ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
Shift into High Gear for ACUA’s 2015 Annual Conference in Indianapolis! Please join us September 27 – October 1, 2015 as we race to the winner’s circle with fellow college and university audit professionals. The 2015 Annual Conference offers opportunities for attendees to learn innovative ideas, share best practices, and take home new ways to tackle challenges. Monday’s general session speaker will teach us how to influence and persuade by using nonverbal behaviors. Dr. Linda Talley, a renowned expert in leadership development and body language, will explain the nonverbal messages we send and receive. She is a research pioneer in the area of hand gestures, and will help us understand what we are really saying with our hands! On Tuesday, Ms. Cynthia Cooper, former Vice President of Internal Audit at WorldCom, will share her personal experiences at WorldCom. In addition, she will discuss critical ethics, governance and auditing lessons learned from large corporate scandals. Ms. Cooper will help us understand who commits fraud and why, common threads and root causes of corporate scandals, practical strategies to prevent and detect fraud as well as steps to recognize ethical dilemmas and make the right choices. Need help understanding governance, academic regulation and revenue generation as it pertains to student-athletes? Mr. Derrick Crawford, Managing Director of Enforcement for the National College Athletic Association (NCAA), will be the speaker for Wednesday’s general session. Mr. Crawford will reveal the many facets of administering athletics within academics and protecting student-athletes in “The NCAA: Behind the Blue Disk.” Tuesday afternoon offers several options that should meet every member’s needs. Bonus sessions are available for those who desire additional CPE credit, including a Certified Internal Auditor (CIA) exam preparation course. We have a featured speaker, Mr. Danny Goldberg, who will present a double-session (2 CPE each) on soliciting valuable information in an efficient manner during audit interviews, as well as a session on maximizing communication and teamwork, and how to optimize confrontation. Alternatively, the wonderful Indianapolis Host Committee will offer several activities on Tuesday afternoon, or you may choose to venture out with a group to see the exciting sites that Indianapolis has to offer. There will be plenty of networking opportunities during the 2015 Annual Conference. Meet and greet fellow higher education colleagues at the opening reception on Sunday evening. This year, the Monday and Wednesday evening events have a new format! Join us Monday after the educational sessions for Trivia Night Challenge with a reception, graciously hosted by our wonderful vendors and speakers. Wednesday night will be the off-site dinner event at the Dallara IndyCar Factory. The incredible team of Track Coordinators worked very hard to provide us with concepts we can apply to our practice upon return from the conference. With seven (7) tracks and 56 concurrent sessions, attendees will find plenty of options to meet their continuing professional education needs. Tracks include audit trends and issues, risk management/GRC and QARs, compliance, professional development and leadership, information technology/security, fraud and ethics and roundtables and small audit shop resources. There is something for everyone! On behalf of ACUA’s Board of Directors, the Professional Education Committee, the 2015 Track Coordinators and the Indianapolis Host Committee, I invite you to Shift into High Gear and register today. Register by August 10, 2015, to take advantage of the early registration discount for ACUA members. I’ll see you in the winner’s circle at the 2015 ACUA Annual Conference! Jana M. Briley, Chair Professional Education Committee
1
REGISTRATION BROCHURE
The Association of College and University Auditors (ACUA) is an international professional organization serving institutions of higher education around the globe. Since its establishment in 1958, ACUA has provided its members a collegial forum for exchanging and sharing knowledge and generating new ideas. ACUA is committed to increasing members’ knowledge of auditing, regulatory compliance and risk management in higher education. Annual Conferences allow members to network and socialize at the same time. The combination of camaraderie and a focus on issues which relate to internal auditing in higher education continue to serve as the foundation for all ACUA activities.
ACUA CONTINUING EDUCATION CREDITS Conference participants are eligible to receive a maximum of 26 CPE credit hours. The Association of College and University Auditors (ACUA) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE sponsors. State boards of Accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors through its website: www.learningmarket.org.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
CONFERENCE EVENTS FIRST-TIME ATTENDEES RECEPTION (invitation only)
Sunday, September 27, 2015 5:00 p.m. – 6:00 p.m. First-time attendees and new members are invited to meet and greet the Board of Directors, past presidents, committee chairs and other ACUA leaders and learn what to expect and how to benefit from the activities and educational opportunities provided by ACUA.
OPENING RECEPTION Sunday, September 27, 2015 6:00 p.m. – 7:30 p.m. Come enjoy the opening of the Exhibit Hall where you can get reacquainted with longtime ACUA friends and make many new ones before visiting area restaurants for dinner on your own. Come for hors d’oeuvres and beverages while you visit with vendors to learn about their products and services and thank them for helping support this conference through their participation and funding. Don’t forget to show your school pride by wearing your university/college-emblazoned attire!
MONDAY NIGHT TRIVIA RECEPTION Monday, September 28, 2015 5:30 p.m. - 7:30 p.m. This exciting new event will include live trivia, heavy appetizers and drinks, and most importantly, networking! All exhibitors, sponsors and guest speakers have been invited to host a table and can invite attendees to join them at their table. Form a team with your colleagues, make new friends by sitting at a random table or join an exhibitor’s team. Will your table be crowned the 2015 Trivia Champions?
BUSINESS MEETING
Tuesday, September 29, 2015 10:30 a.m. – 12:00 p.m. Join the ACUA Board of Directors Tuesday morning for the Annual Business Meeting.
2
REGISTRATION BROCHURE
You’ll get to hear what the Board has done and has planned for the coming year. A prize drawing will be held at the start of the meeting. You must be present to win!
OFF-SITE DINNER EVENT
OPTIONAL NETWORKING ACTIVITIES
While you’re here, feel the rush of adrenaline as you strap on a helmet and slip into a Street-Legal IndyCar 2 Seater and speed past the world famous Indianapolis Motor Speedway! Getting in a race car not your speed? Car simulators, green screen photos, dinner and dancing will all be available for guests to enjoy. The Dallara IndyCar Factory is the destination for race-enthusiasts, and those who are brand new to the sport, to get their fill of all things IndyCar! Transportation will be provided for attendees. Buses will have set times of departure from the hotel for the event and will return from the event at regular intervals beginning at 7:30 p.m. For more information, go to http://www.indycarfactory.com.
Tuesday, September 29, 2015 12:30 p.m. – 5:00 p.m. There are plenty of sights to see during your time in Indianapolis! With the hotel’s downtown location, you will not want to miss out on experiencing all that you can while you visit! Visit the hotel’s activity page to begin your planning. This summer visit the Optional Networking Activities Web page to see some of the best sights as suggested by ACUA’s Indianapolis Host Committee.
LUNCH TABLE TOPICS Wednesday, Sept. 30, 2015 12:10 p.m. – 1:10 p.m.
Wednesday, September 30, 2015 6:00 p.m. – 10:00 p.m.
GOLF ANYONE?
ACUA is hosting roundtable discussions during Wednesday’s lunch. Examples of topics are listed below. Don’t miss this chance to share and discover new information with your colleagues.
How about a game of golf? Doug Horr is organizing two games, one Sunday and the other Tuesday afternoon. Please email Doug at D.horr@miami.edu or call 305284-4657, if you are interested in playing.
Topics: • ACUA Volunteer Opportunities • NCAA • QAR/Peer Reviews • Large Public Universities • Small Public Universities • Data Analytics • Compliance • Work/Life Balance • International Audits • System Office CAEs
EXHIBIT HALL Sunday through Tuesday visit our vendors in the Exhibit Hall to learn how their products and services can assist you.
CONFERENCE ATTIRE Business casual attire is appropriate for educational sessions. Be sure to pack a sweater or light jacket as meeting room temperatures tend to be cool.
WEATHER Indianapolis has an average high temperature in late-September of 78 degrees with an average low of 56 degrees.
THANK YOU TO OUR STRATEGIC PARTNERS
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
PROGRAM-AT-A-GLANCE MONDAY, SEPT. 28, 2015 7:00 a.m. – 8:00 a.m. Continental Breakfast 8:00 a.m. – 8:20 a.m. Welcome & Announcements 8:20 a.m. – 10:00 a.m. General Session 10:00 a.m. – 10:30 a.m. Refreshment Break in Exhibit Hall 10:30 a.m. – 12:10 p.m. Track Session 1 12:10 p.m. – 1:10 p.m. Luncheon in Exhibit Hall 1:10 p.m. – 2:50 p.m. Track Session 2 2:50 p.m. – 3:20 p.m. Refreshment Break in Exhibit Hall 3:20 p.m. – 5:00 p.m. Track Session 3 5:30 p.m. – 7:30 p.m. Monday Night Trivia Reception
TUESDAY, SEPT. 29, 2015 7:00 a.m. – 8:00 a.m. Continental Breakfast 8:00 a.m. – 8:20 a.m. Welcome & Announcements 8:20 a.m. – 10:00 a.m. General Session 10:00 a.m. – 10:30 a.m. Refreshment Break in Exhibit Hall 10:30 a.m. – 12:00 p.m. Business Meeting/ Prize Drawing 12:30 p.m. – 2:45 p.m. Optional Networking Activities 3:00 p.m. – 5:00 p.m. Second Set of Networking Activities Bonus Sessions (BS) 1:10 p.m. – 4:50 p.m. CIA Exam Preparation Course – BS 1
3
1:10 p.m. - 2:50 p.m. People-Centric Skills: Optimized Audit Interviewing – BS 2A Here Come the Feds! What a Sponsor Audit Is Looking for & How to Prepare Your Institution – BS 2B 3:10 P.M. - 4:50 P.M. People-Centric Skills: Crucial Communications – BS 3A Prevent Fraud in Five Critical Areas with Data Analytics – BS 3B
WEDNESDAY, SEPT. 30, 2015 7:00 a.m. – 8:00 a.m. Continental Breakfast 8:00 a.m. – 8:20 a.m. Welcome & Announcements 8:20 a.m. – 10:00 a.m. General Session 10:00 a.m. – 10:30 a.m. Refreshment Break 10:30 a.m. – 12:10 p.m. Track Session 4 12:10 p.m. – 1:10 p.m. Luncheon 1:10 p.m. – 2:50 p.m. Track Session 5 2:50 p.m. – 3:20 p.m. Refreshment Break 3:20 p.m. – 5:00 p.m. Track Session 6 6:00 p.m. – 10:00 p.m. Off-Site Dinner Event
THURSDAY, OCT. 1, 2015 7:00 a.m. – 8:00 a.m. Continental Breakfast 8:00 a.m. – 9:40 a.m. Track Session 7 9:40 a.m. – 10:10 a.m. Refreshment Break 10:10 a.m. – 11:50 a.m. Track Session 8
REGISTRATION BROCHURE
BONUS SESSION INFORMATION TUESDAY, SEPTEMBER 29, 2015 1:10 P.M. – 4:50 P.M.
