Continental breakfast, lunch, and breaks are included.

The educators’ symposium is designed to fulfill three distinct objectives:

• Establish a forum for researchers to present end-stage or completed research and share aspects of classroom and practitioner applicability.
• Provide educators with new and innovative techniques for teaching internal auditing.
• Create an opportunity for researchers to present research concepts and proposals and receive feedback to refine the scope further to enhance value for practical application.

Research covered during the symposium may address the following topic areas: audit committee relations, blockchain, integrated audit, internal audit’s role in risk management, internal audit effectiveness, or others.

For more program details please visit the  Larry Sawyer Educators Symposium Program Page.

James C. Paterson, CIA
Director, Author
Risk & Assurance Insights Ltd.
UK

There has been a lot of hype in recent years about agile auditing and being lean. Learn how to separate the good aspects of lean and agile from the parts that seem to be just consulting speak or a fad. We will cover fundamental principles, techniques, and practices of lean, lean six sigma, and agile.

In this session, participants will:

• Identify how agile and lean are similar, how they are different, and how they encourage high-performing teams and a more pragmatic, customer-oriented approach.
• Learn the strengths and pitfalls of each technique and how they align with IIA Standards.
• Apply these techniques to a case study to see new ways of constructing an audit assignment, prioritizing what is covered, and generating a work program rapidly.
• Understand the importance of intelligent flexibility, killer facts,” thoughtful analysis of consequences, and benchmarking team progress.

James C. Paterson established a consulting business in 2010 to provide training, development, and coaching in several key areas, including risk assurance mapping, lean/agile auditing, auditing culture, root cause analysis for internal audit, and influencing and political savvy for internal audit. He has conducted open courses with 12 IIA Institutes across Europe, including Belgium, Estonia, Finland, Latvia, Netherlands, Norway, Spain, Switzerland, Sweden, and the UK. Previously, at AstraZeneca Plc, Paterson advanced to CAE after holding various corporate and commercial finance roles, including head of group financial reporting and head of global leadership development programs. He authored Lean Auditing and has presented at ECIIA and GAM.

Michael-Anthony Peet
Vice President, Head of Audit Global & Analytics
ABB
USA  

Steve Biskie
Director, Risk Advisory Services
RSM
USA

The topic of automation, and RPA specifically, has been taking the business world by storm. What might not be initially obvious is how automation and analytics often go hand-in-hand, particularly in the context of an audit. Sometimes a “bot” might pull and organize data that can then be assessed via data analytics, whereas other times an analytic might identify the “suspect” that the bot then needs to gather different information around.

In this session, participants will:

• Understand how RPA technologies differ from other technologies that offer automation capabilities.
• See multiple use-cases of the ideal hand-off between data analytics and RPA.
• Review common pitfalls and how to avoid or mitigate them.
• Perform a hands-on live “opportunity scan” to see how to visualize and report on automation priorities.
  

Michael-Anthony Peet's Bio Being Finalized

Steve Biskie has been working in audit, compliance, and IT risk management for over 23 years. His IT experience includes public accounting, private industry, and specialized risk management consulting firms. Considered an international expert in SAP audit and risk management issues, Biskie has published numerous audit-related topics for SAP Professional Journal and written articles for SAP GRC Expert. He authored Surviving an SAP Audit and was an expert reviewer for Security, Audit, and Control Features: SAP ERP (Third and Fourth Editions). He is a thought leader in audit analytics and continuous monitoring, and is a four-time IIA All Star speaker.

Carolyn Axisa
Senior Manager, Risk and Financial Advisory
Deloitte & Touche LLP
USA

Jessica Tankersley
Business Chemistry Operations Lead
Deloitte & Touche LLP
USA

Business Chemistry is a highly interactive learning session that reveals your own distinct patterns of work behavior and provides strategies to more purposefully and effectively engage others. A refreshing departure from “business as usual,” Business Chemistry helps enhance team collaboration by effectively navigating differences to harness the strength of diversity.

In this session, participants will:

• Discuss their own and others’ workplace preferences and potential pitfalls.
• Review what to look for to develop “hunches” about others through observations.
• Adapt their style to engage more effectively with individuals and within teams.

Carolyn Axisa’s Bio Being Finalized

Jessica Tankersley is an employee experience consultant and leads global operations for Business Chemistry® at Deloitte. The Business Chemistry model reveals distinct patterns of work behavior and its impact on business relationships. Using the model and focusing on the ideal that ‘work shouldn’t be so hard,’ Tankersley helps teams explore how mixed perspectives influence their work together. She also teaches others how to use the model to enable the rapid growth and popularity of Business Chemistry.

Steve Morang, CIA, CRMA, CFE, CCEP
Senior Manager, Fraud and Forensics
Frank, Rimerman + Co. LLP
USA

Sanya Morang
Adjunct Professor
Golden Gate University
USA

How do people get seduced into fraud? How do fraudsters use seduction to deceive people? Seduction is an indirect form of power; when it is raised to the level of an art, it has toppled governments, won elections, and enslaved great minds. Understanding how fraudsters use seduction in everyday settings will unlock the mysteries behind their ability to circumvent even the strongest internal control systems.

In this session, participants will:

• Discover the power behind the seduction of fraud and how to use this knowledge to bridge the gap between fraud prevention, ethics, and human nature.
• Describe the attributes of the “Seduction of Fraud Diamond” and how they help to analyze fraud schemes.
• Develop an understanding of the personality similarities between historical seducers and modern-day fraudsters.

Steve Morang is a global leader in fraud prevention, detection, investigation, ethics, and compliance. He speaks frequently at local, regional, national, and international conferences, and recently co-developed a new series of sessions titled “The Seduction of Fraud.” Over the past 20 years, Morang has developed multiple methodologies to help organizations stay ahead of the latest trends in fraud. He has been featured in publications such as Forbes, American Banker, and Fraud Magazine. Additionally, Morang authors Fraud Magazine’s Big Frauds column and is an adjunct professor of fraud and ethics at Golden Gate University.

Sanya Morang is an expert on human nature and behavior and co-founder of the Seduction of Fraud. She is an adjunct professor at Golden Gate University, as well as vice president of research and development for the San Francisco chapter of the ACFE. Morang has prior experience in the fashion, cosmetics, and airline industries.

Daniel Lebel, CPA, CMA, CIA, CCSA, CFSA, CGAP, CRMA
Chief Audit Executive
University of Quebec in Montreal and President, CIA International Inc.
USA

Part 1 will be held during the pre-conference sessions on Sunday, July 19th, 2020.  Attendees should plan to attend both CIA pre-conference class sessions on Sunday.  

This Part 1 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 1 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 1 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 4.2 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 1 (upon release).  A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Foundations of Internal Auditing
• Independence and Objectivity
• Proficiency and Due Professional Care
• Quality Assurance and Improvement Program
• Governance, Risk Management, and Control
• Fraud Risks

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.  

Daniel Lebel has more than 20 years of experience in internal audit and risk management, with expertise in several areas such as manufacturing, transportation, banking, and pharmaceutical. In addition to his work as CAE at the University of Quebec, Lebel has been involved as a lecturer, teacher, coach, and mentor, and as a CIA instructor in America, Asia, the Middle East, and Africa.

Seth Mattison
Workforce Trends Expert
Co-founder and Chief Officer Movement
Luminate Labs
USA

The workforce is moving inexorably toward greater diversity. There’s a good chance you’re working alongside three and possibly even four generations of talent. This dynamic can create crippling challenges or game-changing advantages for teams that learn to recognize, understand, value, and ultimately tap the strategic perspective that lies within every generation. Seth Mattison will explore today’s biggest workforce trends and the histories, personalities, strengths, and challenges of each unique generational group.

In this session, participants will:

• Understand how fresh eyes and seasoned wisdom will be a fierce force in the new world of work, and how Gen-Power will help you harness it.
• Hear about counterintuitive perspectives on today’s unique generations.
• Gain deep insights into behaviors and trends impacting engagement.
• Learn strategies for influencing and persuading across generations.
• Discover communication tactics positioned to resonate with every generation.

Seth Mattison is an internationally renowned expert and author on workforce trends, generational dynamics, and business strategy. As co-founder and chief movement officer of Luminate Labs, he advises many of the world’s leading brands and organizations on key shifts happening around talent management, change and innovation, leadership, and the future of work. His ideas have been featured in such publications as The Wall Street Journal, Forbes, The Huffington Post, and The Globe and Mail, and he was named among the Editors’ Picks for Speakers to Watch in 2017. For the past decade, Mattison has shared his insights with thousands of business leaders around the world and has received accolades from many of the world’s best brands, including MasterCard, Johnson & Johnson, Microsoft, Kraft Foods, AT&T, PepsiCo, GE Energy, Cisco, State Farm, Merrill Lynch, Dow, and Disney.

A. How Internal Audit Helps Drive Results for a Fearless Organization

Silvia Puhani
Head of Internal Audit
Volksbank
GERMANY

Fear can endanger an organization and its employees. But workplaces characterized by candor can offer immense benefits for creativity, learning, innovation, engagement, problem solving, and performance. All of these are required in a volatile, uncertain, complex, and ambiguous (VUCA) world and can be elicited through an environment of psychological safety, in which people feel secure enough to take interpersonal risks by speaking up and sharing concerns, questions, or ideas.

In this session, participants will:

• Understand that psychological safety is essential to producing high performance in a VUCA world.
• Realize that a culture of silence is very dangerous for an organization.
• Learn three interrelated practices that help create an environment that benefits engagement, problem solving, and performance.
• Discover the important role of leaders and internal audit in shaping a fearless organization.

Silvia Puhani is the head of internal audit of Volksbank eG Braunschweig Wolfsburg, a German regional bank. She is a board member of IIA–Germany (DIIR) and a lecturer at the Frankfurt School of Finance & Management. She authored an award-winning book and hosts a podcast on internal audit. Puhani uses her background in mediation, systemic consulting, and coaching as a facilitator to elicit better solutions for organizations. She is well-versed in auditing complex issues. It is her firm conviction, that the social dimension, which plays an increasingly important role in modern management concepts, will be crucial for effective internal audit work, too.

---

B. Marketing the Value of Internal Audit With One Voice

Mike Jacka, CIA
Chief Creative Pilot
FPACTS
USA

Peter Scott
Chief Executive Officer
American Academy of Optometry
USA

When stakeholders ask internal auditors to explain the value of the department, many are caught unaware, resorting to long-winded, cliché-ridden responses. And few departments deliver a consistent message. This session’s presenters bring their combined internal audit and marketing experiences together, using real-world examples, to show how any department can build a value proposition for marketing internal audit’s value to all stakeholders.

In this session, participants will:

• Learn the structured process of value proposition development.
• Determine how each step of the process can be applied to internal audit.
• Develop ideas for how value proposition can be applied to each internal audit department.
• Observe how value proposition was used by one internal audit department.

Mike Jacka is chief creative pilot for FPACTS, a group dedicated to advancing internal audit skills. During a 30+-year internal audit career, he has been responsible for developing fraud investigation procedures for a 100-person audit shop, overseeing Farmers’ western regional auditing operations, and designing auditor training programs for a global organization of 200+ staff members. Jacka is a top-rated presenter, award-winning columnist, and contributor to Internal Auditor magazine, as well as co-author of two books published through the Internal Audit Foundation (Auditing Social Media: A Governance and Risk Guide, and Message, Brand, and Dollars – Auditing Marketing Operations, both in their second editions).

Peter R. Scott currently serves as chief executive officer of the American Academy of Optometry. He previously worked as a marketing and public relations strategist with some of the world's largest and most respected brands and agencies, specializing in social media strategy, risk, governance, and compliance. A top-rated speaker and award-winning association management executive, he is also the co-author of two books published through the Internal Audit Foundation (Auditing Social Media: A Governance and Risk Guide, and Message, Brand, and Dollars – Auditing Marketing Operations, both in their second editions).

---

C. Extracting More Value From Internal Audit in the Digital Age

Brian Christensen, CPA
Executive Vice President,
Global Internal Audit
Protiviti
USA

Digital activities and tools such as advanced analytics, automated processes, process mining insights, AI, and machine learning enable internal auditors to translate an increasingly overwhelming amount of data into meaningful, impactful analysis. Coupled with divergent and critical thinking, these capabilities have the potential to steepen the value-delivery curve significantly for auditors. This presentation will offer key observations and recommendations on how internal audit can deliver more value in the digital age.

In this session, participants will:

• Outline the digital tools internal audit needs to address business priorities and deliver meaningful results through the audit plan.
• Discuss how a next-generation internal audit strategy can align with the company’s risk profile and stakeholder expectations.
• Describe how CAEs can deploy data and technology-enabled processes and capabilities that facilitate delivery of cost-effective, value-added assurance.

Brian Christensen is a founding managing director at Protiviti and currently serves as global leader of the firm’s internal audit and financial advisory practice. He is also president of the Internal Audit Foundation. Christensen was recognized by Consulting Magazine as one of the Top 25 Consultants in 2017 in the leadership category and by the National Association of Corporate Directors (NACD) in the 2019 NACD 100 as one of the top contributors on corporate governance. He was previously a partner with Arthur Andersen.

Moderator:
Claire Chong
Industry Specialist
CaseWare IDEA
USA

Presenter:
Lenny Block, CIA, CPA
Vice President, Internal Audit
Nasdaq
USA

Sometimes people seek therapy to help overcome a barrier preventing them from achieving a goal. A similar approach can be applied to learning how to succeed with data analytics. This presentation’s interview format allows for sharing of expertise in incorporating analytics into the audit process. Use cases will illustrate how to overcome barriers, encourage team adoption, and gather data. Guidance will be prescribed to analytics challenges that attendees care to share.

In this session, participants will:

• Learn how to apply an “ask the doctor”’ approach to obtain precise prescriptions (recommended solutions) to help overcome data analytics challenges (or fears).
• Identify the data available to them and learn how to get it.
• Grow analytics expertise organically within their audit teams.
• Expand their focus beyond numerical data.

Claire Chong brings more than 15 years of experience in internal audit, finance, and assurance and advisory services to her role as industry strategist. Serving as an industry subject matter expert, she helps drive the development and delivery of value-added analytics solutions. Prior to joining CaseWare IDEA, Chong held audit management positions in public, private, and government enterprises in a variety of industries, including gaming and lottery, exhibitions and events, consumer packaged goods, commercial real estate, and professional services.

Lenny Block is vice president of internal audit at Nasdaq. He brings a background of more than 35 years in internal audit, business process reengineering, database design, and project management. Block has extensive practical experience in managing all phases of an internal audit, ensuring regulatory compliance and financial reporting integrity, and improving operational effectiveness for Nasdaq-owned entities worldwide. He also leads internal audit‘s data analytics program and donates his expertise on foreign corrupt practices compliance to the corporate ethics team. Block also teaches auditing as a member of Southern New Hampshire University’s adjunct faculty. He previously worked in the nonprofit, mortgage-backed securities, and telecommunications industries.

Komitas Stepanyan, PhD, CRMA, CRISC
Deputy Head Internal Audit
Central Bank of Armenia
ARMENIA

It is now commonly accepted that it’s no longer a matter of "if" but "when" an organization will suffer a cyberattack. Cyber resilience is the ability to prepare for, respond to, and recover from cyberattacks. This session will cover several important aspects of cyber resilience and how internal audit can bring value by auditing cyber resilience.

In this session, participants will:

• Consider whether cyber resilience is merely wordplay or a valuable concept.
• Evaluate internal audit’s role in cyber resilience.
• Discuss cyber resilience as a challenging engagement for internal audit.
• Assess possible audit approaches to cyber resilience.

Komitas Stepanyan has almost 20 years of experience in internal audit, IT audit, information security, and information technologies. He has been deputy chief audit executive of Central Bank of Armenia’s IT audit division for more than nine years. He serves on the board of IIA–Armenia and the advisory board of CyberCentral. Stepanyan is a published author of numerous scientific articles, and he has spoken at several international events. He also provides IMF and World Bank with expertise on IT and cyber risk management, regulation and supervision, and IT fraud examination. Stepanyan has conducted and led many technical assistance and capacity-building missions, covering diverse countries and topics.

Leonid Dushatin
Chief Audit Executive
Head of Internal Audit
AEROFLOT
RUSSIA

Martin Wiedemann, CIA
EMEIA Internal Audit Leader
EY
GERMANY

As the CAE of a leading public company, you need to efficiently serve all stakeholders to build and run a successful internal audit function. This session will highlight how Aeroflot’s internal audit function builds trusted relationships with stakeholders to enhance the value of the company (which operates in a highly disruptive and competitive environment) and support its journey to operational excellence, digital transformation, and successful competition with global peers.

In this session, participants will:

• Discover how to create a basis for transforming internal audit function by incorporating The IIA’s Standards and a SAP audit management machine.
• Understand how to position internal audit as an assurance provider and trusted partner to management, the audit committee, and the board.
• Learn how to apply a risk-oriented approach and consulting skills to social media, personal data protection (GDPR), innovation, and IT efficiency.
• Gain insights into tapping multiple sources of information to provide a 360 degree view of key business processes and risks.

