Ohio Institute of Internal Auditors
John Carroll University - IIA Symposium
February 29, 2016
Internal Audit – Auditing Matters (8 CPEs)
Online at JCU Symposium
Directions: John Carroll’s Dolan Center is located northeast of Fairmount
I-271 at Exit 32 (Cedar Road Exit). Then, go west on Cedar Road and turn left
Belvoir Boulevard to the JCU campus (approximately 3/4 miles).
The conference will
be held in the Dolan Center for Science and Technology located at the Main
Entrance of the University.
maps below or visit http://sites.jcu.edu/campus-maps
for additional details.)
Parking: Parking is available in the lots located adjacent to the
Cost: Full Day –
All Sessions (8 CPEs) $100
Full Day – Including Ethics Session $140
free to invite your friends to join us!) Registration: Online at JCUSymposium
Cash & Checks will
be accepted at the door. (We would really encourage payment by credit card on
Cvent). NO credit card payments will be accepted at the door.
checks payable to the Northeast Ohio Chapter, Institute of Internal Auditors
tax ID # 23-7405461.
Make checks payable
to the Northeast Ohio Chapter, Institute of Internal Auditors tax ID #
Please mail all
check payments in advance of the meeting to:
P.O. Box 91204
NEO IIA – Event
Refund requests must
be received in writing (via email) at least 24 hours in advance of the event.
If that requirement is met, a complete refund will be granted. Please include
name, mailing address and reason for not being able to attend.
As we understand
schedules and commitments are dynamic and can change with little notice, we
will also consider refunds on a case by case basis provided the request is
received in writing (via email) within 24 hours after the event is held. A full
or partial refund may be granted minus any applicable event fees (meals,
processing, etc.) as some fees are not recoverable.
Note: Individuals registering for an event, but not pre-paying, will be asked
for payment in full if they are a “no-show” to the
event. This is due to final numbers and payments being made based on
registrations through Cvent.
8:15-8:30 Kickoff & Announcements
8:30-12:00 Classes 12:00-1:00 Lunch
Federal Reserve Bank of Cleveland
Scrum for Audit
Cloud Strategery –
Benefits and Risks
Embrace Your Inner
CEO: A Guide to
How to Become a
IT Audit Hot Spots – Building your Audit
to Technology Risk
Analytics into Internal
audit departments throughout the world have become increasingly focused on
providing valued audit services that are efficient, collaborative and
risk-focused. At the Federal Reserve Bank of Cleveland, we have found that in
order to do this effectively amidst rapidly changing business, technology and
risk environments, we needed a more agile approach to performing audits than
what we have used in the past. Operating under the premise that each audit is
its own project, we explored alternative methods of project management and how
these methods could be applied to improve the audit process. In partnership
with Bank colleagues familiar with various project management techniques, we
assessed our needs and adopted an Agile methodology for project management
known as Scrum, typically used for software development, and modified it to fit
our audit process. We have found Scrum to be a simple and flexible approach to
auditing that promotes teamwork and more efficient use of resources.
describes how the Internal Audit Department at Federal Reserve Bank of
Cleveland leverages an Agile methodology for project management known as Scrum
to conduct audits as an alternative to more
the session, you will have an understanding of:
The Scrum approach to managing projects and how it can be
applied to the audit process
The elements, artifacts, and roles/responsibilities
associated with Scrum for Audit
benefits of Scrum for Audit from the perspective of the auditor-in-charge,
audit manager, and audit clients
Jeff Campbell, CIA Audit Manager
areas include Law Enforcement, Cash Operations, and Financial Support Services
Terry Bingham, CIA, CISA, CRMA, CCSA
Senior IT Auditor
areas include Information Technology, Information Security, and Treasury
areas include Enterprise Risk Management, Facilities, Statistics, and Office of
the Corporate Secretary
Strategery – Benefits and Risks
computing is a model for enabling convenient, on-demand access to a shared pool
of configurable computing resources, like software, platforms, storage,
infrastructure and services that can be rapidly provisioned and released with
minimal management effort or service provider interaction. Studies have shown
that businesses taking advantage of productivity-enhancing cloud services grow
almost 20% faster than their counterparts that don’t. But while cloud usage
produces efficiencies, it also can increase the risk a company will face. Do
you know if your employees, contractors or business partners store your
confidential company data, social security numbers, tax ID numbers, credit card
numbers, debit card numbers, patient diagnoses, medical treatments, medical
record IDs, bank account numbers, financial records, business plans, source code,
or trading algorithms in a cloud file-sharing service? Is shadow IT a problem
for your organization? Come on – be honest.
