IIA and ISACA Spring Training - March 30-April 1, 2020 Suburban Collection Showplace Novi, MI - The Institute of ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
21ST ANNUAL
IIA and ISACA Spring Training
March 30—April 1, 2020
Suburban Collection Showplace
Novi, MI
Welcome
If you are responsible for your company's internal auditing, information systems security
and integrity, accounting, finance, Sarbanes-Oxley compliance or other regulatory
matters, or simply need continuing education, you will want to join us for the 21st annual
Detroit Spring Training event.
The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the annual Spring
Training Event. Our goal is to provide a world-class training event tailored to your
needs. Each year, the Spring Training Committee offers a comprehensive series of
course offerings for our members and guests. The 2020 event is no exception.
A number of classes sell out each year so register early. Don't miss this opportunity to
network with your peers, enhance your skills, and learn about new products and services
in the marketplace!
Class size is limited. To be fair and equitable to all, we operate on a first-come
first-serve basis, and maintain a wait list for all sold out courses. Materials are only
ordered for registered individuals. Therefore, registrants are required to attend the
course(s) for which they registered unless they receive prior written approval from the
Spring Training Chairperson. Registrants attending unauthorized classes will not be
awarded continuing education credits.
We look forward to seeing you at the Spring Training event!
The 2020 Spring Training Committee
Daniel Wiechec, Spring Training Co-Chair
Eulonda Whitmore , Spring Training Co-Chair
Christine Dobrovich
Amber Dunn
Juman Doleh-Alomary
Rhoda Henderson-Fields
Richard Lowe
Diana McFadden
Jason Angelo Sist
Amanda Spikes
Marty Wood
NETWORKING SOCIAL EVENT!
We will have a cocktail social hour on Tuesday, March 31 from 4:30 to 6:30 pm
at the Hyatt Place, which is adjacent to the Suburban Collection Showplace.
2
RETURNING THIS YEAR–VENDOR EXPO!
We have invited audit and assurance vendors to set up displays during the training event
giving you an opportunity to learn about products and partners that are in the marketplace,
and their associated benefits for your organization.
Contact Amanda Spikes at amandaspikes@kpmg.com or Jason Sist at jason.sist@gmail.com
for information on sponsorship opportunities.
3
2020 Spring Training Program
TRACK MON MARCH 30 TUES MARCH 31 WED APRIL 1
Bribery & Corruption— Forensic Auditing—Finding Embezzlement—Prevention
Risk Mitigation & Investigation the Needle in the Haystack thru Investigation
A Strategies
Paul Zikmund Paul Zikmund
Paul Zikmund
Change the Way You Change The Power of Social- Communication Skills for
Minds: The Power of Influence Emotional Intelligence Professionals
B and Persuasion
Keith Levick Keith Levick Keith Levick
Ethical & Authentic Leadership: Critical Thinking & Problem
How to Promote a Culture of Credibility & Influence: How
Solving: How to Reason and to Consistently Achieve
C Integrity Resolve Issues Logically Positive Outcomes
Don Levonius Don Levonius Don Levonius
Alphabet Soup: GRC, ERA,
ARA, ITRA and IA—How to Agile Auditing Business Ethics for Business
Connect the Dots People
D
Danny Goldberg Danny Goldberg
Danny Goldberg
Cyber Security & Emerging Risk Linux Security and Audit
E Areas
John Tannahill
John Tannahill
Internal Audit University
F
Hernan Murdock
Advanced Auditing
G
Peter Higgins
Fundamentals of Auditing Process Automation
H
Tom Salzman
Successful Audit Data Analytics
I
Jim Tarantino
Effective Audit Report Writing Best Practices in Internal Auditing
J
James Roth James Roth
Understanding Blockchain: The Assessing Data Reliability
Underlying Technology for Leighton Johnson
K
Trusted Transactions
Leighton Johnson
Cybersecurity Audits of Modern Web Applications
Auditing Cybersecurity of
L Wireless Networks
Ken Cutler
Ken Cutler
4
TRACK A-1 - MONDAY, MARCH 30
BRIBERY & CORRUPTION—RISK MITIGATION & INVESTIGATION STRATEGIES
INSTRUCTOR: PAUL ZIKMUND
7 CPEs
Seminar Focus and Features
In this seminar, attendees will have the opportunity to learn about proven strategies and best practices
for minimizing the risk, detecting red flags and investigating incidents of bribery and corruption. The
impact of bribery and corruption has increased tremendously as the government has become very
aggressive in their efforts to prosecute companies and individuals for violations of the FCPA.
Additionally, other foreign countries have recently passed laws aimed at aggressively targeting this
fraud. Attendees will learn effective techniques to address this risk including the following:
• Updates on US and other foreign country anti-corruption laws
• Impact of bribery and corruption schemes
• Recommendations for developing, implementing and administering best in class compliance
programs to reduce the risk and protect organizations from incidents of bribery and corruption
• Methods to deter and detect incidents of bribery and corruption
• Proven investigative techniques to investigate red flags and help ensure appropriate response and
resolution to these cases
This highly interactive session will challenge attendees and provide excellent tools and techniques for
anyone involved in the deterrence, detection and investigation of bribery and corruption.
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing, Fraud Investigation, or Risk Management
5
TRACK A-2 - TUESDAY, MARCH 31
FORENSIC AUDITING—FINDING THE NEEDLE IN THE HAYSTACK
INSTRUCTOR: PAUL ZIKMUND
7 CPEs
Seminar Focus and Features
The reliance upon management and auditors to deter and detect fraud continues to increase. Guidance
related to internal and external auditors places more emphasis on professional skepticism, use of
forensic procedures, and fraud detection and prevention techniques. This course covers the practical
side of fraud mitigation techniques. Attendees will learn the art of fraud deterrence and detection
through lecture, case studies and in class discussion designed to facilitate critical thinking skills relating
to fraud risk management. Attendees will develop an understanding of the following concepts:
• Elements of fraud
• Nature of why people commit fraud
• Holistic approach to fraud risk management
• Deterring and detecting asset misappropriation and financial fraud schemes
• Designing audit programs to detect red flags of fraud
• Fraud case studies
• Critical thinking exercises
Attendees will be challenged to identify red flags for fraud during interactive case studies presented
throughout the seminar.
