pernis Refinery in Rotterdam. He was European internal audit manager and then finance director of Shell Companies in China.

Elam graduated from Oxford University with an MA in History and Modern Languages and an MPhil in Russian and East European Studies, and also studied at McGill University in Montreal and Eötvös Lóránd University in Budapest. He is a Fellow of the UK Chartered Institute of Management Accountants. Peter is fluent in French, Italian, Dutch and Hungarian.

Norman Marks, CPA, CRMA
Chief Executive Officer
Norman Marks
USA

What does internal audit have to do for their work to matter to the board and top executives? Is the traditional approach still the way to go? Or should internal audit revisit both its audit planning and communication processes so it delivers assurance and advice that will help the organization succeed?

In this session, participants will:

• Learn how to build an audit plan that focuses on the more significant risks to the enterprise.
• Understand how to move away from audit universes to risk universes.
• Gain communications that provide leaders with the information they need to run the organization and succeed.
• Discuss earning a seat at the top table because their work is respected and valued by leaders as relevant and meaningful.

Norman Marks is a retired senior executive. He was the chief audit executive of major global corporations for 20 years and is a globally recognized thought leader in the professions of internal auditing and risk management. He is the author of seven books:

• Risk Management in Plain English: A Guide for Executives: Enabling Success Through Intelligent and Informed Risk-Taking (2018)
• World-class Risk Management (2015)
• World-class Risk Management for Nonprofits (co-authored with Melanie L. Herman) (2017)
• The Institute of Internal Auditors’ “Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value Within Your Organization”) (2017)
• Auditing That Matters (2016)
• World-class Internal Audit: Tales From My Journey (2014)
• “How Good Is Your GRC? Twelve Questions to Guide Executives, Boards, and Practitioners” (2014)

Marks is a retired member of the review boards of several audit publications, a frequent speaker internationally, the author of multiple award-winning articles (receiving The IIA’s Thurston award in 2004 and 2014), and a prolific blogger. He was profiled in publications of The IIA and AICPA as an innovative and successful internal auditing leader. He has also been honored as a Fellow of the Open Compliance and Ethics Group for his GRC thought leadership, and as an Honorary Fellow of the Institute of Risk Management for his contributions to risk management. In 2018, he was inducted into The IIA’s American Hall of Distinguished Practitioners.

Greg Rimmer-Hollyman
Chief Internal Auditor
National Disability Insurance Agency
Australia

Nicola Rimmer-Hollyman
General Manager Audit, Wealth
ANZ Bank
Australia

The behaviors and ethics of organizations worldwide is under increased scrutiny, and boards and management are increasingly focused on improving organizational culture (including risk culture). This session will provide practical steps on how internal auditors can provide assurance on organizational culture, using both a framework approach and behavioral perspectives. The session will use case studies taken from both the financial services and public sectors, exploring the similarities and differences in these two sectors.

In this session, participants will:

• Identify the importance of auditing culture in an organization.
• Learn about a framework for approaching the audit of culture, including ‘framework’ and ‘behavioral’ perspectives.
• Examine the similarities and differences in auditing culture in the financial services sector and public sector and see how they can teach other.
• Explore how to implement the principles of auditing culture in their own relevant organization regardless of sector.

Greg Rimmer-Hollyman – Bio Being Finalized

Nicola Rimmer-Hollyman is an expert on auditing culture and was The IIA’s primary contributor to “Managing Culture - A Good Practice Guide,” a thought leadership paper recently released in Australia that was delivered through a collaboration between The IIA Australia, The Ethics Centre, The Governance Institute of Australia, and the Institute of Chartered Accountants of Australia and New Zealand.

Rimmer-Hollyman is a Chartered Internal Auditor and holder of the CIA and the QIAL as well as a qualified risk professional with over 20 years of financial services experience (predominantly in life and pensions). She is Chairman of The IIA Australia Victoria Chapter and is a member of the national Nominations Committee. Prior to migrating to Australia, she was Chairman of IIA UK and Chairman of the 2014 IIA International Conference in London. 

Rimmer-Hollyman has in-depth knowledge of internal audit, corporate governance, and risk management/ERM practices, both operational and technical, with extensive experience of auditing complex programs and projects. She has a strong focus on pragmatic and timely delivery, with the ability to influence and network with senior management to achieve consensus and develop relationships, including board/audit committees. She has deep knowledge of internal audit practices across different sectors and geographies, including different requirements from regulators both in Australia and overseas. She is an excellent communicator and presenter, with experience in writing articles, speaking at conferences, and developing/delivering training courses.

Robert Hirth
Board Member, SASB
USA

Investors representing over $25 trillion of global assets under management are demanding enhanced and reliable information on material Environmental, Social, and Governance (ESG) matters — Why? Demand for this information is also expanding to the public sector and privately held organizations. Those organizations, as well as governments, stakeholders, and lenders, value material ESG information in their decision-making. Is your organization prepared and what is internal audit’s role in this emerging area?

In this session, participants will:

• Understand the mission and background of the Sustainability Accounting Standards Board (SASB) and its acceptance around the world.
• Learn why $25 trillion of investor assets under management are demanding enhanced and reliable ESG information.
• Consider the internal control implications of ESG reporting and internal audit’s potential role and value added.
• Explore the broader impact of sustainability on their organization.

Bob Hirth was appointed to the nine-member standard setting board of the SASB upon its formation in 2017. He currently heads SASB’s Technology and Communications sector committee and is a member of the Services, Healthcare, and Extractive and Minerals processing sector committees. SASB disclosure and reporting standards are considered a suitable framework in several jurisdictions and have been developed for 79 industries.

Serving as COSO Chair from June 2013 to February 2018, Hirth’s activities included leading COSO’s project on revising its Enterprise Risk Management Framework (which was released in September 2017), issuing COSO’s Guide on Fraud Risk Management, and actively promoting COSO’s 2013 Internal Control Integrated Framework around the world and through the media. He has worked on assignments and made presentations in over 20 countries, serving more than 50 organizations and working closely with board members, C-level executives, university professors, finance and accounting personnel, and public accounting firm partners and employees. He was a leader in forming Protiviti and led its global internal audit practice during the firm’s first ten years of development.

In 2013, Hirth was inducted into The IIA’s American Hall of Distinguished Audit Practitioners. In 2014 and 2015, he served as Chairman of the IIA’s IPPF re-look task force and has been a Trustee of the IIA Research Foundation. He served two terms on the Standing Advisory Group (SAG) of the Public Company Accounting Oversight Board (PCAOB). He graduated from Southern Methodist University in Dallas, Texas, with a concentration in accounting.

Steve Stanbury, CIA, CFE, CRMA
Director, Internal Audit
City, University of London                           
UK

The session will take the audience through my experience at City, University of London in establishing a fraud risk group to help embed the ownership and effectiveness of our anti-fraud strategy. The presentation will cover assessment of current position, ownership, fraud risk working group, board reporting, and lessons learned.

In this session, participants will:

• Discover how to assess the impact and likelihood of fraud within their organization.
• Learn a mechanism and approach for assigning ownership and getting buy-in.
• Explore methods for rolling out a practical approach to fraud management.

Steve Stanbury joined City, University of London in March 2008 as director of internal audit, having previously worked as a senior audit manager for Deloitte with focus on the public sector. He has over 18 years of experience in internal audit, risk management, and corporate governance. In his previous role, Stanbury was involved in managing outsourced internal audit functions within the higher education sector, housing sector, and central government. He is also an audit committee member for Goldsmiths, University of London and the Chartered Institute of Internal Auditors (UK and Ireland). He has a BA in Politics and Management from Hull University and an MA in Criminology and Criminal Justice from City, University of London; is a Certified Internal Auditor (CIA) and Certified Fraud Examiner (CFE); and holds a Certificate in Risk Management Assurance (CRMA).

Jenitha John, CIA, QIAL
Chief Audit Executive
FirstRand Limited
South Africa

Internal audit has a critical role in the governance of an organization. In many organizations, assurance, risk, and compliance functions other than internal audit have been growing, and in some organizations, internal audit has even taken over some of these other functions. Internal auditors have looked to the three lines of defense model for direction in the past. Recently, The IIA has re-looked at this model and this session addresses the new guidance.

