This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Learn why fraud and risk self-assessments are important to any fraud program or risk assessment and a highly effective process for facilitation.
Discover a step by-step process for running an FRSA workshop.
Learn some key facilitation tools and dozens of tips and strategies for getting the best quality information.
Learn how to identify significant risks related to fraud exposure through your clients and assess the existence and strength of controls against the fraud risk exposure.
Dr. Joan Pastor has been a professional international speaker, trainer, and coach since 1979 and is well
known for her training, facilitation, and consulting skills. She authored Conflict Management and
Negotiation Skills for Internal Auditors, has published over 30 articles, and is the recipient of numerous
awards, including the American Institute of Certified Public Accountants’ Excellence in Journalism Award.
Joan has also made pioneering contributions related to risk assessment, fraud and business process
management, conflict management and interviewing skills, Sarbanes-Oxley, and mergers and
acquisitions. She and her associates are considered the premier trainers for auditors in all areas of
“people, leadership and management” skills related to the audit, risk and finance professions. She has
developed Audit Training Universities for several Fortune 100 companies. Joan works alongside legal
counsel and executives on potential or discovered fraud situations, and she has been responsible for
uncovering several embezzlement and other fraudulent schemes. She also is a member of the National
Association of Corporate Directors and has provided consultation services to many executive teams and
boards. Joan’s book The White Collar Criminal Revealed will be published in 2013.
Understand how to act as a catalyst and enabler by focusing on strategic risks and engaging
senior leaders within the organization talking to each other; developing a common risk language;
and harmonizing the way that risk is identified, assessed, and measured, so that risk intelligence
can be developed across the organization.
Discuss how companies are engaging the board, senior management and their employees to
think differently about risks and how key risk indicators, strategic planning, and analytics are
helping change management’s thinking about risk management.
Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing,
accounting, finance, and information technology. She serves as the leader of the Governance and Risk
and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for
the technology, media, and telecommunications industry. Prior to joining Deloitte and Touche in 1996,
Pundmann served as the vice president and chief audit executive of a Fortune 50 company, where she
oversaw a global internal audit organization of more than 70 internal audit professionals. In addition, she
has served in a variety of finance, risk management, and IT leadership and management capacities.
Elizabeth Truelove McDermott is vice president, Audit, Ethics and Compliance Services at DeVry Inc.
She began her career with DeVry in 1992 as the state licensing specialist. Elizabeth has extensive
experience at DeVry, working across three divisions, including Becker Professional Review, before
assuming her current role. Most recently she served as senior director of internal audit with responsibility
for planning, directing, and administering a comprehensive risk-based internal audit program. She
provided audit leadership in the development, operation and evaluation of the organization risk-
management program, as well as served as the organization liaison to external audit and regulatory
reviews. Elizabeth earned her MBA from Keller Graduate School of Management,
Thomas Cheriyan oversees and directs the internal audit function at CDW, a leading provider of technology solutions for business, government, education and healthcare. Prior to joining CDW, Thomas worked at Deloitte & Touche where he conducted and directed a wide variety of enterprise-wide, strategic-level and operational risk management projects for Fortune 500 companies. In the area of Enterprise Risk Management (ERM), he assisted management to assess and enhance their existing governance practices, roles and responsibilities, risk identification, risk assessment, and risk mitigation strategies. Thomas has an MS in Information Systems Management from Loyola University Chicago and has presented to the Institute of Internal Auditors (IIA) on practical examples of implementing ERM.
The Hartford Financial Services Group Daniel Seabra Assistant Director, Internal Audit Management Advisor Services The Hartford Financial Services Group
Learn the attributes of effective risk management.
Practice developing an ERM risk governance audit program.
Find out how to move risk assessments from project exercise to embedded business process.
Promote sustainable risk management programs and behaviors within the business.
Carin Salonia is assistant vice president of internal audit management advisory services at The Hartford.
Carin has led a team of audit professionals during significant organizational process redesign (finance,
business, and IT), implementing coordinated audits involving assurance, advisory and consultative
services in business, finance and technology. An accomplished presenter, Carin is a member of
Toastmasters International; an active member of PMI; Six Sigma Green Belt; and Change Management
Does "business maturity" figure significantly in a successful risk management strategy
implementation? If so, is this a major consideration in the choice of risk management model?