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing, Fraud Investigations, or Risk Management
6
TRACK A-3 - WEDNESDAY, APRIL 1
EMBEZZLEMENT—PREVENTION THRU INVESTIGATION
INSTRUCTOR: PAUL ZIKMUND
7 CPEs
Seminar Focus and Features
There are many ways to deter, detect and investigate embezzlement, and it is not always easy to
organize a consistently effective anti-embezzlement strategy. This seminar will guide you through
different types of embezzlement schemes with the use of uniquely instructional case studies. The
seminar will emphasize the red flags of different types of embezzlement schemes and highlight best
practices to reduce the risk of embezzlement schemes.
The seminar will provide a comprehensive overview of embezzlement and include the following:
• Develop an understanding of the legal elements of embezzlement
• Review best practices to avoid embezzlement and fraud as well as case studies of embezzlement,
including payroll scams, fraudulent payees, skimming and new technology scams
• Learn about referring embezzlement cases to law enforcement for criminal prosecution or using civil
procedures to recover losses
• Learn how to enhance internal controls to mitigate risk of embezzlement
• Identify and audit for the red flags of the main types of embezzlement
• Recommend better anti-embezzlement management structure (board of directors/executive
management, line management, compliance, general counsel, etc.)
Attendees will be challenged to resolve allegations of embezzlement throughout the seminar.
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
7TRACK B-1 - MONDAY, MARCH 30
CHANGE THE WAY YOU CHANGE MINDS: THE POWER OF INFLUENCE AND
PERSUASION
INSTRUCTOR: KEITH LEVICK
7 CPEs
Seminar Focus and Features
In business, leaders do not have an eternity to get team members motivated to achieve a common
objective. Therefore, they often rely on their ability to persuade and influence their direct reports.
Persuasive leaders can spur someone to action or make a decision without actually earning a sincere
buy-in. However, when effectively influencing others, they win a person’s heart and mind inspiring
commitment, buy-in, and action.
This course is based upon active learning, with rich, interactive exercises and applied experiences.
At the end of this course, participants will be able to:
• Define influence and persuasion
• Recognize updated neuroscience research as related to influence and persuasion
• Identify 4 Bedrock Principles
• Identify ways to build rapport
• Practice skillful communication
• Recognize ways to manage emotions
• Enhance their social awareness
• Manage resistance and objections
• Practice skills
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
8TRACK B-2 - TUESDAY, MARCH 31
THE POWER OF SOCIAL-EMOTIONAL INTELLIGENCE
INSTRUCTOR: KEITH LEVICK
7 CPEs
Seminar Focus and Features
Research has shown that Social-Emotional Intelligence (SEI) contributes more to a person’s success in
life rather than raw intelligence (IQ). Leaders and employees with a high SEI are the ones who make
the best decisions, manage people more effectively and contribute the most to the overall success of
the organization. Emphasis is placed on the development of specific skills that strengthen SEI.
This course is based upon active learning, with rich, interactive exercises, case studies, and applied
experiences.
Learning Objectives:
At the end of this course, participants will be able to:
• Define social-emotional intelligence (SEI)
• Recognize the role of SEI in the workplace
• Describe an SEI model
• Build an intuitive muscle
• Better manage emotions
• Improve social awareness
• Practice and enhance social and empathy skills
• Listen and respond with empathy
Outcome:
Improved and enhanced Emotional Intelligence resulting in increased customer satisfaction,
relationships, retention, and improved internal employee interactions.
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
9TRACK B-3 - WEDNESDAY, APRIL 1
COMMUNICATION SKILLS FOR PROFESSIONALS
INSTRUCTOR: KEITH LEVICK
7 CPEs
Seminar Focus and Features
The challenges in contemporary organizations require workers to excel in communication. Basic
communication skills are insufficient for working with customers, teams, and individuals. This program
is designed to equip workers with higher-level skills and techniques necessary to initiate and sustain an
open, interactive, and productive workplace.
This course is based upon active learning, with rich, interactive exercises, case studies, and applied
experiences.
Learning Objectives
At the end of this course, participants will be able to:
• Describe the communication process
• Identify and avoid communication blockers
• Avoid manipulation by people with other communication styles
• Apply several communication choices
• Master techniques of asking questions, respectful listening, and empathetic responding
• Follow a specific communication model
• Practice skills
Outcome:
Enhanced communication skills resulting in higher levels of individual and team interactivity, consistent
messaging, and productivity.
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
10TRACK C-1 - MONDAY, MARCH 30
ETHICAL & AUTHENTIC LEADERSHIP: HOW TO PROMOTE A CULTURE OF INTEGRITY
INSTRUCTOR: DON LEVONIUS
7 CPEs
Seminar Focus and Features
Integrity is the heart of leadership and authenticity is its soul. Yet, there is an ethical crisis in
leadership that is undermining organizational cultures and negatively affecting employee performance
and business results. This program will engage you in ethical scenarios, case studies, self
assessments, and other real-world applications to help you gain the self-awareness to know what you
value, the transparency to speak the truth, the courage to do what is right, and the ability to promote
a culture of integrity in your organization.
Learning Objectives
• Describe how people become ethically ambivalent and morally disengaged
• Compare how contrasting views of behavioral ethics affect decision-making
• Explain how to move beyond self-gratification and self-interest
• Differentiate between values and preferences
• Evaluate potential actions to determine what is right
Prerequisite: None
Learning Level: Fundamental
Field of Study: Behavioral Ethics
11TRACK C-2 - TUESDAY, MARCH 31
CRITICAL THINKING AND PROBLEM SOLVING: HOW TO REASON AND RESOLVE
ISSUES LOGICALLY
INSTRUCTOR: DON LEVONIUS
7 CPEs
Seminar Focus and Features
Critical thinking is not about being critical, it’s an essential skill that enables professionals to
systematically analyze problems and logically evaluate information to identify reasoned solutions.
Through critical thinking discussions, problem-solving activities, and other real-world applications, this
program will help you consciously think about what you’re thinking about, focus on facts, and
recognize logical fallacies in order to analyze and resolve complex issues.