In this session, participants will:

• Understand what makes internal audit unique and how that should be used in organizations.
• Identify those roles where internal audit can, and should, consider greater integration with other functions.
• Explore the limitations on what internal audit should do in the pursuit of adding value.

Jenitha John oversees an audit team of 300 servicing the organization over the African continent, UK, and India. She spearheaded combined assurance within FirstRand and fosters robust risk management, reinforcing rigorous internal controls and facilitating effective corporate governance across the group. She parallels her executive role by having served as a nonexecutive director and audit committee chairman of both public and private sector entities. John has served in numerous roles as a volunteer leader for The IIA’s Committee of Research and Education Advisors, Professional Practices Re-look Task Force, and Global Financial Services Guidance Committee. She currently serves as vice chairman of the Professional Practices Committee and on the Global Board of Directors. John has spoken at national and international conferences covering internal audit, governance, and risk management, and has been recognized as South Africa’s Internal Auditor of the Year.

Ian Green
Principal Auditor                                      
State of Oregon
USA

Jamie Ralls
Audit Manager                                         
State of Oregon
USA

This session will highlight how technology has helped the Oregon Audits Division detect fraud, waste, and abuse in numerous government programs over the last 15 years. Presenters will discuss audits involving Supplemental Nutrition Assistance Program (SNAP) benefit trafficking and analytical techniques to identify waste and abuse in other public assistance programs such as Medicaid and Temporary Assistance to Needy Families (TANF). Presenters will show how these fraud detection techniques can be applied in any organization.

In this session, participants will:

• Summarize risk areas that can result from policy decisions and legislative change.
• Examine analytic techniques for identifying waste, fraud, and abuse.
• Understand Benford’s Law and how to apply this tool.
• Recognize how to leverage technology to help drive fieldwork.

Ian Green is a principal auditor with the Oregon Audits Division IT audit team and has a decade of audit experience working with the Oregon Secretary of State Audits Division and United Parcel Service. He has conducted operational and information technology audits at every major state agency in Oregon. Green has assisted several fraud investigations and serves on the Audits Division fraud, waste, and abuse investigation team.

Jamie Ralls – Bio Being Finalized

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA
President and Chief Executive Officer
The Institute of Internal Auditors
USA

Session Description Being Finalized

Richard F. Chambers is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board. Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Today ranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of Corporate Directors (NACD) as one of the most influential leaders in corporate governance. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers has authored two award-winning books: Trusted Advisors: Key Attributes of Outstanding Internal Auditors, which was released in early 2017; and Lessons Learned on the Audit Trail, which is currently available in five languages.

Shagen Ganason
Chief Audit Executive
Ministry for the Development of Indigenous People
New Zealand

Being an internal auditor means you are credible. Credibility can be instant, an emotional connection that can be kindled, and highly respected. That’s powerful! So, imagine how much time, effort, and money can be saved if you have built a brand for yourself that others will talk about, just because they like you. It endears them to follow you and talk about you, the way you want them to, to the people that matter.

In this session, participants will:

• Learn about tips and techniques using both traditional and digital tools to help you rise above the rest, make your mark, and stake your claim as an internal auditor.
• Gain practical tools that they can apply immediately to help them identify what separates them from their peers as well as capture who they are and who they aspire to be.

Shagen Ganason is the chief audit executive of Te Puni Kōkiri (Ministry for the Development of Indigenous Peoples), a New Zealand central government agency. His point of difference is that he has been on both sides of an organization — as an auditor and as a line manager — so he understands what it takes to be effective as an internal auditor. His leadership roles have focused on building businesses, delivering audit engagements, and maintaining people development responsibilities. He is a results-driven specialist with demonstrated success in building strong relationships with C-suite executives globally.

Ganason has over 30 years of experience in the field of marketing, operations, continuous improvement, lean auditing, accounting, internal audit, and risk management. His experience has been global, crossing a variety of industries, including manufacturing, airline, agriculture, financial services, and government across three continents. Prior to coming to New Zealand, he was the chief financial officer and chief operating officer for a British government investment arm in Indonesia.

Ganason is a Certified Internal Auditor and a Certified Environment Auditor. He holds an MBA with Merit from the University of Bath in the United Kingdom and is a lean practitioner trained by Toyota Master Trainers. He is a regular presenter at regional and international IIA and ACFE events. He also serves on IIA Global’s Institute Relations Committee.

Ann Butera, CRP
President
The Whole Person Project, Inc.
USA

The diversity in skills needed to be an effective internal auditor is broader than those required for most professions. Effective internal auditors must be able to think critically yet influence others at all organizational levels. They must be able to write clearly and factually yet make compelling presentations that inspire change. To do this, auditors need more than technical expertise.

In this session, participants will:

• Be able to explain the connections between each of the tiers and how they affect competency development and high-impact and value-added auditing/
• Hone their ability to discuss audit results in business terms — it’s not just about the data, it’s about answering “so what?”
• Leverage their EQ to expand their business relationships and add value.

Ann M. Butera is president of The Whole Person Project, Inc., an organizational development consulting firm. She is a frequent speaker at IIA, MISTI (coordinator of Audit Leadership and founder of CAE Masters conferences), and ISACA conferences. She has worked with audit departments of all sizes to provide auditors with the tools and techniques needed to improve risk management practices within their organizations. Butera is regularly cited in Who’s Who and has been honored by Women On The Job with the Business Achievement Award. She is a member of The IIA, the American Society for Training and Development, the Association of Government Accountants, and the National Association of Corporate Directors. She served as Supervisory Committee Chair for a financial services firm.

Butera received her Master of Business Administration in Organizational Development from Adelphi University. She holds a CRP (Certified Risk Professional) designation from BAI and is a Summa Cum Laude graduate of Long Island University/C.W. Post College.

Butera has published her first book, Mastering the Five Tiers of Audit Competency: The Essence of Effective Auditing. In it, she shares best practices for every stage of the audit and explains how and why the most effective auditors master five essential competencies. New and seasoned auditors will benefit from her insight culled from over 30 years of experience training thousands of their peers.

Mark Maraccini
Partner
Crowe LLP
USA

Elizabeth Sullivan
Chief Risk and Audit Officer
Washington Metropolitan Area Transit Authority
USA

This interactive session will walk through specific steps to bring together these key components and provide hands-on practical tools that can be implemented without breaking the bank. This course will discuss internal audit’s role in this process, examine how the chief audit executive plays a significant part in the education and training of key stakeholders, and outline why it is vital to hold management accountable and monitor the program indefinitely.

In this session, participants will:

• Learn how to establish a risk management framework.
• Understand the important role of the educator and facilitator in establishing this program.
• Acquire tools and templates for establishing the program and creating a risk profile.
• Ascertain key instruments for monitoring the program and maintaining sustainability.
• Discover a real-life case study for building a sustainable program in the public sector.

Mark Maraccini is a partner who specializes in Governance, Risk, and Compliance (GRC) services. He has over 18 years of experience with government, higher education, and not-for-profit entities, performing various auditing and consulting engagements. Maraccini has worked extensively with public sector entities, conducting risk and internal control assessments. He has also conducted numerous single and compliance audits, which helped lay the foundation for understanding internal controls and risks surrounding financial reporting and federal compliance. Over the past seven years, Maraccini continued to expand his breadth over risk assessments with a focus on Enterprise Risk Management (ERM). Most recently, he has worked on ERM initiatives for the Washington Metropolitan Area Transit Authority on the governmental side and the Franciscan Missionaries of Our Lady University in the higher education arena.

Elizabeth Sullivan – Bio Being Finalized

Sarah Adams
U.S. Managing Director and Global Leader, IT Internal Audit
Deloitte & Touche LLP
USA

Agile internal audit is a process and mindset shift that drives clearer outcomes, increased engagement, and improved documentation to deliver valuable, timely results. Deloitte’s Global CAE survey indicates that 14% of internal audit functions are using Agile and 41% more intend to deploy! Join our cross-industry panel of CAEs from Walmart, Barclays, Fidelity Investment, New York Power Authority, United, and Dell as we explore the successes and challenges of implementing Agile in internal audit.