Who should "own" risk management, and how does the answer to this question affect the risk
management approach and odds of a successful short and long term RM strategy?
Are there good examples of hybrid RM strategies where management has chosen to combine
what they feel are the best features of different RM frameworks/approaches?
What role does internal audit play that makes the best contribution when management is
designing its RM stategy? What is internal audit's most effective role in supporting an on-going,
successful risk management strategy?
Sally Dix and her team are responsible for liaising with the IIA volunteer structure to support The IIA’s
process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics,
Standards and Guidance). She has been tasked with the aspirational goal of leading the evolution of her
Standards & Guidance team in delivering thought leadership to the internal audit profession. She is a
member of The IIA’s strategic task force to develop the capability to be agile in the development of
guidance/knowledge to keep internal audit professionals current and relevant. In her current role, she had
the opportunity to participate in chief audit executive roundtables in Orlando, Chicago and New York City,
where internal audit practitioners provided candid feedback on exposure draft issues to COSO and the
PwC authors of the new COSO IC framework. Her career in internal audit prior to joining The IIA in
October 2011 involved leading internal auditing and compliance organizations in medium to large publicly
traded companies in the high tech and telecom industries (ATMEL Corporation; AT&T Wireless; Verizon
Wireless; and AirTouch Communications, spin-off of Pacific Telesis Group).
Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.
Sandy Pundmann has more than 30 years of business experience in risk management, internal auditing,
accounting, finance, and information technology. She serves as the leader of the Governance and Risk
and Regulatory Strategies Commercial team and as the Internal Audit Transformation industry leader for
the technology, media, and telecommunications industry. Prior to joining Deloitte and Touche in 1996,
Sandy served as the vice president and chief audit executive of a Fortune 50 company, where she
Learn the primary focus of ITIL - Service Support Management and Service Delivery Management
Expand your understanding of COBIT’s focus on definition, implementation, auditing, measurement
and improvement of controls
Discover how when implemented effectively, both COBIT and ITIL provide the necessary framework
of an IT GRC program that enables the IT organization to govern itself.
Pam. Nigro is the manager of the iInternal controls, IT policy, and risk management teams at Health Care Service Corporation (HCSC operates the Blue Cross and Blue Shield plans in Illinois, New Mexico, Oklahoma and Texas). She has over 20 years of experience working in information technology, ultimately becoming a subject matter expert in IT general controls. Prior to HCSC, Pam’s experience in the systems and process assurance (SPA) practice at PwC focused on services related to controls around IT management. She served both audit and non-audit clients. As a consultant, she helped HCSC develop its control framework using ITIL and COBIT.
Learning Field: Computer Science
Learning Level: Beginner
CS 4-4
The Auditor’s Role in Helping Management Understand How to Prevent and Detect Fraud Harriet Richardson, CIA, CGAP, CPA Audit Manager City of Berkeley, CA
Discuss examples of fraud in private and public sector organizations and what allowed them to
occur.
Explore examples of how auditors can do a better job of explaining to management what allowed
organizational fraud to occur.
Share ideas about how auditors can help management better understand the reasons behind
auditors' recommendation for preventing fraud and detecting it if it does occur.
Harriet Richardson has more than 25 years of performance audit and management analysis experience
in federal, state, and local governments, and currently manages the performance audit function in the
Berkeley City Auditor’s Office. Her previous audit experience includes the Washington State Auditor’s
Office; the City and County of San Francisco; the Atlanta City Auditor’s Office; King County, Washington;
and Fort Lewis, Washington. Harriet’s a frequent conference presenter and is a current member of the
Association of Local Government Auditors’ Professional Issues Committee and the Association of
Government Accountants’ Financial Management Standards Board.
Leveraging the Three Lines of Defense for Effective Risk Coverage Charles Locasto, CRMA Assistant Vice President MetLife
The benefits of a three lines of defense model.
Operating models for coordinated risk and control activities.
World class risk and control frameworks and methodologies.
World class risk and control platforms.
How to implement frameworks whether a big or small audit shop.