Topics Covered
• Differentiate between facts and opinions
• Recognize and avoid critical thinking errors and logical fallacies
• Identify underlying assumptions
• Evaluate evidence objectively
• Apply structured critical thinking and problem-solving processes
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
12TRACK C-3 - WEDNESDAY, APRIL 1
CREDIBILITY & INFLUENCE: HOW TO CONSISTENTLY ACHIEVE
POSITIVE OUTCOMES
INSTRUCTOR: DON LEVONIUS
7 CPEs
Seminar Focus and Features
What differentiates effective leaders from everyone else? Credibility and influence. If you want to be
recognized as a person of character, a trusted advisor, and an effective leader—you must know how to
gain the trust and confidence of others and consistently collaborate with them to achieve mutually
beneficial outcomes. This program introduces practical ways to gain credibility, work with a sense of
purpose, maintain a winning attitude, and rally others toward common goals.
Learning Objectives
• Explain how conviction, commitment and action affect credibility
• List principles proven to help leaders gain and sustain credibility
• Solicit feedback to identify and overcome blind spots
• Integrate collaborative problem solving so you can win and help others win
• Demonstrate the ability to be unpretentious and unflappable
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
13TRACK D-1 - MONDAY, MARCH 30
ALPHABET SOUP: GRC, ERA, ARA, ITRA AND IA— HOW TO CONNECT THE DOTS
INSTRUCTOR: DANNY GOLDBERG
7 CPEs
Seminar Focus and Features
The burgeoning field of Enterprise Risk Assessment continues to integrate with other risk assessment
concepts, in addition to the concept of Governance, Risk and Compliance.
Objectives
• Basic definitions of what GRC is and how it fits into the numerous risk assessment processes in an
organization
• Integration of each risk assessment into one process
• Learn the importance of the ERA and audit’s role in the process
Prerequisite: None
Learning Level: Fundamental
Field of Study: Enterprise Risk Management
14TRACK D-2 - TUESDAY, MARCH 31
AGILE AUDITING
INSTRUCTOR: DANNY GOLDBERG
7 CPEs
Seminar Focus and Features
The audit profession is one of many that is slow to embrace change. For a profession that focuses on
operational auditing (efficiency, economy, effectiveness), many audit shops do not have these E’s
optimized. The subject of Agile Auditing has become an emerging topic in our industry. Many of the
basic premises of Agile Auditing are things that all audit shops should be doing. Regardless, GoldSRD
has taken the basics of Agile Auditing and applied the standards that all GoldSRD attendees are
accustomed to: continuous communication, strong relationships and a transparent audit process.
Objectives
• Understand Internal Audits’ Role in Client Usage or Emerging Technologies
• Discuss emerging technologies and key risks
• Discuss a methodology to audit everything!
• Learn about a useful exercise to determine (prior to the planning cycle) how risky an
engagement will be
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
15TRACK D-3 - WEDNESDAY, APRIL 1
BUSINESS ETHICS FOR BUSINESS PEOPLE
INSTRUCTOR: DANNY GOLDBERG
7 CPEs
Seminar Focus and Features
A company’s ethics will determine its reputation. Good business ethics are essential for the long-term
success of an organization. Implementing an ethical program will foster a successful company culture
and increase profitability. Developing a Business Ethics program takes time and effort, but doing so will
do more than improve business, it will change lives.
A company’s ethics will have an influence on all levels of business. It will influence all who interact with
the company including customers, employees, suppliers, competitors, etc. All of these groups will have
an effect on the way a company’s ethics are developed. It is a two-way street; the influence goes both
ways, which makes understanding ethics a very important part of doing business today. Ethics is very
important, as news can now spread faster and farther than ever before.
Objectives
• Define and understand ethics
• Understand the benefits of ethics
• Create strategies to implement ethics at work
• Recognize social and business responsibility
• Identify ethical and unethical behavior
• Learn how to make ethical decisions and lead with integrity
Prerequisite: None
Learning Level: Fundamental
Field of Study: Behavioral Ethics
16TRACK E-1 - MONDAY, MARCH 30
CYBER SECURITY & EMERGING RISK AREAS
INSTRUCTOR: JOHN TANNAHILL
7 CPEs
Seminar Focus and Features
This seminar will focus on the risk, security and control issues related to cyber security and emerging
technologies.
Objectives
Key learning objectives are:
• Understand cyber security risk and control issues
• Understand emerging risk areas
• Discussion of security and audit tools and techniques
• Understand current assessment frameworks and tools
Prerequisite: None
Learning Level: Fundamental
Field of Study: IT Risk & Auditing
17TRACK E-2 - TUESDAY— WEDNESDAY, MARCH 31 TO APRIL 1
LINUX SECURITY AND AUDIT
INSTRUCTOR: JOHN TANNAHILL
15 CPEs
Seminar Focus and Features
This seminar will focus on the audit and security issues related to the use of Linux Operating Systems.
Objectives
Key learning objectives for the session are:
• Detailed discussion of Linux security mechanisms
• Linux operating system will be used to demonstrate key security features and audit tests
• Review of standard Linux Commands to extract and analyze information for audit purposes
Prerequisite: None
Learning Level: Fundamental
Field of Study: IT Risk & Auditing
18TRACK F - MONDAY—WEDNESDAY, MARCH 30 — APRIL 1
INTERNAL AUDIT UNIVERSITY
INSTRUCTOR: HERNAN MURDOCK
22 CPEs
Seminar Focus and Features
In this seminar you will master fundamental operational auditing techniques and learn how to use a
risk-based approach to enhance your audits of the Purchasing, Marketing, Human Resources, IT,
Management, Finance/Treasury and Accounting functions.
Participants will explore the objectives of major business operation areas and learn how to identify the
key risks threatening them. You will find out how to make your audits more efficient and effective and
how to use data analytics to gain an in-depth understanding of business processes. You will cover
such critical areas as the impact of SOX, ERM and GRC on the organization, uncovering fraud schemes
that threaten business operations and the role of IA in helping management build strong risk
management and strategic planning processes. You will learn the skills necessary to go beyond
outputs and to examine the organization's ability to achieve the necessary outcomes.