In this session, participants will:

• Reference use cases of practical applications of Agile to internal audit projects.
• Discover the associated benefits and lessons learned from various Agile implementations.
• Identify options to apply within their teams to drive clearer outcomes.

Sarah Adams – Bio Being Finalized

Michael “Bret” Hood, after serving 25 years as a special agent in the FBI, became the director of 21st Century Learning & Consulting, LLC upon his retirement in 2016 and is now a member of the Association of Certified Fraud Examiners’ faculty. During his tenure with the FBI, Hood worked many complex financial crime, money laundering, corruption, and major cases such as the 9/11 terrorist attack, the HealthSouth fraud, and the Maricopa Investments case.

Since 2000, Hood has traveled the world teaching public and private sector employees how to develop anti-fraud, anti-bribery, anti-corruption, and anti-money laundering programs. He is a master facilitator with the unique ability to get participants involved in deep conversations while applying the lessons learned to their own personal and work situations. Hood has been a presenter at the ACFE’s Global Fraud conference for the last four years and has worked with Fortune 500 companies as well as a number of public sector entities. He has published articles in Fraud Magazine, Compliance and Ethics Professional magazine, and ACAMS Today. He has a great interest in the psychology, patterns, methods, and motives of offenders in an attempt to understand why good people end up doing bad things. Hood is a federal-court certified expert in money laundering and financial crimes.

Adam Turteltaub
Vice President, Strategic Initiatives and International Programs
Society of Corporate Compliance and Ethics
USA

With risk assessments so important to business, especially to compliance, it’s critical that they be done properly. Yet, a great deal of research has shown that humans have serious deficiencies when it comes to assessing risk and probabilities. This fun, interactive, and insightful presentation will illuminate the common ways our ability to assess risk falls short, and provides suggestions as to how to avoid the common traps.

In this session, participants will:

• Better understand the common ways risk assessments can go wrong.
• Learn how even the choice of words can lead things astray.
• Gain an understanding of how to better ensure that their risk assessment is an accurate one.

Adam Turteltaub is vice president of strategic initiatives and international programs for the Society of Corporate Compliance and Ethics and the Health Care Compliance Association. He joined SCCE/HCCA in 2008 with more than seven years of experience working with ethics and compliance professionals.

Turteltaub is a regular speaker at Society of Corporate Compliance and Ethics events. He has also spoken at conferences for a number of other associations, including The Institute of Internal Auditors (where he was an All Star), the International Association of Privacy Professionals, the Practical Law Institute, and the National Contract Management Association.

Turteltaub’s professional career includes 13 years in advertising and marketing. He began at J. Walter Thompson, where he was a part of the company’s management training program. During his advertising career, he worked on such national brands as Burger King, Nintendo, Sinutab, Vittel Mineral Water, and Wisk. Before his time in advertising, Turteltaub served for two years on the Washington staff of Senator Daniel Patrick Moynihan. He also has an extensive writing background. He was a part of the founding editorial team for the internet search engine, Excite; contributed articles to several magazines; and wrote a chapter of We’ll Never Be Young Again, a look back at the assassination of John F. Kennedy.

Hussain Hasan
National Leader, Risk Advisory Services
RSM US LLP
USA

As more and more companies license their intellectual property, form collaborations with other companies, or outsource business functions, the risk of leaving money on the table significantly increases. Often, companies do not receive their fair share of revenues from these agreements, they are overcharged by their business partners, or both. Studies have shown that most organizations lose about 6 to 8% of the contract value over time.

In this session, participant will:

• Understand how to identify the contracts that have the best chance of recoveries from auditing them.
• Assess the process for conducting contract audits using RPA and AI.
• Learn how to “sell” contract audits internally.
• Discover how to deal with objections or blockers from the third party being audited.
• Receive case study examples of how other internal audit functions have delivered measurable bottom-line dollars.

Hussain Hasan currently serves as risk advisory services leader for the Great Lakes region, sits on RSM’s consulting leadership team, and is the national leader for Technology risk advisory services. He was elected to RSM’s Board of Directors in 2012 and completed a four-year term. In that capacity, he served on various committees, including the Governance Committee, Risk Oversight Committee, Partner Matters Committee, and Acquisitions Committee. A subject matter expert in enterprise risk management (ERM), global strategy, strategic planning, and internal audit and IT security, Hasan brings that perspective to client management and the board room for a deeper and healthier discussion. He has 25 years of experience in various industries, helping his clients from strategic, operational, and risk management perspectives.

Michael Gowell
Senior Vice President
Wolters Kluwer
USA

Today’s fast-paced and evolving business environment requires internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”? This approach builds on three dimensions of effectiveness that must be addressed in order to be highly effective: 1) meeting stakeholder expectations, 2) operating core processes, and 3) conforming to internal audit standards and applicable regulatory requirements.

In this session, participants will:

• Discuss the need for and importance of strategic planning within the internal audit function.
• Explore the three dimensions that contribute to a highly effective internal audit function.
• Populate a framework to understand how processes and expectations are aligned and where changes need to occur.
• Develop an initial strategic vision based on an understanding of stakeholder expectations.

Michael Gowell is senior vice president of TeamMate, a product of Wolters Kluwer’s tax and accounting division. He is considered a leading expert on audit technology and methodology. With TeamMate, Gowell draws upon more than 32 years of audit, audit methodology, and audit management software experience to create and shape internal audit technology tools around the globe. Prior to joining Wolters Kluwer, he spent 22 years at PwC, where he was a CPA and managing director at the PwC Research and Technology Centre in Palo Alto, California. Gowell was a co-founder of TeamMate, the world’s most widely used audit management software system.

Thomas O’Reilly
Internal Audit Practice Leader
Audit Board                                         
USA

In this presentation, lessons learned and best practices from more than 100 chief audit executives will be shared to motivate all practitioners and leaders to continue to improve the value internal audit provides to their organization.

In this session, participants will:

• Learn to stop “doing the wrong things right” to expand audit plan scope and level of assurance provided.
• Examine ways to start “doing the right things better” to improve team effectiveness and efficiency.
• Share ways to position audit to “lead from the front” of their organization on their enterprise’s top objectives and risks.  

Thomas O’Reilly is a director and the internal audit practice leader at AuditBoard. Formerly the chief audit executive at Analog Devices, he spent the last decade helping to connect and share best practices with other audit leaders as founder of the CAE Leadership Forum.

Robert McKeeman
Research Fellow Emeritus
University of North Texas
USA

Paul Sobel, CIA, QIAL, CRMA
Vice President, Chief Risk Officer
Georgia-Pacific                             
USA

Strategy implementation often depends on new IT systems. Financial forecasts are prepared assuming IT projects will be completed on time and on budget, with the promised scope, performance, reliability, and cybersecurity. However, in the real world, IT projects often fall short or fail completely. In a COSO ERM context, this session describes early warning signs of IT project failure as a toolset internal auditors can use for auditing and predicting business strategy implementation success.

In this session, participants will:

• Recognize early warning signs of IT project failure in a COSO ERM context.
• Identify IT projects that put strategy implementation at risk.
• Identify IT projects that place the reliability of financial forecasts at risk.

Robert McKeeman is a research fellow emeritus in the Information Systems Research Center of the University of North Texas. He is co-Author of “Early Warning Signs of IT Project Failure,” published in 2006 in the Journal of Information Systems Management, and in 2007 in the EDP Audit, Control, and Security Newsletter. While a faculty member at North Texas, he was an IPA loaned executive in the Office of Cybersecurity at the U.S. Department of Veterans Affairs, where he served as a contracting officer technical representative and project management subject matter expert, educator, and speaker. He was co-founder and CEO of Utility.com, a venture-capital funded manufacturer and software developer of electric utility field crew communications and real-time situational awareness web-browser solutions, and first responder body-worn and in-car video legal evidence management systems. McKeeman has been awarded four U.S. patents related to cellular data communications and legal evidence data security. He was certified as a Project Management Professional (PMP) with the Project Management Institute in 1998, and has been certified as a Software Quality Engineer and Certified Information Systems Security Professional (CISSP). He earned an undergraduate degree in Industrial Management from Georgia Tech, and an MBA from Harvard Business School.