Charlie Locasto joined MetLife’s Internal Audit department in 1992, and now directs the internal audit coverage of group and individual insurance product administration, retirement and savings plans, related compliance and regulatory requirements, auto and home services, and broker operations both in the United States and 64 locations worldwide. Locasto has over 28 years of experience in the insurance industry with concentrations in group-related products and services, and managed healthcare.
Learning Field: Auditing
Learning Level: Intermediate
CS 7-3
Time to Get Real — Refocusing Controls to Fight Modern Threats
Daimon Geopfert, CISSP, CISM, CISA, GCIH
National Leader, Security & Privacy Consulting
McGladrey
Vincent J. Schira, CPA, CISA, CISSP IT Audit Program Leader Domino’s Pizza Inc.
Learn about real-world hacking demonstrations that show controls bypass methods.
Discuss the topic of cracking and re-using "strong" passwords.
Hear about bypassing intrusion detection systems.
Ask whether evading anti-virus can compromise "protected" systems.
Find out how social engineering methods abuse social media.
Gain recommendations on how to implement more robust controls.
Discuss what types of data your company allows on these devices and the latest attacks against
these devices
Review the latest mobile threats, attacks, and some current methods of protecting these devices
and your data.
Norman Comstock is a managing director at UHY Advisors in Houston, Texas. He leads advisory and
assurance services for IT strategy, IT governance, IT risk assessment, software selection/implementation,
documenting and testing IT general controls and application controls, and evaluating information security
strategy. He is also the firm’s national practice leader for governance, risk, and compliance. Norman was
president of GCRM Solutions, LLC before it merged with UHY Advisors in 2006. In the 15 years prior to
UHY Advisors, he was a principal with three other consulting firms providing technology and management
consulting services to Fortune 1000 companies. Norman held audit, accounting, and finance roles of
increasing responsibility at Texaco, Inc. and Compaq Computer Corporation. He began his career in
finance at Oppenheimer & Company. Norman is an adjunct professor at the C.T. Bauer School of
Business, University of Houston, where he teaches business ethics, advanced internal audit, and
governance, risk, and compliance.
Richard Peters specializes in information security and payment card industry (PCI) compliance. He brings over 13 years of experience managing, performing and delivering cost effective internal controls and information technology (IT) security solutions. This experience includes technology risk management, IT auditing, IT security assessments, internal auditing, attack and penetration testing services and security analysis in domestic and global entities in the energy, technology, financial and manufacturing industries. He is a professor at the University of Houston in the areas of information security.
Jamie DuBray is currently the Assistant General Auditor at CITGO Petroleum Corporation. Prior to
joining CITGO more than 5 years ago, Jamie had internal audit experience with Valero Energy
Corporation and Tesoro Petroleum Corporation as well as positions within information technology and
public accounting. Jamie has 13 years of audit experience and 10 years of experience in the petroleum
refining industry.
Learning Field: Specialized Knowledge and Applications
Learning Level: Intermediate
Tuesday August 21, 2012 3:55 – 5:10 pm
CS 8-1
Internal Audit - Perspectives of a Chief Compliance Officer
Understand the how the chief compliance officer and chief audit executive work together to
protect the organization.
Establish a common definition of value and value destruction
Discuss the roles the COO and CAE in protecting against value destruction.
Explore a case study, When Sales Mask Performance.
Jon Rydberg is responsible for internal audit (ATF, FCPA, Import / Export, SOX). In addition, he was
responsible for implementing the organization's risk management infrastructure, ethics program and the
continuous controls monitoring program. Prior to joining Smith & Wesson, Jon was CEO of Orchid
Advisors, a consulting firm specializing in the achievement of corporate strategic objectives. He also
served as a managing director for Protiviti where he co-led the manufacturing industry practice and
served on the supply chain leadership team. Jon previously worked for Ernst & Young, United
Technologies, and Ensign-Bickford Aerospace & Defense. Jon is currently a member of the Department
of Homeland Security Critical Manufacturing Sector Board. He has previously served in leadership roles
for The IIA and APICS.
Learning Field: Business Management and Organization
Learning Level: Intermediate
CS 8-2
A Risk Manager’s View on ERM
Carol Fox, ARM
Director, Strategic and Enterprise Practice
RIMS, The Risk Management Society
Hear an experienced risk practitioner's insights on making enterprise risk management a
strategic business discipline.