Prerequisite: None
Learning Level: Fundamental
Field of Study: Auditing
19TRACK G - MONDAY-WEDNESDAY, MARCH 30— APRIL 1
ADVANCED AUDITING
INSTRUCTOR: PETER HIGGINS
22 CPEs
Seminar Focus and Features
In this three-day session you will learn all of the elements involved in leading risk-based audits from
the unique perspective of the in-charge position. Through discussion and exercises, participants will
review such concepts as audit program development and changes, performing risk assessments,
setting priorities while assigning tasks, managing staff performance during fieldwork, and reviewing
workpapers. Since internal auditors are expected to have sufficient knowledge to evaluate the risk of
fraud, this course also provides participants with an overview to: enhance fraud awareness, improve
fraud risk-assessment capabilities and identify high-risk areas and the indicators of fraud. This course
will also equip participants with the techniques to communicate effectively with team members and
clients, including ways to get client buy-in through the effective preparation, documentation and
communication of issues and recommendations.
The course provides a solid foundation on how to leverage fundamental internal audit concepts,
practices, trends, and focus areas to achieve quality audits. It also provides strategies on how to
market and sell internal audit effectively to the client. Audit clients expect the work done to meet high
quality standards, so this class examines ways to measure performance, increase efficiency and
improve effectiveness. As the liaison between the audit team and the client, the in-charge auditor has
a large responsibility that requires effective planning and flawless execution of the audit plan using
project management techniques appropriately.
Team leaders face many challenges from the time the audit program is developed, and the budget is
set until the final report is issued. Failing to plan, anticipate or correct any of the management,
technical or communication aspects of their role could lead to a failed project that reflects negatively
on the auditor-in-charge or the entire department. This class provides the necessary skills and tech-
niques to help you avoid such negative outcomes.
Prerequisite: Internal Audit University or equivalent experience
Learning Level: Intermediate
Field of Study: Auditing
20TRACK H - MONDAY-WEDNESDAY, MARCH 30 — APRIL 1
FUNDAMENTALS OF AUDITING PROCESS AUTOMATION
INSTRUCTOR: TOM SALZMAN
22 CPEs
Seminar Focus and Features
In the quest toward enhanced speed to market, lower expenses and improved customer engagement,
enterprises of all shapes and sizes are looking to see how automation can give them the advantage
over their competition and aide in maintaining the increased pressure of regulatory compliance.
Determining what solution best fits, a given entity can be challenging as automation solutions can
range from simple macros to functional specific tools generally used for IT process automation to
robotic and cognitive automation tools including Robotic Process Automation.
In this three-day session, we will provide a high-level overview of the preparation required and
important changes an entity should plan for before and during the transformation of IT and business
processes.
Attendees will learn through lecture and small group activities, the differences between various types
of process automation and DevOps, the importance of governance and ethics in automation, how to
understand workflows and gain tips for assessing automation.
By the end of the event attendees will have heard and participated in several exercises to get a better
feel of the activities that aide in determining, building and assessing automation initiatives.
Prerequisite: Internal Audit University or equivalent experience
Learning Level: Intermediate
Field of Study: Auditing
21TRACK I - MONDAY-WEDNESDAY, MARCH 30 — APRIL 1
SUCCESSFUL AUDIT DATA ANALYTICS
INSTRUCTOR: JIM TARANTINO
22 CPEs
Seminar Focus and Features
In this three-day seminar designed for data analytics practitioners, attendees will learn everything they
need to effectively integrate data analytics, or CAATs (Computer Assisted Audit Techniques), into an
audit process. You will learn how technology can be used to more efficiently and effectively achieve
desired results and brainstorm analytics across most major business cycles. You will learn how to
progress from basic analytics into a fully automated/repetitive mode and learn the basics of Continuous
Auditing. We will review common hurdles and hear how the most successful organizations in the world
have been able to exploit the power of data analysis to achieve visible and sustainable value.
This seminar provides critical experience and content for the audit analytics practitioner. You will get a
chance to see how to align your analytics with your department’s vision for the use of data
analysis. You will get the opportunity to work on real-world scenarios with sample data files, and
practice designing effective tests and critiquing and QAing the work of others.
As the course progresses, you will move quickly from understanding basic analytic techniques such as
stratifications, summarizations, and duplicate identification into more advanced techniques such as
fuzzy matching, Benford’s Law, and statistical and regression analysis. You will explore cutting-edge
topics such as visual analytics, risk score carding, and spatial analysis. Regardless of the tool you
currently use or plan to use in your department - whether generic like MS Excel or MS Access,
audit-centric like ACL or IDEA, or more IT-oriented like SQL or SAS - the standard pseudo-code used
throughout the course will allow you to easily take what you have learned and quickly code it in your
tool of choice. Additionally, you will get hands-on experience working with demo versions of several
popular tools, giving you the chance to see first-hand the strengths of each.
Prerequisite: Internal Audit University or equivalent experience
Learning Level: Intermediate
Field of Study: Auditing
22TRACK J-1 - MONDAY, MARCH 30
EFFECTIVE AUDIT REPORT WRITING
INSTRUCTOR: JAMES ROTH
7 CPEs
Seminar Focus and Features
Audit report writing is a critical skill for internal auditors at all levels. This dynamic workshop takes you
through the entire process, with practice and feedback at every stage. You will learn how to develop
meaningful audit issues that clarify the risk and identify the root cause. Just as important, you will
learn how to get buy-in from management. You will discover a simple technique for organizing your
thoughts and why it’s important to have a clear structure of ideas before starting to write. You will
practice an approach to writing that can cut your writing time in half. And you will learn how
“de-fogging” will vastly improve the quality of your writing.
Prerequisite: None
Learning Level: Intermediate
Field of Study: Auditing
23TRACK J-2 - TUESDAY—WEDNESDAY, MARCH 31— APRIL 1
BEST PRACTICES IN INTERNAL AUDITING
INSTRUCTOR: JAMES ROTH
15 CPEs
Seminar Focus and Features
This seminar presents more than 50 practices from world-class internal audit departments. This is not
just an overview. You will get their actual tools, techniques and other practices. You will also learn how
they apply the tools and how to tailor their practices to your own organization. After the seminar, you
will be able to use these examples as models to create or enhance your own value-added practices.