Paul Sobel is vice president and chief risk officer for Georgia-Pacific. He also serves as chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). He’s authored or co-authored four books: Managing the Risk of Uncertainty; Auditor’s Risk Management Guide: Integrating Auditing and ERM; Internal Auditing: Assurance and Consulting Services; and Enterprise Risk Management: Achieving and Sustaining Success. Sobel has served in many IIA leadership roles, including Chairman of the Board in 2013–14. In 2012, he was recognized in Treasury & Risk magazine’s list of 100 Most Influential People in Finance. In 2017, he received The IIA’s Bradford Cadmus Memorial Award and was inducted into The IIA’s American Hall of Distinguished Audit Practitioners.

Michael Fucilli, CFE, CIA, QIAL, CRMA, CGAP
Chief Audit Executive
Metropolitan Transportation Authority
USA

With healthcare costs being the No. 1 concern of CEOs, it is estimated that the United States loses $275 billion annually in healthcare spending through administrative inefficiencies, as well as fraud and abuse, yet it is often not subject to an internal audit. Bring high-impact results to your organization by reviewing eligibility, claims, and administrator fees.

In this session, participants will:

• Learn how to identify tens of millions of dollars in cost recoveries due to ineligible employees, errors, and noncompliance with benefit plan design.
• Describe billing for services that were never rendered — either by using genuine patient information, sometimes obtained through identity theft, to fabricate entire claims or by padding claims with charges for procedures or services that did not take place.
• Discuss billing for more expensive services or procedures than were actually provided or performed, commonly known as “upcoding.”
• Understand unbundling — billing each step of a procedure as if it were a separate procedure.

Michael J. Fucilli is the CAE for the largest public sector transit authority in North America, with operating revenues in excess of $15 billion and a capital program of about $5 billion. He has 38 years of internal auditing experience that includes financial services, public sector, GRC, technology and SOX reporting. Fucilli has an audit staff of 85 professionals and is president of The IIA’s Internal Audit Foundation and IIA Vice Chairman. He previously held positions in banking and defense contracting. As an adjunct professor for Pace University, he teaches The IIA’s CIA Learning System for the Certified Internal Auditor exam. Fucilli is a frequent speaker at IIA International Conferences, having spoken at the last four in Sydney, London, Vancouver, and New York City on such topics as governance, risk, and fraud.

Dennis Snow
President of Snow & Associates, Inc.

Dennis Snow honed his customer service abilities over 20 years with the Walt Disney World Company. There, he developed his passion for service excellence and the experience he brings to the worldwide speaking and consulting he does today.

Snow began his Disney career in 1979 as a front-line attractions operator. As he advanced through the company, he managed various operating areas throughout the park, learning and applying the skills it takes to run a world-class, service-driven organization.

Snow launched a division of the Disney Institute responsible for consulting with some of the world’s largest companies, including ExxonMobil, AT&T, General Motors, and Coca-Cola. During this time, he presented to audiences in diverse locations around the world, such as South Africa, Australia, Mexico, England, and Argentina. This division quickly became the fastest growing venture of the Disney Institute and experienced repeat business of nearly 100%.

He also spent several years with Disney University, teaching corporate philosophy and business practices to cast members and the leadership team. While there, he coordinated the Disney Traditions program, universally recognized as a benchmark in corporate training. In his last year with Walt Disney World, Snow’s leadership performance was ranked in the top 3% of the company’s leadership team.

Today, he is a full-time speaker, trainer, and consultant who helps organizations achieve goals related to customer service, employee development, and leadership. Some of his clients include American Express, Johns Hopkins Medicine, ExxonMobil, and Nationwide. His articles appear in a number of industry publications and he is a featured guest “expert” on customer service on several business news-talk radio shows. He authored the book, Unleashing Excellence: The Complete Guide to Ultimate Customer Service, which has been used in organizations around the world as a blueprint for organizational excellence. Snow’s newest book, Lessons From the Mouse: A Guide for Applying Disney World’s Secrets of Success to Your Organization, Your Career, and Your Life, has just been released.

Bradley Carroll, CIA, QIAL, CFSA, CRMA, CPA, CFF
Principal
Frazier & Deeter
USA

Joe Oringel, CIA, CPA
Managing Director
Visual Risk IQ
USA

The goal of this session is to bring awareness to the opportunities for implementing data analytics in routine testing in small audit shops. We are not attempting to teach how to use a specific DA tool or technique, but to teach how to recognize the opportunity to use DA in auditing, and to show practical examples of small or simple DA implementation to get past the inertia and intimidation small shops often face.

In this session, participants will:

• Identify the diverse skills needed to accomplish DA on small audit teams. (Hint: it’s a group effort — both IT and non-IT skills are needed!)    
• Overcome inertia and learn to establish a repeatable process for DA with a focus on staff development.
• List potential challenges to more successful DA efforts and discuss ways to overcome these challenges.
• Brainstorm ideas for quick wins and share examples of innovative ways to provide enhanced assurance.
• See practical examples from real-life DA used in a small audit department.

Bradley Carroll – Bio Being finalized

Joe Oringel is a CIA and CPA with 25 years of experience in internal auditing, fraud detection, and forensics. He has over 10 years of Big 4 external audit, internal audit, and risk advisory experience, prior to co-founding Visual Risk IQ. His corporate experience includes internal auditing, information security, and data analytics for companies in highly regulated industries, including pharmaceuticals, utilities, and financial services.

Ahadi Chacha
Audit Executive                  
SUMATRA
Tanzania

Emmanuel Johannes
Managing Partner                       
Kepler Associates
Tanzania

Some organization conduct fraud risk assessments to identify and evaluate where they are most vulnerable. However, experience shows that internal auditors overlook the fraud risk assessment or that those who do not still have a myopic view of the process. When done correctly, assessments can be a powerful tool for adding value to the organization. In this session, you will learn how to improve the assessment process, expand the impact of the process, and enhance the organization’s fraud prevention initiatives.

In this session, participants will:

• Learn how to conduct a gap analysis of their fraud risk assessment.
• Identify fraud risk assessment techniques to drive changes in thinking, fraud impact, and organization culture.
• Use the fraud risk assessment process and outcomes to create and position internal audit strategically and add value to the organization.
• Examine how technology can assist in fraud risk assessment.

Ahadi Chacha– Bio Being finalized

Emmanuel Johannes, a former CAE, is now managing partner of Kepler Associates and director of IIA Tanzania. He also serves on the advisory council of the Association of Certified Fraud Examiners. He is a former President of IIA Tanzania and has served on the boards of various public sector and private sector entities. He is responsible for providing internal audit services, fraud examination, and risk management. Over the last 15 years, Johannes has investigated several cases and led the recovery of assets in both the public and private sector while working as a CAE and after joining private practice. He is an experienced trainer for The IIA and an authorized trainer of ACFE Global responsible for East Africa segment. He presented at many IIA regional conferences and ACFE conferences. Johannes speaks regularly on the subject of fraud, risk management and internal audit.

Scot Glover
Managing Director
Protiviti
USA

As more and more companies license their intellectual property, form collaborations with other companies, or outsource business functions, the risk of leaving money on the table significantly increases. Often, companies do not receive their fair share of revenues from these agreements, they are overcharged by their business partners, or both. Studies have shown that most organizations lose about 6 to 8% of the contract value over time.

In this session, participants will:

• Understand how to identify contracts that have the best chance of recoveries from auditing them.
• Gain insights into the process for conducting contract audits using RPA and AI.
• Learn how to “sell” contract audits internally.
• Recognize how to deal with objections or blockers from third parties being audited.
• Provide case-study examples of how other IA functions have delivered measurable bottom-line dollars.