Expand your understanding of how enterprise risk management can create as well as protect
value.
Learn how high-performing organizations are using risk management to reduce uncertainties and
increase the odds of success.
Discover how to forge a collaborative alliance between internal audit and risk management for
your organization's success.
Carol Fox is director of strategic and enterprise risk practice for RIMS, a global not-for-profit association dedicated to advancing risk management for organizational success. Founded in 1950, RIMS produces
networking, professional development and education opportunities for its membership of more than 10,000 risk management professionals who operate in more than 120 countries. Prior to joining RIMS in 2010, Carol was senior director of risk management at Convergys Corporation, a publicly traded, global relationship management company. A graduate of Miami University (Ohio), she serves on the advisory board for its Center for Business Excellence. She also holds the Associate in Risk Management (ARM) designation from The Institutes. Carol has authored and contributed to numerous published articles and whitepapers on a variety of risk management topics and currently serves as vice chair on the U.S. Technical Advisory Group for the international ISO 31000 risk management standard implementation projectTreasury & Risk named Carol as one of its 2011 100 Most Influential People in Finance.
Learning Field: Management Advisory Services
Learning Level: Intermediate
CS 8-3
Using Computer Forensics to Manage Controls
Bill Perry
Private Investigator, Security Consultant/Instructor and Chief Compliance Officer
Bill Perry & Associates
Learn to examine the different areas that exist in the "information age" for control
Understand why cell phones are important to "internal audits"
Discuss ways to protect your data
Bill Perry has lectured several professional organizations, including seminars for Busey Bank on identity
theft, First Community Bank on fraud and computer security, SW Chapter of IIA on Internal Corruption,
and presently working on developing a seminar on business ethics and workplace violence. Bill has been
recognized by I.C.E., a division of Homeland Security for his outstanding diligence and expertise in
locating and documenting electronic evidence.He has also worked with the Cape Coral Police for five
years as a crime analyst, computer forensics examiner and served as a member of their elite hostage
GS-3 Vendor Contracts and Risk Assessment: Lessons Learned from Fraud Convictions Moderator: Frank Lazzara Managing Director FTI Consulting Panelist: Dr. Susan Margiero, CFA, FRM Managing Director Forensic & Litigation Consulting
Annie Dugas, CA, DIFA, CFE
Director, Investigative & Forensic Services
Raymond Chabot Grant Thornton Consulting Inc
Paul E. Zikmund, MBA, MAcc, MBEC, CFE, CFD
Director, Global Integrity and Forensic Audit
Bunge Ltd.
Discussion of best practices for selecting and monitoring service providers within an enterprise risk management framework
How to vet related party transaction disclosures to prevent problems
How to identify and mitigate conflicts of interest such as when a customer has an equity stake in a vendor
When to use independent experts to conduct investigative due diligence on the vendor and key persons
Understanding bribery and anti-money laundering issues when dealing with non-US vendors
Discussion of lessons learned from prominent fraud convictions that involved service providers and what internal auditors should do as a result
Frank Lazzara has over 20 years of experience in public accounting, internal audit, financial operations
consulting and private industry expertise. He is responsible for facilitating all aspects of litigation support
and forensic engagements including planning, accounting research, fieldwork coordination, managing
client and counsel relationships, the drafting and submission of expert reports, and the preparation of
testifying expert witnesses. Prior to joining FTI Consulting, Frank supervised teams in the execution of
internal and independent audits. His private industry experience is in telecommunications where he
served as CFO and controller for a competitive local exchange carrier. He has served as an internal
auditor for Goldman Sachs with an emphasis in compliance and internal controls reviews. While at
Goldman Sachs, he supported the firm’s internal control environment by devising and implementing fraud
prevention initiatives. He also has public accounting experience with PricewaterhouseCoopers and
international experience investigating alleged violations of the Foreign Corrupt Practices Act in Asia and
Europe. Lazzara has led cases involving NYSE regulatory compliance examinations, and has advised on
high profile securities litigation cases involving the interpretation and expert application of Generally
Accepted Accounting Principles (“GAAP”) and auditor compliance with Generally Accepted Auditing
Standards (“GAAS”).