Prerequisite: None
Learning Level: Intermediate
Field of Study: Auditing
24TRACK K-1 - MONDAY, MARCH 30
UNDERSTANDING BLOCKCHAIN: THE UNDERLYING TECHNOLOGY FOR TRUSTED
TRANSACTIONS
INSTRUCTOR: LEIGHTON JOHNSON
7 CPEs
Seminar Focus and Features
Bitcoin exploded on the monetary scene in 2008, and then rose dramatically in 2015-2017 to soaring
heights. It is one of many transaction applications that use Blockchain as its enabling technology.
Business are investigating and investing large resources in protocols to establish trusted financial
transactions between trading partners. It is used to manage intellectual property, digital content,
financial and securities transactions.
This course is designed to introduce this core technology, the Blockchain, the fundamental concepts
behind it and the uses available today and tomorrow. In order to control these transactions, it is
necessary to understand it.
Learning Objectives
• Understand the characteristics and value proposition of Blockchain
• Understand the security advantages and disadvantages
• Identify the top security risks
• Describe the use and advantage of the various Blockchain implementations
• Identify control issues with Blockchain
• Describe the top technical challenges with the use of Blockchain
• Discuss the future of Blockchain
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
25TRACK K-2 - TUESDAY— WEDNESDAY, MARCH 31 — APRIL 1
ASSESSING DATA RELIABILITY
INSTRUCTOR: LEIGHTON JOHNSON
15 CPEs
Seminar Focus and Features
Assessing the reliability of computer generated data is an important step in audit planning as well as
addressing specific audit objectives.
Data is aggregated from various sources, processed using automated rule sets, and stored in
databases, data warehouses, etc. Applications and business users extract or retrieve data as the basis
for strategic decisions, reporting, day-to-day operations, and auditing. The reliability of data may be at
significant risk when placed in operational and IT environments lacking processing, transmission,
storage or security controls. Misinterpretation of reliability risk factors may result in misdirected audit
effort or incorrect conclusions.
This training session will provide you with the concepts and tools to effectively evaluate the reliability
of data processed and available for analysis and decision making.
We will focus on
• How reliability assessment of data from IT systems should be conducted during audit planning
when developing audit objectives and audit procedures.
• Key factors to be reviewed during audit planning to assist the auditor in evaluating the sufficiency,
reliability and relevance of data to be used as audit evidence.
• Steps to perform when obtaining evidence during the audit regarding data accuracy, completeness
and validity.
• Data reliability issues relating to organization, appropriateness of controls, risk, and testing.
Learning Objectives
• Understanding the requirements of data relevance and data reliability
• Evaluating data classification
• How to introduce good practices for data management
• Identifying data integrity requirements
• Assessing security and availability requirements
• Evaluating factors that impact data reliability
• Assessing risk with respect to data reliability
• Determining the impact of data reliability assessment on developing audit objectives
• Establishing audit evidence requirements
• Using data reliability assessment in developing audit procedures
Prerequisite: None
Learning Level: Intermediate
Field of Study: Auditing
26TRACK L-1 - MONDAY, MARCH 30
AUDITING CYBERSECURITY OF WIRELESS NETWORKS
INSTRUCTOR: KEN CUTLER
7 CPEs
Seminar Focus and Features
Wireless technology has become a major enabler for an increasingly mobile workforce and dynamic
workplace environments. This technology creates opportunities for a variety of exploits including
unauthorized access and message interception. Its low cost and widespread availability also presents
the opportunity for employees and intruders to set up rouge access points that can undermine existing
security safeguards in wired networks. In this state-of-the-art CyberSecurity/CyberAudit workshop,
you will sort out the often-confusing array of current and emerging wireless technology protocols and
examine their operational and security implications. You will get practical tips on how to best secure
wireless applications and learn how to “wardrive” and audit wireless technology throughout your
organization.
Learning Objectives
• Identify protocols, standards, and building blocks for 802.11 wireless technology
• Assess significant risks, including but not limited to: rogue access points, “evil twins”, wireless
password cracking, denial of service
• Locate sources of industry best practices and regulatory requirements for the secure use of 802.11
CyberSecurity
• Gain familiarity with device management and CyberSecurity configuration options, including wire-
less controller architectures and lightweight access points
• Learn effective techniques for discovering, testing, and CyberAudit of 802.11 wireless networks
Prerequisite: A basic understanding of wireless networks and IT security controls
Learning Level: Intermediate
Field of Study: Auditing
27TRACK L-2 - TUESDAY - WEDNESDAY, MARCH 31– APRIL 1
CYBERSECURITY AUDITS OF MODERN WEB APPLICATIONS
INSTRUCTOR: KEN CUTLER
15 CPEs
Seminar Focus and Features
Operating an Internet web site is a necessity in today’s eBusiness environment; however, there are
many important CyberSecurity risks that come with web applications. Increasingly demanding
regulatory requirements, litigations, and intensified lethal attacks on Web-based applications, along
with traditional information asset protection, have significantly raised the stakes on the importance of
secure application design, testing, certification/accreditation, and audit. Additionally, CyberSpace (IT)
applications have become more complex and frequently rushed to market by poorly trained commercial
CyberSpace (IT) product and internal developers, increasing the business risks and the challenges to
applying and verifying reliable CyberSecurity safeguards.
In this information-packed workshop, we will cover key building blocks and significant risks, and
systematically sort through the available CyberSecurity safeguards in today’s complex Web-enabled,
multi-tiered applications.
NOTE: Several demonstrations in the course will optionally afford the opportunity for students to try
the associated procedures on the Internet with their own computers. Students are invited to bring their
own computers to replicate some of the procedures and/or research useful resource sites on the
Internet.