Scot Glover is a managing director and a member of the high-technology industry leadership team at Protiviti. With over 20 years of experience conducting intellectual property, collaboration, and other third-party audits for leading companies around the world, he has helped his clients recover in excess of $350 million. Glover has also helped his clients re-engineer their license/contract management processes and systems.

Steve Mar, CFSA, CISA
Adjunct Professor
Seattle University
USA

Big Data continues to drive organizational decisions, strategy, opportunities, and risks. How can auditors leverage data collection, analysis, and insights in their audit projects? By deploying a DAP framework. This session will cover how auditors can more effectively and efficiently plan their audits using data analytics. 

In this session, participants will:

• See how the DAP framework creates value.
• Understand how the DAP framework guides the audit team to plan, collect, analyze, and visualize data.
• Discuss how the DAP framework that has been developed, tested, and undergoes continuous refinement by analyzing suggested improvements for the next release.
• Provide an approach that future auditors, auditors new to data analytics, and professional audit analysts can deploy and improve to deliver better insights.

Steve Mar is an instructor in IT audit and audit data analytics at Seattle University and in IT audit  at University of Hawaii at Manoa. He previously worked as director of IT audit at Nordstrom and Microsoft. Mar performed IT audits and security reviews at Deloitte and KPMG. He worked at Bank of America as vice president of IT audit and as vice president of corporate data security. Mar has been involved with IIA CREA and PIC. He is a GTAG and GAIT writer, and currently edits and occasionally authors the IT Audit Column for the IA magazine. Mar serves on the IIA Puget Sound Chapter Board, ISACA Puget Sound Board, NACD, and other local boards. He holds an MBA from Seattle University and an MA in Business from the University of Washington.

Philipp Wilhelm, CIA, QIAL, CISA, CRMA, CFE, CEH, IIA-QA, Scrum Master
Chief Executive Officer
Schweizer Institute für Managementerneuerung GmbH
Switzerland

Modern internal audit approaches require auditing at the speed of risk. This session illuminates how agile internal audit processes can satisfy this need for speed. Major audit processes such as audit planning (annual planning, portfolio planning, and audit work planning), the audit work process, reporting, continuous development, or the quality assurance and improvement process will be scrutinized for their potential of becoming agile while remaining compliant with The IIA’s Standards.

In this session, participants will:

• Explore to what extent the IPPF Core Principles require agility.
• Learn what agile methods are and under what conditions they should be applied in internal auditing.
• Identify how agility can add value by speeding up different internal audit processes.
• Develop ideas for making their own internal audit processes more agile.

Dr. Philipp Wilhelm has 20 years of internal audit experience in academia and various industries, including nine years as CAE of a Swiss insurance company. As CAE, he has introduced consulting and data analytics as dedicated internal audit activities with full-time staff. He made internal audit processes agile by using ScrumBan and Jira and replaced the traditional audit report with a database of findings and recommendations. His internal audit function was certified by the standards of ISO 9001. He is especially skilled in fireproofing internal audit against micro politics and resistance, a topic he has researched already in his doctoral thesis. He is a demanded speaker at national and international conferences and serves as internal audit trainer for professional development courses of IIA Switzerland in the fields of agile internal auditing, effective audit communication, and internal audit personnel management. In 2014, he founded the Schweizer Institut für Managementerneuerung GmbH, a headhunting boutique specializing in internal auditing in Switzerland and Liechtenstein.

Larry Harrington
Vice President, Internal Audit
Raytheon Corporation
USA

Patty Miller, CIA, QIAL, CRMA
Owner
PKMiller Risk Consulting, LLC

Larry Rittenberg
Professor Emeritus
University of Wisconsin
USA

The internal audit profession is rapidly changing and practitioners require a keen sense of ‘value add’ to effectively serve stakeholders. This panel, comprised of leaders who have spent more than three decades in the profession and mentored many internal auditors, will provide insights on practice, changes coming to the profession, and challenges moving forward. These professionals will share perspectives on the past and future of internal auditing, and engage the audience in an open discussion.

In this session, participants will:

• Learn common mistakes CAEs make and how to avoid them.
• Consider the brand you, your team, and your organization have within your organization and how to enhance it.
• Gain insight into ways to take internal audit to the next level.

Larry Harrington has more than 25 years of experience in auditing and finance. He started his career in public accounting and has served in the fields of retail, financial services, insurance, manufacturing, and technology. Harrington has held key leadership roles in finance, human resources, and operations, and has been CAE for several Fortune 500 companies, including Staples, Aetna, and LTV. An active volunteer for The IIA, he previously served as the 2015–16 Global Board of Directors chairman and as chairman of The IIA’s North American Board of Directors. Harrington is a frequent speaker at seminars on auditing, change management, negotiation, and people development and motivation.

Patty Miller has significant management and consulting experience in governance, risk management, and control. She spent 14 years with Deloitte, serving as the lead risk services partner on some of the firm’s most significant technology and consumer business clients. Miller joined Deloitte following a 14-year career with Pacific Telesis and Pacific Bell, where she held numerous mid and senior management positions in areas including financial management, billing, internal audit, process design and re-engineering, project and program management, and merger planning and integration. She is a frequent speaker and trainer at locations worldwide and has authored or co-authored projects for The IIA’s Internal Audit Foundation and Internal Auditor magazine. Miller has served in numerous volunteer leadership roles with The IIA, including a term as its chairman and as a member of the executive committee for seven years. In addition, she has been presented with The IIA’s William G. Bishop III Lifetime Achievement Award and the Victor Z. Brink Award for Distinguished Service.

Larry Rittenberg – Bio Being Finalized

Bruce Turner, CRMA, AM, CISA, CFE
Director and Audit Committee Chairman
Bruce Turner & Associates
Australia

The twenty-first century has presented fresh challenges for auditors as a consequence of rapid business changes, global connectivity, emerging technologies, and increasingly complex economic, regulatory, and operating environments. This session will equip beginner auditors and those who support them to deliver upon the increasing expectations of key stakeholders like the board, audit committee, and senior management. The key to this is thinking beyond the traditional auditing scope, and having the tools to do so.

In this session, participants will:

• Learn how to seamlessly transition into an internal audit role by understanding stakeholder expectations.
• Expand their thinking beyond the ‘traditional’ scope of internal auditing through ten fresh features.
• Recalibrate their approach so as to address the emerging challenges from digital transformation.
• Transform their mindset from a purely hindsight perspective, to insight, and ultimately foresight.

Bruce Turner remains active as an audit and risk committee chair and company director. He is just the second professional internal auditor in Australia to receive Order of Australia honors. He was appointed a Member (AM) in the Queen’s Birthday Honors of 2015 in recognition of his significant service to public administration through governance and risk management practices, and to the profession of internal auditing.

Turner has held board and independent audit committee roles over the last decade in 25 diverse organizations, including central government, construction, environment, finance, health, infrastructure management, local government, natural resources, not-for-profit, parklands, parliamentary services, state revenues, supreme audit institution, telecommunications, and transport. He chaired The IIA’s Global Public Sector Committee 2014–15, spent six years on The IIA-Australia Board to mid-2018, and remains an active executive coach, mentor, and white ribbon ambassador (denouncing violence against women).

Turner has over 40 years of practitioner and leadership experience in internal auditing across the globe, traversing the energy, financial services (commercial, merchant, and central banking), government, manufacturing, and transport sectors. He has recruited hundreds of beginners into internal auditing roles throughout his career, and has proudly watched as their careers blossomed. He retired from full-time work in 2012 after five years as chief internal auditor at the Australian Taxation Office, one of the largest public sector organizations in Australia. He previously held CAE roles at commercial service delivery organizations Integral Energy Australia and StateRail.

Mara Ash
Senior Partner
Business & Financial Management Solutions, LLC
USA

John Provan
IG Regional Manager
U.S. Department of Justice
USA
               
In this session, participants will learn how to integrate the Red Book (IPPF) standards with other public sector auditing standards. Learn specific strategies to blend standards into an organizational “Rainbow Book” of standards to create an impactful and value-add audit shop.