Leonid Dushatin has 35+ years of corporate, financial, and internal audit practice in Russian and foreign companies, including the Finance Ministry of the USSR and the National Reserve Bank. He was elected an independent director to Aeroflot’s board in 2003. He also headed the audit committee from 2007–11. In 2015, Dushatin was appointed CAE by the board and tasked to build a modern, risk-oriented internal audit function in the group of companies headed by Aeroflot, including another three airlines (Rossiya, Aurora, Pobeda). This mission was accomplished in March 2019 with external approval by EY as fully compliant with The IIA’s Standards and Code of Ethics.

Martin Wiedemann is a partner at EY’s Freiburg, Germany office. His extensive experience encompasses auditing and advisory of local and international companies, along with implementing, leading, and executing internal audit functions, internal control systems, and risk management. Wiedemann established and led EY risk services in Qatar and CIS, and now oversees the EMEIA (Europe, Middle East, and India) internal audit practice. He leads EY teams providing outsourcing and co-sourcing services for internal audit functions in the automotive, chemicals, utilities, and manufacturing sectors. Wiedemann is EY’s global project leader for the creation of a fully digitalized internal audit function. He also led a team in executing functional performance assessments of major companies in Germany, Qatar, and Russia.

Moderator:
Blanca Aurora Malagon, CIA, CGAP, CPA, CFE, CFF, CHRC, CCEP
Associate Vice President, and Chief Audit and Compliance Officer
University of Miami
USA

Blanca Aurora Malagon provides leadership, direction, and oversight of the internal audit and compliance functions as associate vice president and chief audit and compliance officer for the University of Miami. She teaches an internal auditing course as part of the university’s Master of Accounting program and is a member of the Iron Arrow Honor Society. Before her 34-year career at the university, Malagon worked in public accounting, primarily on financial audits of municipalities and governmental entities. She serves as vice president of academic relations for The IIA’s Miami chapter and is a member of the chapter’s Board of Governors.

---

A. Strategies for Engaging Your Team in Change

Rachel Tressy
Senior Vice President and Chief Auditor
Voya Financial
USA

Our profession is in a time of unprecedented change. The change needs to come from within, with full engagement from your whole team (no matter what size). This session will discuss ways to move your team forward together through these important times.

In this session, participants will:

• Review some of the changes we are all facing in the internal audit profession.
• Discuss strategies for involving their team in the changes.
• Share successes and failures in recent change management experiences.

Rachel Tressy is senior vice president, and chief audit executive at Voya Financial, responsible for providing internal audits and advisory services for evaluation of the company’s internal control environment. She previously spent 15 years at Cigna in both audit and business roles. Tressy has sought to build relationships with business partners and partners throughout her career to demonstrate the value that strong partnerships bring to companies. She started her career at Ernst & Young in audit and advisory services. She is also active on a nonprofit board of trustees.

---

B. How to Put the Success in Succession Planning

Sue Ulrey, CIA, QIAL, CRMA, CRISC, CFE, FCA
National Practice Leader
MMY
USA

Talented people will eventually move on — either by choice or by circumstance — and they must be replaced. Studies and surveys have shown that most companies do not have robust succession plans. Managing the succession of talent is critical to achieving your organizational goals.

In this session, participants will:

• Understand the value of succession planning for skill development and talent retention.
• Discover strategies to attract and retain top talent.
• Recognize the top 10 most common competency gaps.
• Learn how to develop a successful succession plan.
• Plan their own leadership development solutions.

Sue Ulrey is an internal audit executive with 25+ years of practitioner and consulting experience in banking, insurance, and healthcare. Innovative and solutions-focused, she drives organizational improvement through audit and data analytics, while promoting strong ethics and governance. Ulrey excels in structuring and strengthening operational and financial processes and controls to maximize long-term performance, growth, and profitability. Leveraging her expertise in project management, strategic planning, best practice evaluation, internal audit QAR, contract/regulatory compliance, vendor oversight/compliance, and finance, risk, internal audit, and governance reviews. Ulrey has managed 100+ large-scale IT and data analytics projects and conducted 100+ contract compliance reviews in the last 10 years.

Moderator: 
Gregory T. Grocholski, CIA
Vice President, Chief Audit Executive
Saudi Basic Industries Corporation (SABIC)
SAUDI ARABIA

Presenter:
Naohiro Mouri
Executive Vice President and Chief Auditor
AIG
USA

This session will offer a discussion on how the internal audit group at AIG is changing auditor mindset and audit methodology, as well as using robotic process automation (RPA) and data analytics (DA) to achieve greater audit coverage with fewer resources.

In this session, participants will:

• Hear how AIG’s internal audit group is changing auditor mindset and audit methodology.
• Learn how AIG uses RPA and DA to increase coverage and efficiency.

Greg Grocholski is responsible for leading and managing the internal audit department on a global level, to ensure the implementation of internal audit best practices worldwide, as well as to coach the company’s internal audit employees to maximize their contributions to achieving the company’s objectives. Grocholski is internationally respected in the audit field and is affiliated to ISACA, for which he has served in various leadership roles. Prior to SABIC, Grocholski attained an impressive track record in the global chemicals industry with more than 30 years of service at The Dow Chemical Company. He achieved numerous promotions in the audit and finance functions, most recently holding the posts of CAE and global director of business finance.

Naohiro Mouri is the immediate past chairman of The IIA’s global board. His 27 years of internal audit experience includes both audit execution and management at AIG, MetLife, JP Morgan, Shinsei Bank, Morgan Stanley, Deutsche Bank, and BNP. He began his career at Arthur Andersen. Mouri has spoken at local, regional, and international IIA conferences and taught internal audit courses at Meiji University, Senshu University, and Yokohama National University. He co-authored a book about internal audit in banking that was published in Japanese and Chinese.

Ernesto Martinez
Vice Presidente Ejecutivo
Santander Group
España

Auditing Strategic Risk

Ernesto Martinez
Executive Vice President
Santander Group
SPAIN

El tiempo dedicado a una auditoría no siempre está alineado con la relevancia asignada a ciertos riesgos. Los compromisos relacionados con los requisitos reglamentarios o las auditorías más tradicionales desvían nuestra atención de asuntos críticos para la organización. Los planes de auditoría deben estar totalmente alineados con las estrategias y el apetito de riesgo estratégico de la organización. ¿Qué elementos podrían considerar los auditores internos para auditar el universo de riesgos, e integrar su análisis en la evaluación del riesgo de auditoría?

En esta sesión, los participantes:

• Aprenderán cómo se debe incluir el riesgo estratégico en el plan de auditoría.
• Descubrirán cómo integrar el riesgo estratégico en la evaluación del riesgo de auditoría.
• Comprenderán cómo auditar el riesgo estratégico.

Ernesto Martínez comenzó su carrera como auditor externo y consultor en Arthur Andersen. Luego se unió al Grupo Santander como Analista de Riesgos y Vicepresidente de Control Financiero para el banco de inversión de Santander antes de pasar a la auditoría interna, donde ha sido Vicepresidente Senior del grupo de diferentes riesgos y negocios, así como CAE para Banesto, la filial bancaria española del Grupo. Actualmente, como Vicepresidente Ejecutivo del Grupo de Auditoría Interna de Santander, Martínez dirige aproximadamente 180 auditores internos, incluidos los Caes de varias filiales bancarias. Es presidente de IIA – España, miembro de la Junta Global de IIA y miembro de dos comités de ECIIA. Habla con frecuencia sobre temas relacionados con la auditoría.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

Part 2 will be held at the same time as other concurrent sessions on Monday, July 20th, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Monday.

This Part 2 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 2 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 2 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 4.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 2 (upon release).  A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Managing the Internal Audit Activity
• Planning the Engagement
• Performing the Engagement
• Communicating Engagement Results and Monitoring Progress

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

A. Building and Communicating Your Personal Brand

Jeannine K. Brown, CPC
Managing Director
Everyday Lead
USA

To build and communicate a personal brand requires defining your personal strengths, developing your personal presence, and honing your skills. A personal brand empowers you to have your voice heard, strengthens your credibility, and increases your impact on key stakeholders, enhancing your value and leadership style.

In this session, participants will:

• Learn how to embody presence and impact, including using their body and the right language to communicate powerfully.
• Understand how mood and mindset influence presence and how to change it.
• Discover how to play to their strengths and develop their personal brand statement, legacy plan, and personal communication plan.

Jeannine K. Brown is the managing director and owner of Everyday Lead, a talent and diversity coaching consultancy. She is a thought leader and active advocate for increasing the number of women and multicultural professionals in executive roles. Brown works closely with client companies, delivering solutions to help increase retention, decrease attrition cost, attract new talent, and create competitive advantages through the power of inclusion. She champions the importance of diversity, equity, belonging, and inclusion among individuals, cultures, and systems. An executive coach and public speaker, Brown travels extensively as a conference and corporation keynote speaker on leadership and inclusion topics.

---

B. People centric Skills 2.0: Even More Crucial Skills for Audit Professionals

Danny M. Goldberg, CIA, CCSA, CRMA, CPA, CISA, CRISC, CGEIT, CGMA
President
GoldSRD
USA

As important as technical capabilities, the ability to work with and connect with people at all levels is a skill that most successful leaders have or covet. People-centric skills include reading people (quickly!), thinking fast on your feet, optimizing the value of emotional intelligence, using self-awareness and empathy, determining the right mode to communicate in, influencing and promoting change, and owning an audience (speaking publicly).

In this session, participants will:

• Identify which skills distinguish great managers from good managers.
• Learn about “quick” skills that can be applied without much practice — including thinking fast on their feet, reading people within seconds, exhibiting self-awareness, and owning an audience (including key quick suggestions on how to be an effective presenter).
• Understand emotional intelligence and how to use it to get the most out of their employees.
• Gain tips for communicating effectively in any mode and selecting the right mode to communicate.
  

Danny M. Goldberg has 21+ years of professional experience, including five years leading/building internal audit functions. He is co-author of People-Centric© Skills: Communication and Interpersonal Skills for Internal Auditors, which is offered through the IIA and ISACA bookstores and has sold more than 4,000 copies. Goldberg is also accredited as the professional commentator of the Bureau of National Affairs - Internal Audit: Fundamental Principles and Best Practices. He has been recognized as a top speaker at numerous IIA and ISACA events. In addition, he is an active IIA board and committee member at both the local and national levels.

---

C. Agile Communication: Better Audit Results, More Added Value

Tracie Marquardt
Owner and Trainer
Quality Assurance Communication
CANADA

Internal audit is piloting Agile project methodology, but it can be a hard sell, and many audit departments just aren’t ready for it. The key to the success of Agile project methodology is communication: It’s flexible. It motivates. It brings accountability and transparency. So how can audit harness the benefits of Agile communication without (necessarily) adopting Agile project methodology? Is your team ready to break away from traditional audit communication practices?

In this session, participants will:

• Distinguish between traditional communication and Agile communication.
• Identify the risks of adopting Agile communication concepts.
• Learn how to apply Agile communication concepts to audit and what doing so means to the team.

Tracie Marquardt owns Quality Assurance Communication. A leading audit communication specialist, she partners with global internal audit clients to ensure their teams deliver better audit results and more added value to stakeholders. Her strategic yet practical approach includes understanding how perception of the world impacts communication, how building strong trustful relationships is mandatory to success, and how incorporating pull marketing concepts helps persuade stakeholders to action. A Deloitte alumnus, Marquardt was an internal auditor in Canada before spending 10 years in the financial industry in the U.S. She has presented at major audit conferences in both Europe and the U.S.

Burke Willis
Specialist Leader
Deloitte & Touche LLP
USA

Deanna Caruso
Audit Manager
General Motors
USA

Ali Rana
Audit Tools Manager
General Motors
USA

Colin Loomis, CISA, CISSP
Senior Manager
Deloitte & Touche
USA

In an interactive session using role play, attendees will see what it feels like to work in an internal audit function trying to learn and implement Agile principles and methods. The session will begin with a brief overview of Agile and one organization’s journey adopting it, then move quickly on to three scenarios based on actual challenges encountered. Each scenario will conclude with a debrief and Q&A.

In this session, participants will:

• Learn about common challenges faced by an internal audit function implementing Agile.
• Develop their own views about how to tackle these challenges.
• Share their opinions via real-time polling and see and evaluate results from the group.
• Learn how the co-presenters’ organizations solved these challenges.

Burke Willis is a specialist leader for Deloitte Risk & Financial Advisory. With strong coaching, facilitation, and leadership skills, and 25+ years of experience helping organizations analyze and improve performance, he transforms traditional internal audit groups into well-functioning Agile teams. An extensive background working on and leading IT-enabled business transformation projects as both an external consultant and internal technology manager at Fortune 500 companies has enabled Burke to anticipate needs and steer organizations through their transformation journeys to achieve higher-quality, more risk-focused, and more efficient audits, as well as increased satisfaction and perception of value from both business stakeholders and audit staff.

Deanna Caruso has more than 17 years of experience in external audit, corporate accounting, operational finance, and internal audit. She is currently an audit manager in the corporate functions, financial audit, and anti-fraud service line of the internal audit group at General Motors (GM). She is responsible for overseeing the execution of internal audits, consultative reviews, and special projects. Prior to her work at GM, Caruso spent more than seven years at Deloitte in audit and enterprise risk services as an external auditor focused on both manufacturing and automotive retail clients.

Ali Rana focuses on improving how data, technology, and GRC tools support the audit function as a manager in General Motors’ audit services group. He has 15+ years of internal and external audit experience, evaluating risks and controls associated with critical business processes and IT systems. Having held people-leader roles and interacted with audit/compliance functions in Fortune 500 companies, Rana has a unique perspective on audit transformation and adopting practices to position internal audit as a value-added partner. Most recently, he has been involved in several optimization projects within the audit groups at United Airlines and General Motors, with a focus on adopting agile practices.

Colin Loomis is a senior manager within risk and financial advisory at Deloitte with more than nine years of internal audit experience. His focus is on leading audits over areas such as cyber, SOX, and SAP. Additionally, he has supported teams on digital finance transformation with RPA implementations. Throughout his career, Loomis has served numerous Fortune Global 500 companies in the automotive, manufacturing, and technology industries. He also completed a two-year secondment with Deloitte Belgium.

Marinus Hommes, CPA
Lead Partner, Risk & Compliance
RSM
NETHERLANDS

Lotte Schieving
Privacy Officer
Municipality of Deventer
NETHERLANDS

Many projects in the public domain innovate with smart digital solutions to create new standards for sustainability and mobility, or new economic opportunities. These innovative projects require cooperation between partners, suppliers, clients, and the government. Governments often serve as suppliers of vast collections of personal information, but also have their responsibilities to the public.

In this session, participants will:

• Discuss the cornerstones for successful and innovative privacy by design.
• Learn tips for embedding appropriate privacy protection.
• Understand how to incorporate privacy into a robust design to build successful public innovative projects without setting unnecessary restrictions on public innovation.
• Hear about lessons learned in some larger projects.

Marinus Hommes is a partner and risk advisory lead for RSM in The Netherlands. He has more than 25 years of experience as senior audit partner, IT audit partner, and risk services partner. Prior to RSM, Hommes established his own consulting firm and worked at Deloitte and PwC in the international practice. His current advisory and assurance projects are mainly in the fields of security and privacy and related compliance and legislative standards; these projects include ensuring logistics services security for a large defense industry program across Europe; providing data protection services for several local governments and organizations; and serving as ISO27000 lead auditor for several clients.

Lotte Schieving is a privacy officer for the Municipality of Deventer in The Netherlands. In this role, she implements privacy by design frameworks in public organizations. Her experience encompasses privacy risk assessments and internal auditing. She previously worked as a privacy officer for the Dutch Council for Refugees and as a legal advisor for the Dutch Public Prosecutor’s office.

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA
President and Chief Executive Officer
The Institute of Internal Auditors Inc.
USA

The 2020s will almost certainly pose significant new challenges and opportunities for internal audit. Risks are evolving at an unprecedented rate, and internal auditors at all levels must prepare for what lies ahead. It’s often said that the best way to predict the future is to study the past. We must look where we’ve been, where we are now, and, importantly, where we are headed. Our mission is to determine how we will get there.

In this session, participants will:

• Understand the rise of “Uber” auditing, whereby practitioners with specific skills offer their services through short-term, on-demand contracts.
• Assess the increasingly significant role of data ethics and artificial intelligence governance in how work gets done.
• Recognized today’s young internal auditors as tech-savvy, tech-fearless, and motivated to integrate technology into audit and governance strategies.
• Discover how internal audit is advancing beyond the “bean counter” stereotype by addressing emerging risks, embracing technology, and providing insight and foresight.
• Gain insight into how internal audit serves both the public interest and the organization by supporting good governance.

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board. Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Today ranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of Corporate Directors (NACD) as one of the most influential leaders in corporate governance. In 2016, Chambers was honored by American City Business Journals’ Orlando Business Journal as a top CEO of the Year. Chambers is an award-winning author, writing The Speed of Risk: Lessons Learned on the Audit Trail, 2nd Edition (2019), Trusted Advisors: Key Attributes of Outstanding Internal Auditors (2017); and Lessons Learned on the Audit Trail (2014), which is currently available in five languages.