Learning Objectives
• Identify and assess CyberSecurity control points and software building blocks in a multi-tiered web
application
• Understand the risks and causes associated with different types of CyberAttacks on web
applications
• Evaluate different methods of CyberSecruity testing CyberAuditing web applications throughout the
System Development Life Cycle (SDLC) and after they go into production
• Gain familiarity with industry best practices for secure web application design and operation
Prerequisite: Basic understanding of the application development process and IT security
Learning Level: Fundamental
Field of Study: Auditing
28ABOUT THE INSTRUCTORS….
Ken Cutler, CISA, CISSP, CISM is a Senior Teaching Fellow with CPEi, specializing in Technical Audits
of IT Security and related IT controls. He is the President and Principal Consultant for Ken Cutler &
Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array of
Information Security and IT Audit management and technical professional services. He is also the
Director – Q/ISP (Qualified Information Security Professional) programs for Security University.
An internationally recognized consultant and trainer in the Information Security and IT audit fields, he
is certified and has conducted courses for: Certified Information Systems Security Professional
(CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
and CompTIA Security+. In cooperation with Security University, he recently was featured in two full
length training videos on CISSP and Security+.
Ken was formerly Vice-President of Information Security for MIS Training Institute, Chief Information
Officer of Moore McCormack Resources, a Fortune 500 company. He also directed company wide IS
programs for American Express Travel Related Services, Martin Marietta Data Systems, and Midlantic
Banks, Inc.
Ken has been a long-time active participant in international government and industry security
standards initiatives, including: The President’s Commission on Critical Infrastructure Protection,
Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation
Criteria (ITSEC), US Federal Criteria, and Department of Defense (DOD) Information Assurance
Certification Initiative.
He is a prolific author on information security topics. His publications include: Commercial International
Security Requirements (CISR), a commercial alternative to military security standards for system
security design criteria, NIST SP 800-41, “Guidelines on Firewalls and Firewall Policy”, of which he was
co-author, and various works on security architecture, disaster recovery planning, wireless security,
vulnerability testing, firewalls, single sign-on, and the Payment Card Industry Data Security Standard
(PCI DSS).
He has been frequently quoted in popular trade publications, including Computerworld, Information
Security Magazine, Infoworld, Information Week, CIO Bulletin, and Healthcare Information Security
Newsletter, and has been interviewed in radio programs My Technology Lawyer and Talk America.
Ken received his Bachelor of Science degree in Business Administration and Computer Science degree
from SUNY Empire State College.
Danny Goldberg is the Founder of GOLDSRD, a leading provider of Staff Augmentation, Executive
Recruiting and Professional Development services. Danny is a well-regarded speaker on internal
auditing and People-Centric Skills, co-authoring and coining the term People-Centric Skills:
Communication and Interpersonal Skills for Internal Auditors, via Wiley Publications.
Danny has over 19 years of professional experience, including five years leading/building internal
audit functions. Danny was named as one of the Fort Worth Business Press 40 Under 40 in 2014. He
has published numerous articles in trade magazines.
Mr. Goldberg is an active member of the Institute of Internal Auditors, both at a local and national
level. Leadership roles include
• Current IIA Dallas Chapter Board Member and former Fort Worth Chapter Board Member
• Current IIA Dallas and Fort Worth Chapter Programs Committee Co-Chair
Danny is a Certified Public Accountant, Certified Internal Auditor, Certified Information Systems Audi-
tor, Certified in the Governance of Enterprise Information Technology, Certified in Risk and Infor-
mation Systems Control, Certified in Risk Management Assurance, has obtained his Certification in
Control Self-Assessment and is a Chartered Global Management Accountant.
Peter Higgins, CIA, CRMA is a consultant for the MIS Training Institute and principle consultant/
trainer for Boston Audit Solutions Group, which specializes in audit and risk management advisory and
training services.
Prior to starting Boston Audit Solutions Group, Pete spent the majority of his career as an internal audi-
tor in financial services, including three years as VP Corporate Audit Professional Practices at State
Street Bank, where he was responsible for the research, design, implementation, and continuous im-
provement of audit methodologies and operating standards for approximately 200 audit professionals.
29ABOUT THE INSTRUCTORS….
Peter Higgins, CIA, CRMA Continued
Also at State Street, Peter transitioned to the 1st-Line of Defense as VP Risk and Compliance, where he
led a team (20+) to provide all facets of risk, compliance and audit/examination support for multiple
business lines, geographies, and approximately 1,800 employees.
Leighton Johnson is a Senior Fellow with CPE Interactive focusing on information security and IT
audit. In addition to his training role at CPE Interactive, he is CTO of ISFMT, a company focusing on
computer security, forensics consulting and certification training, and cybersecurity. He is also the
founder and CEO of Chimera Security, a research and development company focusing on cryptography,
mobile technology, and cloud computing to create better and more secure solutions for today’s
advanced users and providers.
He has over 40 years’ experience in computer security, cybersecurity, software development,
communications equipment operations and maintenance, incident response, and forensic investigations.
He has taught numerous cybersecurity, anti-terrorism, forensics, and risk management courses both
domestically and internationally.
He previously was the Regional CIO and Senior Security Engineer for a large directorate within
Lockheed Martin Information Systems and Global Solutions Company. He is members of the CSA
CloudSIRT Working Group developing the model for collaboration among cloud providers, CERT
organizations, responders and users; the CSA Security-as-of-Service working group, and other cloud
related working groups. He is a contributing author to the “Encyclopedia of Information Assurance”, and
authored “Computer Incident Response and Forensics Team Management”, and “Security Controls Eval-
uation, Testing, And Assessment Handbook”.
He holds certifications in CISM (Certified Information Security Manager), CISA (Certified Information
Systems Auditor), CISSP (Certified Information Systems Security Professional), CIFI (Certified
Information Forensics Investigator), CSSLP (Certified Secure Software Lifecycle Professional), CAP
(Certified Authorization Professional), CRISC (Certified in Risk & Information Systems Control), CMAS
(Certified Master Antiterrorism Specialist), FITSP-A (Federal IT Security Professional – Auditor), ATOL2
(DOD Anti-Terrorism Officer Level 2), CAS-CTR (Certified Antiterrorism Specialist – Cyber Terrorism
Response) and MBCI (Certified Member Business Continuity Institute).