In this session, participants will:

• Discover how to choose which standards to use in their organization.
• Be able to identify similar standards from multiple requirements and integrate them into one.
• Learn how to blend (pick and choose) applicable standards to create their organizational Rainbow (Orange) book to provide value-add results.
• Understand how to sell the approach of blended strategies in their organization.

Mara Ash has over 25 years of financial management and audit experience in the government sector. Her career includes finance and consulting positions serving government agencies at all levels of government. She helps organizations create strategic alignments, enhance transparency, and improve compliance by implementing business practices and financial/internal controls that reduce costs and streamline processes to create best-practice organizations. She serves as a deputy chair of The IIA PSAC Board.

Josh Provan — Bio Being Finalized

Jonathan Moraes
Technical Manager, IIA–Spain
Spain

This presentation is now in its fourth year, thanks to the joint collaborative effort between eight European Institutes of Internal Auditors — Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden, and the UK and Ireland. Its purpose is to provide a touchpoint for the internal audit profession that helps chief audit executives understand how their peers view today's landscape and how may it affect the preparation of 2020’s internal audit plans.

In this session, participants will:

• Analyze the main risks that concern CAEs.
  
• Gain tools to build the audit plan.
  
• Receive a wide overview of the concerns of other CAEs.
  
• Walk through a reputable research study.
  

Jonathan Moraes has more than 14 years of experience in the compliance, internal controls, and internal audit departments of multinational companies. He joined IIA–Spain (based in Madrid) in 2017 as part of the technical content department, where his duties include research, content development, and training to add value to the profession in Spain. He is currently chair of the European Institutes Research Group (EIRG), which has been responsible for developing the Risk in Focus report since 2016, among other activities.

Robert Campbell, CIA, CRMA, CFE
Chief, Office of County Investigations
County of Los Angeles
USA

Investing in fraud prevention and detection can be a tough sell, and resources are always difficult to come by. But the reality is that anti-fraud efforts, led by internal audit, can deliver significant ROI and drive the attainment of your organization’s strategic goals and objectives. We will examine real-world fraud cases, how those investigations drove value, and practical strategies you can use to develop and enhance your anti-fraud program with existing audit resources.

In this session, participants will:

• Understand how to align anti-fraud efforts with organizational goals and objectives to drive ROI.
• Gain strategies for implementing or enhancing a quality anti-fraud program with existing internal audit resources and personnel.
• Determine how to prevent and detect some emerging, high-value frauds through a review of real, recent cases.
• Learn tactics for operationalizing fraud prevention and detection tools and techniques into existing programs/business lines.

Robert Campbell is a distinguished CAE, law enforcement leader, and recognized anti-fraud expert with 20 years of professional experience in government auditing, fraud/financial crimes investigation, and business process reengineering. He has extensive regulatory experience, having directed the office of the chief HIPAA privacy officer for one of the largest hybrid entity systems in the United States. He has presented extensively to auditors and anti-fraud professionals on a variety of topics, including fraud prevention and detection, contracting and procurement, bid rigging, criminal conflicts of interest, technology, computer forensics, and data analytics.

Campbell also has extensive experience managing business operations, having overseen a $7 billion/year disbursements operation, the central accounting function for Los Angeles County government, preparation of the Comprehensive Annual Financial Report, as well as budget, fiscal, and administrative policy development, accounts payable, accounts receivable, and payroll processing for Los Angeles County, a $31 billion enterprise and the largest county government in the world. 

In his current role as chief of the Office of County Investigations, Campbell administers the Los Angeles County fraud hotline and oversees 30 law enforcement professionals, all with backgrounds in accounting, finance, and/or computer forensics, who conduct criminal investigations of waste, fraud, and abuse within Los Angeles County government. They are uniquely positioned as both internal audit practitioners and law enforcement personnel with the authority to serve search warrants in support of criminal investigations.

Gareth Evans
Managing Director, Enterprise Risk
Thomson Reuters (now Refinitiv)
United Kingdom

Russell Stohr
Director, Market Development Risk and Compliance
Thomson Reuters (now Refinitiv)
United Kingdom

Risk and control ecosystems can be powerful for an organization to bring together information, governance, risk, and controls in a collective and collaborative way to manage risk. So why are we not there yet? Significant shortfalls still exist with manual, disconnected approaches to consolidated platforms. Future technology must connect processes, information, and ecosystems to provide better understanding of risk, clear visibility to predict or detect change, and higher confidence in mitigating risk. Join this session with industry experts and gain insight into the state of risk technology, where needs are not being met, and what is required to support a true integrated risk management program.

In this session, participants will:

• Learn how to join disparate, disconnected, and voluminous data sources.
• Leverage specialist solutions and align them through an integrated system.
• Future-proof their risk technology investment.

Gareth Evans is managing director of enterprise risk management at Thomson Reuters (Refinitiv), leading all proposition and solution development in both the ERM (risk technology) and regulatory intelligence services divisions. This includes acquiring and leveraging new wave technologies — including the recent launch of a Connected Risk platform — in response to clients’ requirements for more adaptable technologies that allow specialist solutions to be connected to a common data platform and enriched with third-party content. Previously, at PwC UK, Evans created and led the PwC risk technologies practice, which advised clients on strategies employed to automate and enable individual risk functions as well as drive the integration of multiple risk practices through platform sharing, to reduce cost and improve insight. Spanning all regulated sectors, including banking, insurance, telecoms, oil and gas, and utilities, he has engaged a number of global Tier I banks and FTSE100 and Fortune 500 corporations.

Russell Stohr – Bio Being Finalized

A. Michael Smith, CPA, CISA, CISSP
Partner
PwC
USA

We will begin with a high-level overview of blockchain technology, what it is, and how it works. We will then move into developments in the space, use cases and trends, and a deep dive on all classes of crypto assets. Finally, we will address the various challenges related to audit, risk, and control in this space.

In this session, participants will:

• Achieve basic understanding of what blockchain is and an overview of various business use cases.
• Become acquainted with the various classes of crypto assets and the related economic and technological control concerns of each.
• Develop introductory-level knowledge of challenges and difficulties related to audit and control in this space.

A. Michael Smith has over 28 years of public and private industry experience, encompassing IT internal audit, cybersecurity, privacy, IT governance risk and compliance, and national/international regulatory requirements in the IT space. He has lived and worked in Europe and led teams in EMEA and APAC. Smith is responsible for PwC’s U.S. internal technology audit services practice for financial services companies and has led projects or worked in all financial services sectors. He also leads the blockchain assurance practice globally, helping clients deal with the complexities of risk, control, and assurance in blockchain infrastructures. Smith was previously global director of technology audit for Bank of New York Mellon.

TaeYong Kil
Audit Manager
Prudential Financial Inc.
South Korea

Juseop Lim
Master’s Student
University of Vancouver
Canada

That privacy data leaks occur is inevitable, considering the number of channels that exist for data collection. However, corporations should strive to protect their own and customers’ privacy data in compliance with diverse regulatory requirements and risk types (finance, reputation, and etc.). What must we do to protect the corporation within its residual and tolerable risk levels while complying with regulatory requirements? Also, what methods must we understand to prevent and/or detect data privacy incidents?

In this session, participants will:

• Identify and understand diverse data privacy regulations and requirements.
  
• Learn preventive and detective methodologies on data privacy incidents.
  
• Design a data privacy protection framework to protect their corporation.
  

Juseop Lim – Bio Being Finalized

Javed Akbar
Chief Audit and Risk Officer
Rafal Group
Saudi Arabia

Mid-career professionals who are deeply immersed in operational issues frequently fall into the trap of using tactics from early in their careers while seeking the hot seat. Hence, they fail to achieve the career breakthrough they seek. This session will help such professionals shift their focus to the right direction, develop detailed career strategies and practical tactics, and employ a 2-5 year timeline to achieve a career breakthrough using the principles of transitional leadership.