Additional fees apply CIA Exam Preparation Course** – BS 1 Vicki McIntyre, President, FirstPlus Resolutions, Inc. This CIA Exam Preparation Course will include a high level introduction and overview of the topics covered on the new three-part CIA exam. The course will reinforce your CIA knowledge, clarify exam topics and build exam-day confidence. Taught by a CIA-certified instructor, each attendee will have the opportunity to work through practice exam questions, learn test taking tips and will receive the updated Version 4.0 of The IIA CIA Learning System™ self-study print and online materials for Parts 1-3. Additional self-study time outside of the classroom will be necessary to prepare for the exam. Course topics will include: Part 1 – Internal Audit Basics Part 2 – Internal Audit Practice Part 3 – Internal Audit Knowledge Elements ** On-site registration will not be allowed for this session. This session will allow for four (4) CPEs. Knowledge Level: Basic Advanced Preparation: Pre-test before the class Field of Study: Auditing Prerequisites: None
FEATURE BONUS SESSION SPEAKER Danny M. Goldberg, Owner, GoldSRD
Danny M. Goldberg is a well-known speaker on internal auditing and people-centric skills. His past experience includes leading the Professional Development Practice at Sunera and founding SOFT GRC, an advisory services and professional development firm. He has over 15 years of audit experience including five years as a CAE/Audit Director. In 2014, he published the book, “People-Centric© Skills: Communication and Interpersonal Skills for Internal Auditors” (Wiley) which will be available at the conference. Goldberg currently works with over 100 professional associations around the world and numerous Fortune 1000 companies, assisting in their professional development efforts. He has been recognized as a top speaker at numerous events over the past
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
years, including various The IIA events. Goldberg has been named as one of the Fort Worth Business Press 40 Under 40 for 2014. He has also published numerous articles in trade magazines. He holds many certifications and designations including CPA, CIA, CISA, CGEIT, CRISC, CRMA, CCSA and CGMA.
TUESDAY, SEPTEMBER 29, 2015 1:10 P.M. – 2:50 P.M.
People-Centric Skills: Optimized Audit Interviewing – BS 2A A key facet of the audit process is the interview. The ability to solicit valuable information in an efficient manner is a key skill to becoming an effective auditor. This session will take participants through an overview of leading practices in audit interviewing. Participants will learn to maximize their time with clients. After attending this session, participants will be able to: Know how to optimize interviewing. Describe the importance of communication in the role of auditor. Read body language and appropriate word usage. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
TUESDAY, SEPTEMBER 29, 2015 1:10 P.M. – 2:50 P.M.
Here Come the Feds! What a Sponsor Audit Is Looking for & How to Prepare Your Institution – BS 2B Richard Cordova, Executive Director, University of Washington Kimberly Ginn, Principal, Baker Tilly Kevin Robinson, Executive Director, Auburn University OIG are the three most feared letters in sponsored research (just beating out COI and RCR). As we move into the new world of the Uniform Guidance and increased accountability and oversight of federal spending, Offices of Inspector General (OIG) and sponsors have shifted their focus to auditing incurred costs and internal controls. Most of your institutions have likely either experienced an audit, or live in fear of receiving an intent to audit letter. While OIG and sponsor audits are an inevitable and unavoidable component of receiving research funding, they don’t have to be a nightmare. After attending this session, participants will be able to: Determine areas on which federal auditors are most likely to focus, and common findings from the field. Apply best practices for “surviving” a sponsor audit. Identify how internal audit can provide assurance and assess effectiveness of research administration processes to foster a stronger research administration infrastructure. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with risk and internal controls assessments
4
REGISTRATION BROCHURE
TUESDAY, SEPTEMBER 29, 2015 3:10. P.M. – 4:50 P.M.
People-Centric Skills: Crucial Communications – BS 3A Danny M. Goldberg, Owner, GoldSRD Do you have great technical auditors that could improve their communication skills? Auditors who can communicate effectively are exponentially more effective than auditors who cannot. This course will give auditors of all levels an outline of how to optimize their communication skills. This course is based on the book, “PeopleCentric Skills: Interpersonal and Communication Skills for Internal Auditors,” published by Wiley Publications. Participants will learn to maximize their communication, teamwork and confrontation management skills. After this session, speaker Goldberg will be available to sign copies of his book. After attending this session, participants will be able to: Describe how to optimize confrontation. Discuss the importance of communication in the role of auditor. Improve their effective presentation and writing skills. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
TUESDAY, SEPTEMBER 29, 2015 3:10 P.M. – 4:50 P.M.
Prevent Fraud in Five Critical Areas with Data Analytics – BS 3B Sheila Hammond, Director of Business Development, Audimation Services, Inc. Data analytics has proven highly effective in helping internal auditors dive deeper into specific risk areas to identify opportunities for fraud, waste and abuse. Higher education institutions that embrace the use of data analytics have identified revenue gains and cost reductions by detecting fraud, minimizing financial leakage and optimizing spending. This session explores how CaseWare IDEA® can be used to analyze massive volumes of data within five key test areas: p-cards, grants, financial aid, accounts payable, and travel and entertainment. Within these five areas, participants will review examples of what to look for and tips for narrowing the population to identify exceptions. After attending this session, participants will be able to: Extract data from various systems or external environments, format the data for analysis and share findings with management and stakeholders within the organization. Define specific indicators on which to pull data to search for potential fraud or policy violations. Automate repeatable tasks to save time and effort, without programming, to facilitate continuous monitoring. Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
KEYNOTE SPEAKERS HOW TO USE SIX POWERFUL (& SUBTLE) NONVERBAL BEHAVIORS TO INFLUENCE & PERSUADE MONDAY, SEPTEMBER 28, 2015 8:20 A.M. – 10:00 A.M.
ETHICAL LEADERSHIP FOR THE 21ST CENTURY TUESDAY, SEPTEMBER 29, 2015 8:20 A.M. – 10:00 A.M.
Every day we verbally speak to clients and staff, and at the same time we are sending nonverbal messages that either attract them to us or distance them from us. Yes! It is our nonverbal message that the people around us are reading first and initially responding to. Do we know what nonverbal messages you are sending? Based on her pioneer research in the area of hand gestures, Dr. Linda Talley spells out exactly what we are saying with your hands. In this program, she explains what meaning is created by our specific hand gestures when communicating with others. The key question: Is it the meaning we wish and intend to send? After attending this session, participants will be able to: Identify the universal validator and discuss touch as the emotional connection. Use space for effect, describe hand gestures that attract and those that create distance. Explain power posing and apply power gazing to motivate yourself for success.
Cooper was named one of Time magazine’s Persons of the Year for her role in unraveling the fraud at WorldCom, one of the largest corporate frauds in history. She was featured as one of twenty-five influential working mothers in Working Mother magazine and has appeared on programs including Fox Business’ “America’s Nightly Scoreboard”, PBS’s “TAVIS SMILEY,” NBC’s “TODAY” and CNBC’s “Squawk Box”. Cooper will share her personal experiences at WorldCom as well as critical ethics, governance and auditing lessons learned from some of the largest corporate scandals. After attending this session, participants will be able to: Describe who commits fraud and why. Identify 10 steps to recognize ethical dilemmas, and make the right choices. Describe common threads and root causes of corporate scandals, and develop practical strategies to help prevent and detect fraud in their organizations. Discuss the rise and fall of WorldCom: what went wrong?
Knowledge Level: Basic Advanced Preparation: None Field of Study: Business Management & Organization Prerequisites: None
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Behavioral Ethics Prerequisites: Experience with forensic accounting and fraud risk mitigation
Cynthia Cooper, CEO, CooperGroup, LLC
Linda Talley, PhD, Linda Talley and Associates, Inc.
Linda Talley, PhD, is an expert in leadership development and body language. Dr. Talley’s diverse background includes private practice, university professor, organizational development consultant and business educator. Her programs include stories and insights from her career to bring relevant and pragmatic examples to her audiences. As a sought after international speaker, Dr. Talley provides insights into human dynamics and leadership effectiveness in a humorous, motivating, and engaging manner. Her presentations include emotional intelligence and nonverbal communication presented from a leadership development perspective filled with specific strategies and tactics that can be implemented immediately. Talley holds a PhD in psychology, is an ongoing researcher in the leadership development area, and is published in scientific journals.
5
REGISTRATION BROCHURE
Cynthia Cooper is an internationally recognized speaker, best-selling author and consultant. She consults with organizations around the world and serves as CEO of the CooperGroup. Cooper previously served as Vice President at MCI where she and her team helped the company move forward and successfully emerge from bankruptcy. Cooper received the Maria & Sidney E. Rolfe Award for contributions to educating the public about economics, business and finance. She previously served as a member of the Standing Advisory Group of the Public Company Accounting Oversight Board (PCAOB) and as Chairman of the Board of Regents for the Association of Certified Fraud Examiners. She currently serves on advisory boards for Louisiana State University and Mississippi State University.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
THE NCAA: BEHIND THE BLUE DISK WEDNESDAY, SEPTEMBER 30, 2015 8:20 A.M. – 10:00 A.M.
Derrick Crawford, Managing Director of Enforcement, NCAA More than 90 cents of every dollar the National College Athletic Association (NCAA) spends benefits member colleges and universities through direct distributions to individual campuses and conferences, the funding and administration of national championships, and other direct student-athlete support, such as the Student Assistance and Academic Enhancement funds in Division I. The remaining resources are used to help run the dayto-day operations of the association and pay for other programs and services. According to the most recent data, only 23 universities (all in Division I) generated more revenue than they spent. Every other athletics department in the country is subsidized by its college or university. Together, these funds totaled $90.7 million for the 2012-13 season, which is an increase of approximately $14 million from the previous year. The NCAA Enforcement Group is paying close attention to potential cases of academic misconduct, and has established a unit within the department to specifically focus on that topic. The NCAA infractions process works to maintain a level playing field for all student-athletes by enforcing membership-created rules to ensure fair competition and protect the well-being of student-athletes. The NCAA national office enforcement staff seeks and processes information about possible rules violations.
After attending this session, participants will be able to: Identify recent restructuring in the NCAA to preserve and improve the model of collegiate athletics. Identify the infraction process, from the investigation and the actions taken in finding a violation, to the appeal process. Knowledge Level: Basic Advanced Preparation: None Field of Study: Regulatory Ethics Prerequisites: None
Derrick Crawford presently serves as Managing Director of Enforcement for the NCAA and is responsible for providing leadership and oversight of the NCAA’s investigations and processing function. Prior to his employment with the NCAA, Crawford served as Associate Vice President for Diversity, Educational Equity & Ombuds at California State University San Marcos from 2011-2013 and as the Chief EEO & Diversity Officer for The Citadel in Charleston, South Carolina from 2010-2011. Crawford was employed by the NFL as Senior Manager for Player Liaison from 1998-2000, and as Counsel for Policy & Litigation from 2000-2008. Crawford finished his NFL career serving as Director of Human Resources for NFL Media from 2008-2009. Crawford was employed by the NCAA as an Enforcement Representative from 1996-1998, served as an Assistant Attorney General in the Alabama Attorney General’s Office in 1996 and was a Special Agent of the FBI from 1991-1995. Crawford received his undergraduate and law degrees from the University of Alabama, and is a member of the Alabama State and District of Columbia Bars. Crawford is a Life Member of Alpha Phi Alpha Fraternity, enjoys playing tennis and is an avid traveler, having visited 30 countries. Crawford is a native of Auburn, Alabama.