Moderator:
Scott Norton, CPA
Senior Vice President, and Head of Internal Audit
Bayview Asset Management
USA

Scott Norton joined Bayview Asset Management in 2018 as senior vice president and head of internal audit. He was previously the chief auditor for BankUnited Inc., a publicly traded bank holding company with more than $30 billion in assets. Norton began his career as an external auditor for PricewaterhouseCoopers and later held executive positions in the consulting divisions of both Grant Thornton and Protiviti. He serves on the board of The IIA’s Miami chapter.

---

A. The Value Audit Engagement Report: Is It a Matter of Culture?

Verra Marmalidou
Director, Internal Audit
National Bank of Greece
GREECE

The audit engagement report reflects internal audit’s work and opinion. But do auditors really know how their message is received by key recipients and if the objectives have been accomplished? Why is the report so important? What makes it relevant? Is culture related to the report? How should the report be structured? Are key report elements based on IIA Standards? How can we use tools to conclude the report objectively?

In this session, participants will:

• Distinguish between relevant and irrelevant audit reports, a long report and a short one, and a modern report and an outdated one.
• Learn how technology can help produce a relevant audit report.
• Describe audit findings, perform root cause analysis, and follow a principles-based framework for expressing the audit opinion using a tool.
• Develop ideas for reporting on the risk and control culture.

Verra Marmalidou is chairman of IIA–Greece and a board member of the ECIIA. She works at National Bank of Greece Group as internal audit director. Marmalidou has been involved in the implementation of audit tools and modern audit techniques as well as internal quality assessments. She was project manager for implementation of the COSO Internal Control framework and GRC platform used by the bank’s three lines of defense.

---

B. Storytelling via Digitized Audit Reports

Larry C. Herzog Butler, CIA, CRMA, CPA, CGMA, CRISC
Senior Director, Internal Audit
Delivery Hero SE
GERMANY

Some audit reports are prepared in Word. Some in PowerPoint. How engaging are these reports to executive management and the audit committee? This session explores how a small internal audit function’s use of storytelling to digitalize its reports resulted in greater engagement and collaboration.

In this session, participants will:

• Distinguish between the various internal audit reporting needs of stakeholders.
• Understand the power of storytelling through audit engagement and audit committee reports.
• Learn how to begin to develop dashboards that engage stakeholders.
• Develop ideas for audit reporting via digital formats.

Larry C. Herzog Butler is senior director of internal audit for Delivery Hero SE, a company that in 2017 completed one of Europe’s most successful IPOs. Formerly with Deloitte & Touche, he has 20+ years of experience providing audit, compliance, business process improvement, enterprise risk management, and advisory services. His background encompasses planning and executing internal audits and Sarbanes-Oxley engagements, reporting to audit committees, managing key stakeholder relationships, training audit staff, and strengthening internal controls over financial reporting. Butler has volunteered extensively with The IIA, including formerly serving as president of IIA–Los Angeles and currently sitting on the chapter’s Board of Governors.

---

C. Trail Blazers Use Technology to Their Advantage

Colleen Knuff
Senior Director, Product Management
Wolters Kluwer - TeamMate
CANADA

Standard practice — wait until fieldwork is done, then write the report. What if you could continuously report your findings to management, collaborate on their responses, track how your communications change over time, and publish at the end of fieldwork? Agility in reporting requires rethinking how we communicate what we know and when. It also requires us to leave our biases at the door.

In this session, participants will:

• Learn why continuous delivery of findings and collaboration on responses creates speed to delivery.
• Discover why giving stakeholders direct access to findings promotes an "anytime, anywhere" approach to communication and collaboration.
• Understand how real-time reporting can only be achieved if we stay away from secondary tools.
• Identify the benefits of natural language processing (NLP) assistance, especially sentiment analysis, when editing audit reports to ensure our message matches our data.

Colleen Knuff has served as a product manager for TeamMate software for almost 20 years. Her focus is to ensure the needs of assurance professionals are met while delivering value based on professional standard requirements, changes to technology, and internal auditor feedback globally. She leads a global product management team focused on innovative solutions to real market problems, with heavy emphasis on voice of customer, contextual design, and user observation. Previously, as internal audit senior manager with PricewaterhouseCoopers, Knuff worked on a wide variety of internal audit projects, including strategic business processes, operational audits, IT audits, outsource vendor audits, and business operations, across multiple clients.

Moderator:
Larry Harrington
Retired Chief Audit Executive
Raytheon
USA

Panelists:
Valentina Kostenyuk
Senior Lead Internal Auditor
Avangrid Renewables
USA

Jingwen (Grace) Wu
Risk & Governance Compliance Officer
Silicon Valley Bank
USA

Puja Shah, CIA, CCSA, CFSA, CRMA
Executive Director
UBS
USA

In support of The IIA’s diversity goals, this panel of three female professionals — facilitated by former Chairman of the Board Larry Harrington — will discuss how to generate influence, manage across generational gaps, and promote diversity to propel the next generation of internal auditors. The panelists come from different cultures and levels of experience, but possess a shared background in internal audit and a passion for the profession.

In this session, participants will:

• Learn how to manage by influence and cross-directionally (managing up/down, peer, etc.).
• Hear tips for overcoming generational gaps to develop, motivate, and manage emerging leaders and millennials.
• Discover how to promote diversity in their team and work with gender/culture/age bias.

Larry Harrington was chief audit executive at Raytheon Company from 2004 until his retirement in 2018. Previously, he was CAE at several Fortune 250 companies and served as a vice president within finance, human resources, and operations. Harrington has volunteered with The IIA for 30+ years, serving as president of the Greater Boston chapter, co-chair of the International Conference in Boston, and chairman of both the North American and Global boards. He was named to the American Hall of Distinguished Internal Audit Practitioners and received the Victor Z. Brink Award for Distinguished Service. Harrington has spoken on internal auditing, leadership, career development, and diversity and inclusion in 30+ countries.

Valentina Kostenyuk is a lead/senior auditor at Avangrid Renewables. Her nine years in internal audit have focused on operational auditing and SOX compliance across all segments of the energy industry. Passionate about the profession, Kostenyuk was featured in Internal Auditor magazine’s “2015 Emerging Leaders.” She served as president of IIA–Portland and is currently the district representative for the West District chapters. As chair of the North America Emerging Leaders Task Force, she is spearheading the development of a national mentorship program for young professionals in The IIA. Kostenyuk has been a speaker/facilitator at numerous IIA events.

Jingwen (Grace) Wu has nearly seven years of internal audit and compliance experience. She is a compliance manager in the corporate compliance and risk and governance group at Silicon Valley Bank. She was previously a senior auditor at eBay and an advisory consultant at Deloitte & Touche LLP, serving financial services, energy, and high-tech clients. Passionate about volunteering, Wu has served as chair of The IIA’s Emerging Leaders Task Force, currently serves as president-elect of IIA–San Jose, and was recently elected to The IIA’s NA Advocacy Committee. She speaks frequently at company and industry events.

Puja Shah has 10+ years of internal audit experience, emphasizing financial, operational, and risk audits and regulatory compliance for financial institutions. Currently an executive director at UBS, she has performed risk assessments, risk and control testing, issue validations, and continuous monitoring; mapped to regulatory expectations; escalated findings to senior management; and produced value-added reporting for key stakeholder decision-making. Shah earned IIA–Chicago’s William C. Anderson Member of the Year Award in 2017 for outstanding volunteer contribution to the chapter and dedication to the internal audit profession. She serves on the IIA–Chicago Board of Governors and is chair of the Next Gen Advisory Group.

Mónica Ramírez Chimal
Compañero
Asserto RSC
MÉXICO

Beyond an Episode of CSI: Fraud Threat

Mónica Ramírez Chimal
Partner
Asserto RSC
MEXICO

La realidad mundial muestra que, independientemente del tamaño y tipo de empresa, los casos de fraude continúan prevaleciendo. Las razones son muchas y variadas; sin embargo, tienen un denominador común: debilidad en los controles. Ninguna empresa es inmune al fraude, y su impacto puede ser devastador. La auditoría interna es clave para prevenir el fraude, pero primero, los auditores internos deben estar capacitados. ¿Tiene su empresa los controles correctos en su lugar?

En esta sesión, los participantes:

• Definirán y explicarán  fraude para aplicar ese conocimiento.
  
• Analizaran casos internacionales de la vida real utilizando pistas y evidencia.
• Reconocerán las banderas rojas y el perfil del estafador.
• Revisaran e identificaran controles prácticos, claves y efectivos para incluir en el programa de auditoría para poder minimizar el riesgo de fraude.

Mónica Ramírez Chimal es una capacitadora internacional bilingüe (español-inglés) y oradora, que presenta sobre la lucha contra el lavado de dinero, prevención de fraude, riesgos y auditoría interna. Ella ha presentado en México, Estados Unidos, República Dominicana, Dubai, Brasil, Argentina, Uruguay y Panamá ante audiencias de más de 10 a 350 personas. Solo para un cliente, ha impartido más de 100 talleres contra el lavado de dinero. Chimal es autora de tres libros y ha publicado varios artículos para revistas internacionales. Actualmente es socia de Asserto RSC, así como miembro de la Junta Asesora de la Sociedad de Ética y Cumplimiento Corporativo (SCCE) y miembro del grupo de panelistas de GLC Europe Blog.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

Part 2 will be held at the same time as other concurrent sessions on Monday, July 20th, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Monday.

This Part 2 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 2 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 2 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 4.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 2 (upon release).  A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Managing the Internal Audit Activity
• Planning the Engagement
• Performing the Engagement
• Communicating Engagement Results and Monitoring Progress

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.  

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

A. Embracing the Fundamentals: Identify a Risk

Bradley Carroll, CIA, QIAL, CFSA, CRMA, CPA, CFF
Principal, Risk Advisory
Frazier & Deeter
USA

Agile, RPA, data analytics, big data — the vocabulary of today’s auditor contains lots of buzzwords. While growth and new directions are must-haves, the basics cannot be sacrificed. This presentation will explore what too many auditors today rush through and get wrong — risk assessment vs. control evaluation. We will discuss what is a risk and what is a control failure through practical examples and feedback.

In this session, participants will:

• Understand how to identify a risk.
• Distinguish between a risk and a lack of a control.
• Define inherent vs. residual risk.
• Learn the 5Cs of internal audit and how they relate to risk identification.
• Discover a methodology for drilling down to the real risk.

Bradley Carroll held internal audit positions with $990M Central Bank, Carter’s Childrenswear, and $72B Wachovia Bank early in his career. He then started and sold a CPA practice before returning to internal audit as the first CAE of $5B State Bank Financial Corporation, where he developed a risk-based methodology, staffed the department, automated workpapers, developed KPI dashboards for audit committee reporting, and became heavily involved in using data analytics. Carroll is currently a principal in the process, risk, and governance department with Frazier & Deeter as their financial services practice leader. He also serves on The IIA’s Financial Services Advisory Board and has given presentations at numerous conferences.

---

B. Are Internal Auditors Tackling the Right Risks?  The Case of the Audit of Strategy

Matej Drašček, CIA, CRMA
Chief Internal Auditor and
Chief Audit Executive
LON Bank
SLOVENIA

Internal auditors often lack tools and methodologies to audit their organization’s strategy development and implementation. By understanding the competencies needed to tackle a strategy audit, internal audit can help improve governance, risk management, and internal controls in their organization’s strategic management process. This presentation will focus on the importance of strategic risks; how to audit strategy development and implementation; and the main risk in strategy development and implementation.

In this session, participants will:

• Understand the importance of strategic risk in relation to other risks.
• Develop a four-step process for strategy development and implementation.
• Gain tools and methodologies for auditing strategy development and implementation.

• Discover the main risks of each step of strategy development and implementation.

Matej Drašček is chief audit executive for a regional retail bank in Slovenia. In addition to having served as a teaching assistant and guest lecturer for several universities and faculties, he has published numerous professional and scientific international articles on internal audit, human resources, business ethics, and strategic management. Drašček has spoken at domestic and international conferences, presenting new tools and insights in internal audit, strategic management, and ethics. He won The IIA’s William S. Smith Award for highest score in the CIA exam.

---

C. How to Audit Your Outsourced Arrangements

Neil Macdonald
Director
Technology4Business Ltd
UK

The session will explore the dynamics of an outsourcing arrangement and highlight common mistakes and risks. We will also highlight the challenges faced when the arrangements involve both EU and non-EU firms (whether as clients or as outsourced providers). Finally, the session will explore effective governance structures over outsourcing arrangements, along with a proven approach to successfully auditing outsourced arrangements.

During this session, participants will:

• Identify the risks of outsourced arrangements along with the different dynamics and priorities at play.
• Learn how to effectively approach an audit of an outsourcing arrangement.
• Gain the confidence to tackle an outsourcing audit.

Neil Macdonald has 20+ years of internal audit and cross-sector experience in banking, insurance, and financial services, working for high-profile firms such as AXA, Deutsche Bank, and the Bank of England.  Having also worked for an outsourcer, he is able to provide unique insight from “both sides of the fence.” As head of internal audit for a market-leading insurer with turnover of £400m, Macdonald was also an “approved person” under the UK financial services regulator. He has a strong background in outsourcing and the EU regulated environment, and has undertaken audits of outsourced contracts/providers to satisfy the requirements of BaFin, the German financial services regulator.

Stefan Preuss, CISA, CRISC
Head of Tech-driven Audits
AWK Group AG
SWITZERLAND

Enrique Ferro
Head, Internal Audit IT, and Network
Swisscom AG
SWITZERLAND

This presentation will explain basic principles and terms of decision-making algorithms, introduce current use cases, and provide a short overview of legal principles in Europe and the U.S. We will also explore the challenges that decision-making algorithms can present to internal audit departments. Lastly, we will discuss how to develop an operational approach for internal audit departments to identify, assess, and audit decision-making algorithms.

In this session, participants will:

• Gain an understanding of decision-making algorithms.
• Discover basic technologies used to audit algorithms.
• Learn about guidance related to auditing algorithms.

Stefan Preuss heads the tech-driven audits and assessments department at AWK Group AG in Switzerland. He gained broad experience as IT audit manager at PricewaterhouseCoopers and as head of Swisscom’s IT audit department for many years. He specializes in auditing ICT services, with a focus on the telecommunications industry. Preuss is an expert in the development of new audit methodologies in IT-driven companies and their operationalization in business practice.

Enrique Ferro is currently head of internal audit IT and network at Swisscom AG, a telecommunication company in Switzerland. His responsibilities include planning and executing technical, compliance, and security audits in the areas of IT and network. He has 15+ years of experience in the financial and telecommunications industries as an internal auditor, risk manager, and head of business continuity management. Ferro also has expertise in implementing risk and business continuity frameworks focused on technical risks in a complex ICT environment.

Neil Frazer
Vice President, Internal Audit
Knoll, Inc.
USA

Mike Varney, CIA, CPA
Partner
Crowe LLP
USA

Crowe, in partnership with a client, will present on how to begin the process of implementing a data analytics program within your internal audit department. We will attempt to cut through the hype by utilizing a real-world case study outlining tactical steps for beginning to utilize data analytics to support internal audit activities.

In this session, participants will:

• Identify usable data within their organization to begin a program.
• Define a structured approach to starting a program.
• Determine measureable results/outcomes to define the program’s success.

Neil Frazer is an internal audit executive with 20+ years of experience in internal audit, risk management, and accounting with multinational public and private companies as well as a public accounting firm. He has an extensive background in the manufacturing and logistics industry sectors and has established and transformed audit departments in Europe and the U.S. during his career. Recently, Frazer has focused his transformation efforts on embedding data analytics and robotic process automation into both audit and business control processes to increase the effectiveness of business controls and the coverage of audit activities in an economical manner.

Mike Varney has 20+ years of experience in internal audit, risk management, accounting, and financial reporting management with Fortune 1000 global and domestic companies as well as accounting firms. Recently, he has focused on helping clients institute data analytics programs or assess their existing programs. Varney has also participated on a team that defined Crowe’s approach to implementing and developing audit activities utilizing data analytics. His background has encompassed establishing internal audit functions, designing and executing annual audit plans, and leading business process development, including vendor management review procedures, supply chain review, data privacy, and data analytics programs. Varney serves The IIA on both local and North America committees.

Sudhakar Sathiyamurthy, CRISC, CISA, CGEIT, CIPP/US, ITIL Expert
Managing Director, Cyber
Grant Thornton LLP
USA

The convergence of rapidly emerging technologies, heightened standards/expectations, jurisdictions with complex/conflicting obligations, workforce optimization, and demand for cost reductions are redefining the international cyber compliance landscape, a trend which is expected to intensify in magnitude in the future. A pointed approach to compliance is reactionary, often failing to scale to international standards for cyber compliance. Compliance modernization helps navigate risks/opportunities and manage international cyber compliance standards effectively.

In this session, participants will:

• Examine compliance modernization from governance, process, and technology standpoints.
• Identify factors that define cyber compliance modernization and the operating model for driving efficiencies.
• Explore practical considerations and real-life case studies for transforming cyber compliance operations through robotic process automation (RPA).
• Build a business case and blueprint for employing automation in the cyber compliance framework to drive value.