In this session, participants will:

• Demystify leadership myths and career mistakes that lead to career deadlocks.
• Envision the future more effectively by learning the smart play for transitioning from audit manager to CAE to audit committee member and targeting the hot seat at the table.
• Learn how to develop the key skillset required to accelerate their career by using practical tactics based on the principles of transitional leadership.

Javed Akbar is chief audit and risk officer at a leading Saudi group. He also sits on the board audit committee at a leading international hospitality and hotel management company. Prior to assuming his current role, he was associated with Deloitte, PWC, and Protiviti. Akbar’s expertise includes creating and preserving organizational value by designing and implementing corporate governance, facilitating objective-centric risk management, and strengthening risk-based internal audit/control frameworks. He enjoys researching, reading, writing, and speaking about audit, governance, and risk management as well as leadership and employee engagement.

Dan Clayton
Strategy Director, System Audit Office
University of Texas System
USA

Paul Sobel, CIA, QIAL, CRMA
Vice President and Chief Risk Officer
Georgia-Pacific                            
USA

In June of 2017, thought leaders began charting the seventh edition of Sawyers in a way that promotes the thought leadership spirit of Larry Sawyer. The seventh edition tackles tough questions: How does a CAE think strategically about the services and products they deliver? What does business acumen actually mean? The product for the CAE and auditor focuses on setting up the internal audit function and delivering services in the decade to come.

In this session, participants will:

• Create a business perspective and framework of the challenges a CAE faces as they attempt to set up the internal audit function to deliver value-adding services and products in a changing world of ERM, GRC, and technology.
• Boldly ask questions and frame conversations for which we do not yet have answers to spawn the spirit of thought leadership and innovation.
• Describe how Sawyers 7th edition can frame the questions and discussion the CAE and auditor must have as they move forward into the next decade of uncertainty.

Dan Clayton is a career internal auditor with experience in governance, risk management, and control advisory services. He has worked with the University of Texas System for the last five years, seeking to leverage knowledge and resources for 14 internal audit functions at University of Texas institutions, including six academic medical centers. Clayton is currently working on enterprise risk management and participated on a tiger team at the University of Texas System, evaluating opportunities for organizational improvement in governance and efficiency. He is also working to give back to the profession and help shape its future through participation on the IIA Committee of Research and Education Advisors and the Utah Valley University IA Advisory Board. As part of his CREA responsibilities, he led the redesign of Sawyer’s 7th edition and a team of 10 authors.

Much of Clayton’s career has been in healthcare, and he is a strong believer in the possibility of high-quality, cost-effective healthcare. He has an innovative approach to internal audit strategy, policy, and audit model development. He frequently blogs about value-adding, governance, and risk management practice and the role of IA. He has presented professionally and published in professional industry magazines and continues aspirations of writing and publishing innovative ideas for business management, governance, and risk functions.

Paul Sobel is vice president and chief risk officer for Georgia-Pacific. He also serves as chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). He’s authored or co-authored four books: Managing the Risk of Uncertainty; Auditor’s Risk Management Guide: Integrating Auditing and ERM; Internal Auditing: Assurance and Consulting Services; and Enterprise Risk Management: Achieving and Sustaining Success. Sobel has served in many IIA leadership roles, including Chairman of the Board in 2013–14. In 2012, he was recognized in Treasury & Risk magazine’s list of 100 Most Influential People in Finance. In 2017, he received The IIA’s Bradford Cadmus Memorial Award and was inducted into The IIA’s American Hall of Distinguished Audit Practitioners.

Stephen Linden
Director
Assurance Advisory Group
Western Australia

When we go down to the ocean in summer, lifesavers have placed flags on the beach to identify the area within which it is safe to swim. Despite this simple message, people insist on “swimming outside the flags.” Similarly, despite myriad regulations, legislation, and policies applicable to public sector procurement, sometimes those involved in the process want to “swim outside the flags.” What causes this behavior, what can go wrong, and does internal audit have a “lifesaving role”?

In this session, participants will:

• Understand the myriad legislation applicable to government procurement and how to find it.
• Identify the many types of procurement and the probity risks attached to each.
• Assess the various approaches to auditing public sector procurement.
• Explore case studies of “procurement gone wrong” and lessons learned.

Stephen Linden is director of Assurance Advisory Group, providing internal audit, probity advisory/audit, and other related services. He has held senior positions in professional services firms for the past 20+ years, delivering assurance and advisory services to the public and private sector, from one-off projects through to fully outsourced arrangements. Previously, he enjoyed a career in a state-government statutory authority, where he held senior positions in internal audit, financial accounting, and management accounting. 

Linden spent ten years on The IIA’s global guidance committees (Professional Issues Committee and Public Sector Committee) where he co-authored a number of practice guides. He was team leader for the following practice guides: Evaluating Ethics Related Programs and Activities, and Chief Audit Executives – Appointment, Performance Evaluation, and Termination. He was a team member on the Auditing External Business Relationships practice guide. He also co-authored a Probity Handbook (HB325 – 2008 Assuring Probity in Decision Making) published by SAI Global on behalf of Standards Australia. Following the release of the ethics practice guide, Linden developed and delivered three global webinars on the subject; provided input to the ethics module for a graduate certificate in internal auditing; and developed and delivered webinars on the topic to graduate certificate students.

Linden recently authored a whitepaper for IIA Australia on public sector procurement. He has delivered presentations on probity and internal audit throughout Australia, including at SOPAC and other state conferences, and he presented at The IIA’s International Conference in London.

Justin Pawlowski, CIA, CCSA, CRMA, CMA
Head, Internal Audit
ALSO Holding AG
Germany

Deploying digital labor is highly relevant for the organization’s IA function — to provide more efficient and more effective audit work as well as to help accelerate the organization’s digital transformation. The session is about how to lower total cost of audit (reduction of labor costs of IA staff as well as of auditee) and how to quantify the value-add provided by the internal audit function using robotic process automation (RPA).

In this session, participants will:

• Explore areas of application for RPA in internal auditing (RPA internal audit “bot farm”) by demonstrating different RPA bots in action.
• Discover how to lower the total cost of audit using RPA bots.
• Learn how to substantiate and quantify the value-add provided by internal auditing using RPA.
• Determine the cornerstones of an RPA roadmap for IA to realize quick wins in the short-run and additional wins in the long-run.

Justin Pawlowski is head of internal audit at ALSO Holding AG, a listed distribution and logistics company for IT, consumer electronics, and telecommunications (ICT) based in Emmen, Switzerland, with annual revenues of more than 10bn USD across Europe. Before joining ALSO, the Frankfurt-based graduate of the Berlin School of Economics & Law and Goethe Business School worked as senior manager for governance and assurance services at KPMG in Germany and for IBM Germany in Berlin with assignments in Spain and the USA. His focus lies on applying modern technology in internal auditing, including data analytics, process mining, and RPA. Pawlowski is challenging manual proceedings from the past to come up with new ideas and ways of auditing, and he shared insights around using process mining in internal auditing at The IIA International Conference 2017 in Sydney, Australia. He is a member of the German chapter of The IIA (DIIR) and currently serves on The IIA IT Guidance Committee. In 2015, he was recognized as an Emerging Leader by Internal Auditor magazine.

Carol Morgan, CIA, CPA, CFE, CISA, CCEP
Vice President, Audit and Risk Management Services
World Vision
USA

A fraud risk assessment brings you closer to understanding the risks and threats unique to your organization. You have identified the controls you expect management to implement to reduce risk to an acceptable level. However, there are major gaps, and the risks with a high probability and material impact are not getting the attention they deserve. This session will help you learn to communicate to stakeholders their responsibility to maintain controls and fill the gaps.

In this session, participants will:

• Analyze information gathered and develop a clear, succinct presentation to explain to management teams the major risks that are critical to control.
• Identify gaps in the control framework quickly.
• Discover areas that might be over-controlled to reallocate resources to higher risk areas.
• Set up a system to assess compliance.
• Develop training opportunities for users to become self-assessors so they can take ownership of developing appropriate controls as processes change.

