The Institute of Internal Auditors Springfield Chapter...The Global Association for the Internal Audit Profession 9,400 8,300 10,900 5,700 7,800 7,300 12,500 The Institute of Internal

Springfield Audit TrailsIIA Springfield - Sapphire Chapter October 2019

1

Inside This

Month’s

Newsletter...

October Training Page 2

Job Openings Page 2

Ransomware in Baltimore

Page 3

Registration Tips Page 4

2019-2020 Calendar Page 4

SIAAB Conference Page 5

Welcome to a new chapter year! I hope everyone had a fulfilling and productive summer and each of you had an opportunity to en-joy time with family and friends. As your incoming President, I would like to thank all the cur-rent and past Officers and Board Members for their hard work. We would not be able to provide the Chapter events without your help! We are currently seeking a vol-unteer to act as our Chapter Pho-tographer, and we would like to welcome David Brink as our new Membership Chair. If you are in-terested in getting involved with the Chapter, please reach out to me or any Board Member. Volun-teering is a great way to meet oth-ers within the profession, and we are always looking for new and fresh ideas. Our Chapter’s success depends on the ideas and contri-

butions from members like you! It’s crazy to think that fall is upon us, but that means opportunities to earn CPE are right around the corner. Your First Vice President Alex Deal has been working hard through the summer to create a programming lineup with lots of topic variety. As in years past, we will also co-host the annual State Internal Audit Advisory Board (SIAAB) training in October which is a great opportunity to earn CPE at a very reasonable rate. If there is anything I can do as your Chapter President to help serve you better, I encourage each of you to submit any questions or comments. This helps to facilitate strong communication links be-tween our members and the chap-ter leadership. I look forward to seeing you all at a future Chapter event this year!

from the

PRESIDENTNikki Lanier, CPA

The Institute ofInternal AuditorsSpringfield Chapter

IIA Springfield - Sapphire Chapter October 2019

2

October Training Alex Deal, CGAP Happy October, Springfield IIA members! This month we have the annual SIAAB Fall Government Au-diting Conference taking place from October 22 to the 24, providing a maximum of 18 hours of CPE. Here’s a peak at what’s to come at this year’s conference: • Tuesday, October22: Full day conference with a total of 7 hours of CPE, filled with excellent speakers updating us on all things government audit related. • Wednesday, Octo-ber 23: Another full day conference, including a University Auditors Roundtable, for a total of 7 hours of CPE. •Thursday,October24:Ahalf-day morning session of roundtables for a total of 4 CPE hours. Three

roundtables will take place con-currently: Chief Internal Auditors Roundtable, IT Auditors Roundta-ble, and Staff Auditors Roundtable.

The price of the conference is $99 for members and $125 for non-members. For more information and to register, visit https://chapters.theiia.org/springfield/Events/Pages/

2019SIAABFall-Conference.aspx. Additionally, there will be an optional half-day seminar follow-ing lunch on Thursday, October 24.

This year we will hear from Protiviti on Wan-nacry, various other IT related security issues, and how all auditors can strengthen their or-ganization’s IT controls. This event will provide 3 CPE hours and is $40 for members and $55 for non-members. To learn more and to register please visit https://www.ei severywhere.com/ereg/index.php?even-

tid=480876&eb=699110. Hope to see you all at what is sure to be an excellent fall confer-ence!

The Illinois Department of Corrections is seeking a

Chief Internal Auditor. For more information,

please visit http://agen-cy.governmentjobs.com/illinois/default.

cfm?action=viewJob&jo-bID=2071755.

The Global Association for the Internal Audit Profession

9,4008,300

10,900 5,700

7,800

7,300

12,500

The Institute of Internal Auditors (IIA), established in 1941, serves as the internal audit profession’s:

■ Membership body and networking association. ■ International standard-setter. ■ Sole provider of global certifications. ■ Principal researcher and educator. ■ Chief advocate.

The mission of The IIA is to provide dynamic leadership for the global profession of internal auditing.