SAVE THE DATE! PORTLAND
2016 MIDYEAR CONFERENCE APRIL 10-13, 2016 PORTLAND MARRIOTT DOWNTOWN WATERFRONT PORTLAND, ORE. 2016 ANNUAL CONFERENCE SEPTEMBER 11-15, 2016 LOEWS MIAMI BEACH HOTEL MIAMI BEACH, FLA.
6
REGISTRATION BROCHURE
MIAMI
2015 TRACK MATRIX TRACKS
TRACK COORDINATORS SESSION 1 Monday, Sept. 28 10:30 a.m. -12:10 p.m.
TRACK A
TRACK B
TRACK C
TRACK D
Audit Trends & Issues
Risk Management/ GRC & QARs
Compliance
Professional Development & Leadership
Brian Campbell and LaDonna Flynn
Allen Amyotte and Janet Bishop
Jana Clark and Katrina McNair
Marie Jackson and Gregory Wilson
Auditing Controlled Substance Compliance: Is Diversion Happening at Your Institution?
Get Strategic
Seven Things University Auditors Should Know About Tax: Tax Just for Auditors
Making the Leadership Connection
Liz Meyers
Kimberly New
Book Signing – Steve Hoffman
LUNCH SESSION 2 Monday, Sept. 28 1:10 p.m. -2:50 p.m.
Kathy Davanzo
Steve Hoffman
Agile Auditing Raven Catlin
Organizational Change Management: A Best Practice to Effective ERM Implementation
Integrating Internal Audit & Compliance: Opportunities & Challenges
Christine Ackerman, Anita Ingram
Byron Morgan
Leadership: When the Going Gets Tough Lori Cox
BREAK SESSION 3 Monday, Sept. 28 3:20 p.m. -5:00 p.m.
Auditing Academic Processes: Proactively Addressing This Emerging Risk Area
Leveraging Enterprise Risk Management Processes in Internal Audit
Leigh Goller, Raina Rose Tagle
Allen Amyotte, Yat-Sing Cheng
Best Practices in Your Capital Improvement Program
Linking Internal Audit Strategic Planning with the Quality Assurance Review (QAR)
A Practical Approach to Performing a Title IX and Clery Act Combined Audit Nancy Nasca
For Hire: IA, DEG, CERT, EXP, WAVe Rachel Snell
WEDNESDAY SESSION 4 Wednesday, Sept. 30 10:30 a.m. -12:10 p.m.
Rob Broline, John Croy
Auditing PCI Compliance Tim Marley
Leigh Goller, Mike Somich
Break Down the Barriers: Be a Partner! Clay Dean, Len Ohnstad
LUNCH SESSION 5 Wednesday, Sept. 30 1:10 p.m. -2:50 p.m.
College & University Reputation Auditing Bradley Brooks, Kenneth Ramaley
How to Need a Waiting Room in Internal Audit
So You Need a Quality Assessment Review (QAR)?
SBIR Fraud & Your Institution: A Guide to What Can Go Wrong
Jim Sleezer
Paul Coleman
Mary Barnett, Whit Madére
Standards & Guidance for the Professional Practice of Internal Auditing: What You Need to Know
Identifying & Developing Top Internal Audit Talent for Today & Beyond
BREAK SESSION 6 Wednesday, Sept. 30 3:20 p.m. -5:00 p.m.
Auditing Investment Operations: Do You Know Where Your Money Is Going? Kimberly Burkette, Bob Hoster, John Kiss, Elizabeth Walsh
Using Data Analytics as a Management Tool to Identify Organizational Risks Mathew Anderson, Christopher Knopik, Ryan Merryman
Sam McCall
Robert Berry
THURSDAY SESSION 7 Thursday, Oct. 1 8:00 a.m. -9:40 a.m.
Keep It Rolling: A FourYear Approach to Auditing Scholarships & Financial Aid Brian Daniels, Aparna Yellapantula
Close the Loop: Make Your Internal Audit Assessments Inform Your Institutional ERM Phillip Draber
Being a Team Player: New Ways to Collaborate with Athletics Martina Buckley, Justin Noble
Works Like a Charm: Combined Shops of Audit, Compliance & Privacy! Sonal Shah
BREAK SESSION 8 Thursday, Oct. 1 10:10 a.m. -12:10 p.m.
7
Pushing the Rewind Button: Lessons Learned from Reengineering
Enhancing Your Institutional Process through Enterprise Risk Assessment (ERA)
John Curran, Brenda Muirhead
Chibuike Azuoru
REGISTRATION BROCHURE
Auditing Solutions for Higher Education Issues Cathy Miller, Joe Reed
Awesome Auditing with Interns & Undergraduate Students Christopher Beard
2015 TRACK MATRIX TRACK E
TRACK F
TRACK G
TUESDAY BONUS SESSIONS
Information Technology/ Information Security
Fraud & Ethics
Roundtables & Small Shop Resources
Amy Hughes and Calvin Wendelboe
Jason Farber and Verlisa Richards Madden
Heather Lopez and Monique Taylor
Bonus Session 1 1:10 p.m.-4:50 p.m. CIA Exam Preparation Course Vicki McIntyre
IT Governance: Fact or Fiction (as directed through CoBIT 5.0)
Utilizing Data Analytics to Find & Prevent Fraud, Waste & Abuse in Higher Education Bryan Callahan
Jim Sorell
IT Audit & Top IT Risks in 2015 & Beyond Randy Armknecht, David Kupinski, Eric Vyverberg
Retaliation at the University: The Consequences of Reporting $2.3 Million in Fraud Amy Block Joy
IT Auditors & Directors Roundtable Patrick Jenkins
Mid-Size Shop Roundtable (4-8 Auditors) John Curran, Brenda Muirhead
Increasing Higher Education Audit Effectiveness with Data Analytics: A Practical Approach
Everything You Wanted to Know about Fraud Investigation, but Were Afraid to Ask
Steven Zapolski
John Straub
Chris Beard, Pam Doran, Gail Klatt, Valla Wilson
What IT Areas to Audit?
Lie to Me: Secrets of Linguistic Lie Detection
Third Party Risk Management Roundtable
Nejolla Korris
Mark Bednarz
Incorporating Forensic Accounting Techniques into College & University Auditing
Large Shop Roundtable (9+ Auditors)
Cybersecurity Breach! Is Your Institution Prepared? Mike Cullen, David Overton
Evaluating & Managing Third Party IT Service Providers: Getting the Assurance You Need? Kevin Secrest
Collin Greenland
Fraud Education & Awareness Ralph Kimbrough Jr., Joe Reed
Information Security: Assurance through the Strategic, Tactical & Operational Lens
Anatomy of an Academic Fraud Jeremy Clopton
Nicole Schultz
Auditing Cloud Computing in the Real World
Your Ethical Compass: What’s Really True North?
Tom Salzman
8
REGISTRATION BROCHURE
Marion Candrea, Jana Dean
Bonus Session 3 3:10 p.m. -4:50 p.m.
People-Centric Skills: Optimized Audit Interviewing Danny Goldberg
People-Centric Skills: Crucial Communications Danny Goldberg
Book Signing – Danny Goldberg
Book Signing – Amy Block Joy
Kevin Keough
Bonus Session 2 1:10 p.m. -2:50 p.m.
New Chief Audit Executive Roundtable
Don Guyton
Ethics Roundtable Melissa Hall
Small Shop Roundtable (1-3 Auditors) LaDonna Flynn, Julia Hann
Small Shop Quality Assurance Review (QAR) Phill Armanas
Here Come the Feds! What a Sponsor Audit Is Looking for Richard Cordova, Kim Ginn, Kevin Robinson
Prevent Fraud in Five Critical Areas with Data Analytics Sheila Hammond
O T N I T F I H S R A E G H G HI
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS SESSION 1
Monday, September 28, 2015 10:30 a.m. – 12:10 p.m.