Sudhakar Sathiyamurthy is an experienced leader with wide-ranging global experience in helping organizations and risk leaders plan and execute on their digital and cyber risk goals and strategies. His leadership in risk advisory spans more than 14 years. Sathiyamurthy has a track record of excellence in building new market offerings on cyber risk strategy and transformation, privacy and data protection, and risk tech strategy and automation; serving clients with nimble and practical cybersecurity solutions; and growing business through standing-up new service capabilities and scaling-up existing capabilities.

Moderator:
Steve Roth, CIA, CPA
Vice President, Internal Audit, and ERM
Norwegian Cruise Line
USA

Steve Roth has 27+ years of internal and external auditing experience. During his tenure with Prestige Cruise/Norwegian Cruise Line, he has held the roles of vice president, senior director, and key ethics contact, overseeing development of the internal audit function, SOX compliance program, and ERM efforts. Previously, as creator of Audit Assessment Group, Roth conducted 25+ assessments of internal audit activities nationwide and led internal audit functions on an interim basis. Prior, as internal audit manager at Royal Caribbean Cruises, he helped establish a nationally recognized audit department. Roth began his career at Deloitte & Touche as a senior financial auditor. He currently serves on the board of IIA–Miami and as an adjunct professor at Florida International University.

---

A. Root Cause Analysis for Internal Audit: A Key Tool for Delivery of Insight

James C. Paterson, CIA
Director, Author
Rick & Assurance Insights Ltd.
UK

Being able to deliver insight and foresight is now a requirement for internal audit. A key tool for delivering insight is to use effective root cause analysis, and most auditors will be confident they are able to do this. This session will include a few pointers to determine whether you are on the right track. 

In this session, participants will:

• Know the difference between immediate, contributing, and root causes.
• Discover both the power of the 5 whys technique and its fundamental shortcomings; understand that 5 whys and 2 legs should always be the minimum analysis.
• Gain insights into the fishbone technique and the main categories of root cause.
• Identify “just culture” and be able to explain why “people,” “tone at the top,” and “culture” are not proper root causes.
• Understand why effective root cause analysis should be done during an assignment (and not left until the end) and why it may speed up assignment delivery.

Sriram Padmanabhan, QIAL, CA, CISA
Chief Auditor, Technology
Citi
USA

Heather Haboush
Chief Auditor
and Chief Operating Officer
Citigroup
USA

Join us for a unique opportunity to discuss diversity and inclusion (D&I) in the workplace. During the session, speakers will touch on the benefits of increased D&I on individuals and the organization, and will offer concrete and actionable solutions to create and sustain a diverse and inclusive culture.

In this session, participants will:

• Uncover the benefits of a more diverse and inclusive work environment.
• Discuss how Citi and Citi’s internal audit team are fostering D&I.
• Explore ideas and methods on how to increase D&I at any organization or team.

Sriram Padmanabhan sets overall strategic direction for Citi’s technology audit function and is responsible for audits of Citi’s data quality program. Padmanabhan, a member of Citigroup’s internal audit executive management team, leads a team of approximately 200+ audit professionals based across 26 locations. Previously, he was regional head of audit for Middle East and Africa at Standard Chartered Bank (SCB). In addition to internal audit, Padmanabhan had leadership roles in various businesses and functions such as consumer banking, operations and technology, finance, compliance, and risk, and he worked in many countries; he was also chair of the audit committee for an SCB subsidiary.

Heather Haboush brings 25+ years of financial services industry experience to her role as head of strategy for internal audit at Citigroup. She is responsible for developing and executing internal audit’s multi-year strategy, including regulatory engagement and emerging risks. Haboush previously drove process improvements and efficient deployment of internal audit resources as COO for internal audit. Prior, as finance lead for Citi’s global functions, including finance, risk, legal, HR, compliance, and internal audit, she spearheaded numerous global projects that increased efficiency and supported finance transformation initiatives. Haboush also served as head of planning, responsible for Citi’s multi-year strategic plan. Her background includes investment banking and strategic planning for an internet startup.

Diego Calderón, CIA, CFE
Director Senior de Auditoría y Gestión de Riesgos
Flexionar
MÉXICO

Case-based Learning: Agile Auditing: A Journey

Diego Calderon, CIA, CFE 
Senior Director, Audit and Risk Management 
Flex
MEXICO

Auditoria ágil, RPA, análisis de datos, big data: estas son algunas de las palabras de moda en el vocabulario de un auditor. Si bien el crecimiento y las nuevas direcciones son imprescindibles para el auditor de hoy, lo básico no puede ser sacrificado. Demasiados auditores no comprenden las diferencias entre una evaluación de riesgos y una evaluación de control. Esta presentación utiliza ejemplos prácticos y comentarios para demostrar qué es un riesgo y qué es una falla de control.

En esta sesión, los participantes:

• Comprenderán cómo identificar un riesgo, y también cómo distinguir entre un riesgo y la falta de control.
• Definirán el riesgo inherente versus el riesgo residual.
• Revisaran las 5 C’s de la auditoría interna y cómo se relacionan con la identificación de riesgos.
• Aprenderán una metodología para profundizar y llegar a identificar el riesgo real.

Diego Calderón es un Ejecutivo de Auditoría Interna con más de 20 años de experiencia en liderazgo y cumplimiento de auditorías en entornos globales y multiculturales. Ha proporcionado garantías y asesoramiento sobre informes contables y financieros, controles internos, gestión de riesgos en toda la empresa y operaciones dentro de las corporaciones Big Four y Fortune 500. Calderón tiene experiencia en fabricación, junto con una amplia exposición internacional en diferentes geografías e industrias, trabajando con diversos equipos globales. Su experiencia abarca la transformación de la auditoría, la mejora continua y la implementación de las mejores prácticas de auditoría centradas en la eficiencia, el análisis de datos, el aseguramiento integrado y la gestión de riesgos empresariales.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

Part 2 will be held at the same time as other concurrent sessions on Monday, July 20th, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Monday.

This Part 2 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 2 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 2 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 4.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 2 (upon release).  A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Managing the Internal Audit Activity
• Planning the Engagement
• Performing the Engagement
• Communicating Engagement Results and Monitoring Progress

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.  

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

A. Building an Adaptive, Risk-based Global Cybersecurity Audit Program

Jared Henderson, CIA, CISA, CISSP, GPEN
Audit Director, IT
AIG
USA

AIG faced many challenges in building a global cybersecurity program that would focus on risk, satisfy board and management expectations, and comply with the growing number of cybersecurity regulations being implemented in the 80 countries and jurisdictions in which the company maintains operations. By implementing an adaptive, risk-based program focused on prioritizing control areas based on actual data breaches, AIG has elevated its cybersecurity audit program to new heights.

In this session, participants will:

• Identify organizational and regulatory expectations for implementing a global cybersecurity audit program.
  
• Learn how to evaluate their organization to determine program scope and resource requirements.
• Explore the challenges of satisfying a growing number of stakeholders globally while managing resources and costs.
• Understand how to implement an adaptive, risk-based cybersecurity audit program.

Jared Henderson is a cybersecurity professional with 15+ years of experience in IT and nine years of experience in internal audit. Having served in multiple technical and leadership roles, he has a broad background in building and executing IT and cybersecurity audit programs for multinational organizations. As a security consultant and penetration tester, Henderson helped organizations identify security weaknesses in their cyber defenses. As an internal auditor, he has built cybersecurity audit programs to identify weaknesses in cyber processes, with a focus on addressing risks, complying with international regulations, and providing valuable insight to organizational stakeholders.

---

B. Practical Approach in Auditing Information and Cybersecurity

Kaveh Rikhtegar, CIA, CPA, CA, CISA
Director, Internal Audit
Canadian Red Cross
CANADA

In recent years, many organizations have experienced significant data breaches resulting in material losses and reputational damages. These incidents are difficult to anticipate and measure, which makes a well-designed and effectively operating risk assessment, due diligence, and monitoring process and controls that have been independently assessed by an internal audit department even more critical in helping to ensure confidentiality, integrity, and availability of information in alignment with legislation and best practices.

In this presentation, participants will:

• Understand and identify key challenges in running an information and cybersecurity risk-based audit.
• Hear about typical activities related to auditing information and cybersecurity.
• Discuss typical observations around auditing information and cybersecurity.

Kaveh Rikhtegar has worked and been involved as a director with internal audit, controls, and governance related matters in both the public and private sectors for the past 20 years for organizations such as Deloitte, Canada Post, and Office of the Auditor General of Canada. He is currently leading the internal audit department for the Canadian Red Cross.

---

C. Six Simple Steps to Stop the Most Common Internet Attacks From Hackers

Peter Hughes
Assistant Auditor-Controller
County of Los Angeles, Department of Auditor-Controller
USA

Robert Campbell, CIA, CRMA, CFE
Chief, Office of County Investigations
County of Los Angeles, Department of Auditor-Controller
USA

All auditors know that their internet is subject to hacking, but few know exactly how easy it is for hackers to penetrate the most common vulnerabilities of any network, or how easy and effective the ‘counter-defense’ or ‘antidote’ is to implement. Recent breeches will be examined and a hack attach will be simulated, providing hands-on exposure to the most common hacker schemes in real-time.

In this session, participants will:

• Learn how to identify the three most common vulnerabilities of the typical network.
• Understand a proven approach for countering the hacker schemes most frequently used to penetrate networks.
• Get tips for customizing, promoting, and implementing a proven training program that includes ongoing compliance testing conducted via simulated and controlled hacks.

Dr. Peter Hughes, Assistant Auditor-Controller/CAE for Los Angeles County, oversees 150 auditors. Peter was the controller at Caltech, assistant controller at CBS, and director of internal audit at Orange County, Caltech, NASA’s Jet Propulsion Lab, and the Oregon University System. His transformation of Orange County’s audit committee and internal audit activities into world-class leaders played a key role in its unprecedented recovery (OC is now triple A rated) from the largest municipal bankruptcy in the country’s history. He serves on IIA’s Public Sector Audit Committee and was the 2010 AICPA’s CPA of the Year.

Robert Campbell is chief of the Office of County Investigations for Los Angeles County (LAC). He leads a staff of 30 law enforcement professionals in administering the countywide fraud hotline and conducting criminal and administrative investigations of waste, fraud, and abuse. Campbell also has extensive experience in information security and privacy matters and formerly directed LAC's HIPAA compliance program. He is president of The IIA's Beach Cities Chapter in Long Beach, California, and a frequent speaker at IIA conferences.

Gil Ber, CIA, CPA, CRISC
Chief Audit Executive
EL AL Israel Airlines
ISRAEL

This presentation will center on creativity and innovation in internal audit and their influence on the future of the profession in coming years. The session will introduce new ideas and insights that may have not been heard in the context of internal audit, including the impact of the evolution on internal audit, AX, behavioral audit, wisdom of the crowd, and using TED principles in audit.

In this session, participants will:

• Discuss examples of innovation and creative thinking in audit.
• Gain practical tools for achieving creativity and innovation in audit.

Gil Ber is vice president and chief audit executive of EL AL Israel Airlines. He has more than 20 years of experience in internal and external audit, risk management, SOX implementation, and fraud investigation in various sectors. In addition to his work at EL AL, he lectures in Israel (at Ben Gurion, Tel Aviv, and Haifa Universities) and globally (at industry conferences). Ber also serves on several IIA–Israel committees and is a volunteer member of the audit and risk management committee of the Israel Foundation for Handicapped Children. Prior to EL AL, he was a partner at Ernst & Young Israel.

Adil Buhariwalla, CIA, CRMA, FCA, CFE, CT31000
Partner, Internal Audit & Risk
UHY James Management Consulting
UAE

The world of artificial intelligence (AI) is broadly divided into four groups: (a) those who extol its virtues; (b) skeptics; (c) those who predict AI doomsday scenarios; and (d) those who are AI Ignorant. This presentation will delve into the perspectives of experts and internal auditors in each of the four groups, as well as what internal auditors must do to survive in the AI era.

In this session, participants will:

• Explore and challenge the perspectives of experts and internal auditors in groups (a), (b), and (c) and their influence on internal auditors.
• Discuss the pros and cons of AI from the internal auditor’s point of view.
• Gain insights into what internal auditors need to do to co-exist with AI and survive in the AI era.

Adil Buhariwalla has extensive experience in internal auditing, risk management, and corporate governance. Prior to joining Crowe as an internal audit and risk advisory partner, he worked at Emirates Group for almost 29 years, lastly as vice president of internal audit. Currently an executive member on the board of The IIA–UAE Chapter, he was a founding member and president of The IIA–Dubai Chapter, as well as vice chairman of The IIA’s Internal Audit Standards Board. Buhariwalla was the only review team member outside of North America and Europe for the rewrite of Sawyer’s Internal Auditing. He has consistently been voted among the top speakers at national and international conferences.

Renato Trisciuzzi, CIA, QIAL, CCSA, CRMA, CPA
Chief Audit Executive
Transpetro
BRAZIL

Ricardo Gomes Calheiros
Internal Audit Coordinator
Transpetro
BRAZIL

Renata Noronha
Internal Audit Manager
Transpetro
BRAZIL

This session will present a case study of how an organization assessed the maturity of the enterprise risk management process based on best practices for data collection, auditee interaction, answer and document evaluation, and communication. We will share how we combined many models (COSO ERM, ISO 31000:2009, Orange Book, IIA practice guide, local guides) to create our model, which features 30 items grouped into four dimensions (Environment, Process, Results, Compliance).

In this session, participants will:

• Hear some examples of best practices and common mistakes for each dimension of the ERM process.
• Understand how to create their own model.
• Identify strategies for assessing the maturity of the ERM process, quantifying the results, qualifying the practices, and promoting changes.

Renato Trisciuzzi has 25 years of experience in internal and external audit with Deloitte, Santander, Vivo, Ficap, Embratel, Invepar, Walmart, and Petrobras Transporte S/A. As chief audit executive at Transpetro, he leads at team of 40+ auditors. He has also taught university courses in international accounting, ethics, audit, and accounting theory. Trisciuzzi serves on the International Internal Audit Standards Board; he was previously a member of The IIA Global Board of Directors, past chairman of the board of IIA–Brazil, and a member of the Fundación Latinoamericana de Auditores Internos Board of Directors. Trisciuzzi has spoken at 30+ events in more than eight countries.

Ricardo Gomes Calheiros launched his career at the Brazilian Air Force, where he developed a passion for compliance and risk assessment. To acquire further knowledge of the field, he transitioned from the military to internal auditing, where he has worked for almost 10 years as a corporate and finance internal audit coordinator at a downstream oil and gas company. Believing that a well-designed enterprise risk management process is key to a value-driven business, Calheiros coordinated efforts to assess his company’s ERM maturity.

Renata de Faria Noronha has 12 years of experience in audit. She currently manages a team of 10 auditors for a major oil and gas company in Brazil, with a focus on financial and corporate audits.

Moderator:
Patricia Miller, Owner
PKMiller Risk Consulting
USA

Patty Miller is the owner of PKMiller Risk Consulting, LLC and has significant management and consulting experience. In her 14 years with Deloitte, she served as the lead risk services partner on significant technology and consumer clients. Her many IIA volunteer roles have included Chairman from 2008–09, executive committee member, and Chair of the Standards Board. She is a frequent speaker and trainer, and has led and co-authored research projects for The IIA. Miller is the recipient of the William G. Bishop III Lifetime Achievement, Victor Z. Brink, and American Hall of Distinguished Audit Practitioners Awards.

---

A. Using Ethical Dilemmas to Deliver Value to Your Stakeholders

Joy Gray
Internal Auditing Education Partnership (IAEP) Coordinator, Lecturer
Bentley University
USA

In this interactive, case-based session, participants will examine difficulties associated with applying ethical principles in common business situations, and examine strategies for communicating their personal ethical (moral) values in a constructive, persuasive manner. Using live polling technology, we will present several scenarios where personal ethics play a role, examine various responses, and discuss how to react and persuade others who may have different ethical values.

In this session, participants will:

• Analyze several business situations to identify their ethical beliefs related to each situation.
• Evaluate the context of these business situations.
• Construct a list of potential objections to their desired ethical response.
• Prepare a strategy for responding to these potential objections.

Joy Gray lectures in the department of accountancy and serves as IAEP coordinator at Bentley University. Her teaching experience includes courses in internal auditing, IT audit, financial auditing, forensic accounting, and introductory financial/managerial accounting. She is also active in research on topics related to IT audit and data analytics. Gray previously served in both supervisory and staff positions at OSRAM Sylvania, Lockheed Martin, and General Electric. Her responsibilities included establishing a new internal audit department, serving as project leader for SAP-related audit activities, and conducting both domestic and international internal audits. She also worked as a contract Sarbanes-Oxley consultant through Robert Half.

---

B. Examining the Myths of Business Ethics: Do Internal Auditors Fall Prey to Them As Well?

Matej Drascek, CIA, CRMA
Chief Internal Auditor and
Chief Audit Executive
LON Bank
SLOVENIA

Ethics represents a cornerstone of internal auditing, not only as a profession but also as providing assurance of an organization’s ethical practices. With recent corporate scandals and low public trust in corporations, internal auditors should take a step back and look at tacit truths/ common myths about business ethics and whether they are indeed helping organizations to become more ethical. This presentation will draw on different research, with emphasis in behavior ethics.