Dr. Susan Mangiero is a CFA charterholder and a certified Financial Risk Manager. She has provided expert testimony and behind-the-scenes forensic analysis, calculation of damages and rebuttal report commentary for various investment governance, performance, risk and valuation matters. She has more than 20 years of experience in capital markets, global treasury, asset-liability management, portfolio management, economic and investment analysis, derivatives, financial risk control and valuation, including work on trading desks for several global banks, in the areas of fixed income, foreign exchange, interest rate and currency swaps, futures and options. Susanhas provided insights about asset allocation, fiduciary duties, risk management, modeling, hedge effectiveness and valuation best practices for consulting clients and employers that include General Electric, PricewaterhouseCoopers, Mesirow Financial, Bankers Trust, Bank of America, World Bank, Pension Benefit Guaranty Corporation, RiskMetrics, U.S. Department of Labor, Northern Trust Company and the U.S. Securities and Exchange Commission. She is the author of Risk Management for Pensions, Endowments and Foundations. Her articles have appeared in Expert Alert (American Bar Association, Section of Litigation), Hedge Fund Review, Investment Lawyer, Valuation Strategies, RISK, Financial Services Review, Journal of Indexes, Family Foundation Advisor, Bankers Magazine, Expert Evidence Report and the Journal of Compensation and Benefits. Susan is a frequently invited speaker and has keynoted or led workshops for organizations such as the Stable Value Investment Association, Harvard Law School, Florida Public Pension Trustees Association, New York State Department of Insurance, Association of Public Pension Auditors, AICPA - Employee Benefits Section, National Association of Corporate Directors and Financial Executives International.
Annie Dugas is a director with the investigative and forensic consulting division of Raymond Chabot
Grant Thornton Consulting Inc. in Ottawa, Canada. Annie has extensive work experience in the
assurance and forensic advisory fields, including fraud prevention, detection, and investigation for
government and large private sector enterprises in Canada and internationally. Annie continues to
actively raise awareness and provide leadership to internal auditors and audit committee members on
their roles and responsibilities with regard to conducting fraud risk assessments and strengthening their
organization’s fraud risk management programs.
Paul E. Zikmund serves as director of global integrity & forensic audit of Bunge in White Plains, New
York. He is responsible for managing and conducting investigations of fraud and misconduct,
Prior to joining Bunge, Paul worked as the senior director, forensic audit in Princeton, New Jersey, and
the director of litigation support services at Amper, Politziner, & Mattia, LLP, in Philadelphia where he was
responsible for developing, implementing, and administering fraud risk management services to Tyco and
to clients. He possesses nearly 20 years of experience in this field and has effectively managed global
fraud and forensic teams at various Fortune 500 companies.
Learning Field: Behavioral Ethics
Learning Level: Intermediate
Wednesday August 22, 2012 10:15 – 11:30 am
GS-4
Ethics and Managing Risk: A Preventive Maintenance Approach
Dr. Christopher Bauer, CSP, HSP, CFS
Founder
Bauer Ethics Seminars
Identify at least four common but often unseen or ignored “red flags” for ethics risks in themselves
and their organizations.
Articulate a minimum of four values keys to the development of a culture of ethics and values.
Articulate the financial and strategic value of implementing truly effective ethics training into an
organization’s risk management strategy.
Christopher Bauer is a licensed psychologist with over 25 years of experience as a speaker, trainer, author, and consultant on professional ethics and values-driven business strategies. Between coaching, speaking and consulting, he has worked with front-line workers to senior executives and everyone in between. Clients of Dr. Bauer have run the gamut from small and medium sized businesses and organizations to every level of staff and management at Fortune 500 corporations. Although ethics and fun aren’t words normally heard in the same sentence, Dr. Bauer has been helping individuals and organizations build and maintain great professional ethics, all while having a great time. Dr Bauer’s articles on how to build and maintain great professional ethics have appeared in such journals as CEO Refresher, CFO Magazine, Financial Executive, Internal Auditor, and many others. The latest edition of his book, Better Ethics NOW: How To Avoid The Ethics Disaster You Never Saw Coming has been a business ethics Top Seller on Amazon.com, and he publishes a free “Weekly Ethics Thought” seen by thousands of readers worldwide.