A.1 Auditing Controlled Substance Compliance: Is Diversion Happening at Your Institution? – AUDIT TRENDS & ISSUES Kimberly S. New, Drug Division Specialist, Diversion Specialists Diversion, theft of drugs by healthcare personnel, is universal in healthcare facilities in the United States. Some of the risks associated with diversion include patient harm, negative publicity, financial loss and civil and regulatory liability. Every facility must have a formal program to address this continuous challenge. Regular auditing of drug usage for possible diversion is an essential component of a diversion program. This session will focus on the role of the internal auditor in drug diversion surveillance including an examination of the use of data analytics programs. After attending this session, participants will be able to: Define the scope of the healthcare facility drug diversion problem in the United States. Outline controlled substance regulatory requirements with which facilities must comply. List key data analytics reports available for auditing for controlled substance diversion. Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None
B.1 Get Strategic – RISK MANAGEMENT/GRC & QARS Liz Meyers, CEO, Focus On Risk Enterprises, LLC Internal audits are risk-based but still not having the impact we desire and deserve. Where are we going wrong? Surveys continue to show that internal audits are not focusing on strategic business risks to the degree executives believe they should. The presenter will
9
REGISTRATION BROCHURE
discuss ways internal audit can become more strategic with their departments and audits to improve perceptions and increase the influence on the success of our organizations. After attending this session, participants will be able to: Explain why being risk-based may not be enough. Strategically develop your team. Summarize and assess strategic business risks Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with risk-based audit practices
C.1 Seven Things University Auditors Should Know about Tax: Tax Just for Auditors – COMPLIANCE Steve Hoffman, The Tax Translator, The Ordinary Success Project Auditors play an important role in tax risk management at their university. While they are working on an issue, a tax matter may be present at the same time. This session will provide auditors with an understanding of tax issues. Topics covered will include: sales tax, unrelated business income tax, taxable and nontaxable fringe benefits, international student tax liabilities, independent contractors, and university tax issues. An update on current tax law changes and impacts on colleges and universities will also be presented at this session. Following this session, the presenter will do a book signing. After attending this session, participants will be able to: Describe various ways taxes can impact an institution from a financial, reputation and/or media risk. Discuss techniques to use when conducting an audit to expose tax gaps. Construct a successful tax compliance program at their university. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Taxes Prerequisites: Experience with tax issues
D.1 Making the Leadership Connection – PROFESSIONAL DEVELOPMENT & LEADERSHIP Kathryn Davanzo, Senior Partner, Coda Partners, Inc. Explore your leader self-identity and gain new insights about how to be a more effective leader. In this interactive session, Kathy Davanzo will share evidence and stories to demonstrate how a strong leader self-identity – a clearly articulated Leader P.O.V.® (point of view) – defined by a clear intention to lead, high self-efficacy, high self-consistency, high self-construal as a leader and a high degree of self-esteem about one’s leadership value creates a greater connection to one’s team, and greater and sustained influence on team results and culture. After attending this session, participants will be able to: Describe how a strong leader self-identity increases the effectiveness of leaders and their followers. List the elements of a strong leader self-identity and how to develop one using the meta-competencies of examination, exploration, enlistment and execution. Describe their leadership intention. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Personal Development Prerequisites: Experience as a leader
E.1 IT Governance: Fact or Fiction (as directed through CoBIT 5.0) – INFORMATION TECHNOLOGY/ INFORMATION SECURITY Jim Sorrell, IT Auditor, Tennessee Board of Regents-SWIA With the release of CoBIT 5.0, an IT governance program is now required to ensure a “continuing improvement” of internal controls to address risks. What does this mean? What series of events occurred to make this requirement a reality? It is imperative we understand the answers to these questions to ensure the validity and success of our IT governance programs. Many colleges are implementing an IT governance structure without a solid blueprint of what needs to be done. As
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS a result, many risks are still not being properly addressed. After attending this session, participants will be able to: Describe the series of events that led to the birth of IT governance. List the needs to be addressed to meet this challenge. Improve auditing practices by learning about IT governance and what needs to be in place to ensure it works effectively. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with CoBIT and IT goverance
F.1 Utilizing the Power of Data Analytics to Find & Prevent Fraud, Waste & Abuse in Higher Education – FRAUD & ETHICS Bryan Callahan, Senior Managing Consultant, BKD, LLP According to the Association of Certified Fraud Examiners’ (ACFE) “2014 Report to the Nations on Occupational Fraud and Abuse,” it is estimated the average organization loses five percent of its annual revenue to fraud. This session is designed to update you on current trends related to fraud and ways your institution can try to mitigate fraud risk. After this session, participants should be able to: Describe recent fraud trends in general and in higher education. Describe common challenges in utilizing data analytics and how to overcome them. Integrate data analytics into a risk management program to uncover fraud, waste and abuse. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Specialized Knowledge and Applications Prerequisites: Experience with the ACFE’s “2014 Report to the Nations on Occupational Fraud and Abuse,” and fraud risk mitigation
10 REGISTRATION BROCHURE
G.1 IT Auditing Roundtable – ROUNDTABLES & SMALL SHOP RESOURCES Patrick A. Jenkins, Director, IT Audits, University System of Georgia This roundtable provides on open forum for IT auditors and directors to discuss emerging and hot topic issues relevant to auditing information systems and information security in the higher education industry. Registrants will be polled for discussion topics in the weeks prior to the conference. Prior year roundtables have invoked insightful discussion on numerous topics. After attending this session, participants will be able to: List topics of interest to their institutions, security audit techniques for strategic third parties or advising on security incident response plans. Identify and address IT risks and current initiatives within other institutions and compare your organization against them. Analyze IT risk priorities, audit plan development and continuous auditing to increase coverage and value within the higher education environment. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with IT audit practices
SESSION 2
Monday, September 28, 2015 1:10 p.m. – 2:50 p.m.
A.2 Agile Auditing – AUDIT TRENDS & ISSUES Raven Catlin, CEO, Raven Global Training Jack be nimble, Jack be quick. Auditing today is coined with buzz words like “continuous,” “dynamic” and “ongoing” as it relates to everything from risk assessments to controls monitoring and reporting. But what does that really mean, and how do you really do it? This provocative address defines and promotes the speaker’s original ideas (book publication expected in 2016) on Agile Auditing™.
After attending this session, participants will be able to: Create meaningful, realistic and achiev- able audit project plans. Identify and overcome typical obstacles encountered during the audit life cycle. Complete audit projects ahead of budgeted time and reduce audit costs. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
B.2 Organizational Change Management: A Best Practice to Effective Enterprise Risk Management (ERM) Program Implementation by Leveraging Risk Management and Internal Audit Resources – RISK MANAGEMENT/GRC & QARS Christine Ackerman, Assoc. VP and Director of Internal Audit, University of Cincinnati Anita Ingram, Asst. VP and Chief Risk Officer, University of Cincinnati This session will describe how organizations can build a successful case and framework for enterprise risk management by exploring the often underutilized partnership and collaboration between the chief risk officer and lead internal audit executive. The presenters will demonstrate how to develop a strong methodology and approach to risk mitigation. After attending this session, participants will be able to: Build a successful case and framework for ERM with a defined approach, assessment tools and outcomes. List key collaboration and consultative techniques deployed in the partnership between risk management and internal audit to gain top-level support and build consensus with institutional stake- holders for ERM. Navigate the challenges and pitfalls of implementing and sustaining a successful ERM program. Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS C.2 Integrating Internal Audit & Compliance: Opportunities & Challenges – COMPLIANCE Byron Morgan, Chief Audit Executive, University of Memphis This session will cover the opportunities and challenges of integrating internal audit and compliance within a higher education institution. There is a growing trend within higher education to combine or integrate audit and compliance, which seems to be driven in part due to budgetary constraints and the increased emphasis to “do more with less” confronting many internal audit offices within the current higher education economic environment. After attending this session, participants will be able to: Identify the issues when internal audit and compliance is combined within a university. List the different views and approaches for integrating audit and compliance. Describe "best practices" for integrating audit and compliance. Knowledge Level: Basic Advanced Preparation: None Field of Study: Administrative Practice Prerequisites: None
D.2 Leadership: When the Going Gets Tough – PROFESSIONAL DEVELOPMENT & LEADERSHIP Lori K. M. Cox, Director, Internal Audit, Pima Community College It has often been quoted that the true measure of an individual is not behavior during a time of comfort and convenience, but at times of challenge and controversy. This can be particularly true for leaders. There is a wealth of information regarding leadership skills and characteristics necessary to lead well. However, in times of crises, challenge and controversy, leading well can be particularly difficult. This session will address practical tools and techniques for leading effectively in these situations. After attending this session, participants will be able to: Identify tips for leading well through crises, challenge and controversy.
11 REGISTRATION BROCHURE
Recognize the key question to ask yourself when addressing leadership challenges. Recall practical tools and techniques for “protecting” themselves as a leader. Knowledge Level: Basic Advanced Preparation: None Field of Study: Personal Development Prerequisites: None
E.2 IT Audit & Top IT Risks in 2015 & Beyond – INFORMATION TECHNOLOGY/INFORMATION SECURITY Randy Armknecht, Associate Director, Protiviti David Kupinsk, Managing Director, Protiviti Eric Vyverberg, Associate Director, Protiviti IT audit functions today need to support the risk assessment, the analytics process and the integrated audit. How can internal audit departments at higher education organizations help management assess critical emerging risks such as data security, privacy and cybersecurity? In this session, we will highlight case studies at two higher education organizations where we have helped implement additional controls/processes around data security. After attending this session, participants will be able to: Explain year over year IT audit trends, including findings from recent industry surveys. Conduct an IT risk assessment using a repeatable framework and develop an IT audit plan including hours, size, significant projects and governance. Discuss leading practices in auditing data security, privacy and cybersecurity. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
F.2 Retaliation at the University: The Consequences of Reporting $2.3 Million in Fraud – FRAUD & ETHICS Amy Block Joy, Faculty/Specialist Emeritus, University of California, Davis This real life retaliation case study will present a first-person account about the danger of speaking out in the workplace. In 2006,
the presenter, a faculty member at a major public university, discovered apparent fraud in her federal grant funds. When her report of the fraud, which followed university procedure, was ignored, she blew the whistle. The misuse of government funds was substantiated by campus authorities. Eleven months later, when the $2.3 million fraud findings were about to be released to the public, she became the target of an elaborate smear campaign and a number of terrifying activities. This presentation chronicles how far some high level officials will go to silence the truth and how to overcome these efforts. Following this session, the presenter will do a book signing. After attending this session, participants will be able to: Recall different strategies that can protect the whistleblower or reporter from retaliation. Identify institutional safeguards to put in place before, during and after the whistle is blown. Describe to their workforce essential resources for the reporting of fraud and misconduct. Knowledge Level: Basic Advanced Preparation: None Field of Study: Behavorial Ethics Prerequisites: None
G.2 Mid-Sized Shop Roundtable (4-8 Auditors) – ROUNDTABLES & SMALL SHOP RESOURCES John Curran, University Director of Internal Audit, University of Kansas Brenda Muirhead, Chief Auditor, University of Oregon In this mid-size shop roundtable, the facilitators will discuss issues facing internal audit shops that have four to eight staff members. Before the conference, participants will be surveyed by email to identify discussion topics of interest. Participants will hear how other audit shops of similar size are addressing issues of concern while gaining knowledge of best practices that will assist in enhancing audit department development.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS After attending this session, participants will be able to: Identify and adopt best practices that will benefit their mid-size shop. Discuss emerging risks for universities of comparable size. Develop and strengthen their mid-sized audit shop professional network. Knowledge Level: Overview Advanced Preparation: None Field of Study: Auditing Prerequisites: None
SESSION 3
Monday, September 28, 2015 3:20 p.m. - 5:00 p.m.
A.3 Auditing Academic Processes: Proactively Addressing This Emerging Risk Area – AUDIT TRENDS & ISSUES Leigh Goller, Director, Internal Audits, Duke University Raina Rose Tagle, Partner, Baker Tilly High-profile instances of academic fraud and its intersection with athletic programs have highlighted this area of risk for universities, impacting accreditation and damaging reputations. Boards increasingly inquire about how internal audit can address this emerging risk area. This session will cover an approach to reviewing auditable risks and related controls in academic administrative processes, ways in which internal audit departments are assessing the design and effectiveness of academic processes, and common challenges and lessons learned from auditing academic processes and working with academic leaders. After attending this session, participants will be able to: Identify auditable risks and related controls in academic processes. Describe how internal audit departments can provide assurance over risks related to academic processes. Test common challenges encountered when auditing academic processes and working with academic leaders. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
12 REGISTRATION BROCHURE
B.3 Leveraging Enterprise Risk Management (ERM) Processes in Internal Audit – RISK MANAGEMENT/ GRC & QARS Allen Amyotte, Director, Audit, University of Calgary Yat-Sing Cheng, Associate Director, ERM, University of Calgary An effective ERM process can truly be a primary source for the development of the annual audit plan. It can also provide critical context and linkage for audit reports and in scoping engagements. The leads for internal audit and ERM will jointly speak on the ERM program at the University of Calgary and on how this program is effective for all parties concerned. After attending this session, participants will be able to: Apply working knowledge of ISO 31000 in the implementation of ERM in a mid-size to large-size research university. Use the concept of risk tolerance at a strategic level. Integrate residual risk determinations into the annual internal audit planning process. Knowledge Level: Advanced Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with ERM and audit plan development
C.3 A Practical Approach to Performing a Title IX & Clery Act Combined Audit – COMPLIANCE Nancy Nasca, Manager, Institute Audit, Compliance and Advisement, Rochester Institute of Technology In recent years, issues relating to campus safety have received increased governmental scrutiny, resulting in the enactment of the Violence Against Women Reauthorization Act (VAWA), the Campus Sexual Violence Elimination (SaVE) Act, as well as multiple governmental advisories, all of which have affected the interpretation of the requirements of existing legislation (Title IX, Clery Act). This session will provide attendees with an overview of the key requirements of the sexual harassment component of Title IX, Clery Act and other related regulations and guidance.