In this session, participants will:

• Distinguish between actual truths and myths about business ethics, including the code of conduct supporting ethical behavior; the compliance program helping the organization become more ethical; whistleblowing tools reducing the risks of unethical behavior, etc.
• Explore tools for enabling better auditing these myths and mitigating related risks.
• Discuss ideas to help their organization become more ethical.

Matej Drašček is chief audit executive for a regional retail bank in Slovenia. In addition to having served as a teaching assistant and guest lecturer for several universities and faculties, he has published numerous professional and scientific international articles on internal audit, human resources, business ethics, and strategic management. Drašček has spoken at domestic and international conferences, presenting new tools and insights in internal audit, strategic management, and ethics. He won The IIA’s William S. Smith Award for highest score in the CIA exam.

---

C. Fraud and Ethics: Do Generational Differences Matter?

Ann M. Butera, CRP
President
The Whole Person Project
USA

"Work hard and you will be rewarded." "Respect those with authority." As the new breed of employee joins our teams, these business values are changing fast. Raised in a disposable, technologically advanced, quantitative age, these employees have different expectations and perspectives. This interactive session will explore how generational differences affect ethical decision-making, as well as techniques you can use immediately when identifying potential fraud risk and evaluating ethical situations.

In this session, participants will:

• Understand the behavioral characteristics of three different generations in the workplace.
• Describe the impact of generational differences on fraud risk assessment.
• Explain the effect of generational differences on ethical decision making.

Ann M. Butera is president of The Whole Person Project, Inc., and an organizational development consulting firm that enables auditors to improve their organizations’ risk management practices. Known for providing practical advice with a sense of humor, she develops behavior-changing training programs for first and second line of defense and internal audit departments. Butera is a former audit committee member for a financial services firm. She frequently speaks at IIA conferences and chapter meetings, writes for Protiviti’s KnowledgeLeader column, and leads webinars. She also authored the book, “Mastering the Five Tiers of Audit Competency: The Essence of Effective Auditing.”

Els Heesakkers, CPA, CA
Senior Auditor
CZ
NETHERLANDS

Maureen Vermeij-de Vries, CPA
Chief Audit Executive
CZ
NETHERLANDS

This session will inspire CAEs and managers with new insights to substantively enhance the practice of the internal auditing profession, challenge colleagues around the world to continue furthering their professionalization, and share good practices. Attendees will learn how the Internal Audit Ambition Model (IA AM) supports the formulation of a road map to achieve stated ambitions. The model provides visual guidance for conducting regular self-assessments, facilitating communication with stakeholders, and benchmarking with peers.

In this session, participants will:

• Formulate and express their internal audit function’s ambitions on challenging themes and topics.
• Assess the current state of their internal audit function and verify its compliance with the IPPF.
• Reinvent dialogue between the CAE and stakeholders to promote the independence and performance of the internal audit function, as well as reinforce its desired ambition level and relevance.
• Measure and debate with peers, use the IA AM as a benchmark tool, and give insight into the state of internal audit.

Els Heesakkers is senior auditor of professional practices for CZ’s internal audit department. With 18 years of experience in internal audit, she is greatly interested in improving the function’s quality and added value and in increasing broader recognition of the profession. She is a member and the secretary of the Internal Audit Ambition Model (IA AM) taskforce and a member of the Benchmarking Committee of IIA–Netherlands. She presents the IA AM in IIA introductory training for CAEs new to their role, and also as a lecturer for Tilburg University’s Post Master Accountancy (PMA) internal audit program. As IA AM founder, she has introduced the model at several conferences.

Maureen Vermeij-de Vries is chief audit executive at CZ, the #3 health insurance company of the Netherlands. She entered the internal audit profession 14 years ago following nine years as an external accountant at PricewaterhouseCoopers. She is chair of the Taskforce IA AM and president of the membership group of Internal and Government Auditors of the Royal Netherlands Institute of Chartered Accountants. As a member of the board of Post Master Accountancy at Tilburg University, Vermeij-de Vries coordinates requirements for the accountant practice program and monitors quality; this role gave her the opportunity to develop an internal audit program that is included in the chartered accountant exam.

Jorge Antonio Amaya Rosado, CPA, CMA, CISA
Compañero
Auditar
ECUADOR

Transforming Internal Audit to Create Real Value (SAP Control Environment)

Jorge Antonio Amaya Rosado, CPA, CMA, CISA
Partner
AuditCaat
ECUADOR

Esta presentación lo invitará a reflexionar sobre dónde puede estar más atento para aprovechar las excepciones en la forma en que los controles SAP funcionan a nivel de objeto de la manera más diligente posible, a pesar de que dicho trabajo no es responsabilidad de la auditoría interna.

En esta sesión, los participantes:

• Comprenderán en qué parte del proceso de auditoría el monitoreo continuo puede ayudarlos a crear valor para la organización.
• Lograran una comprensión básica de cómo funciona el entorno de control de SAP.
• Determinaran dónde deben poner sus mejores esfuerzos para obtener resultados que generen valor.

Jorge Amaya es socio de AuditCaat, un proveedor de soluciones de valor agregado para mejorar la seguridad de los procesos comerciales e incorporar tecnología en las funciones de gestión de riesgos y auditoría. Contador público de profesión, sus más de 15 años de experiencia incluyen Gerente de Auditoría para PwC y líder de auditoría interna / control interno y consultor contable para Expalsa. Amaya se destaca en la identificación de áreas de mayor exposición al riesgo y en garantizar que estos riesgos no se materialicen. Participa en numerosos foros y promueve valores éticos y técnicos relacionados con la profesión de auditoría interna.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

Part 2 will be held at the same time as other concurrent sessions on Monday, July 20th, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Monday.

This Part 2 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 2 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 2 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 4.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 2 (upon release).  A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Managing the Internal Audit Activity
• Planning the Engagement
• Performing the Engagement
• Communicating Engagement Results and Monitoring Progress

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

Dan Heath
Co-author of Four New York Times Bestselling Books
USA

Why do some big changes happen easily while many small changes prove impossible? Because our mind is divided into two different systems — an analytical mind and an emotional mind — that are often in conflict, particularly in situations of change. Building on this research, and based on the New York Times bestseller, Switch, Dan Heath reveals a simple, three-part framework that will help you change things in tough times.

In this session, participants will:

• Learn where to start and what to do when they face resistance in facilitating change, whether simple or complex, in their families, businesses, and communities.
• Learn valuable tips targeted to any change leader who is struggling to make progress.
• Gain specific tools — and inspiration — needed to make change happen.

Dan Heath is a senior fellow at Duke University’s Center for the Advancement of Social Entrepreneurship (CASE), which supports entrepreneurs who fight for social good. He is the founder of Thinkwell, an innovative education company, and co-author of four New York Times bestsellers: Made to Stick, Switch, Decisive, and The Power of Moments. A former case writer for Harvard Business School, Heath was named in 2013 to the Thinkers 50, a ranking of the world’s 50 most influential management thinkers, and also to Fast Company magazine’s list of the Most Creative People in Business. He has delivered keynotes or workshops for countless executive teams across 26 countries on six continents.

A. Using Data Analytics to Position Internal Audit as a Trusted Advisor

Serhat Khan, CPA, CMA, CISA
Chief Audit Executive
National Petroleum Construction Company
UAE

Can internal audit be branded as a trusted business partner by implementing a continuous monitoring program driven by technology? Which contemporary technologies (data analytics, visual analytics, RPA, etc.) should you focus on in your organization, and how can you market efficiencies identified to improve the perception of internal audit? More than two-thirds of audit teams intend to increase their use of data analytics across all phases of audit. Is it possible to increase the use of data analytics while also cementing internal audit’s reputation as a trusted partner?

In this session participants will:

• Understand the difference between Audit 1.0, Audit 2.0, and Audit 3.0.
• Develop an understanding of the cornerstone of a successful data analytics program and available technologies.
• Appreciate the importance of branding the audit function and getting the message of being a trusted advisor to stakeholders.
• Determine mediums of marketing efficiencies identified to cement internal audit’s brand in their organizations.

Serhat Khan is NPCC’s chief audit executive. He leads a technology and data savvy internal audit team that functions as a change agent. His early roles included director of internal audit at McDermott and Chicago Bridge and Iron, where he led global teams focused on risk and process improvements. During his 18-year career, Khan has audited in 40+ countries, established audit departments in London and Dubai, and implemented data analytics, visual analytics, continuous monitoring, continuous auditing, and the deployment of RPA technologies. His fluency in four languages and knowledge of cultural nuances allows him to successfully manage international relationships.

---

B. Assurance: Analytics, AI, and Machine Learning

Jeffrey Willingham, CIA, CPA, CFE, CISA
Principal Software Engineer
Lockheed Martin
USA

Audit plan complexity combined with resource constraints require auditors to accelerate assurance practices. Enabling artificial intelligence with advanced analytics can provide real-time measurement of red-flag transactions and risk. This session will focus on a case study of analytics, including machine learning, deployed for enterprise risks and automated audits. Participants will interact and engage via live polling and discuss analytic techniques that provide deeper insight and shorten time to action.

In this session, participants will:

• Learn how to transform processes through advanced analytics and machine learning.
• Gain tools to demystify data analytics.
• Expand thinking and harness a data analytics disruptor mindset.
• Explore how technology can be enabled for enhanced risk-based assurance.

Jeffrey Willingham is a principal software engineer at Lockheed Martin Corporation with more than 20 years of experience as an internal auditor. He leads the company’s corporate internal audit data analytic team. His professional experience includes work in technology, public accounting, and the banking industry. In 2019, Willingham was selected for Lockheed Martin’s Lead and Innovate for Tomorrow (LIFT) Program, which focuses on building executive-level capabilities needed for now and in the future. He is also a guest lecturer in Rutgers University’s MBA program. He has presented at numerous company and industry events and conferences.

---

C. Auditing Bias in Artificial Intelligence Models

Arvind Mehta, CISA, C-EH, CDPPM
Vice President, IT Audit and Analytics
EXL Services, Inc.
USA

Examples of artificial intelligence gone wrong are increasingly making the headlines. A major corporation’s AI-powered CEO search showed bias against women; AI algorithms for Know Your Customer (KYC) did not yield the right results. Does this mean the promise of AI is unreal? Absolutely not. What it means is that every AI deployment must include checks, balances, and quality controls to mitigate bias before it impacts output. How can auditors ensure AI models are unbiased?

In this session, participants will:

• Learn how to determine if bias has crept into their artificial intelligence algorithm.
• Understand best practices for protecting against bias.
• Discover what they need to know about ethics and bias in artificial intelligence.

Arvind Mehta is vice president and head of audit transformation and data privacy at EXL Services Inc. As part of EXL’s leadership team, he partners with global risk and compliance executives from Fortune 500 organizations to advance analytics and robotics within internal audit. In addition to working with large financial institutions and healthcare companies to transform risk and compliance using advanced analytics, robotics, automation, and GRC platform implementations, he has helped legal and privacy teams implement FCPA, anti-bribery and corruption, GDPR, and CCPA initiatives. Mehta frequently speaks and writes for The IIA and ISACA.

Martin Rubenstein, CIA, CPA, CFE
Chief Audit Executive, Internal Audit and Accountability
Immigration, Refugees and Citizenship Canada, Government of Canada
CANADA

Having an effective role in transformation, project, and change management provides an opportunity for internal audit to move from the back room to the board room and add value to any organization. This session will illustrate Transport Canada’s innovative audit approach to providing ‘real-time’ assurance of the $1.5 billion Ocean’s Protection Plan, a transformative, multi-department, multi-stakeholder, and “nation-to-nation” multi-lateral partnership program.

In this session, participants will:

• Explore an innovative concept of providing “real-time” and “continuous” assurance and advice on soft controls such as governance, accountability, project and change management, and stakeholder engagement.
• Develop ideas, strategies, and approaches for aligning internal audit with an organization’s transformation/change agenda.
• Describe audit criteria for providing assurance of transformative programs.
• Develop innovative and agile ideas for reporting real-time results.
• Explore strategies for internal audit to be seen as a trusted advisor, obtaining and maximizing their seat at the management table and toggling between that table and the independence of the audit team.

Martin Rubenstein has 25+ years of experience in audit, evaluation, investigations, and risk-based management. He is currently chief audit executive for Immigration, Refugees, and Citizenship Canada. From 2014 to November 2019, he was CAE and senior integrity officer for Transport Canada. Rubenstein represents Canada on the Board of External Auditors for the Organization of American States. His earlier roles included CAE for Canadian Institutes of Health Research, audit manager for Foreign Affairs and International Trade Canada, and director of internal audit for Carleton University and Natural Resources Canada. Active within the local internal audit community, Rubenstein has spoken at IIA and other conferences.

Adlith Mondejar, CISA 
Risk Advisory Manager
Focal Point Data Risk
USA

Alexander Tabares, CISSP, CISM, G-CIH
Director, Threat Intelligence
Carnival Cruise Lines
USA

Donel Martinez, CISA
Risk Advisory Director 
Focal Point Data Risk
USA

Although network security has been around since the 90s and information security budgets have increased, malicious individuals continue exploiting vulnerabilities. In a data breach, can your company answer these questions? 1) Who stole the data? 2) What data was stolen? 3) When was it stolen? 4) How much of it was stolen? Your company may not have true visibility of its data lifecycle, preventing it from containing or assessing impact.

In this session, participants will:

• Learn why traditional security (i.e., perimeter, endpoint, and application controls) is not sufficient in the current environment.
• Distinguish between various types of failures in what had been regarded as effective control environment standards and best practices via real-life examples of now-infamous data breaches.
• Describe options available to solidify the control environment around data security through access control, privileged access management solutions, and database activity monitoring.
• List “minimum standard of care” based on recent court cases and regulatory settlements.

Adlith Mondejar never saw herself as an internal auditor prior to joining Focal Point almost five years ago. Today, she combines her natural aptitudes and learned skills to be a “creative” auditor who finds strategic ways to identify and manage risk across various areas of an organization. Never short of ideas, she is against the “let’s do it like last year” mentality and finds ways to improve everything she touches.

Alexander Tabares is a security and regulatory compliance professional with a wide range of security operations experience. Currently the director of threat intelligence for global information security and compliance (GISCS), Tabares has worked through all the different levels of security at Carnival Corporation, sharpening his skills with every new position. His knowledge encompasses SOX and PCI-DSS regulatory mandates, security operations, security management, vulnerability management, design-implementation, identity and access management, web application security, incident response, security monitoring and project management. He also has expertise in developing and maintaining relationships across different organizational verticals.

Donel Martinez is focused on helping IT teams overcome their struggles with compliance requirements. With his solid understanding of the challenges and rationale behind cybersecurity, data privacy, and regulatory efforts, he seeks to bridge the gap between the expectation of how to implement controls and the reality of what IT is able to execute. His mission is to help companies adjust to the constant “new normal” in compliance that is dictated by increasing regulation, digitalization, and never-ending technological advances.

Stacey Schabel, CIA, CPA, Series 6
Vice President, Internal Audit
Jackson National Life
USA

Sarah Saunders
Assistant Vice President, Internal Audit
Jackson National Life
USA

Engaging real-time, rather than looking backward, helps audit teams better protect their organizations from materializing risks and allows them to provide boards, audit committees, and other stakeholders with insight and value when it’s needed, and before problems arise. This presentation will showcase practical tools and assurance approaches used to deliver real-time insight over strategic changes, business as usual activities, and key organizational projects.

In this session, participants will:

• Become familiar with the types of assurance stakeholders value most.
• Explore how to assess and develop audit team skills and resources necessary to support conducting real-time assurance.
• Learn how to implement and amend audit methodology and reporting capabilities in support of real-time assurance.
• Discover tips and techniques for communicating methodology changes and value to management, audit committees, and other key stakeholders.

Stacey Schabel leads an internal audit team in examining and evaluating the key processes and controls supporting the North American operations of Prudential plc, including Jackson, its subsidiaries, and affiliates. She assists in protecting the organization’s assets, reputation, and sustainability by assessing and reporting on the overall effectiveness of risk management, control, and governance processes. Schabel serves on The IIA’s Global Financial Services Guidance Committee, chairs the IIA–Lansing Chief Audit Executive Engagement Committee, and presents regularly at industry conferences. She was recognized by the MICPA and AICPA as a ‘2019 Woman to Watch,’ by Digital Insurance as a ‘2018 Women in Insurance Leadership,’ and by Crain’s Detroit Business as a ‘2018 Notable Woman in Finance.’

Sarah Saunders is an assistant vice president of internal audit at Jackson, focusing on finance, financial risk, and asset management. She has 15+ years of internal audit experience within financial services and consulting. Saunders is a district advisor and member of the North American chapter relations committee for The IIA.

Moderator:
Brian Tremblay, CIA, CISA
Former Director of Audit, Acacia Communications, Inc.
USA

Brian Tremblay leads the compliance practice at Onapsis, helping customers understand and navigate the increasing overlap of compliance, cybersecurity, and business continuity related to IT general controls and regulatory/compliance matters such as SOX and GDPR. Previously, as CAE for Acacia Communications, he founded and led the internal audit function, helped prepare the organization to go public (including implementing SOX), and facilitated ERM implementation. Previously, as director of internal audit at Iron Mountain, Tremblay oversaw all audits and projects within North America as well as liaised with global quality managers. Prior, he built out an internal audit department and executed a SOX implementation at Houghton Mifflin Harcourt, and worked at Raytheon and Deloitte.