The IIA works with the following groups to promote sound corporate governance and ethical practices, and to increase awareness about the value of internal auditing and recognition of The IIA’s International Standards for the Professional Practice of Internal Auditing:

■ Securities and Exchange Commission (SEC)

■ Public Company Accounting Oversight Board (PCAOB)

■ U.S. Government Accountability Office (GAO)

■ National Association of Corporate Directors (NACD)

■ Center for Audit Quality (CAQ)

■ American Institute of CPAs (AICPA)

■ Financial Executives International (FEI)

■ Office of the Comptroller of the Currency (OCC)

■ Federal Reserve System

■ Consumer Financial Protection Bureau (CFPB)

■ ISACA

■ Association of Certified Fraud Examiners (ACFE)

200K+ Global Members

170+ Countries & Territories

160+ North American Chapters

198K+ Certifications Issued Globally

161K+Certified Internal Auditors® (CIAs®) Globally

IIA Global Headquarters1035 Greenwood Blvd., Ste. 401Lake Mary, FL 32746 USAT / +1-407-937-1111 W / www.theiia.orgE / [email protected]

2019-3408

1 Set of Global Standards

62,000+ U.S. MembersMembership as of June 2019

The Global Association for the Internal Audit Profession

9,4008,300

10,900 5,700

7,800

7,300

12,500

The Institute of Internal Auditors (IIA), established in 1941, serves as the internal audit profession’s:

■ Membership body and networking association. ■ International standard-setter. ■ Sole provider of global certifications. ■ Principal researcher and educator. ■ Chief advocate.

The mission of The IIA is to provide dynamic leadership for the global profession of internal auditing.

The IIA works with the following groups to promote sound corporate governance and ethical practices, and to increase awareness about the value of internal auditing and recognition of The IIA’s International Standards for the Professional Practice of Internal Auditing:

■ Securities and Exchange Commission (SEC)

■ Public Company Accounting Oversight Board (PCAOB)

■ U.S. Government Accountability Office (GAO)

■ National Association of Corporate Directors (NACD)

■ Center for Audit Quality (CAQ)

■ American Institute of CPAs (AICPA)

■ Financial Executives International (FEI)

■ Office of the Comptroller of the Currency (OCC)

■ Federal Reserve System

■ Consumer Financial Protection Bureau (CFPB)

■ ISACA

■ Association of Certified Fraud Examiners (ACFE)

200K+ Global Members

170+ Countries & Territories

160+ North American Chapters

198K+ Certifications Issued Globally

161K+Certified Internal Auditors® (CIAs®) Globally

IIA Global Headquarters1035 Greenwood Blvd., Ste. 401Lake Mary, FL 32746 USAT / +1-407-937-1111 W / www.theiia.orgE / [email protected]

2019-3408

1 Set of Global Standards

62,000+ U.S. MembersMembership as of June 2019

IIA Springfield - Sapphire Chapter October 2019

3

Audit: Baltimore Data Losses Due to Insufficient Backups, Poor Internal ControlsThis article was originally printed on Governing’s website on October 2, 2019, and it was reprinted with the permission of Governing/e.Republic. See the original article at https://www.governing.com/news/headlines/Au-dit-Baltimore-Data-Losses-Due-to-In-sufficient-Backups-Poor-Internal-Con-trols.html.

By Lucas Ropek

A recent audit of Baltimore’s IT de-partment found that the agency lost important data during this year’s ran-somware attack due to poor storage practices. Staff for the Baltimore City Infor-mation and Technology department (BCIT) routinely saved data on their local servers instead of backing it up on an external cloud system, accord-ing to a newly released audit. When the attack hit, some of that data was compromised by the malware. As a result, data that was supposed to aid in the analysis of four perfor-mance measures — metrics meant to determine if the agency was meeting its goals in an efficient and cost-effec-tive manner — could not be account-ed for throughout the 2017-18 fiscal years, according to the report. The news was broken to lawmakers during a city council audit committee meeting last week. “The BCIT was not able to pro-vide documentation to support actual amounts of the four selected perfor-mance measures reported in the Bud-get Books,” the report, filed by audi-tor Josh Pasch, reads. “Due to the lack of data backup, the supporting data for the four selected measures were unavailable.”