After attending this session, participants will be able to: Identify synergies within key Title IX and Clery Act requirements to facilitate a combined compliance audit approach. Use available tools and resources to facilitate the planning and performance of Title IX and Clery Act compliance audits. Implement a framework to assess the adequacy of the university’s Title IX and Clery Act policies and procedures. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
D.3 For Hire: IA, DEG, CERT, EXP, WAVe – PROFESSIONAL DEVELOPMENT & LEADERSHIP Rachel Snell, Director, Internal Audit, Coast Community College District Current communication is reduced to text messages, acronyms, Skype and FaceTime. It is increasingly difficult to convince management that internal auditors (IA) Will Add Value (WAVe). With our DEGrees, CERTifications, and EXPerience, we traverse the waters of organizational perplexities and political complexities using traditional talk to champion our cause. So, stop convincing! All this can be accomplished in a style that’s right 4U! After attending this session, participants will be able to: Evaluate the WAVe message and offer ways in which traditional techniques can be re-tooled to bridge the communication gap between the hipsters and mainstreamers. Translate audit speak into a message that is worthy of being heard. Apply the power of observation and link it to audit value. Knowledge Level: Overview Advanced Preparation: None Field of Study: Communications Prerequisites: None
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS E.3 Increasing Higher Education Audit Effectiveness with Data Analytics: A Practical Approach – INFORMATION TECHNOLOGY/INFORMATION SECURITY Steven Zapolski, Market Development Consultant, TeamMate This presentation is designed to help auditors and higher learning institutions bridge the gap between data analytic theory and application. The emphasis of this presentation is to discuss real world application of data analytics. After attending this session, participants will be able to: List ways to save time and improve efficiency. Describe mechanisms to reduce exposure to risk. Detect more fraud. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
F.3 Everything You Wanted to Know about Fraud Investigation, but Were Afraid to Ask - FRAUD & ETHICS John H. Straub, President, Straub Accounting, LLC Conducting fraud investigations is a serious endeavor that requires unique skills and training to avoid adverse consequences for the investigator and other parties involved. There are many misconceptions regarding the role of the investigator with respect to gathering evidence, reporting and defending findings. This session dispels misconceptions and delivers best practices in the investigative process to participants interested in improving their investigative skills. Information presented is based on actual cases experienced by the presenter and delivered in a manner to enhance recall by using clear examples and definitions. After attending this session, participants will be able to: Organize and plan quality fraud investigations to report and defend investigation findings. Collect incontrovertible evidence, and avoid false positives.
13 REGISTRATION BROCHURE
List activities that can potentially place the investigative team and other parties in harm’s way.
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with financial forensic techniques and protocols in investigation, evidence collection, reporting and defending findings
G.3 New Chief Audit Executive Roundtable – ROUNDTABLES & SMALL SHOP RESOURCES
SESSION 4
Wednesday, September 30, 2015 10:30 a.m. - 12:10 p.m.
A.4 Best Practices in Your Capital Improvement Program – AUDIT TRENDS & ISSUES Rob Broline, Director, Construction Risk Advisory Services, McGladrey LLP John Croy, National Director, Construction Risk Advisory Services, McGladrey LLP To stay competitive with other institutions, colleges and universities are upgrading and expanding their campus facilities. Facilities and internal audit departments are taking progressive steps to monitor construction activities to ensure there is compliance with agreements and meeting industry standards. In doing so, colleges and universities have established programs to determine if their capital improvement program is operating in an efficient and effective manner. Attendees will gain an understanding of how institutions are establishing best practices in monitoring costs and managing the processes related to their capital improvement programs. This includes assessing the best forms of delivery methods and benchmarks for architectural engineering fees and construction costs. After attending this session, participants will be able to: Use benchmarks to monitor costs and demonstrate methods to detect fraud waste and abuse. Analyze what to look for in contracts and contract negotiations. Describe the internal audit department’s involvement in the capital improvement program.
Christopher Beard, Director, Office of Compliance and Internal Audit Services, BYU-Hawaii Pam Doran, Executive Director of Audit and Assurance Services, University of South Carolina Gail Klatt, Associate Vice President, Internal Audit, University of Minnesota Valla Wilson, Associate Vice Prsident of Internal Audit, UT Southwestern Medical Center This roundtable will focus on topics relevant to those who have been appointed as new chief audit executives (CAE), internal audit directors or those interested in becoming CAEs. Each of the facilitators will share their backgrounds and perspectives on relevant and timely topics to facilitate dynamic conversation. After attending this session, participants will be able to: Identify strategies used to develop risk assessments and audit universes. Build the audit department’s reputation based on integrity and trust. Demonstrate insight into CAE roles from Knowledge Level: Basic an insider’s perspective. Advanced Preparation: None Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience in managing and/or directing audit functions
Field of Study: Auditing Prerequisites: None
B.4 Linking Internal Audit Strategic Planning with the Quality Assurance Review (QAR) – RISK MANAGEMENT/GRC & QARS Leigh Goller, Director of Internal Audits, Duke University Michael Somich, Executive Director, Internal Audits, Duke University
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS While our office was scheduled to do a fiveyear quality assessment review in fall 2014 (self-assessment with external validation), we decided to prepare a strategic plan (Vision 2020) in advance of the external team visiting our institution. The presenters will discuss the process they followed in developing the strategic plan, integrating it with the external review and the outcomes of the combined processes. After attending this session, participants will be able to: Reiterate the process of strategic planning and the involvement of senior leaders in the strategic planning processes. Apply the strategic plan draft in the external quality assessment review process. Describe the quality assessment review and strategic planning results to senior management and board. Knowledge Level: Basic Advanced Preparation: None Field of Study: Administrative Practice Prerequisites: None
C.4 Auditing PCI Compliance – COMPLIANCE Tim Marley, IT Audit Director, University of Oklahoma Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a complicated, but necessary process. Don’t let the technical requirements intimidate or confuse you. Attend this session to learn about the newest version of the standards and how to audit your organization’s state of compliance with these requirements. After attending this session, participants will be able to: Explain why the PCI DSS presents unique challenges for higher education and review the changes specific to version 3.0. Explain the Payment Card Industry Internal Security Assessor (PCI ISA) program and why it should be considered as a possible source of credentialed training for their team. Demonstrate audit compliance with the PCI DSS using established tools provided by the Payment Card Industry Security Standards Council (PCI SSC).
14 REGISTRATION BROCHURE
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with PCI DSS and security standards
D.4 Break Down the Barriers: Be a Partner! – PROFESSIONAL DEVELOPMENT & LEADERSHIP Clay Dean, Director of Internal Audit, Kennesaw State University Len Ohnstad, Associate Director of Internal Audit, Kennesaw State University The presenters will discuss innovative methods the internal audit department can use to break down barriers and enhance communication between managers and internal audit. They will also discuss how you can enhance communication during audits, and gain a better reception of audit findings and recommendations, identify methods to improve management’s perception of internal audit, and develop and provide services to help managers identify their department’s risks, implement strong internal control, and be better prepared for a future audit. After attending this session, participants will be able to: Review the benefits of internal audit customer service with managers and auditors. List methods to increase employee compliance with policies and procedures. Tell managers how to accomplish their goals and objectives. Knowledge Level: Basic Advanced Preparation: None Field of Study: Communications Prerequisites: None
E.4 What IT Areas to Audit? – INFORMATION TECHNOLOGY/ INFORMATION SECURITY Kevin R. Keough, Senior Information Systems Auditor, Indiana University The Big Ten Conference institutions participated in a survey of their IT audit planning processes. The information gathered in this survey will be presented. The Big Ten Conference IT auditor group is a collaborative group of lead IT auditors that meet faceto-face annually, and on quarterly conference
calls to share knowledge and experiences of how they are meeting the IT audit challenges at their institution. Each institution’s IT risk assessment processes, communications, rankings and prioritization of IT audit topics will be covered. After attending this session, participants will be able to: Classify the Big Ten Conference institution's IT audit shop sizes, reporting structures and the size and makeup of the institutions they serve. Describe the IT audit planning and risk assessment process used at Big Ten Conference institutions. List the IT audit selection processes used at Big Ten Conference institutions. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with IT auditing
F.4 Lie To Me: Secrets of Linguistic Lie Detection – FRAUD & ETHICS Nejolla Korris, CEO, InterVeritas International Gathering truthful information is an integral part of any corporate environment. If honesty is always the best policy, why don’t we always get it? How important is it for us to learn the truth from our employees, managers and clients? This introduction to linguistic lie detection will help participants become more effective in all business relationships. The presenter will provide an overview of how linguistic lie detection is used in business, audit and investigative areas. Session participants will learn the basics of information gathering and how to interpret the information they receive. Linguistic lie detection basics will be applied to a variety of high-profile media cases to illustrate examples of deception. After attending this session, participants will be able to: Describe how a truthful person speaks versus an untruthful person, and report how often deception is used in the workplace. List specific linguistic triggers that indicate deception. Relate how linguistic lie detection is used for human resources, audit and investigative areas.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None
G.4 Third Party Risk Management Roundtable – ROUNDTABLES & SMALL SHOP RESOURCES Mark Bednarz, Partner, O'Connor Davies LLP Third party risk management is rapidly growing in importance as institutions turn to outsource providers to reduce operating costs, and design approaches to use specialists to accomplish strategic initiatives. Amid the benefits of outsourcing, there lies a significant risk. After this session, participants will be able to: Create a continuous vendor risk management program. Discuss rating external relationships and classifying data. Identify approaches to potential issues. Knowledge Level: Overview Advanced Preparation: None Field of Study: Auditing Prerequisites: None
SESSION 5
Wednesday, September 30, 2015 1:10 p.m. – 2:50 p.m.