Carol Morgan has responsibility for the planning and completion of operational, compliance, and financial audits conducted at all World Vision U.S. sites as well as oversight for compliance and PCI data security. She began her auditing career working for the Defense Contract Audit Agency and SAFECO Insurance. Returning to government auditing as director of internal audit for Todd Pacific Shipyards, Morgan reestablished the internal audit function and was responsible for operational and government contract compliance audits. She gained external auditing experience as a manager with public accounting firm McGladrey and Pullen LLP by performing financial statement audits of credit unions.

Morgan is a past president and board officer for The IIA’s Puget Sound chapter. In addition, she serves on the Accounting Academic Advisory Board, and the Internal Audit Academic Advisory Board for Seattle University. As a board member for the Pacific Northwest Enterprise Risk Forum, Morgan provides treasurer oversight. She holds a Bachelor of Science Degree in Business Administration from Towson University. She is a Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE), Certified Information Systems Auditor (CISA), and Certified Compliance and Ethics Professional (CCEP).

Mónica Ramírez Chimal
Partner
Asserto RSC
Mexico

Money laundering is a growing phenomenon that is expanding to more countries and different industries. The days when it only happened in the financial sector are gone, making it one of the biggest risks for internal auditors to manage today. In this session, attendees will learn what money laundering is in order to identify and manage the risk of being used by organized crime.

In this session, participants will:

• Learn the definitions and specific characteristics of money laundering and terrorist financing.
• Understand how money is laundered and the impact it has worldwide.
• Identify the most common factors that contribute to the continuation and growth of money laundering.
• Get to know key controls any company should have in order to protect itself.

Mónica Ramírez Chimal is partner of her own consulting firm, ASSERTO RSC (based in Mexico City), specializing in business risk administration, fraud prevention, and anti-money laundering. She has more than 14 years of experience as a consultant and 5 years as principal of internal audit and compliance in various companies. She is an international trainer (Mexico, United States, Brazil, Argentina, Uruguay, Panama, Dubai) and has been an expert guest speaker on anti-money laundering for a number of companies and universities. Ramírez Chimal authored the book, “Don’t let them wash, nor dry!” which was also published in Spanish and positively reviewed internationally. She has published several articles on anti-money laundering, fraud, virtual currencies, and internal control for official magazines of the following organizations: SCCE, ICA, ACFE, and GLC Europe Blog, among others. She has been a member of the Advisory Board of the Society of Corporate Compliance and Ethics (SCCE) Magazine since November 2013 and a member of the GLC Europe Blog panelist group since October 2015.

Helen Anijalg, CIA, CCSA, CGAP
Chief Audit Executive
Enterprise Estonia
Estonia

Estonia is a country in Europe that represents a good example of digital disruption. Named “the most advanced digital society in the world,” Estonians are pathfinders who have built an efficient, secure, and transparent ecosystem that saves time and money. This has had a strong impact on internal auditing practices. You will hear the fascinating story of Estonian e-success.

In this session, participants will:

• Be inspired to be more open towards innovation and digitalization in the internal auditing profession.
• Learn about new risks involved related to digitalization.
• Hear a real-life story about digital disruption in a European country.

Helen Anijalg  is CAE at Enterprise Estonia, a state agency for business and regional policy in Estonia. Previously, she worked 10 years at the Estonian Ministry of Finance, in the Audit Authority.

Sergiu Cernautan
Senior Director, Strategy
ACL Services Ltd.
Canada
               
In today’s digital environment it’s more important than ever to equip internal audit functions with the right set of technologies; future proof the audit function by attracting, developing,  and retaining professionals with sufficient digital dexterity; and build an agile and sustainable internal audit practice.

In this session, participants will:

• Explore their role as audit leaders in future proofing their organization’s internal audit functions.  
• Examine whether they are setting the right technology vision for internal audit and risk management in today’s digital environment.
• Determine whether they are hiring and training for the internal audit and risk management skillsets of the future.
• Evaluate whether their internal audit and risk management processes are sufficiently automated and agile to address the present and the future of internal audit.

Sergiu Cernautan has over 20 years of external audit, internal audit, risk and regulatory compliance, and consulting experience with Deloitte, KPMG, and Straight Talk Consulting (STC) Ltd emphasizing financial, operational and systems auditing; Sarbanes-Oxley, JSOX, and Bill 198 compliance; business process control reviews; litigation support, data analytics, and fraud audits; and cost-effective Computer Assisted Audit Techniques (CAATs) and business analytics using sophisticated data analysis tools.

Cernautan is responsible for ACL’s GRC strategy, which includes managing influencer relations, overseeing product content development, and providing overall GRC domain support to internal teams (e.g. sales, marketing, product design). In addition, he is responsible for overseeing the company’s Strategic Partner and Customer Advisory Board (CAB) programs.

Esi Akinosho
Principal, Global Advisory Internal Audit Leader
EY
USA

As we move into the transformative age in business, internal auditors are increasingly being asked to evolve their roles from simply “checking the box” to acting as trusted advisors. Many internal auditors are left asking themselves the following questions: What does it really mean to be a trusted advisor? Does building trust mean impairing objectivity? Does being an advisor mean compromising assurance? This panel session will feature internal audit and stakeholder executives and will explore how internal auditors strike the right balance between management’s desire for a trusted advisor and an audit committee’s expectation of objective assurance. 

In this session, participants will:

• Explore what it means to be a trusted advisor.
• Learn techniques (including technology) for building trust without impairing objectivity and being an advisor without compromising assurance.
• Discover actionable steps they can start taking in their IA functions towards being a trusted advisor.

Esi Akinosho is a principal in EY’s advisory (risk) services practice and serves as the global advisory internal audit leader. In her role, she is responsible for driving innovation and growth and developing the forward strategy for the internal audit business globally. She provides clients with risk advisory services, including leading global engagements in internal audit transformation (including QARs); internal audit teaming/outsourcing; SOX 404 advisory, training, and project management; enterprise risk management (ERM); and contract risk services. Akinosho has more than 26 years of risk advisory experience across various industries in the U.S., Europe, and Africa. She started her career in audit assurance, then internal audit in industry prior to joining EY 16 years ago.

Sally-Anne Pitt, CIA, CGAP
Managing Partner
Pitt Group
Australia
               
We live in a world of disruption and internal audit is being asked to embrace agility to meet these organizational and societal changes. Quality assurance and improvement programs provide an opportunity for auditors to continuously improve their functions to meet these increasing demands. This presentation will introduce Sally-Anne Pitt’s book, Internal Audit: Developing a Quality Assurance and Improvement Program, and explain how it can be used to continuously improve and evolve an audit function.

In this session, participants will:

• Be able to distinguish between standards and quality.
• Understand the need for quality to be embedded into everyday processes.
• Develop a structure approach to quality assurance and improvement focused on three key elements — purpose, people, and performance.
• Recognize the link between quality, adaption, and agility.

Sally-Anne Pitt is managing partner of Pitt Group, an Australia-based firm specializing in internal audit and risk management. She is recognized as a global expert in audit quality, and is chair of The IIA’s Global Professional Ethics and Responsibility Committee. Prior to this she was vice chair of The IIA’s Global Professional Issues Committee and a member of The IIA’s Global Committee on Quality. Pitt is the author of Internal Audit Quality: Developing a Quality Assurance and Improvement Program. She has undertaken more than 70 external quality assessments and works with many clients to develop and embed their quality programs.

She has a Bachelor of Applied Science, Master of Public Policy, and post-graduate business studies from the Darden Business School, University of Virginia (USA). She is a member of IIA-Australia, a Certified Internal Auditor (CIA), and a Certified Government Auditing Professional (CGAP).

John Wszelaki
Director, Public Sector Audit Center
The Institute of Internal Auditors
USA

Session Details Being Finalized

John Wszelaki joined The IIA as director of the American Center of Government Auditing in March 2016. He previously served as CAE for the Virginia Department of Alcoholic Beverage Control for 17 years. Prior, Wszelaki was managing auditor for American Greetings Corporation responsible for global audit. He has been an active IIA volunteer for the past 20 years and served as chairman of the North American Board in 2014–15.