“One of the things I’ve learned in my short time here is a great number of Baltimore city employees store en-tity information on their local com-puters. And that’s it,” Pasch reported-ly told councilors at the meeting. Eric Costello, city councilor for the city’s 11th district and head of that committee, said in an interview with Government Technology that these practices were problematic. “It’s a problem on multiple levels, least of which is that this is the agency that is supposed to be educating other agencies on how to effectively man-age IT resources,” Costello said. “One of two things happened: either they weren’t following [existing] protocol or the protocol didn’t exist — both of which are unacceptable.” The BCIT’s performance during and after the ransomware attack has been roundly criticized. The city’s IT director Frank Johnson, who bore the brunt of that criticism, recently took leave without pay, leaving the ongo-

ing recovery efforts in the hands of his deputy, Todd A. Carter. Those recovery efforts, which have been ongoing since May, are nearing completion, officials say. “I think we’re in the final phases of the recovery process. Atlanta, a year later they were still recovering,” said James Bentley, communications offi-cer for the Mayor’s Office, comparing the city’s attack to the one that struck the Georgia state capital last year. Though the Baltimore audit cited failures in the data backups, the city is far from alone when it comes to less than ideal storage practices. In many cases, resource limitations and a lack of personnel training are behind these kinds of oversights. Nick Psaki, federal CTO at Pure Storage, said that while he couldn’t speak to the frequency of this kind of misstep in governments, he did stress

After a ransomware attack earlier this year, an audit of Baltimore’s IT department found poor storage practices that led to the loss of important data.

--- See Ransomware on Pg. 4for Article Continuation

IIA Springfield - Sapphire Chapter October 2019

4

the importance of backing up data in a secure way — especially at a time when ransomware seems to be the cyberattack of choice. “Most of the folks I talk to do indeed back up their data,” he said. “Clearly there’s a huge appetite for improved and modernized data backup and recovery because we’re seeing a huge growth in that space and a lot of new companies have moved into that space in the past few years.” The heightened threat landscape has also diminished the delusion that cyberattacks are some abstract and faraway problem, he add-ed. “Until this year, there’s been the belief that it couldn’t happen to us,” he said. “The real-ity has reared its ugly head and dispelled that myth. Hope is not a method. You have to test this stuff and you have to test it from end to end, and do it rigorously.”

--- Ransomware, Continued from Pg. 3

Springfield Chapter of the Institute of Internal Auditors2019-2020 Program Schedule

You May Pay With a Credit Card

Date

October 22-23, 2019 October 24, 2019

January 23, 2020

February 27, 2020

March 26, 2020

April 30, 2020

May 28, 2020

Speaker

VariousProtiviti

JanBeckmann

Tom Hilton

John HallDanny

GoldbergLinh

Truong

Program

SIAAB ConferenceIT Security Issues

Ethics/Critical Thinking Skills

Fraud Litigation & Prevention

Selling Audit Ideas

TBD

Assessing Corporate Culture

Hours

8:30 - 4:301:00 - 4:00

12:30 - 4:15

12:30 - 4:15

8:30 - 4:15

8:30 - 4:15

8:30 - 4:15

CPE

143

4

4

7

7

7

Members

$99$40$70

$70

$105

$105

$105

Non-Members

$125$55$85

$85

$130

$130

$130

Cancellations should be made at least 24 hours before the meeting to avoid a charge.Meetings will be held at the Northfield Center on Thursdays unless noted differently.

Welcome to the new Chapter year! We have a lot of excit-ing training opportunities this year. I wanted to share a few tips and reminders to ensure event registration goes smooth-ly each time you register this year. • Pleaseuse a correct email address. All correspondence,

including your CPE certificate, will be sent to the email ad-dress as entered when registering. Shortly after registering, you should receive a confirmation email. If you do not, please contact me. • Ifpossible, please register as a group if one payment will

be issued for multiple attendees. I am happy to walk through how to do this if needed. • Invoices – We do not send out invoices for the trainings.

At the end of registering, you can print an invoice to submit for payment. I can also email one if you forget to print it. Please do not hesitate to contact me with questions relat-ed to registration. I am happy to help and look forward to seeing you all at training this year.