Keith Levick, Ph.D. is the CEO of Goren and Associates, Dr. Levick has over 25 years of experience in
training, professional coaching, and consulting. As a psychologist, he has spent many of his clinical
years in private practice. In 1987, he began to transfer his clinical expertise into the field of business
management.
For the past 20 years Dr. Levick has coached managers and executives in a variety of industries in the
area of personal and professional productivity, change management and interpersonal skills. He has
coached many executives in their transition from the world of management into the world of leadership.
He has developed many award winning leadership training programs and workshops that are being
used by Fortune 500 organizations nationwide. Some of his clients include Chrysler, GM, Daimler, Mon-
roe Bank & Trust, MGM Detroit Grand Casino, X-Ray Industries, and many other Fortune 500 compa-
nies.
As an executive coach, Dr. Levick is a firm believer in the value of coaching. “With high impact effective
coaching, people are able to remove some of the blinders to see what is possible. Coaching can help
executives and leaders to discover their core habits that are working and those that are not; only then
can they reach their highest potential.”
Don Levonius, M.A. is Principal Consultant, Victory Performance Consulting LLC. As a consultant,
trainer, and national public speaker, Don Levonius draws on over 17 years of progressive leadership
experience, including 13 years with The Disney Company and 4 years with the Institute of Internal Au-
ditors. He taught organizational communication for the University of Central Florida, is a leadership de-
velopment instructor with Valencia State College, and holds master’s degrees in human resource devel-
opment and business & organizational security management. Don is also an author for the Association
of Talent Development.
After years of leading security and investigations for major retail chains and Disney theme parks, Don
was asked to help create and lead Disney Security Training Institute in an effort to help combat the
emerging threat of terrorism following the horrific attacks in 2001. Under his leadership, Disney
security training was transformed to become an international benchmark for private and public sector
security organizations.
30ABOUT THE INSTRUCTORS….
Don Levonius, M.A. continued
Don was later promoted to lead operations and guest service training for 23 Walt Disney World Resort
hotels (25,000 guest rooms), 200 retail and dining locations, and Disney Transport (monorails, water-
craft, and buses). He subsequently became a senior leader of Disney University, the company’s corpo-
rate university.
In 2009, Don left Disney, founded Victory Performance Consulting (VPC), and began providing learning
solutions for a number of organizations including General Electric, NBC Universal, the Florida Attorney
General’s Office and The Institute of Internal Auditors (IIA). The IIA subsequently hired Don full-time to
manage and direct development of its curriculum and learning strategies and delivery of over 200 lead-
ership development seminars annually.
Today Don leads the VPC team in serving a growing list of clients, including: ASIS International, Associ-
ation of Certified Fraud Examiners, CoreNet Global, Florida Attorney General’s Office, Florida Crime Pre-
vention Association, Just$ave Foods, Land O’Lakes, Inc., Lowes Foods, Society for Human Resource
Management, Institute of Internal Auditors, YRC Worldwide, and others.
Dr. Hernan Murdock, CIA, CRMA is Vice President, Audit Division for MIS Training Institute. Before
joining MIS he was the Director of Training at Control Solutions International, where he oversaw the
company’s training and employee development program. Prior to that, he was a Senior Project Manag-
er leading audit and consulting projects for clients in the manufacturing, transportation, high tech, ed-
ucation, insurance and power generation industries. Dr. Murdock also worked at Arthur Andersen, Lib-
erty Mutual and KeyCorp.
Dr. Murdock is a senior lecturer at Northeastern University where he teaches management, leadership
and ethics. He is the author of 10 Key Techniques to Improve Team Productivity and Using Surveys in
Internal Audits, both published by the IIA Research Foundation. He has also written articles and book
chapters on whistleblowing programs, international auditing, mentoring programs, fraud, deception,
corporate social responsibility, and behavioral profiling. He has conducted audits and consulting pro-
jects, delivered seminars and invited talks, and made numerous presentations at internal audit, aca-
demic and government functions in North America, Latin America, Europe and Africa.
Tom Salzman is the IT Audit Manager for Illinois State University, where he manages all computer
audits conducted by the University. His responsibilities include working with educational, athletic, and
administrative departments throughout the University to prepare and streamline and improve IT pro-
cesses, computer security, IT policies and procedures, operational processes and internal controls; and
develop methodologies for managing computer resources. His work requires him to be skilled in net-
work controls, application management, computer intrusion, security management,
and application design and development.
Previously, Mr. Salzman was Director of Professional Services for the Information Systems Audit and
Control Association (ISACA) where he was responsible for establishing and supporting its worldwide
network of educational programs, conferences, and special events; as well as authoring the Profession-
al Seminar Series of diverse educational offerings. He also served as editor and co-author of the ISACA
CISA Review Manual . Prior to joining ISACA, Mr. Salzman was with Coopers & Lybrand, heading their
Technical Training and Information Security practices. Tom also served on the faculty of DePaul Univer-
sity, authoring and presenting undergraduate and post-graduate degree programs.
A much in-demand speaker, Mr. Salzman teaches a variety of computer and audit topics worldwide. He
also tracks and presents numerous CISA review courses. To broaden his support of the IT audit profes-
sion, Tom also presents a range of topical webinars for MIS Training Institute. In addition, his consult-
ing practice has assisted a number of organizations develop cost-effective internal IT audit functions.
Mr. Salzman is a recipient of the College and University Auditors Excellence In Service Award.
Jim Tarantino is a Senior Instructor for MISTI and a Manager at RSM, on the the largest accounting
and consulting firms in the world. He has over 20 years of information technology, analytics, audit and
GRC experience with recognized expertise in developing solutions to enable data-driven auditing, risk
assessment and investigations. Prior to joining RSM, he was the Client Solutions Director for High
Water Advisors, a consulting firm specializing in using technology to help organizations improve
goverenance, risk management, compliance (GRC) and audit processes. He has also held a number of
GRC practitioner roles including Solution Lead/Practice Manager for ACL Services, Senior Auditor at RTI
International, and various management positions at Nortel Networks implementing a HR analytics
program. Mr. Tarantino holds a bachelor’s degree in Psychology and master’s degree in Industrial/
Organization Psychology from Norh Carolina State University.