A.5 College & University Reputation Auditing – AUDIT TRENDS & ISSUES Bradley W. Brooks, Professor, Queens University of Charlotte Kenneth Ramaley, Managing Director, Ramaley Group LLC A school's reputation is one of its most critical assets. However, many institutions of higher education are vulnerable to reputation risks. While auditors have traditionally provided assurance on financial risks, operational risks and compliance risks, reputation risks have remained more nebulous. The presenters will describe an actionable approach to enable college and university auditors to clearly identify and elucidate critical risks to school reputations, and to provide effective commentary on reputation-focused controls. No prior exposure to reputation risk auditing is
15 REGISTRATION BROCHURE
assumed, although experience with assessing other types of operational risks will be helpful. After attending this session, participants will be able to: Identify the critical drivers and vulnerabilities of reputation risk for colleges and universities. Describe the functions of effective reputation controls, including approaches to testing them. Integrate reputation considerations into existing audit plans. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
B.5 So You Need a Quality Assessment Review (QAR)? – RISK MANAGEMENT/GRC & QARS Jim Sleezer, Retired, Oklahoma State University/A&M System The IIA Standards (1300) require that the chief audit executive must develop and maintain a quality assurance and improvement program (QAIP) that includes both internal and external assessments. An external assessment – a Quality Assessment Review (QAR) – must be conducted at least once every five years by a qualified, independent assessor or assessment team. The presenter will provide an overview of QAIPs, including discussion of QAR and options for meeting this standard. After attending this session, participants will be able to: Recognize components of a good QAIP. Discuss options for completing internal and external assessments. Build a plan to prepare their institutions for a QAR. Knowledge Level: Overview Advanced Preparation: None Field of Study: Administrative Practice Prerequisites: None
C.5 SBIR Fraud & Your Institution: A Guide to What Can Go Wrong – COMPLIANCE Paul J. Coleman, Consultant, Georgia Tech Department of Internal Auditing Eleven federal agencies provided $21 billion in awards through the Small Business Innovation Research (SBIR) program. Many
states also provide matching funds for SBIR awards. Program guidelines and the impact to your institution by businesses that misappropriate university research and resources will be discussed. Diversion of resources can be caused by university employees who do not disclose their work or where employees have an interest in the SBIR business. After attending this session, participants will be able to: Identify the program elements for SBIR award, including how their institutions can transfer research technology to companies through SBIR awards. Recognize best practices and red flags that will identify if their institutions are at risk of the diversion of resources by undisclosed work for SBIR companies. Discuss the need to add SBIR education and identification as part of your risk assessment, compliance reviews and internal control reviews. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Regulatory Ethics Prerequisites: Experience with SBIR and risk assessments
D.5 How to Need a Waiting Room in Internal Audit – PROFESSIONAL DEVELOPMENT & LEADERSHIP Mary Barnett, Investigations and Special Projects Auditor, Virginia Community College System Whit Madére, Director, Internal Audit, Virginia Community College System Wouldn’t it be great to have a waiting room full of people? We think it could happen! We are working toward creating a department so awesome that people are vying for our attention. We want to provide management and the board with whatever they need to make the campuses so awesome that they have students and donors sitting in their waiting rooms wanting to get on board. We’re eager to share with you the ideas we’ve got that are going to help us get there. We’re eager to find out what awesome ideas you have, too.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS After attending this session, participants will be able to: Develop a repertoire of value-added projects for their institutions. Identify and target those areas where internal audit can do the most good in the least amount of time. Maintain adherence with the standards while expanding the scope of services offered by internal audit.
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with IT auditing and security protocols
Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
Collin Anthony Greenland, Chief Internal Auditor, Kaizen Management Consultants This presentation is designed to introduce, sensitize and inspire higher education auditors to integrate forensic accounting techniques and methodologies into their routine audit activities to enhance their effectiveness in fraud deterrence, prevention, detection and reporting. This session will include discussions on forgery, forensic authentication and handwriting analyses. Simulated case studies will be presented in this session. After attending this session, participants will be able to: Define, describe and explain the concept of forensic accounting and computer forensics, and demonstrate the use of interviewing/interrogation techniques. Build the essential elements of a forensic audit and demonstrate how it is conducted. Integrate into audit assignments applicable “cutting edge” forensic accounting methodologies, techniques and technology.
E.5 Cybersecurity Breach! Is Your Institution Prepared? Tips & Audit Techniques for Incident and Breach Response – INFORMATION TECHNOLOGY/INFORMATION SECURITY Mike Cullen, Senior Manager, Baker Tilly David Overton, Director of Information Security, Saint Leo University Cybersecurity at higher education institutions is a challenging, complex area. Since many colleges and universities have multiple decentralized IT units, cybersecurity must address myriad IT risks, such as data security and privacy, and face enormous changes as more operations and processes are automated, outsourced (e.g., cloud), and mobilized (e.g., bring your own device). Therefore, 100 percent prevention of incidents and breaches is not practical or possible. This means institutions need a robust incident and breach response plan. After attending this session, participants will be able to: List the goals of an incident and breach response plan that will meet regulatory and legal requirements and mitigate risks. Restate key aspects of the plan and how they can audit those, including roles and coordination in the plan, timing of steps and specific steps needed for certain types of incidents. Describe leading practice incident/ breach response methods to take back to their campuses based on cases presented.
16 REGISTRATION BROCHURE
F.5 Incorporating “Cutting Edge” Forensic Accounting Techniques & Methodologies into College & University Auditing – FRAUD & ETHICS
Knowledge Level: Advanced Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: Experience in forensic accounting
G.5 Large Shop Roundtable (9+ Auditors) – ROUNDTABLES & SMALL SHOP RESOURCES Don Guyton, Chief Audit Executive, University of Houston System Chief audit executives and directors who manage internal audit functions at large public and private universities will gather and discuss important topics of common interest. Participants at this roundtable will compare notes and exchange solutions to the problems they face. Prior to the conference, the
facilitator will poll participants to identify and prioritize discussion topics. After attending this session, participants will be able to: Apply their knowledge of audit issues affecting large colleges and universities. Access networks created with peers at larger institutions. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
SESSION 6
Wednesday, September 30, 2015 3:20 p.m. - 5:00 p.m.
A.6 Auditing Investment Operations: Do You Know Where Your Money Is Going? – AUDIT TRENDS & ISSUES Kimberly Burkett, Manager, Baker Tilly Bob Hoster, Director of Internal Audit, Bucknell University John Kiss, Senior Manager, Baker Tilly Elizabeth Walsh, Senior Audit Manager, Stanford University Investment and endowment operations can be one of the more challenging areas to audit in an institution. Having an awareness of general investment controls, as well as industry practices and regulations, is necessary to conduct a thorough review of the intricacies of investment and endowment operations. This presentation will shift into overdrive and take a comprehensive look at key investment and endowment operational areas, as well as leading industry practices to help conduct an effective audit. After attending this session, participants will be able to: Describe a general overview of key investment and endowment operational areas, focusing on valuable controls and leading industry practices. Analyze due diligence considerations for investment and endowment activities. Describe additional control considerations related to alternative investments and tax implications. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS B.6 Using Data Analytics as a Management Tool to Identify Organizational Risks – RISK MANAGEMENT/GRC & QARS Mathew Anderson, Senior Manager, Clifton, Larson, Allen, LLP Christopher Knopik, Principal, Clifton, Larson, Allen, LLP Ryan Merryman, Senior Manager, Clifton, Larson, Allen, LLP The presenters will introduce a method applying data analytics, demonstrate its capabilities and explain how it can be used to efficiently and effectively identify risk. After attending this session, participants will be able to: Recognize where data analytics can be used to better identify various risks in an organization. Apply the use of data analytics through a case study to efficiently and effectively identify risk. Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None
C.6 Standards & Guidance for the Professional Practice of Internal Auditing: What You Need to Know – COMPLIANCE Sam M. McCall, Chief Audit Officer, Florida State University As a member of the IIA Guidance Task Force that developed the definition of internal auditing, the presenter will discuss the development of current internal auditing standards and guidance as well as their applicability to fraud, compliance and information technology, the three lines of defense, and how this fits in with providing assurance and consulting services. After attending this session, participants will be able to: Apply the standards and guidance for internal auditing as issued by the IIA. Explain the framework for the professional practice of internal auditing. Identify recent changes to the required elements of internal auditing.
17 REGISTRATION BROCHURE
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with the IIA Standards
D.6 Identifying & Developing Top Internal Audit Talent for Today & Beyond – PROFESSIONAL DEVELOPMENT & LEADERSHIP Robert Berry, Director of Audit, University of North Florida Finding and retaining audit professionals can be a daunting task. Thorough resume reviews and interviews alone will not guarantee attracting top prospects. Organizations must keep talented professionals engaged. The employer/employee relationship is a two-way process that requires time and attention to be meaningful for both parties. This session provides a talent management methodology designed to help maximize the employer/ employee relationship. After attending this session, participants will be able to: Develop talent management processes that are tailored for your organization. Assess, develop and deploy talent based on individual and organizational needs. Describe and deploy talent retention strategies. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Personnel/HR Prerequisites: Familiar with human resource regulations
E.6 Evaluating & Managing Third Party IT Service Providers: Are You Really Getting the Assurance You Need to Mitigate Information Security & Privacy Risks? – INFORMATION TECHNOLOGY/INFORMATION SECURITY Kevin Secrest, IT Audit Manager, University of Pennsylvania Many organizations have adopted processes and controls for evaluating how third party IT service providers address information security and privacy risk, but appear to struggle to get an appropriate level of assurance from providers on an ongoing basis. This presentation will cover arming organizations with
the ability to implement practical strategies for evaluating and managing third party IT service providers' information security and privacy risk. After attending this session, participants will be able to: List options for evaluating and managing third party IT service providers' information security and privacy risk. Compare the intended uses of different reports offered by IT service providers to demonstrate effective information security and privacy controls, and determine the most appropriate type of report to request. Describe internal audit's role in evaluating and managing third party IT service providers. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
F.6 Fraud Education & Awareness – FRAUD & ETHICS Ralph Kimbrough Jr., Audit Manager, University of Kentucky Joe Reed, Senior Director, University of Kentucky This presentation focuses on the University of Kentucky’s fraud program and the role of internal audit regarding fraud education and awareness. Such things as special committees, policies, training, surprise audits and the university hotline are utilized. The presenters will discuss how internal auditors can increase an employee’s awareness of fraud. After attending this session, participants will be able to: Describe an awareness of fraud training programs and train university faculty and staff on fraud prevention and detection techniques. Critique with session attendees regarding their experiences of fraud awareness. Develop a continuous fraud prevention and detection awareness training program. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS G.6 Ethics Roundtable – ROUNDTABLES & SMALL SHOP RESOURCES Melissa B. Hall, Associate Director, Forensic Audits, Georgia Institute of Technology Got ethics? How can we ensure that all of our faculty and staff have ethics? The media headlines are filled with frauds occurring on campus and are usually the result of unethical decisions which impacts all of us. One of the first challenges of dealing with unethical decision-making is recognizing that there is a problem. After attending this session, participants will be able to: Identify areas where ethical challenges exist on campuses. Describe and develop the methods used to assess the ethical culture of institutions and the strategies for effectively changing the ethical culture of institutions. List methods used by peers to promote more ethical cultures on campuses. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
SESSION 7
Thursday, October 1, 2015 8:00 a.m. – 9:40 a.m.
A.7 Keep It Rolling: A Four-Year Approach to Auditing Scholarships & Financial Aid - AUDIT TRENDS & ISSUES Brian Daniels, Associate Director of Internal Audit, Virginia Tech Aparna Yellapantula, Staff Internal Auditor, Virginia Tech The presenters will provide a brief introduction to the student financial aid process, from the student application through the awarding and monitoring of various aid possibilities. They will walk through the audit methodology at Virginia Tech and how the internal audit department collaborated with management to outline the scope of audits to cover all the processes of financial aid in four annual audits. Participants will walk away with an improved understanding of the scope of activities covered by these units on their campuses and how they can add value to the process.