Sally Burton, Chapter [email protected], 217-558-2910

Registration Tips and Reminders

*

* October 22-23, 2019 - Registrations starts at 7:45

IIA Springfield - Sapphire Chapter October 2019

5

SIAAB 2019 Fall GovernmentAuditing ConferenceTuesday & Wednesday, October 22-23

Optional Seminar on Thursday, October 24Northfield Inn, Suites, & Conference Center • Springfield, IL

Co-Sponsored by the Springfield Chapter of the Institute of Internal Auditors

Tuesday’s Highlights • Keynote from Raven Catlin, CIA, CPA, CFSA, CRMA, followed by Agile Auditing in Government • Public Integrity from Lisa Hen-nelly and Jonas Harger, AAGs • GATA Update from Carol Kraus, CPA, CGMS • Insights into Occupational Fraud from Carol Jessup, PhD, CPA, CFE

Wednesday’s Highlights • SOC Reports: Demystifying Ser-

vice Organization Responsibilities

from Crowe, LLP

• Project & Program Manage-

ment from Amy Delcomyn, Ex-

ecutive Director, Enterprise PMO

DoIT

• A Hacker’s Perspective from

Jeff Thompson, CEH

• Principles of IC in the Public Sector from Mary E. Peck, CIA, CCSA, CGAP, CRMA

• Closing Keynote from Benito Ybarra, CIA, CISA, CFE, CCEP

Thursday - OptionalWannacry: A Complete

Compomise Walkthrough from Protiviti

Registration Fees & Links$99 Members/$125 Members for Oct. 22 & 23

www.eiseverywhere.com/2019-SIAAB-Conference$40 Members/$55 Nonmembers for Oct. 24

www.eiseverywhere.com/sept2019sem

IIA Springfield - Sapphire Chapter October 2019

6

Chapter Officials • 2019-2020OFFICERS

PRESIDENT

AdministrationAudit

Nominating

FIRST VICEPRESIDENTPrograms & SeminarsSeminar RegistrationSECOND VICE PRESIDENTAcademic RelationsMembershipCertifications Program

SECRETARY

Directory, Distribution, & PRNewsletterPhotographerWebmaster

TREASURERS

HistorianGOVERNORS202020202020202020212021202120212022202220222022PAST PRESIDENTS

The Board of Governors consists of all Officers, Governors, and the Past President.

2018-20192016-2017

Nikki Lanier, CPA

Jay Wagner, CIA, CFE, CISAKatrina Salvador, CPANikki Lanier, CPACatherine Madonia

Alex Deal, CGAPAlex Deal, CGAPSally Burton

Leighann Manning, CIA, CGAP

Carol Jessup, PhD, CPA, CFEDavid BrinkLeighann Manning, CIA, CGAP

Sally Burton

Sally BurtonLisa KaighSeeking VolunteerSatu Allen, MS, CISA

Amy DeWeese, CPA

Tad Huskey, CPA, CGFM, CGAP

Robert Konzelmann, CPA

Nikki.Lanier@illinois.gov785-6515524-4094558-1281785-6515782-4724ADeal@illinoistreasurer.gov557-5419557-5419558-2910LManning@illinoistreasurer.gov558-0010206-7923524-7895558-0010SBurton@isbe.net558-2910558-2910557-3936

[email protected]@atg.state.il.us785-8127785-5627

Tracy Allen, CPA, CISAAngie Bartlett, CPA, CIADavid BrinkJamie Nardulli, CIANick BarnardDenise Behl, CIAAmy LyonsDouglas Tinch, CPA, CIA, CISA, CISSPTassi Maton, CPA, CIAJulie Zemaitis, CPAStephen D. Kirk, CIA, CGAPJoe Gudgel, CISA

557-4523524-1279524-7895557-0576558-0171558-2701558-4347558-6888782-2237333-0903557-1258524-7632

Satu Allen, MS, CISAJay Wagner, CIA, CFE, CISA

558-6873524-4094

Audit Trails now has its own e-mail

address! For any newsletter

suggestions, job postings, or other

items of interest, please use

[email protected].

Chapter Mailing addressSpringfield Chapter

Institute of Internal AuditorsP.O. Box 205Springfield, IL62705-0205

The Springfield IIA Chapter sends our deepest condolences to member Alana Pierson and her family in the recent pass-ing of her mother and member Darick Clark and his family in the recent passing of his moth-er. We hope you have all the support, care, and strength you need while coping with this loss.