---

A. Blockchain Organizations and Impact to Internal Audit

Jared Shaw, CFA
Head of Internal Audit
Gemini
USA

Musheer Alambath
Senior Manager
EY
USA

Within the blockchain ecosystem, there exist many types of organizations that interact with the blockchain, which could be categorized within three major groups: (1) public and private blockchain providers; (2) cryptocurrency exchanges and wallet providers; and (3) blockchain technology adopters. This session aims to provide an overview of risk drivers within these different blockchain organizations and their impact to internal audit.

In this session, participants will:

• Identify key differences and similarities of the three types of blockchain organizations.
• Describe the specific risks of each of the blockchain organizations.
• Hear tips for managing internal audit challenges in these organizations.
• Develop ideas for a proactive approach to resolving challenges and being well-prepared.

JaredShaw is the head of internal audit at Gemini, a licensed digital asset exchange and custodian serving both individuals and institutions. His proven track record of success has spanned wide range of positions within the U.S. military, financial services, and consulting. A common thread throughout these experiences is his focus on leadership, cross-functional service delivery, and operational efficiency. Shaw has been building and leading teams for the past 20 years, since starting training as an Air Force officer. He has published thought leadership and presented on topics covering blockchain and cryptocurrency risks and the role of internal audit in a blockchain environment.

Musheer Alambath is researching the impact of blockchain on financial services and banking as a Stanford Sloan Fellow. He has presented at TEDx conferences on ideas connected to his research topic. Alambath has 12+ years of industry/consulting experience and has worked on internal audit projects on four continents. He is currently a senior manager within EY’s risk advisory services practice. Previously, he led internal audit teams across multiple geographies as a vice president at a large global bank. Alambath served on the board of The IIA’s Examination Committee. He is passionate about empowering people through education to positively impact the lives of disenfranchised people worldwide.

---

B. Technology Risks of Blockchain

Jeannette Russell-Shepherd, CIA, CPA, CISA, CISSP
Manager
Friedman LLP
USA

Everyone has heard the word blockchain, but what are the technology risks that auditors should consider when assessing this technology? I will discuss key technology risks to consider when assessing, reviewing, or auditing a blockchain solution, including security, availability, confidentiality, privacy, and processing integrity. Discussion will cover specific use cases, difficulties enterprise and startup companies have encountered while implementing these solutions, and how auditors can advise their clients.

In this session, participants will:

• Understand standard use cases of blockchain solutions.
• Determine key considerations for assessing blockchain solutions.
• Learn how to identify and describe risks when using blockchain, especially data risks.

Jeannette Russell-Shepherd is a manager within Friedman LLP’s governance, risk, and compliance services practice. She has served clients in a range of industries, with a focus on financial services, technology, and digital currency companies. She partners with CyZen, Friedman’s cybersecurity consultants, and the digital currency practice on auditing and advising companies invested in and/or supporting digital currencies and blockchain technology. Russell-Shepherd is experienced in performing IT audits and reviews, conducting SOC 1 and SOC 2 readiness assessments and reporting for service organizations, and providing IT governance risk and compliance services. She previously worked at PwC within risk assurance and on their blockchain validation solution.

Nancy Haig, CIA, CCSA, CFSA, CRMA, CFE, CBA, CRISC, CCEP
Global Director, Internal Audit and Compliance
Alvarez & Marsal
USA

Karen Brady, CIA, CRMA
Corporate Vice President and Chief Compliance Officer
Baptist Health South Florida
USA

Benito Ybarra, CIA, CISA, CFE, CCEP
Chief Audit and Compliance Officer
Texas Department of Transportation
USA

A panel of three CAEs (two who are current BOD members) will discuss their roles as head of both the compliance and internal audit function, including how their careers evolved, the skills they needed, and the challenges they faced.

In this session, participants will:

• Learn the differences between the CAE and CCO (chief compliance officer) roles.
• Consider the challenges to be overcome in leading both functions.
• Decide whether or not this would be a desirable career path, based on the skills needed for both positions.

Nancy Haig is an award-winning author and speaker, and is currently the head of internal audit and compliance for a global consulting firm. Her expertise includes leading risk-based internal audit and compliance teams in the financial services, health care, pharmaceutical, and professional services industries. An advocate of the internal audit profession, Haig not only mentors those interested in pursuing a career in internal auditing, but also serves as a volunteer leader for The IIA as a director on both the Global and North American boards.

Karen Brady has been with Baptist Health for more than 20 years, and has implemented a robust, world-class, and award winning compliance and internal audit program. Under her leadership, Baptist Health has been recognized by the Ethisphere Institute as one on the World’s Most Ethical Companies for the past six years. Brady began her career with Ernst & Young, serving in various executive positions within the hospitality industry, including controller and CAE. She has served as a volunteer leader of The IIA as a member of both the North American and Global Boards.  Brady is past president of the Florida Health Care Compliance Association and serves as the chair of the Finance Committee on the Board of Riverside House, a charitable organization.

Benito Ybarra serves as Chief Audit and Compliance Officer at the Texas Dept. of Transportation (TxDOT). Ybarra oversees TxDOT's Internal Audit and Compliance divisions. These functions are aimed at improving organization practices, risk management, accountability and governance through value-driven audits, reviews, investigations and advisory services engagements.

Prior to joining TxDOT in September 2011, Ybarra worked at Dell Inc. and Texas Guaranteed Student Loan Corporation. He has earned designations as a Certified Internal Auditor, Certified Information Systems Auditor, Certified Fraud Examiner and Certified Compliance and Ethics Professional, as a result of his more than 20 years of audit and investigations experience.

In addition to sitting on the Institute of Internal Auditors' (IIA) Global Board of Directors, Ybarra is the senior vice chairman of the IIA's North American Board.

Cristián Briones Maira, CSM, CCXP
Director de cultura ágil
Innova Agile
CHILE 

Eladio Piña Gálvez, CSM
Gerente de Auditoría
Banco de chile
Presidente de IIA Chile
CHILE

First Scrum Model for Audit and Its Effects on Value Delivery

Cristián Briones Maira, CSM, CCXP
Agile Culture Director
Innova Agile
CHILE

Eladio Piña Gálvez, CSM
Audit Manager
Banco de Chile
President of IIA Chile
CHILE

El taller contextualizará cómo la agilidad y el scrum pueden implementarse en la auditoría para desarrollar equipos autoorganizados, multidisciplinarios y de colaboración, centrados no solo en los procesos, sino también en el análisis de sistema. La sesión utilizará metodologías y tecnologías participativas que permiten la interacción en equipos.

En esta sesión, los participantes:

• Obtendrán una comprensión de la relevancia de la agilidad y el scrum en el modelo de gestión actual y su relación con la auditoría.
• Escucharan ejemplos de casos específicos y resultados de la implementación del modelo scrum para auditoría.
• Evaluaran el modelo scrum para auditoría, su marco conceptual y los elementos básicos que lo componen.
• Aprenderán sobre herramientas y acciones concretas para introducir prácticas ágiles y scrum en el trabajo de auditoría.

Cristián Briones Maira es Director de Cultura Digital en Innova Agile. Creó el modelo de gestión de cambios Change Model Canvas y el primer modelo de gestión de auditoría de Scrum. Maira ha actuado como coach ejecutivo, facilitador y asesor para implementar equipos, cultura y filosofía ágil en áreas de TI, negocios y auditoría para empresas colombianas, argentinas y chilenas, incluidas Derco, Enel, Banco de Chile, Banco Santander, ENAP, Itaú y Esmax. También ha sido relator en conferencias en más de 15 ciudades, profesor de la Universidad de Chile y socio consultor de Deloitte, Digital Bank, Orion Solutions y Metricarts.

Eladio Piña tiene más de 20 años de experiencia en auditoría interna. Actualmente es Gerente de Auditoría en el Banco de Chile y anteriormente Gerente de Auditoría en Citibank. Piña es Presidente del Instituto de Auditores Internos CHILE y Vicepresidente del Comité Latinoamericano de Auditoría Interna y Evaluación de Riesgos de FELABAN.

Tiene certificación de Entrenador de Auditoría, Propietario de Producto y Scrum Master, y fue el primer cocreador de Scrum en el modelo de gestión de auditoría. También ha sido orador en muchas conferencias latinoamericanas.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

Part 3 will be held at the same time as other concurrent sessions on Tuesday, July 21st, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Tuesday.

This Part 3 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 3 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 3 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 3.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 3 (upon release). A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Business Acumen
• Information Security
• Information Technology
• Financial Management

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.  

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

A. Your Core: Foundation for Personal Branding and Gateway to Becoming Trusted Advisor

Sanjay Patel
Chief Operating Officer
Illinois Power Agency
USA

Using a dynamic and engaging approach, this interactive session takes the audience on a journey through impactful case studies to recognize how their core values and beliefs illuminate their personal brands, as well as how they can establish and enhance their personal brands to help achieve of the often elusive trusted advisor status — the crowning validation of the value and benefits offered and demonstrated by internal audit practitioners worldwide.

In this session, participants will:

• Examine their core — the essence of their mindset, personality, values, and beliefs.
• Understand how their core creates and contributes to the evolution of their personal brand.
• Identity attributes that enable their personal brand to provide the foundation for a progressive professional journey.
• Learn how to establish, enhance, and apply their personal brand to achieve positive outcomes.

Sanjay Patel is chief operating officer for the Illinois Power Agency. Previously, he was chief financial officer for the Illinois Office of Health Information Technology. Patel has assisted state agencies comply with compliance/reporting requirements of the 2009 American Recovery & Reinvestment Act. He has also assisted numerous clients address Sarbanes-Oxley, Section 404 compliance requirements. His 30 years of progressive public and private sector experience has spanned regulatory compliance, finance/budgeting, risk/internal controls/audit, corporate tax compliance, training, and graduate-level teaching. He is a four-time IIA All Star speaker and the author of an e-Book, From Layoff to Take-Off.

---

B.Kilimanjaro: A Journey of Self-discovery With Implications for Internal Audit Leadership

Douglas Johnson, CIA, PPA, CA, CISA
Vice President, Internal Audit
Haventree Bank
CANADA

At 19,341 feet, Kilimanjaro has half the oxygen of sea-level. Climbing the mountain crosses five climate zones and temperatures range from +30C to -30C. Only about 65% attempts are fully successful — and deaths do occur. I will contrast and compare my journey with the leadership skills and competencies required of internal audit, including shared goals, risk management, trusted advisor status, planning, collaboration, research, checklists, preparation, practice, gear, a great support team, communication, and perseverance.

In this session, participants will:

• Explore leadership traits required to successfully influence highly challenging initiatives.
• Learn how to handle ambiguous and conflicting opinions and information and how to build trust within their teams.
• Identify key traits of successful internal audit/trusted advisor leadership and how to leverage emotional intelligence.
• Discover how to apply the power of shared goals and perseverance in achieving their objectives.

Douglas Johnson is the vice president of internal audit at Haventree Bank. As CAE, he is a member of the senior management team and as the third line of defense, he is responsible for providing independent assurance and advisory services on all business risks and business units, including the board. His previous roles included vice president of internal audit (Aviva Canada); vice president of IT audit (Royal Bank of Canada); senior director of business risk and control self-assessment (CIBC); director of practices development (CIBC and TD); and senior manager of information systems assurance (EY). He is a two-time IIA–Canada National Conference presenter.

---

C. Building and Maintaining Strong Relationships With Your Audit Customers

Yulia Gurman
Executive Director, Internal Audit & Corporate Security
Packaging Corporation of America (PCA)
USA

Jason Maslan
Managing Director
Protiviti
USA

Building strong relationships with audit customers is top of mind for most, if not all, auditors. Whether you are new to the company or you have a few new audit customers you would like to get to know better, you will benefit from this presentation, which will share some tactical approaches on how to effectively cultivate relationships through communication, audit plan execution, and talent support.

In this session, participants will:

• Gain tips for developing and communicating internal audit department awareness and brand.
• Learn how to define a strategy for relationship building and hear practical examples of effective implementation.
• Evaluate tactics for developing an impactful audit plan and establishing effective communication protocols with audit customers.
• Understand the talent/skillset needed to help customers be successful.

Yulia Gurman oversees internal audit, internal controls, and corporate security as executive director of internal audit and corporate security at PCA. Previously, as vice president of internal audit at Retail Properties of America, Inc., she established the internal audit function and held responsibility for internal audit, internal controls, and ERM. Prior, as director of internal audit at OfficeMax, Gurman managed a team conducting operational, financial, and compliance audits organization wide. Earlier, she performed financial audits as an external auditor at a public accounting firm. She serves on The IIA’s Committee of Research and Education Advisors and on the IIA–Chicago Board of Governors. Gurman has spoken at multiple IIA conferences.

Jason Maslan is a managing director in Protiviti’s Chicago internal audit practice, assisting clients in identifying and evaluating technology and business process risks. As the central region IT audit leader, he is responsible for leading IT audit initiatives across the Midwest United States. With more than 19 years of experience, Maslan has led some of the largest engagement teams in the Chicago office and presented at a variety of global and local conferences. His extensive expertise encompasses risk assessments, strategy/governance assessments, internal audit transformation, quality assurance reviews, technology audits, technical security assessments, SOX compliance, and board reporting.

Moderator:
Bryant Richards, CIA, CRMA
Associate Professor, Accounting and Finance
Nichols College
USA

Panelists:
Mike Jacka, CIA
Chief Creative Pilot
FPACTS
USA

Harold Silverman, CIA, CRMA, QIAL
Managing Director, Chief Audit Executive Services
The Institute of Internal Auditors
USA

In a session that promises to be as entertaining as it is insightful, two highly experienced and opinionated internal audit thought leaders will go face to face in a point/counterpoint debate on various topics facing internal auditors in the 2020s. Specific topics will be determined by the moderator, with input from attendees in the audience. The debaters will have no prior knowledge of the topics to be discussed.

In this session, participants will:

• Gain insights into the concepts and principles driving the future of internal audit.
• Consider the pros and cons of hot topics within the profession.
• Develop more grounded opinions related to those topics.

Bryant Richards is the Stansky Distinguished Professor of Accounting and Finance at Nichols College. He spent 20+ years in industry, primarily in internal audit and compliance. As chief audit executive for the Mohegan Tribal Gaming Authority, Richards developed a leading-class compliance and internal audit organization. He is currently developing the Accounting Center of Automation and Innovation at Nichols College, with a focus on providing the skills and experiences students need to build a career in an environment of accelerating change.

Mike Jacka is chief creative pilot for FPACTS, a group dedicated to advancing internal audit skills. During a 30+-year internal audit career, he has been responsible for developing fraud investigation procedures for a 100-person audit shop, overseeing Farmers’ western regional auditing operations, and designing auditor training programs for a global organization of 200+ staff members. Jacka is a top-rated presenter, award-winning columnist, and contributor to Internal Auditor magazine, as well as co-author of two books published through the Internal Audit Foundation (Auditing Social Media: A Governance and Risk Guide, and Message, Brand, and Dollars – Auditing Marketing Operations, both in their second editions).

Harold Silverman previously was vice president of internal audit at The Wendy’s Company.  Prior to Wendy’s, he was the vice president of internal audit at Houghton Mifflin Harcourt Publishing Co. Before that, he served as senior manager of internal audit at Raytheon Co. Prior to Raytheon, Silverman was an internal audit manager at PricewaterhouseCoopers, and he gained external audit experience at Arthur Andersen.

Nathan Anderson, CISA, CRISC
Senior Director, Internal Audit
McDonald’s Corporation
USA

Testing cybersecurity controls has long been the domain of penetration testers, who IT audit teams would hire. However, the tools for testing cybersecurity controls are more accessible than ever, and the time has come for IT audit to cross the chasm and begin testing the effectiveness of these technical controls. This session will cover basic tools and techniques for testing cybersecurity controls that your IT audit team can adopt.

In this session participants will: 

• Understand leadership’s cybersecurity questions and audit’s potential for answering them.
• Gain insight into the skillset, mindset, approach, and specific tools required to test cybersecurity controls.
• Learn — through interactivity —the top five tools that their team can begin using to assess cybersecurity controls.
• Explore the next set of tools and supporting resources that will help their team become an effective, independent cybersecurity testing function.

Nathan Anderson has 20 years of technology risk, software consulting, and IT audit experience. As technology and digital audit team leader for McDonald’s, he oversees a global team performing audits over privacy, cloud security, fraud data analytics, cybersecurity, data quality and integrity, and third-party governance. The team is working to enable technical testing of cybersecurity controls and increase the use of data analytics to identify fraud and inappropriate spend within back-office financial processes. Anderson also manages the IT aspect of Sarbanes-Oxley compliance across six countries. His primary area of focus is cybersecurity and privacy. Prior to McDonald’s, he led the IT audit function at Sears Holdings.