18 REGISTRATION BROCHURE
After attending this session, participants will be able to: List federal requirements for scholarships and financial aid. Describe various components of their institutions’ scholarship and financial aid programs. Critique how Virginia Tech has implemented a rolling, four-year approach to covering the required elements. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
B.7 Close the Loop: Make Your Internal Audit Assessments Inform Your Institutional ERM & Improve GRC Outcomes – RISK MANAGEMENT/ GRC & QARS Phillip Draber, Director, Risk and Assurance Services, Edith Cowan University Most internal audit reports do not provide any explicit comment on the appropriateness of assessed levels of risk, particularly at the institutional level. This presentation showcases one institution's approach to improving its internal audit reports by making explicit comments on assessed levels of risk based on the effectiveness of controls. The link between risk management and audit planning will be used to consider the inputs, processes and outputs required to form a multi-purpose opinion. There will be a discussion of some of the governance, risk and compliance (GRC) outcomes achieved as a result of this change in reporting. After attending this session, participants will be able to: Apply knowledge to prepare internal audit control assessments that link back to management’s risk assessments by strengthening the nexus between risk management and internal audit. Develop audit committee and board reports that contribute to GRC out comes by providing assurance on the effectiveness of documented risk treatments. List value-added opportunities for internal audit.
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with risk and controls assessments
C.7 Being a Team Player: New Ways to Collaborate with Athletics – COMPLIANCE Martina Buckley, Manager, Baker Tilly Justin T. Noble, Audit Director, Texas Tech University System The presenters will outline new and unique ways internal audit (IA) can collaborate with the athletic program and add value to institutions as well as help prevent compliance, financial, operational and reputational risks. The presentation will also provide an overview and updates of the NCAA DI Manual and ACUA Audit Guidelines. After attending this session, participants will be able to: Plan with athletic programs to accomplish institutional oversight and establish a relationship with athletic administrators. List resources to help athletics programs achieve their objectives. Identify unique opportunities for internal audit to provide support to athletics and their institution including media rights audits and academic integrity reviews. Knowledge Level: Basic Advanced Preparation: None Field of Study: Management Advisory Services Prerequisites: None
D.7 Works Like a Charm: Combined Shops of Audit, Compliance & Privacy! – PROFESSIONAL DEVELOPMENT – LEADERSHIP Sonal J. Shah, Senior Director, Compliance and Ethics, Stanford University Having skill sets of audit, compliance and privacy in the same office allows for in-house learning and cross training for the staff, and a better understanding of addressing risk for the higher education organization. It’s a win-win! The presenter will clarify the roles, responsibilities and work products of the diverse members of the combined shops and
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS discuss opportunities for these employees to further their careers. After attending this session, participants will be able to: List the commonalities of the three functions of audit, compliance and privacy. Identify the organizational advantage of putting these functions in the same department under the same leader and appreciate the benefits gained from this collaboration. Describe why combining these shops would be envisioned as an effective use of resources. Knowledge Level: Basic Advanced Preparation: None Field of Study: Business Management & Organization Prerequisites: None
E.7 Information Security: Assurance through the Strategic, Tactical & Operational Lens – INFORMATION TECHNOLOGY/INFORMATION SECURITY Nicole Schultz, Audit Lead, University of Calgary Information technology organizations are inundated with requests, events and incidents. In light of this, root cause analysis becomes a critical function for the IT organization, especially within information security. Examining IT security controls strategically, tactically and operationally can break down root causes and demonstrate that IT security is not simply a technical control. In resource-constrained environments, IT audits should not only identify control issues but provide value to the organization. The participants will analyze a specific case study to determine how to scope, plan and conduct fieldwork and do a walk-through of a facilitated management self-assessment of information security. After attending this session, participants will be able to: Recall the relationship between strategic, tactical and operational information security functions. Describe security maturity benchmarks and their impact on planning internal audits.
19 REGISTRATION BROCHURE
Plan and conduct fieldwork for an IT security control audit.
Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience in IT audit and IT security assessment
F.7 Anatomy of an Academic Fraud – FRAUD & ETHICS Jeremy Clopton, Senior Managing Consultant, BKD, LLP The presenter will discuss the use of some relevant indicators of academic fraud based on the Cadwalader Report, Investigation of Irregular Classes in the Department of African and Afro-American Studies at the University of North Carolina [UNC] at Chapel Hill and how data analytics can be proactively used to detect and monitor for instances of potential academic fraud. Colleges and universities should consider whether similar academic violations could exist on their own campuses. To do so, it is necessary to understand how academic fraud can get a foothold, and the lessons learned from UNC’s experience are a good starting point. After attending this session, participants will be able to: Illustrate various motives and rationale behind academic fraud. Recognize red flags and appropriate actions to take. Describe tools and methods for detecting and preventing fraudulent behavior. Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None
G.7 Small Shop Roundtable (1-3 Auditors) – ROUNDTABLES & SMALL SHOP RESOURCES LaDonna Flynn, Director of Internal Audit, Pittsburg State University Julia Hann, Internal Audit Director, Georgia College and State University This will be a two-part roundtable. The first part of the session will focus on helping small shops be more effective in managing their
audit shop. The first presenter will facilitate various techniques through the audit process in creating efficiency and effectiveness in small shops. The topics covered will include a range of tools, including audit planning to mitigate risks, ways to add value, student interns, and managing crises against your audit plan. The second part of the session will focus on optimizing audit programs. The next presenter will lead the discussion to optimize the institution’s potential with audit programs. Participants should come prepared with one hard copy of an audit program. Participants will collaborate in small groups to determine common themes and best practices for audit program design and writing. After attending this session, participants will be able to: Identify tools for their small shop operations. Describe key components of an audit program. Apply knowledge from small shop peers regarding audit programs and operations. Knowledge Level: Basic Advanced Preparation: Bring a hard copy of a favorite audit program. Field of Study: Auditing Prerequisites: None
SESSION 8
Thursday, October 1, 2015 10:10 a.m. – 11:50 a.m.
A.8 Pushing the Rewind Button: Lessons Learned from the Reengineering of Two University Internal Audit Functions – AUDIT TRENDS & ISSUES John Curran, University Director of Internal Audit, University of Kansas Brenda Muirhead, Chief Auditor, University of Oregon Imagine rebuilding an internal audit department from the ground-up – what would the finished product look like, and what roadmap would you use to get there? This was the opportunity recently presented to the chief audit executives for the University of Kansas and the University of Oregon. They will share lessons learned from their experiences and provide a change model that others can use
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS to 1) reconceptualize internal audit’s purpose to address emerging risks and challenges; 2) reconnect with stakeholders to build organizational relevance; 3) redefine key processes to heighten effectiveness; and 4) reallocate financial and personnel resources to maximize audit coverage and efficiencies. After attending this session, participants will be able to: Examine the foundational elements of an internal audit department. Apply an organizational change model to assess internal audit’s effectiveness and identify areas for improvement. Utilize established practices in stake holder engagement, staff selection and training and risk assessment. Knowledge Level: Overview Advanced Preparation: None Field of Study: Business Management & Organization Prerequisites: None
B.8 Enhancing Your Institutional Process through Enterprise Risk Assessment (ERA) – RISK MANAGEMENT/GRC & QARS Chibuike U. Azuoru, Internal Audit Director, Southeastern Louisiana University An enterprise risk assessment (ERA) identifies and prioritizes an entity’s risks by department and is based on management’s input and objective detailed analysis. The ERA serves to align business processes, internal audit and management focus to the critical issues that may prevent the institution from achieving its objectives. After attending this session, participants will be able to: Recall global risks that may affect multiple departments or cross-functional processes and identify unknown risk or risk areas not yet communicated to the institution’s senior management. Describe accountability and ownership for mitigating risks down to the departmental and process levels and share information between inter-dependent departments and cross-functional areas. Develop an ERA final report for senior management and a three-five year strategic internal audit plan.
20 REGISTRATION BROCHURE
Knowledge Level: Advanced Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with risk assessment
C.8 Auditing Solutions for Higher Education Issues – COMPLIANCE Cathy Miller, Principal Business Auditor, University of Kentucky Internal Audit Joseph Reed, Senior Director, University of Kentucky Internal Audit This presentation focuses on applying proactive internal auditing approaches to trends discerned from higher education emerging risks, client calls and hotline opportunities. Participants will learn how to use current events and the higher education culture to identify issues needing effective resolution. The presenters will discuss various audit approaches used to address and resolve higher education issues, and will engage participants in considering how to implement these various audit strategies in their own college and university settings. As a result, participants will be able to identify issues and appropriate resolutions. After attending this session, participants will be able to: List the elements of an effective compliance program. Debate pros and cons of management collaboration with departmental responsibilities. Analyze hotline effectiveness and utilization. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with higher education auditing and hotline management
D.8 Awesome Auditing with Interns & Undergraduate Students – PROFESSIONAL DEVELOPMENT & LEADERSHIP Christopher Beard, Director of Compliance and Internal Audit Services, BYU-Hawaii This session will focus on principle-centered leadership development for auditors who use or are considering the use of undergraduate student employees or interns in their audit department. Participants will be able to
explain key concepts needed to effectively use these employees in a structured environment. After attending this session, participants will be able to: Recall basic audit skills. List goal-oriented objectives for students to achieve maximum learning and productivity. Use adequate coaching and mentoring to develop appropriate skill sets. Knowledge Level: Basic Advanced Preparation: None Field of Study: Personal Development Prerequisites: None
E.8 Auditing Cloud Computing in the Real World – INFORMATION TECHNOLOGY/INFORMATION SECURITY Tom Salzman, IT Audit Manager, Illinois State University What is cloud computing? What are the risks? Why should we care about it? How can we audit this thing without doing too much or doing too little? Come to this session and get your answers. You may even be thinking: “We don’t need to worry about cloud computing; we don’t use it”. Think again. Any department that wants to save money (and they all do) is looking into using the cloud, often without authorization or without others knowing it. After attending this session, participants will be able to: Explain the different types of cloud computing (there’s more than one? Oh yes!). Discuss and clarify why auditors should care and how they can conduct risk- based auditing of this new technology. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
TRACK SESSIONS F.8 Your Ethical Compass: What's Really True North? – FRAUD & ETHICS Marion Candrea, Audit Manager, Financial Operational Audits, Rutgers University Jana Dean, Financial and Operations Audit Manager, Michigan State University This session will cover how to apply the International Professional Practices Framework (IPPF) Code of Ethics within your audit team and your ethical responsibilities as an auditor. Case studies will be used to create learning dialogue on appropriate audit team behavior. This session will also delve into the ethical challenges unique to higher education. Using experiences from their own audit shops, the presenters will aim to engage in a discussion which transports participants into the role of faculty, hoping to gain an appreciation of the varying ethical dilemmas of faculty and staff. After attending this session, participants will be able to: Review The IIA’s IPPF Code of Ethics and higher education’s unique stake- holders and their differing views. Describe expected ethical behavior for audit teams and auditor accountability. Use decision-making strategies to analyze and resolve ethical dilemmas. Knowledge Level: Basic Advanced Preparation: None Field of Study: Regulatory Ethics Prerequisites: None
21 REGISTRATION BROCHURE
G.8 Small Shop Quality Assurance Reviews – ROUNDTABLES & SMALL SHOP RESOURCES Phill Armanas, Manager, Audit and Risk Management, University of South Australia The IIA Standard 1300 Quality Assurance and Improvement Program (QAIP) calls for internal audit functions to have an external review every five years. Small internal audit shops are often faced with a difficult task in ensuring they meet the standards and implement a suitable QAIP. This may be due to limited resources, expertise and simply time available. The presenter has conducted numerous quality assurance reviews (QARs) in Australia and the U.S. Drawing upon this experience, the presenter will provide his interpretation of how a small internal audit function might efficiently and effectively implement a QAIP and attain ”general conformance” with the IIA Standards. After attending this session, participants will be able to: Recall the requirements of the IIA Standard 1300. Describe how a small internal audit function can implement a QAIP, and initiate a QAR. Debate what is required to achieve ”general conformance” with the standards. Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None
Photo courtesy of Lavengood Photography.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
HOTEL & GROUND TRANSPORTATION INFORMATION The cut-off date for reservations is Friday, Sept. 4, 2015.