As a member of the IIA, ISACA and ACFE, he participates in local chapter activities, including serving as
an instructor for CISA certification exam preparation seminars.
31ABOUT THE INSTRUCTORS….
James Roth, PhD, CIA, CCSA, CRMA is president of AuditTrends, LLC, a training firm devoted to
identifying and communicating the best of current internal audit practice. Jim has 35 years of
progressive internal audit and teaching experience. His publications include nine AuditTrends seminars,
nine books and seven other major works for the IIA International. He wrote all of the IIA’s early
research studies and training programs on COSO. His publications include:
• Value-Added Business Controls: The Right Way to Manage Risk
• Control Model Implementation: Best Practices
• Internal Audit’s Role in Corporate Governance: Sarbanes-Oxley Compliance
• Four Approaches to Enterprise Risk Management
• Best Practices: Evaluating the Corporate Culture
• Adding Value with COSO 2013: Beyond Sarbanes-Oxley Compliance
In 2008 the IIA gave Jim the Bradford Cadmus Memorial Award, which was “established…to honor
individuals making the greatest contribution to the advancement of the internal audit profession.”
Energetic and motivating, Jim is one of the highest rated speakers on internal audit.
John G. Tannahill, CA, CISM, CGEIT, CRISC, CSXP is a management consultant specializing in in-
formation security and audit services. His current focus is on information security management and
control in large information systems environments and networks. His specific ares of technical
expertise include Windows Server & Linux operation system security, network security, and database
security. John is a frequent speaker in Canada, Europe, Africa, Asis and USA in the subjects of
information security, cybersecurity and IT audit.
John is a member of the Toronto ISACA Chapter and has spoken at many ISACA Conference and
Chapter events. He is a member of the Institute of Chartered Accountants of Scotland.
Paul E. Zikmund serves as a Director of Baker Tilly’s Global Fraud and Forensic Investigations, Com-
pliance and Security Services practice where he is responsible for helping clients develop, assess and
administer ethics and compliance programs, conduct global and cross-border fraud and misconduct in-
vestigations, including, bribery, corruption and compliance matters and manage risks related to ethics
and compliance failures. Paul specializes in internal and regulatory investigations; governance matters;
risk assessment, design and implementation of compliance programs; global fraud risk management
programs; and compliance coordination and monitoring services for the private, public, not-for-profit
sectors. Paul develops and implements enterprise security and risk mitigation programs and controls
including crisis management, workplace violence and physical security assessments.
Prior to his role at Baker Tilly Paul served as Deputy Chief Compliance Officer & Vice President Global
Security, Bunge in White Plains, NY where he esponsible for development and implementation of
Bunge’s fraud, ethics, compliance and security risk management programs and controls designed to
protect company assets, mitigate fraud and misconduct, ensure compliance with federal and state laws,
protect company assets, and promote adherence to Bunge’s core values.
He managed and conducted investigations of compliance matters, fraud and ethics violations. Paul as-
sisted with the development and implementation of tools and techniques to mitigate enterprise securi-
ty, fraud & compliance risk, manages the company’s third party risk management program, and admin-
isters security, compliance training and awareness programs.
Prior to joining Bunge, Paul worked as the Senior Director Forensic Audit at Tyco International in
Princeton, NJ and the Director Litigation Support Services at Amper, Politziner, & Mattia, LLP, in
Philadelphia, PA where he was responsible for developing, implementing, and administering fraud
risk management services to Tyco and to clients. He possesses nearly 28 years of experience in this
field and has effectively managed global compliance and forensic audit teams at various Fortune 500
companies.
32REGISTRATION INFORMATION
Space is limited so registration will be accepted on a first-come, first-serve basis. Pricing has been es-
tablished to provide the maximum educational benefit for the lowest cost. Therefore, we do not offer
discounts from the established prices for early registration, membership affiliation or groups. Dress
code for the training is business casual.
Morning refreshments will be provided from 7:30 – 8:30 AM, and sessions will be from 8:30 AM – 4:30
PM each day. Lunch will be provided daily with vegetarian options.
Due to circumstances outside of our control, we may find it necessary to reschedule or cancel sessions,
or change instructors. We will give registrants advance notice of such changes, if possible.
Payment and Cancellation Policy
Please note all times are stated in Eastern Daylight Time (EDT). All reservations must be made online
at : https://www.eiseverywhere.com/2020springtraining and all payments must be received by midnight
Tuesday March 17, 2020. Payments may be made at the time of registration using Visa, MasterCard,
Discover or American Express, or check payments may be mailed to the address listed below.
Cancellations may be made online until midnight on Tuesday March 17, 2020 without penalty. Any
cancellation received after Tuesday midnight March 17, 2020, and before Tuesday midnight March 23,
2020 will be charged a non-refundable service fee based on the CPEs of the registered course being
cancelled. No refunds will be given for registrations that are cancelled after midnight March 23, 2020.
Non-Refundable
CPEs Service Fee
7 $25
15 $50
22 $75
Payments (payable to: IIA Detroit) should be mailed to the address below. Please do not remit pay-
ment to the ISACA Detroit Chapter. Training or registration questions should be sent to administra-
tor@isaca-det.org.
IIA - ISACA Spring Training
Administrator
P.O. Box 99340
Troy, MI 48099
Hotel Information
Individual attendees can make reservations for the event directly with the Hyatt Place at the Suburban
Collection Showplace reservations at 1-800-233-1234.
Reservations may also be made by logging on to: https://novi.place.hyatt.com/en/hotel/home.html?
corp_id=G-ADIT Use the Group Code: G-ADIT to receive your discounted group rate of $134.00. Once
the arrival and departure dates have been entered click on special rates and then enter the Group Code
in the Group Code Box (make sure to include the G when entering the code).
All reservations must be accompanied by a first night room deposit, or guaranteed with a major credit
card. Hotel will not hold any reservations unless secured by one of the above methods. Cancellations
must be received a minimum of (72) hours prior to arrival for a full refund. Cancellations received
less than (72) hours prior to arrival will forfeit one (1) night room and tax.
Reservations by attendees must be received on or before February 8, 2020
33You can also read
