News and Announcements 

John Gatto, award winning speaker, to address Illini Chapter on the subject of BYOD, Enterprise Risk, and Internal Audit8/15/2017 10:47 AM

This event will feature a few topics to kick off our program year.  For BYOD, more companies are trying to reduce their internal expenses for company owned devices by allowing employees to use their smart phone, iPads, etc. to access company data. This poses significant risks or data loss and security breaches. The auditor must be aware of this and be able to comment upon the strategy being proposed. 


For Enterprise Risk Management (ERM) and Internal Audit, we will review the risks associated with ERM, the interaction between ERM and Internal Audit, and how best to ensure there is alignment.



·       Understand the risks associated with allowing employees to use personal devises for business activities.

·       Understand the controls that are needed in this BYOD environment.

·       Audit or participate in the pilot of a BYOD initiative.

·       Provide management with meaningful recommendations for BYOD.

·       Definition of ERM.

·       Risk Areas for ERM.

·       The need for ERM.

·       Obstacles for implementing ERM.

·       How Internal Audit can help ERM.

·       How ERM can help Internal Audit.

John Gatto was with Health Care Service Corporation (HCSC) in Chicago, IL from December, 2005 until his retirement in January, 2015. He was the Divisional Vice President, Audit Services and was responsible for all aspects of IT Audit for the five Blue Cross Blue Shield Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC.


Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit.


John has over 45 years of audit experience, most of it in the IT Audit arena. He is a CISA and CRISC and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations. In 2010 he was named “Educator of the Year” by the Chicago Chapter of the IIA.