onsidered the crown jewel of Marriott Place Indianapolis, the JW Marriott Indianapolis connected Downtown is a landmark amid the five Marriott hotels to the Indiana Convention Center. The luxury hotel in Downtown Indianapolis soars 33 stories above the city and boasts one of the largest Marriott ballrooms in the world, offering more than 103,000 sq ft of meeting, banquet and exhibit space, as well as two full-service restaurants. Adjacent to the convention center, just steps from White River State Park, the Indianapolis Zoo, and many museums, its location is unparalleled. The Downtown Indianapolis hotel is in the heart of world-class shopping and dining, near the State Capitol, Lucas Oil Stadium and Bankers Life Fieldhouse. Guest rooms feature Marriott’s signature REVIVE® bedding, 40” LCD high-definition TVs, marble vanities, plush towels and breathtaking views of a gorgeous art-filled plaza. Come relax and unwind at the JW Marriott Indianapolis, the largest JW Marriott in the United States. Used with permission from the JW Marriott Indianapolis.
RESERVATIONS To prevent attendees from having to stay at an overflow hotel, participants will need to register for the conference to receive the hotel reservation link, which is provided on the confirmation page when registering online. If you register using the PDF form, once your completed form is received and processed, you will be sent a confirmation email with the link to make your hotel reservation. Check-in time is 3:00 p.m. and check-out time is 12:00 p.m.
ROOM RATE: $175 single/double, plus tax (17%) The cut-off date for reservations is Friday, Sept. 4, 2015. Photo courtesy of Carl Van Rooy Photography.
TRANSPORTATION TAXIS Taxis from the airport are approximately $38 each way, plus gratuity.
SHUTTLE SERVICE The JW Marriott Indianapolis does not provide complimentary airport shuttle service. Go Express Travel offers $10 service to downtown Indianapolis. For more information or to book your shuttle service please, visit http://goexpresstravel.com/indy_express.
PARKING Valet Parking – $42 per day, per vehicle and includes in/out privileges. On-Site Parking – $37 per day, per vehicle and includes in/out privileges.
JW Marriott Indianapolis | 10 S. West St. | Indianapolis, IN | 46204
22 REGISTRATION BROCHURE
Please speak with the concierge for more information on location and costs.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
ANNUAL CONFERENCE INFORMATION IMPORTANT DATES:
EARLY REGISTRATION DEADLINE: LATE REGISTRATION & HOTEL RESERVATION DEADLINE: ON-SITE REGISTRATION:
AUG. 10, 2015 SEPT. 4, 2015 AFTER SEPT. 4, 2015
Registrations processed on-site may cause a delay at the time you check in at the registration desk. If you need to register after Sept. 4, 2015, please bring your completed registration form and payment directly to the conference.
WHO SHOULD ATTEND Internal Auditors, Risk Managers, IT Security Professionals, Chief Business Officers, Controllers, Ethics and Compliance Auditors, Governmental Auditors and IT Auditors
FULL REGISTRATION FEES INCLUDE: • Instructional materials and handouts • Sunday Opening Reception • Daily Continental Breakfasts • Daily Refreshment Breaks • Monday Evening Event • Monday and Wednesday Lunches • Wednesday Off-Site Dinner Event
SINGLE DAY REGISTRATION FEES INCLUDE: Monday or Wednesday: • Instructional materials and handouts • Continental breakfast, refreshment breaks, luncheon and evening event Tuesday or Thursday: • Instructional material and handouts • Continental breakfast and refreshment breaks
GUEST REGISTRATION FEES INCLUDE: • Sunday Opening Reception • Wednesday Evening Event
REGISTRATION CONFIRMATION For those registrations received prior to Sept. 4, 2015, ACUA will send a confirmation letter by email or U.S. mail. When you receive your confirmation letter, please check the spelling of your name, address and the events for which you have registered to ensure that they are correct. If there is an error, please contact the ACUA Executive Office at 913-895-4784. The information on your confirmation letter will be the information used for your name badge. If you do not receive a confirmation letter within three weeks of registering, please contact our office to confirm receipt of your registration.
Photo courtesy of VisitIndy.com.
23 REGISTRATION BROCHURE
Photo courtesy of Indianapolis Motor Speedway.
REGISTRATION CANCELLATION POLICY Written notice of cancellations received on or before Aug. 10, 2015, will be fully refunded. Cancellations received from Aug. 11 to Sept. 4, 2015, will be refunded less a $100 processing fee. On or after Sept. 5, 2015, cancellation refund requests will be considered on a case-by-case basis. Substitution of registrants is allowed.
QUESTIONS? For more information about our cancellation policy, complaints or questions about registering, please contact the ACUA Executive Office at 913-895-4620 or via email ACUA-info@goAMP.com.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
Please use a separate form for each registration; a photocopy of original is acceptable. Please type or print and be sure to include your email address. To register online, please visit the Annual Conference Web page of the ACUA website at www.acua.org.
REGISTRATION FORM STEP 1 – NAME BADGE & ROSTER INFORMATION (List as you would like to appear on your name badge)
Name__________________________________________________________________________________________________________________________ Preferred First Name for Badge_____________________________________________________________________________________________________ Job Title (limited to 35 characters)___________________________________________________________________________________________________ Institution_______________________________________________________________________________________________________________________ Mailing Address__________________________________________________________________________________________________________________ City, State/Province________________________________________________ Zip Code___________________________ Country_____________________ Phone___________________________________________________________ Fax____________________________________________________________ Email (required)_____________________________________________________________________________________________________________ Are you a first-time attendee? Yes
No Are you interested in being a proctor? Yes No ACUA fully complies with the legal requirements of the ADA and the rules and regulations thereof. Please specify any special needs or dietary needs/ allergies: Vegetarian Vegan Gluten Free Diabetic Kosher Other:
STEP 2 – LIABILITY WAIVER AND EMERGENCY CONTACT
Please read and sign. I agree and acknowledge that I am undertaking participation in ACUA events and activities as my own free and intentional act and I am fully aware that possible physical injury might occur to me as a result of my participation in these events. I give this acknowledgement freely and knowingly and that I am, as a result, able to participate in ACUA events and I do hereby assume responsibility for my own well-being. I am aware that photographs will be taken during the conference and may be published in the College and University Auditor or on the ACUA website. Signature Date Emergency Contact Name/Relationship/Phone
STEP 3 – REGISTRATION FEES
Received by August 10 ACUA Member – Full Conference $950 Indianapolis IIA Chapter Members $950 AHIA Members $950 Non-Member Institution – Full Conference $1,100 Single-Day registration – Member Mon. or Wed. Single-Day registration – Member Tue. or Thu. Single-Day registration – Non-Member Mon. or Wed. Single-Day registration – Non-Member Tue. or Thu.
Received by Sept. 4 $1,100 $1,100 $1,100 $1,250
$595
Other Bonus Sessions - $50 BOGO (Buy one, get one free!)
$50
$395
$395
$240
$240
3:10 p.m. - 4:50 p.m. Prevent Fraud in Five Critical Areas
$445
$445
$265
$265
Tuesday, September 29 Thursday, October 1
24 REGISTRATION BROCHURE
1:10 p.m. - 4:50 p.m. CIA Exam Preparation Course – BS 1
1:10 p.m. - 2:50 p.m. People-Centric Skills: Optimized – BS 2A 1:10 p.m. - 2:50 p.m. Here Come the Feds! – BS 2B 3:10 p.m. - 4:50 p.m. People-Centric Skills:
Single-Day Registrants only. Please indicate which day(s) you plan to attend: Monday, September 28 Wednesday, September 30
Tuesday Bonus Sessions
Crucial Communications – BS 3A with Data Analysis – BS 3B
Guest Registration
$200 (includes Monday Opening Reception and Wednesday Evening Events)
Guest Name: Registrations received after September 4 will be processed on-site.
ACUA 2015: SHIFT INTO HIGH GEAR
SEPTEMBER 27-OCTOBER 1, 2015 • INDIANAPOLIS, INDIANA
STEP 4 – SESSION/EVENT REGISTRATION SESSION REGISTRATION Choose only one track per session (see matrix and write in number/letter code on the corresponding line below). Session 1 Session 2 Session 3 Session 4 Session 5 Session 6 Session 7 Session 8 PLEASE INDICATE WHICH EVENTS YOU WILL BE ATTENDING
Sunday Opening Reception Monday Luncheon Monday Trivia Night Reception Wednesday Luncheon Wednesday Evening Event
STEP 5 – PAYMENT INFORMATION TOTAL PAYMENT DUE 0
Check enclosed (please make checks payable to ACUA in U.S. currency via a U.S. bank)
Purchase Order (PO) enclosed MasterCard VISA American Express Discover Card No. Exp. Date Name as it appears on the card Signature
Cancellation Policy: Written notice of cancellations received on or before August 10, 2015, will be fully refunded. Cancellations received from August 11 - September 4, 2015, will be refunded less a $100 processing fee. On or after September 5, 2015, cancellation refund requests will be considered on a case-by-case basis. Substitution of registrants is allowed.
25 REGISTRATION BROCHURE
STEP 6 – SEND YOUR REGISTRATION
To register, complete this registration form and return it, along with the appropriate registration fee to:
ACUA Executive Office P.O. Box 14306 Lenexa, KS 66285-4306
FAX 913-895-4652 Online Registration Registrations can be completed and submitted online via the ACUA website at www.acua.org. A link to the registration form is located on the Annual Conference Web page under the CPE Events menu.