Toby Groves, Ph.D.
Researcher, Public Speaker
Social-Cognitive Psychologist
USA

This story-based audience favorite will disrupt everything you thought you knew about fraud. Attendees will learn why many of our assumptions are flawed, why some of the most trusted investigative practices actually lead us off-course, and how auditors, investigators, and others unwittingly assist fraud schemes. Scientific research is combined with first-hand accounts that expose myths and the dangers lurking in our assumptions related to this ever-growing threat.

In this session, participants will:

• Learn how to challenge superficial assumptions regarding fraud and deception.
• Gain a deeper understanding of effective cognitive tools to screen evidence.
• Assess cultural influences.
• Critically review investigative tools.

Toby Groves is a researcher in social cognitive science and is independently supported by the diverse group of organizations and businesses to whom he speaks. He has spent 10+ years studying critical thinking, culture, leadership, and diversity in group decision processes. He’s authored a scientific study on dynamic thinking and articles for academic and professional journals on topics ranging from judgment and communication to fraud and ethics. Groves speaks frequently for audiences of leading decision-makers and teaches a new thinking model that is the culmination of 20+ years of study. His own personal story has been the subject of research and national media stories and studied by business schools worldwide.

Moderator:
Sarah Antonelli
Manager, Internal Audit
Jackson Health System
USA

Sarah Antonelli’s Bio Being Finalized

---

A. Assessing and Measuring Corporate Culture

Linh S. Truong, CIA, CPA, CISA
Speaker and Trainer
GoldSRD
USA

Danny M. Goldberg, CIA, CCSA, CRMA, CPA, CISA, CRISC, CGEIT, CGMA
President
GoldSRD
USA

In the words of Peter Drucker, “Culture eats strategy for breakfast.” The role that a company’s culture plays in its success or failure has become increasingly clear over the past 20 years and can be seen in headlines from Enron to Wells Fargo. Auditors should be able to assess the moral compass of an organization’s culture.

In this session participants will:

• Receive a roadmap for assessing and ranking their company’s culture.
• Understand the key areas that drive corporate culture and how to assess those areas.
• Identify the red flags of an unhealthy culture, which could be indicators of unethical behavior.
• Learn a method for measuring and rating the health of a company’s corporate culture.

Linh Truong is currently an executive advisor and professional speaker, focusing on such topics as governance, corporate culture, auditing best practices, and implementing Agile auditing. In her more than 25 years of audit experience, Truong served as chief audit executive for Orthofix Medical, Kosmos Energy, and Alon USA, building each company’s respective audit function from ground zero. She also worked at large international companies, including Xerox, Credit Suisse Group, and KPMG. Truong has spearheaded both ERM initiatives and fraud risk assessments at multiple companies.

Danny M. Goldberg has 21+ years of professional experience, including five years leading/building internal audit functions. He is co-author of People-Centric© Skills: Communication and Interpersonal Skills for Internal Auditors, which is offered through the IIA and ISACA bookstores and has sold more than 4,000 copies. Goldberg is also accredited as the professional commentator of the Bureau of National Affairs - Internal Audit: Fundamental Principles and Best Practices. He has been recognized as a top speaker at numerous IIA and ISACA events. In addition, he is an active IIA board and committee member at both the local and national levels.

---

B. How to Audit Culture and (Ethical) Behavior With Relevance and Due Professional Care

Peter Hartog, Manager, Professional Practices
IIA Netherlands
NETHERLANDS

Culture and behavior are extremely important to accomplish the goals of any organization. Culture is seen as an essential part of governance. But how do you audit this? How do you ensure you can objectively measure and assess behavior and culture? “It's there, but you can't grasp it.” You can, however, audit it! This session provides various techniques for objectively measuring behavior, depending on stakeholder demands.

In this session, participants will:

• Distinguish between different relevant audit objectives, scopes, and questions when auditing culture and behavior.
• Learn new methodologies and techniques for auditing culture and (ethical) behavior.
• Understand relevant predefined models from social sciences to measure culture and behavior.
• Apply techniques to gain insight into the underlying drivers of behavior, like group dynamics and mindsets.

Peter Hartog joined IIA–Netherlands in 2018 as manager of professional practices. He is presently engaged in developing and sharing knowledge on a wide range of topics related to the internal auditing profession. Hartog previously worked for 25 years as a consultant on internal auditing and management control, mainly at KPMG and ACS. He is an experienced lecturer with a demonstrated history in the higher education industry, including the Erasmus School of Accounting & Assurance. His background includes serving as an audit executive responsible for IT and operational audits and as a second line manager responsible for compliance and for risk management.

---

C. Great Expectations: Auditing Culture in a Changing World

Nicola Rimmer-Hollyman
Head of Internal Audit
AMP Australia
AUSTRALIA

Greg Rimmer-Hollyman, CIA, QIAL,
CCSA, CFSA, CGAP, CRMA
Chief Audit Executive
National Disability Insurance Agency
AUSTRALIA

Corporate culture is seen as critical to the success of organizations, and ‘bad’ culture has been blamed for many corporate failures. In a rapidly changing and digital world, being able to assess culture is critical. But how can internal auditors audit culture? This session provides a practical case study of how culture audits were implemented in two different financial services and public sector organizations.

In this session, participants will:

• Identify the drivers of culture within an organization.
• Understand different techniques and methods for auditing culture.
• Be able to design a program of work based on the experiences of two internal audit teams in two different sectors who implemented audits of culture.

Nicola Rimmer-Hollyman has 20+ years of experience in internal audit, contributing to thought leadership and improving internal audit practice. She applies her deep understanding of risk and governance to inspire and influence teams and stakeholders to do things differently to protect and sustain the organization. Rimmer-Hollyman passionately believes that being a good internal auditor and risk specialist requires maintaining a deep understanding of the organization’s strategy, culture, and operating environment; bringing a pragmatic and commercial approach to solutions without jargon; providing challenge; and delivering difficult messages.

Greg Rimmer-Hollyman has 20+ years of experience in developing, implementing, transforming, and leading internal audit functions for large organizations in various industries in both the public and private sector in Australia and South Africa. He is currently chief internal auditor for the National Disability Insurance Agency as well as an independent audit committee member. He is a national board member and professional fellow (PFIIA) of IIA–Australia and has held numerous leadership positions within The IIA, including Chairman of IIA Global’s Institute Relations Committee, Chairman of the Global Public Sector Committee, and President of IIA–South Africa. Rimmer-Hollyman has written various articles and presented at conferences on five continents.

Michael Smith
Partner
KPMG LLP
USA

Rebecca Lennard, CPA
Vice President, Audit
G6 Hospitality LLC (Motel 6)
USA

In 2018, Motel 6 had a traditional audit function, wherein field auditors traveled to hundreds of locations annually to perform manual, paper-based audits. With the program not meeting executive expectations, the company radically altered its approaches to collaborating with the business, gathering data from operations, and continuously auditing key risks. With no changes to the budget, Motel 6 became a leading-edge small audit department.

In this session, participants will:

• Discuss ideas for how small internal audit departments can transform their audit approach.
• Recognize opportunities in their own departments to achieve better assurance outcomes through the use of technology.
• Relate collaboration and stakeholder management experiences from other auditors to their own efforts to improve ways of working.

Michael Smith has worked extensively with internal audit and SOX departments challenged to do more with less. He sees data and automation as natural ways for these teams to improve assurance and create value. His passion for using emerging technologies to drive real business results led him to become KPMG’s leader for Reimagining Internal Audit. Smith’s innovative work to help auditors through every phase of data-driven transformation, from initial visioning to steady-state operations, has resulted in time savings, improved assurance, and increased insights. As a frequent presenter and author on intelligent automation and analytics, he believes every internal audit department, regardless of size, can develop strong analytics programs that improve audit results.

Rebecca Lennard is the vice president of tax for G6 Hospitality and leads the tax and internal audit departments within finance for the Motel 6 and Studio 6 brands. She joined the company in 1996 and held several leadership positions within tax before expanding into internal audit in 2012. Lennard is responsible for corporate and partnership tax matters as well as the implementation of a key risk, data analytic-driven internal audit process.

Martha Navarrete, CIA, QIAL, CMIIA
Auditor Jefe Regional, Latinoamérica y México
Citigroup
MÉXICO

Auditing Ethics and Culture

Martha Navarrete, CIA, QIAL, CMIIA
Regional Chief Auditor, Latam and Mexico
Citigroup
MEXICO

Un mayor enfoque del regulador en la conducta, la cultura y la ética significa más que comportarse bien como individuos; Como auditores, también debemos informar y escalar las fallas por el bien de nuestros clientes, nuestra firma, accionistas, entre nosotros y nuestras comunidades. Esta sesión resaltará la importancia de la cultura y la ética de la auditoría, el proceso detrás de este método de auditoría y cómo se deben aplicar estos conceptos a través de un ejemplo práctico llevado a cabo en México.

En esta sesión, los participantes:

• Discutirán la importancia de auditar cultura y ética.
• Identificaran las tres etapas de la auditoría de cultura y ética.
• Compartirán un ejemplo práctico que destaco una auditoría de cultura y ética en México, que incluirá una exploración del proceso, resultados y oportunidades.

Martha Navarrete se unió al Grupo Financiero Banamex, Citibanamex, como Auditora Principal de México en el 2014. En el 2017, fue nombrada Auditora Principal de LATAM, incluido México, y se encargó de integrar ambos equipos en una región para alinearse mejor con la organización. Navarrete tiene más de 20 años de experiencia en la industria de servicios financieros, tanto en el sector público como privado. Antes de unirse a Banamex, se desempeñó como Directora General de Auditoría Interna en Grupo Financiero Banorte, con la responsabilidad de administrar el departamento de control interno, políticas, procedimientos, riesgos y cumplimiento reglamentario. Anteriormente, Navarrete trabajó como reguladora en la Comisión Nacional de Banca y Valores, con un enfoque en la regulación bancaria.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

CIA Exam Prep Course:  Part 3 — The IIA’s CIA Learning System® Business Knowledge for Internal Auditing

Part 3 will be held at the same time as other concurrent sessions on Tuesday, July 21st, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Tuesday.

This Part 3 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 3 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 3 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 3.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 3 (upon release). A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Business Acumen
• Information Security
• Information Technology
• Financial Management

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

A. Session Information Being Finalized

---

B. Sustainability and ESG Reporting Update

Bob Hirth
Board Member, and Co-vice Chair
Sustainability Accounting Standards Board
USA

Are you up-to-date with the latest in sustainability and environmental, social, and governance (ESG) reporting, as well as internal audit’s role? This presentation will provide examples of ESG risk/materiality assessment, objective assurance, and third-party assurance from leading organizations worldwide. It will cover the latest concepts and techniques in sustainability and ESG reporting used by these organizations, along with effective ESG board oversight and reporting techniques.

In this session, participants will:

• Learn why the board must focus on and be involved in ESG and sustainability.
• Understand how internal audit’s involvement in ESG reporting can add value.
• Hear about third-party assurance concepts and see the latest examples of this assurance reporting to the public.
• Gain insights into effectively applying COSO’s recent ERM/ESG guidance.

Bob Hirth was appointed to the nine-member standard setting board of the SASB upon its formation in 2017. He currently heads SASB’s Technology and Communications sector committee and is a member of the Services, Healthcare, and Extractive and Minerals processing sector committees. SASB disclosure and reporting standards are considered a suitable framework in several jurisdictions and have been developed for 79 industries.

Serving as COSO Chair from June 2013 to February 2018, Hirth’s activities included leading COSO’s project on revising its Enterprise Risk Management Framework (which was released in September 2017), issuing COSO’s Guide on Fraud Risk Management, and actively promoting COSO’s 2013 Internal Control Integrated Framework around the world and through the media. He has worked on assignments and made presentations in over 20 countries, serving more than 50 organizations and working closely with board members, C-level executives, university professors, finance and accounting personnel, and public accounting firm partners and employees. He was a leader in forming Protiviti and led its global internal audit practice during the firm’s first ten years of development.

In 2013, Hirth was inducted into The IIA’s American Hall of Distinguished Audit Practitioners. In 2014 and 2015, he served as Chairman of the IIA’s IPPF re-look task force and has been a Trustee of the IIA Research Foundation. He served two terms on the Standing Advisory Group (SAG) of the Public Company Accounting Oversight Board (PCAOB). He graduated from Southern Methodist University in Dallas, Texas, with a concentration in accounting.

---

C. Future-proofing the Internal Auditor’s Role: The Rise of ESG Risks and Opportunities

Rodney Irwin, Ph.D., FICA, CFE, CCEP
Managing Director
World Business Council for Sustainable Development (WBCSD)
SWITZERLAND

More than 180 CEOs have committed to lead their companies for the benefit of all stakeholders — customers, employees, suppliers, communities, shareholders. In the past two years, billions of dollars have been lost due to environmental, social, and governance (ESG)-related risks, including adverse weather, supply chain disruption, product recalls, insurance claims, and ethical violations. How can internal audit help support and future-proof business against this shifting agenda?

In this session, participants will:

• Understand the importance of ESG-related risks and opportunities.
• Consider the role that internal audit can play in managing and controlling ESG issues.
• Discuss challenges facing the profession today, along with tools and guidance available to overcome these challenges.

Dr. Rodney Irwin is WBCSD’s managing director of redefining value and education and a member of the senior management team. He leads projects in enterprise risk management, assurance, materiality, and integrated and mandatory reporting, along with projects designed to advance the measurement and valuation of ESG impacts and dependencies on business. Irwin is the link between WBCSD members and standard/regulation setters. Additionally, he is the course director for WBCSD’s leadership program and manages the relationship with WBCSD’s education partners. Irwin also teaches at Leuphana University, Lancaster University Management School, and Yale School of Management. He sits on the IIRC, the Climate Disclosure Standards Board, and the sustainability council of several global businesses.

J. Craig Carter
Director
Gradient
USA

Greg Jordan
Chief Audit Executive
Nationwide Insurance
USA

Data quality, integrity, analysis, and modeling are fundamental to building competitive advantage. Organizations increasingly rely on data-backed decision-making to redefine their processes and business models. Internal audit must do the same to improve value, innovation, and focus on risks that matter. Machine learning enables dynamic refinement of internal audit’s focus, role, and positioning, elevating the function’s value and relevance while engaging new stakeholders.

In this session, participants will:

• Understand how internal audit can leverage machine learning to reevaluate the audit universe, stratify audit coverage, identify and assess emerging risk on a continuous basis, and automate audit procedures.
• Learn where to start, including obtaining and validating data, identifying machine learning use cases, developing predictive models and advanced analytics, interpreting results, and enhancing reporting, continuous monitoring, and continuous auditing.
• Gain insights into expected results, discover what skill sets are required and where internal audit can find them, and evaluate the role of machine learning in the high-performing internal audit function of tomorrow.

Craig Carter has 20 years of experience in the high-tech industry as a chief audit executive, as well as 17 years as a Big Four partner, serving most recently as KPMG’s global leader of internal audit innovation. He is a founding director of Gradient Transformative Solutions, a data science firm specializing in machine learning solutions to business problems. Carter currently serves as a partner in Internal Audit Executive Services (IAES), assisting CAEs, CFOs, and audit committees in optimizing risk coverage and enhancing the effectiveness of their internal audit functions. He also presents frequently at national and regional IIA conferences.

Greg Jordan has held several business and finance leadership roles at Nationwide. As SVP and CAE, he oversees Nationwide’s office of internal audit, including reviewing and communicating the results of internal audit work and serving as a business partner and strategic advisor on various business cabinets. Jordan was previously VP and CFO for exclusive channel western operations and VP of product management for Nationwide Financial’s fixed and offshore annuities. Earlier, he was VP of strategic planning, VP of operations, and controller at Midland Life Insurance Company/Swiss Re, and a senior manager in EY’s insurance and financial services practice group. Jordan is a member of The IIA’s International Exam Development Committee.

Stephen Head
Director
Experis Finance
USA

Michael Manzi
Chief Information Security Officer
Movement Mortgage
USA

Auditing the many cyber defense technologies currently being deployed to defend organizations against cyber-attack is extremely challenging. In response to the growing frequency and severity of cyber-attacks, organizations are implementing a new generation of security tools that did not exist a few years ago. This presentation will examine new and emerging tools for defending against cyber-attacks, how they work, who the leading players are, and how these technologies can be audited.

In this session, participants will:

• Gain insights into the new generation of cyber defense tools, how they work, and how they are changing the security landscape within the organization.
• Learn key success factors for deploying these tools, which, if ignored, may lead to openings that can be exploited by attackers.
• Receive practical tips for auditing these new tools based on actual cases in which these technologies were audited.

Stephen Head is director of IT risk advisory services and serves as the national cyber risk leader for Experis Finance. He has broad-based experience in cyber risk, regulatory compliance, IT governance, and aligning controls with multiple standards and frameworks. Formerly the information security practice leader for a multinational financial services company, Head has taught advanced cybersecurity courses at both the graduate and undergraduate level. He is the author of the two internationally recognized books: Internal Auditing Manual and Practical IT Auditing. He served as international chair of the ISACA Standards Board, on the AICPA National Accreditation Commission, and on the AICPA Information Technology Executive Committee.