Gary will provide an overview of the cloud landscape and
lead a discussion on the following topics:
Risks using the cloud
Security and Compliance in the Cloud
Cloud Access Security Broker and Cloud
Gary will provide information as to what all companies should ask of a
potential cloud provider BEFORE they engage them for services.
Gary Sheehan CISSP, HISP, CERP, CIS LI,
Sheehan is the Chief Security Officer and Director of GRC Services for ASMGi.
ASMGi provides a variety of IT and security solutions that enable organizations
to meet their goals and objectives. Gary has over 30 years experience in
information technology with over 25 years of experience in information
security, specializing in GRC integration, security management, compliance,
policy and awareness development, and security program governance. Throughout
his career Gary has worked for and with a number large companies in the
banking, insurance, diversified industrial, healthcare, manufacturing and
chemical industries. He has successfully executed large, global security
projects and implemented enterprise-wide security programs at a number of
a past President of the Northern Ohio Members Alliance of InfraGard and Founder
and Executive Director of Information Security Summit. Gary has a Bachelor’s degree
in Business Administration from Baldwin-Wallace College and is a 2006 graduate
from the FBI Citizens Academy.
Embrace Your Inner CEO: A Guide to Becoming More
business landscape is changing rapidly with digitalization, the globalization
of commerce, big data, the “internet of things” and disruption in nearly every
industry. In order to become more agile on behalf of our employer as well as to
develop in our own careers, it is imperative that finance professionals up
their game strategically.
session we will learn how to think and act more strategically, even at a time
when our existing roles have become more demanding.
series of hands-on exercises, we will explore these topics:
1. Why becoming more strategic is important for you.
2. Understanding the business strategy of your company,
division, department and role.
a strategic mindset.
your work to support the strategy.
conclusion of the session you will have a framework for developing a
strategically oriented career, and will be positioned to contribute to your
employer’s success in a more meaningful and impactful way.
Randy J. Samsel, MBA
Founder and President, Randy has worked in the recruiting field for 25 years.
He started eSearch in 1998 along with his business partner Ray Camma. Locally,
he has served as President of the Cleveland of Society of HR Managers and on
the board of the Northern Ohio HR Planning Society and the board of Towards
Employment. Randy also writes career and talent management articles for the
Randy started his career with Parker Hannifin and spent
two years in their internal audit department.
University of Pennsylvania- The Wharton School- MBA
Tri-State University- Bachelor's Degree
(inactive) Ohio and Texas
Raymond A. Camm
Founding Partner, Ray Camma has been recruiting Accounting, Finance & Human
Resource professionals since 1996. Ray brings 17 years of experience recruiting
professionals & executives in the Northeast Ohio area.
Eastern Michigan University- Masters in Educational
John Carroll University- Secondary Education Certificate
Mount Union College (now University Mount Union)- BA
English and BA Physical Education
REAL ESTATE CONSTRUCTION AUDITS
Prepare for an overview of real estate
construction auditing. First we start with the basics, as the terminology used
is not part of a normal vocabulary for auditors, such as General Conditions,
Fast Track, and Value Engineering.
Next we will cover the different contract types and what distinct
risks each of them bring, and why auditing clauses in contracts are so
By far the audience favorite is the section on
fraud and abuse. Shocking what the average over billings are for construction
projects that have been audited. John will highlight stories of construction
fraud published, intertwined with his own experiences with abusive billing
practices noted during his 20 years auditing commercial properties. We will
cover the red flags on how to spot fraudulent situations and relationships. We
will go over real life examples that the audience can relate to, including case
studies to further expose participants to real forms and reports.
Based on decades of experience, John will share
with you his accumulated statistics of the categories of where overbillings
hide, and the notable shift over the years from one category to another. The
common practice of general contractors overbilling for construction projects
has lead to regulations to protect the federal government from deceitful
practices, but those regulations do not protect commercial owned projects.
Knowing where to look and what to look for is what protects most organizations
undergoing construction projects. Do you know what to look for?