Michael Manzi’s Bio Being Finalized

Paul Sobel, CIA, QIAL, CRMA 
Vice President and Chief Risk Officer, Georgia-Pacific LLC
Chairman, COSO
USA

COSO continues to create guidance to help apply its internal control and ERM frameworks. The COSO Chairman will discuss new and updated guidance related to risk appetite, blockchain, agile ERM, compliance risk management, and ESG risk management. The focus will be on helping internal auditors apply this new guidance in their pursuit of the internal audit mission to enhance and protect organizational value.

In this session, participants will:

• Review new COSO guidance from the past year, with particular emphasis on guidance related to risk appetite, blockchain, agile ERM, compliance risk management, and ESG risk management.
• Understand how this guidance can help organizations be more successful.
• Determine ways internal auditors can apply this guidance in their pursuit of the internal audit mission.
• Learn about additional guidance under development by COSO.

Paul Sobel was appointed COSO chairman in February 2018. He is leading the board in developing guidance and thought leadership on enterprise risk management, internal control, fraud, and governance. Sobel retired from Georgia-Pacific in 2020 after serving as vice president/chief risk officer and vice president/chief audit executive (CAE). He was previously the CAE for three public companies: Mirant Corporation; Aquila, Inc.; and Harcourt General’s publishing operations. Sobel has served in various leadership roles with The IIA, including Chairman of the Board; in 2017, he received the Bradford Cadmus Memorial Award for distinguished service to the profession and was inducted into the American Hall of Distinguished Audit Practitioners. He has authored or co-authored four books and been named to Treasury & Risk Magazine’s list of 100 Most Influential People in Finance. He currently sits on the Consultancy Advisory Group for IFAC’s International Auditing and Assurance Standards Board and International Ethics Standards Board for Accountants. In the past, Sobel served on the COSO ERM Advisory Council for the update to the COSO ERM framework and the Standing Advisory Group of the PCAOB.

Moderator:
Rob Valdez, CPA, CISA, CISM
Director, Cybersecurity Automation
Kaufman Rossin
USA

Roberto Valdez specializes in providing cybersecurity and automation services that help financial services, healthcare, and technology businesses mitigate risk, protect information, achieve strategic objectives, defend against cyber threats such as phishing and ransomware, and increase efficiency and quality through process engineering and robotic process automation (RPA). His engagements balance business needs with the requirements of compliance frameworks such as SOC 1, 2, 3; HIPAA; SOX; FINRA; and FFIEC. In addition, Valdez oversees Kaufman Rossin’s PhishNet security education training and awareness program. He has been featured in numerous publications and is also an adjunct professor for Florida Atlantic University.

---

A. Implementing a Robotic Process Automation Audit Program

Daniel Pokidaylo, CIA, CISA
Head of IT Audit
The Clearing House
USA

Everyone has heard of robotic process automation, or RPA, but how do we, as auditors, begin to implement an RPA program? What skillsets and tools do we need to begin, and how do we get management on board with our vision?

In this session, participants will:

• See how an RPA program can be implemented, from planning through completion.
• View real examples of what an RPA project/audit looks like.
• Understand the skillsets that are required to begin developing an RPA program.
• Develop ideas for RPA scripts that can be run at their enterprise.

DanielPokidaylo is the head of information technology audit at The Clearing House (TCH), a systemically important financial market utility (SIFMU) and the only private sector ACH and wire operator in the U.S., clearing and settling nearly $2 trillion in U.S. dollar payments daily. During his time at TCH, Pokidaylo has implemented a new cloud-based GRC platform to automate audit workflows, regulatory reporting, and MIS reporting for executive management. Additionally, he leads the robotic process automation team in working closely with TCH operations and technology partners to connect to key financial and operational applications to perform continuous controls testing and business monitoring.

---

B. Use of RPA and Process Mining in Auditing

Justin Pawlowski, CIA, CCSA, CRMA, CMA
Head of Internal Audit
ALSO Holding AG
GERMANY

Marc Eulerich, CIA
Professor, Internal Auditing
University of Duisburg-Essen
GERMANY

Robotic process automation and process mining show potential for enabling internal audit functions to increase their efficiency and effectiveness. Recent research from 2019 and early 2020, including new audit bots for automating and enhancing the audit function, will be demonstrated, and benefits will be quantified and qualified. In addition, cornerstones on how to advance from buzzwords to helpful tools will be shared.

In this session, participants will:

• Explore the application of robotic process automation and process mining to internal auditing.
• Learn about successful use cases in automation and enhancement of audit procedures, as well as failed/poor use cases in internal auditing.
• Discover how to avoid common pitfalls and how to exploit value potential.
• Leverage current research to streamline their own internal audit function.

Justin Pawlowski is head of internal audit at ALSO Holding AG, a listed distribution and logistics company for IT, consumer electronics, and telecommunications (ICT) based in Emmen, Switzerland, with annual revenues of more than 10bn USD across Europe. Before joining ALSO, the Frankfurt-based graduate of the Berlin School of Economics & Law and Goethe Business School worked as senior manager for governance and assurance services at KPMG in Germany and for IBM Germany in Berlin with assignments in Spain and the USA. His focus lies on applying modern technology in internal auditing, including data analytics, process mining, and RPA. Pawlowski is challenging manual proceedings from the past to come up with new ideas and ways of auditing, and he shared insights around using process mining in internal auditing at The IIA International Conference 2017 in Sydney, Australia. He is a member of the German chapter of The IIA (DIIR) and currently serves on The IIA IT Guidance Committee. In 2015, he was recognized as an Emerging Leader by Internal Auditor magazine.

Dr. Marc Eulerich has been a professor of internal auditing at the University of Duisburg-Essen since 2011. The professorship is sponsored by the German Institute of Internal Auditors, with an explicit focus on internal auditing research and teaching. Dr. Eulerich is program coordinator for the Internal Auditing Education Partnership (IAEP) program and chair of the scientific committee for IIA–Germany. He has published numerous scientific and practitioner articles and books about internal auditing, corporate governance, and strategy. His research is published in Accounting Horizons, Journal of Information Systems, Accounting History Review, Managerial Auditing Journal, International Journal of Auditing, and numerous other journals.

---

C. Audit the Future: Using Robotics and Data Automation to Predictively Manage Future Risks

Sergiu Cernautan, CPA, CISA
Senior Director, Product Strategy
Galvanize
CANADA

Is your entire audit plan focused on what happened in the past? This session will review real case studies of how audit teams are using data automation techniques to predictively assess risk then getting ahead to control and manage future risks. Learn the immediately actionable methodologies these organizations have put in place so that internal audit is directly supporting the CEO in navigating the future risk landscape.

In this session, participants will:

• Explore the principles of risk prediction and how to systematically assess future risk levels.
• Discover skills, models, and technologies that will enable an auditor to quantify and communicate risk predictions.
• Evaluate example risk prediction dashboards and reports to consider what might resonate with their organization's management and board.
• Self-assess their current capabilities and articulate the gap to develop an impactful risk prediction program.

Sergiu Cernautan is senior director of product strategy at Galvanize, responsible for product strategy, the strategic partnership program, and market influencer relationship management for the company’s industry-leading software products. He has 20+ years of external audit, internal audit, and risk and regulatory compliance consulting experience. After working at Deloitte and KPMG for more than 14 years, Cernautan co-founded Straight Talk Consulting Ltd., a firm providing GRC consulting services. His background covers financial, operational, and systems auditing. He specializes in the areas of internal controls over financial reporting, regulatory compliance, business process control reviews, general computer controls, litigation claims support, and data analytics.

Moderator:
William Michalisin
Executive Vice President
and Chief Operating Officer
The Institute of Internal Auditors
USA

Presenter:
Mike Fucilli, CIA, QIAL, CGAP, CRMA, CFE
Former Auditor General, Metropolitan Transportation Authority
Staff Instructor, St. John’s University
USA

While CEOs appreciate internal auditors’ strong business skills, they are also placing great emphasis on “soft skills” such as seeing the big picture. We will discuss how to bring out these traits and demonstrate your leadership skills through coachability (the ability to accept and implement feedback); emotional intelligence (the ability to understand and manage your own emotions); motivation (sufficient drive to achieve your full potential); and temperament (attitude and personality).

In this session, participants will:

• Explore how to become more extroverted while remaining true to themselves.
• Gain insights for shifting from auditor to trusted advisor.
• Discover how to gain a “seat at the table.”

William Michalisin is the Executive Vice President & Chief Operating Officer for The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. The IIA serves more than 200,000 members in over 200 countries and territories and acts as the internal audit profession’s recognized advocate, educator, and provider of standards, guidance, and certifications globally.

In his current role, Michalisin leads operations and core services offered to IIA members globally, including, Membership, Certifications, Training & Conferences, Standards & Guidance and Professional Knowledge, Advocacy & Government Relations, Chapter and Institute Relations, Partnerships, Sales and Business Development. 

Prior to joining The IIA, Michalisin was Industry Marketing Leader for Consumer & Industrial Products at Deloitte, which included responsibilities for cross-functional delivery within aerospace and defense, automotive, consumer products, process and industrial products, retail and distribution, and travel, hospitality, and leisure sectors.  Earlier in his career, Michalisin was a consultant delivering business process strategy, risk management and fraud/forensic investigation services at both Deloitte Consulting and Accenture, to clients in multiple industry sectors.

Michalisin graduated magna cum laude from Columbia University with a master’s in Strategic Communications and has a bachelor’s degree in International Relations and Economics from Bucknell University.  He also has his CIA designation and is a member of the Institute of Internal Auditors.

Mike Fucilli has about 35 years of internal auditing experience in the private and public sector. He has since retired as Auditor General at Metropolitan Transportation Authority, where he managed a staff of 85 professionals for a public sector organization with revenues in excess of $15 billion. Fucilli has served on The IIA’s North American and Global Boards and is a frequent speaker and presenter for The IIA.

Jorge Badillo, CIA, QIAL, CCSA, CGAP, CRMA, CISA
Gerente de Auditoría Interna, Director Ejecutivo de Auditoría SC Minera Lumina Copper
CHILE

Tools and Techniques: Fraud Risk Management – How to Execute (Inventory, Evaluation, Risk, Control Matrix, Heat Map, and Action Plans)

Jorge Badillo, CIA, QIAL, CCSA, CGAP, CRMA, CISA
Internal Audit Manager, Chief Audit ExecutiveSCM Minera Lumina Copper
CHILE

Esta sesión empleará varios formatos y plantillas para presentar un método totalmente práctico para implementar un ejercicio de gestión del riesgo de fraude, con varias fases y los resultados correspondientes.

En esta sesión, los participantes:

• Se familiarizaran con las fases y los resultados de un ejercicio de gestión del riesgo de fraude.
• Identificaran las fuentes y el enfoque para ejecutar un ejercicio de gestión de riesgos de fraude.
• Aprenderán a implementar un ejercicio de gestión del riesgo de fraude, que incluye el inventario del esquema de fraude, la evaluación del riesgo de fraude, la matriz de riesgo y control, el mapa de riesgos de fraude y los planes de acción para llegar a mitigar el fraude

Jorge Badillo tiene más de 23 años de experiencia en auditorías en el sector público y privado (interno, financiero, de desempeño, forense, TI). Es Gerente de Auditoría Interna de SCM Minera Lumina Copper Chile. Anteriormente, fue Gerente de Auditoría Interna para Sierra Gorda SCM, Gerente de Auditoría Interna Regional (América del Sur) para Kinross Gold Corporation, Contralor para las Naciones Unidas en Ecuador, Gerente Asesor de EY y Director Ejecutivo de Auditoría para el Servicio de Impuestos Internos de Ecuador. Badillo ha servido en comités internacionales de IIA Global desde el 2008 y es miembro de la junta de IIA – Chile. Representó a América Latina como Director General en el Directorio de The IIA Global, y fue Presidente del Directorio de IIA – Ecuador y de la Federación Latinoamericana de Auditores Internos.

Vicki McIntyre, CIA, CPA, CFSA, CRMA, CGAP
President
FirstPlus Resolutions, Inc.
USA

CIA Exam Prep Course:  Part 3 — The IIA’s CIA Learning System® Business Knowledge for Internal Auditing

Part 3 will be held at the same time as other concurrent sessions on Tuesday, July 21st, 2020.  Attendees should plan to attend all CIA concurrent class sessions on Tuesday.

This Part 3 CIA exam prep course is designed to give candidates a high-level introduction and overview of the topics covered on the Part 3 CIA exam.  The course will reinforce your CIA knowledge, clarify topics, and build exam-day confidence.  Taught by CIA-certified instructors, each attendee will have the opportunity to work through practice exam questions, learn test taking tips, and will receive the Version 6 IIA CIA Learning System Part 3 self-study printed book, online software access for 12 months, and a Student Slide Activity book.  Attendees will also receive 3.7 CPEs, qualify for a free CIA application fee waiver and receive a free online software access upgrade for the new Version 7 IIA CIA Learning System Part 3 (upon release). A fee of USD $450 will be required to attend this course in addition to the regular conference registration fee.  A limited number of on-site registrations will be accepted, so please pre-register for this course.  Course topics will include:

• Business Acumen
• Information Security
• Information Technology
• Financial Management

Please note:  Additional self-study time outside of the classroom will be necessary to prepare for the exam.  The free upgrade to Version 7 online software (available upon release) will be valid for the remainder of your Version 6 online access period.

Vicki McIntyre has helped CIA candidates successfully pass their exams for more than twelve years, having taught The IIA's CIA Learning System extensively. McIntyre is a globally recognized educator and trainer who has a combination of internal audit, financial management, public accounting, regulatory supervision, and compliance management experience. With more than 20 years in the financial services industry, McIntyre has been a regulatory bank examiner, and a Vice President of both finance and risk management.  She also performs quality assessments and independent validations of internal audit activities.  McIntyre is a passionate advocate for the internal audit profession, has been an IIA volunteer leader for more than 25 years and is currently a member of the IIA's North American Board of Directors.

Moderator:
Paul Sobel, CIA, QIAL, CRMA
Vice President and Chief Risk Officer, Georgia-Pacific LLC
Chairman, COSO
USA

Panelists:
Satya Tripathi
UN Assistant Secretary-General and Head of New York Office
UN Environment
USA

Tessy de Nassau (former Princess Tessy of Luxembourg)
UNAIDS Global Advocate and Social Entrepreneur
LUXEMBOURG

Richard G. Sexton, FCA
Board Member
International Integrated Reporting Council
UK

Far from being competing or mutually exclusive, the objectives of organizational success and social responsibility are not only fully complementary, but fundamentally interdependent. Successful organizations in the long term have sustainability as a central principle of their governance. Understanding of, and active concern for, the interplay between the organization and society, the environment, and the economy is key to serving stakeholder needs and interests into the future.

In this session, participants will:

• Increase their knowledge and understanding of the connection between organizational success and social, economic, environmental, and political responsibility.
• Explore how organizations can adopt strategies for incorporating such issues as part of their values.
• Consider the role that internal audit must play to enable organizations to develop such a mindset.

Paul Sobel was appointed COSO chairman in February 2018. He is leading the board in developing guidance and thought leadership on enterprise risk management, internal control, fraud, and governance. Sobel retired from Georgia-Pacific in 2020 after serving as vice president/chief risk officer and vice president/chief audit executive (CAE). He was previously the CAE for three public companies: Mirant Corporation; Aquila, Inc.; and Harcourt General’s publishing operations. Sobel has served in various leadership roles with The IIA, including Chairman of the Board; in 2017, he received the Bradford Cadmus Memorial Award for distinguished service to the profession and was inducted into the American Hall of Distinguished Audit Practitioners. He has authored or co-authored four books and been named to Treasury & Risk Magazine’s list of 100 Most Influential People in Finance. He currently sits on the Consultancy Advisory Group for IFAC’s International Auditing and Assurance Standards Board and International Ethics Standards Board for Accountants. In the past, Sobel served on the COSO ERM Advisory Council for the update to the COSO ERM framework and the Standing Advisory Group of the PCAOB.

Satya Tripathi’s Bio Being Finalized

Tessy Antony De Nassau, Dr.h.c., is a social entrepreneur, businesswoman, philanthropist, UNAIDS ambassador, public speaker, activist, and mother. Tessy is the founder of the global consultancy ‘Finding Butterflies Consultancy Ltd,’ and the co-founder of Professors Without Borders. Tessy works with numerous governments and institutions as well as business owners around the world on their impact strategy and implementation. Moreover, Tessy is an ambassador for UNAIDS (Global Advocate for Young Women and Adolescent Girls) and is the patron to UNA-UK. In the past, she spent five years in the Luxembourg military, during which she was deployed in Kosovo as a peacekeeper and only woman of her draft. She received numerous awards and recognitions globally such as the “Leader of the Year 2019” in Luxembourg.

Richard G. Sexton joined the board of the International Integrated Reporting Council after having represented PricewaterhouseCoopers globally on the Council for many years. He was actively engaged in the development and approval of the Integrated Reporting Framework. Sexton served in numerous senior business leadership and client roles in the UK and for the PwC network, including vice chairman of global assurance. As a member of the PwC UK executive board, he led the assurance practice and established PwC’s trust agenda as their first “Reputation and Policy Leader.” As a senior client partner, he led audits of many of PwC’s largest clients as well as numerous transaction, listing, and other projects worldwide.