John Croy – Senior Director
RSM US LLP (formerly McGladrey)
John is the national leader of real estate
construction auditing for the firm, and has a passion for his work that is
clearly evident when presenting on the topic. Before becoming an auditor of
construction projects, John worked for a large global construction company so
he has been on both sides of an audit. He has experience auditing the
construction of small banks, billion dollar stadiums and everything in between.
Graduate of University of Idaho BS Accounting
and MBA Professional Certifications – CPA (Idaho) CIA, CFE, CCA
Scott Fair – Director
RSM US LLP (formerly McGladrey)
Scott is the Risk and Advisory Services leader
for Ohio representing all risk services offered by RSM, specializing in
internal audit co-sourcing and SOX projects. Scott has
experience leading IA functions of Fortune 600 companies, and serving IA
departments of all sizes including Fortune 25 companies to startups. He has a
wide range of industry experience, with strong concentration of consumer
products and automotive clients. Scott is also responsible for managing
engagements utilizing resources in the 110 countries that RSM is located.
Graduate of the Ohio State University
Professional Certifications – CPA (Ohio), CIA
Jack will discuss the process and factors to a
successful integration of internal controls to your company following an
acquisition. He will discuss the nuances of internal controls integration and
financial reporting considerations in domestic and foreign markets. The goal of
the session is to help you better understand the unique needs of an acquired
entity from an internal control perspective, how to ensure financial reporting
integrity, and gain comfort (internally and with your auditors) over the
controls at a newly acquired entity.
k Kristan, CPA, CIA, MBA Senior ERS Manager
Jack is a senior manager on the Plante Moran
Enterprise Risk Services team with over thirteen years (ten with Plante Moran)
of global Sarbanes Oxley, internal audit, and finance experience. He manages
implementations and recurring management testing of SOX for global
manufacturing, healthcare, and real estate clients. Jack leads multiple
middle-market client’s internal audit function by developing risk assessments,
annual audit plans, internal audit engagements, foreign corrupt practices act
reviews and other consulting assignments. In addition to his domestic work
experience, Jack has spent significant time working in the UK, Europe, and
How to Become a People Person
For those of you who
don’t know who Dale Carnegie is, he wrote a world-famous book called How to Win Friends & Influence People. It made publishing
history as the most widely published non-fiction book of the 20th century, and
it has been named the most influential business book of the 20th century.
Marilee is going to
teach us some of Dale Carnegie’s principles that can help us build better
relationships and influence people on our teams, with our clients, and with our
personal relationships as well.
ee MacAskill has been a training
consultant with Dale Carnegie Training since 1995, both in Cleveland, Ohio and
Grand Rapids, Michigan. She a certified instructor of the Dale Carnegie Course
and the advanced High Impact Presentations Program. She holds two international
sales awards from Dale Carnegie & Associates, and is regularly among the
top in sales in the state for the company.
Prior to joining the
Cleveland Dale Carnegie staff in 1995, MacAskill was Vice President, Account
Supervisor for Griswold Eshleman Advertising & Public Relations in
Cleveland. She handled such accounts as the Royal Dirt Devil Vacuums, Anchor
Hocking glass, and American Harvest.
Why does she love
Dale Carnegie Training? "I took the Dale Carnegie Course as a young
assistant account executive of 24 years old. This course helped me propel my
career quickly, by increasing my confidence, my client service and presentation
skills, and my ability to handle the stress of a high-pressure environment. I
was named Vice President at a large Cleveland agency by the age of 30, due to
the skills that the Dale Carnegie Course helped me develop. I wanted to help
others achieve more of their potential, and lead richer and fuller lives, and
that’s that we do at Dale Carnegie!"
Marilee has a
Bachelor of Science in Business Administration in Marketing from Bowling Green
State University (1986). She also participated in the Disney College Program
while at BG, and is a 2012 graduate of the Disney Leadership Excellence
seminar. She resides in Bay Village with her family, and is involved as a
member at Bay Presbyterian Church and as a board member for Youth for Christ of
Greater Cleveland, as well as an associate board member for Sales &
Marketing Executives of Cleveland.
IT Audit Hot Spots – Building your Audit Approach
to Technology Risk
Companies continue to face major challenges and
risks related to protecting their data and systems. Threats and
vulnerabilities, new requirements for risk management, and the push towards new
technologies drive Internal Audit to heighten its focus on addressing
Experis will present on recent Chief Audit
Executive survey findings on technology issues to address in their audit
approach and audit/IT audit planning. Further, we will discuss an approach to
Technology Risk Assessment supporting all audit efforts.
Attendees of this session will learn how to:
- Identify and analyze emerging risk areas that Chief Audit
Executives anticipate focusing on the
next 6-12 months
- Develop audit approaches deploying best
practices regarding technology and information concerns
value in addressing technology risks and focusing future audit efforts through
Technology Risk Assessment
Danny Shaw – CDP, PMP, HISP
National Practice Leader, Experis IT Risk
Mr. Shaw has over 30 years’ experience in
technology and security risk management. He has provided business systems and
related accounting technology services to companies including the largest
professional services firm in the world, fortune 500 companies, and industries
including banking, manufacturing and healthcare. Danny has led business
consulting efforts for global and municipal organizations including speaking on
technology risk management on multiple client roundtable and industry related
Danny is the National Practice Leader for IT
Risk Advisory Services at Experis. Danny and his teams focus on IT audit, risk
management and process improvement for business systems solutions, information
security, and privacy compliance. Danny’s team has been recognized for
delivering value on information security assessments and controls relating to
information technology environments and eliminating or minimizing the impact of
unplanned interruptions and ensuring the continuity of critical business services.
Danny has been published in Compliance Week, Business Continuity and
Internal Auditor. Danny additionally serves on the HISP -Holistic Information
Security Board since 2005 and Children’s Healthcare of Atlanta Community Board
A Practical Approach to Data Analytics
This presentation is
designed to help auditors bridge the gap between data analytic theory and
application. The emphasis of this presentation is to discuss real world
application of using data analytics to save time, improve efficiency, reduce
risk exposure, add value, motivate team members, comply with best practices,
detect potential fraud, and create new opportunities. We will take a hands on
approach for several audit scenarios and show how analytics can be applied to
achieve these objectives.
Steven Zapolski is a
certified internal auditor with an MS in Accounting. He has over 9 years of
experience working as an auditor and in his current role as a market
development manager with TeamMate has insight into the audit processes of
companies across a range of industries. Steven has experience with a range of
audit analytics tools including TeamMate Analytics, ACL, CaseWare and SPSS.
Steven is active in the IIA and is presenting serving as treasurer for his
Data Analytics into Internal Audit
Companies today are collecting,
sharing and creating more data than ever before, thus changing the audit
landscape and forcing audit departments to adapt. Incorporating analytics
within the audit process provides audit teams with the tools necessary to stay
relevant, provide insight and perspective on areas of greatest risk, and drive
impactful resolutions to issues. However, incorporating analytics requires
audit teams to answer tough questions: "Where do we start?",
"What tools should we use?" and "How do we interpret the
data?" Building a strategic analytics program will address these questions
and greatly increase audit's ability to effectively use data in making
decisions and performing assessments.
This presentation will focus on
topics such as:
analytics throughout the audit process
barriers in using data
tools and techniques
Jennifer Morgan is a Manager in PwC's Risk
Assurance practice specializing in utilizing data analytics within internal
audit. She has more than 10 years of internal audit and Oracle experience and
concentrates in performing control
assessments and using data analytics to evaluate complex environments, improve
business functions, streamline audit and business procedures, and ensure
adequate compliance. Jen has worked with clients in building analytics strategy
and through the
assessment of application and
business controls during system implementations and compliance activities. Jen
graduated with an accounting degree from the University of Akron and an MBA
from Baldwin Wallace College. She also sits on the Board of Directors for the
Northeast Ohio ISACA Chapter
and has CISA and CGEIT
Professional Standards and
Satisfy the Accountancy Board of Ohio's three-hour professional
standards and responsibilities requirement to become a CPA, or get an update
for the experienced CPA while fulfilling the ABO's professional standards
requirement. This course is presented through lecture and group participation
using short ethical dilemmas and is recommended for any professional seeking an
update on ethical shifts.
Professional Standards and Responsibilities - Set and manage ethical expectations in all aspects of
your career while fulfilling the ABO’s professional standards requirement.
Improve your understanding of how societal shifts in moral and ethical behavior
are changing systems, processes, and impacting decision making in business
today. Integrate ethical concepts and crosschecks into your training, auditing,
tax, and financial reporting procedures.
Designed for all CPAs licensed to practice in Ohio and exam passers,
this course covers the unique ethical shifts in Ohio.