GRC Presentations and Descriptions 

 
 

Track 1—Cyber & Digital Disruption

CS 1-1–Continuous Security Validation

Monday, August 12 | 10:15AM – 11:15AM

Berk Algan, CISA, CGEIT, CRISC, CIPP
Senior Director, Global Services Governance
Silicon Valley Bank

Continuous security validation allows an organization to take cyber attackers’ perspective and stress-test its security stance. We will analyze how a company could use this approach to supplement its current testing approach and reduce its exposure. We will talk about how a company could design and execute security attack scenarios and continuously assess the effectiveness of its security controls. We will provide real-life examples and refer to best-practice frameworks throughout the session.

In this session, participants will:

  • Gain an understanding of the cornerstones of continuous security validation.
  • Learn how to implement a continuous security validation framework, leveraging real-life examples.
  • Discover ways to use continuous security validation in conjunction with traditional approaches, such as security control testing and risk assessments.
  • Receive tips for avoiding common implementation pitfalls

CS 2-1–Protecting the Mission Critical Digital Assets, “The Crown Jewels”

Monday, August 12 | 11:30AM – 12:30PM

Eduardo Delgado, CEH, CISA, CISM, CISSP, CRISC, PMP
Associate Vice President, ORM Cybersecurity
TD Bank

An organization’s “Crown Jewels” are its digital assets of greatest value, those that would cause a material business impact if compromised. Due to their value, the Crown Jewels are a top target of adversarial cyber threats, and organizations must prioritize their protection. This presentation will cover best practices for identifying Crown Jewels, assessing their exposure to cybersecurity threats, designing risk mitigation strategies, and developing risk metrics and indicators for executive reporting.

In this session, participants will:

  • Discover what the mission critical digital assets (“Crown Jewels”) are and how to identify them.
  • Explore cyber threat modeling techniques and methodologies for assessing exposure to cybersecurity threats.
  • Understand best practices for designing a defense in depth, including layers of preventive and detective security controls to mitigate cyber threats in the cyber fraud kill chain.
  • Follow best practices to design actionable risk metrics and indicators for executive reporting.

CS 3-1–Bridging Communication Between Internal Audit and Cybersecurity

Monday, August 12 | 1:45PM – 2:45PM

Sergio Abraham
Innovation Lead
Onapsis, Incorporated

Larry Harrington, CIA, QIAL, CRMA, CPA
Former CAE, Raytheon
Past Chairman, IIA Global Board of Directors

Business-critical ERP applications are often out of scope for cybersecurity teams. Auditors are faced with ensuring compliance for these applications, but often lack the deep security knowledge required. As a result, communication and collaboration are not always seamless between cybersecurity and internal audit teams, even though ERP applications contain the most critical cyber-risks. This discussion will enable a new and collaborative conversation between internal audit and cybersecurity to achieve greater compliance and security.

In this session, participants will:

  • Discuss the use of business-critical applications as drivers to create a holistic security and compliance framework to improve the efficiency of their teams.
  • Receive tips for building an internal cross-functional plan to align the audit committee, internal audit, and information security teams.
  • Understand how to prioritize cyber-risk and map it to audit and compliance mandates.
  • Discover how to align and intersect the roles of internal auditors and audit committee members and create combined goals.

CS 4-1–The Five “P”s of Breach Response

Monday, August 12 | 3:00PM – 4:00PM

Ben Smith, CRISC, CISSP, CIPT
Field CTO (US)
RSA

Many organizations, especially those early in their security maturity journey, tend to consider breach response purely as a technical matter — how do we find the fire, and put out the fire, with the right tools in the shortest amount of time? However, responding to a breach isn’t merely a technical exercise; it also includes many non-technical functions.

In this session, participants will:

  • Learn from real-world lessons that effective breach response begins *before* the breach occurs.
  • Appreciate the key importance of leveraging the business context of affected assets in the midst of a breach response.
  • Recognize how to incent and retain technical personnel in what is traditionally a high-burnout profession.
  • Understand the unique attack vector represented by third parties.

CS 5-1–Social Media and Its Cyber Threats

Monday, August 12 | 4:30PM – 5:30PM

Robert Findlay
Global Head, IT Audit
Glanbia

Many organizations are now disseminating information and trading through multiple social media channels without any consideration of the threats they face. These threats are both internal and external, and in many cases, completely out of their control. The key question is, how can we gain any assurance over controls on systems we don’t operate and directly control without stopping the business interacting on social media?

In this session, participants will:

  • Learn the key control weaknesses of social media.
  • Understand how these weaknesses are being exploited.
  • Identify key control strategies to mitigate these weaknesses.

CS 6-1–Winter is HERE! Cybersecurity Lessons from the Game of Thrones

Tuesday, August 13 | 10:15AM – 11:15AM

Pamela Nigro, CRMA, CISA, CGEIT, CRISC
Senior Director, Information Security
Health Care Service Corporation (HCSC)

“Winter is coming” was a familiar mantra in Game of Thrones (GoT). These are words of warning and a call to remain vigilant. What lessons can we learn from GoT about modern-day cybersecurity? Though security professionals can become obsessed with adding new, bigger layers of defense — rather like how The Wall was built to protect the Seven Kingdoms — security doesn’t end with building walls.

In this session, participants will:

  • Deconstruct the current cybersecurity landscape and tools used to help protect and fortify valuable data.
  • Discuss the types of threats their organizations face.
  • Understand advanced persistent threats (APTs) and the position of malware, as well as firewalls, intrusion detection, intrusion protection, and their role in cybersecurity.
  • Learn to recognize malicious insiders and external threats.
  • Gain insights into the frameworks and resources (controls) available to help identify best practices for their organizations.

CS 7-1–Cyber Deterrence: Cyber Privateering Using Letters of Marque®

Tuesday, August 13 | 11:30AM – 12:30PM

John S. Bommer, Jr., CISM
Program Manager/Cybersecurity SME
Air Force Institute of Technology, School of Systems and Logistics

State and local governments are responding to incidents by using cyberspace privateering to enable the U.S. to protect its internet e-commerce lanes. Cybersecurity protection and cyber incident response should be performed by using existing laws to increase our cyber detection surface, enable active cyberspace deterrence at the state and local levels, and prevent nation-states or organized criminal activity from infringing on our way of life and creating a cyber-phobia.

In this session, participants will:

  • Develop a framework for debate between the internet privacy of an individual and the cybersecurity of U.S. ecommerce.
  • Distinguish the incident response mechanism using the cyber privateering concept.
Analyze the application of Letter of Marque for a hypothetical hacker attack.

CS 8-1–Deep Dive: Angels or Demons? The Ethical Considerations of Artificial Intelligence (Part 1)

Tuesday, August 13 | 1:45PM – 2:45PM

Stephen Scott Watson, CIA, CISA, CFIIA
Director, Technology Risk Assurance
AuditOne UK

The term “artificial intelligence” (AI) is applied when a machine mimics cognitive functions associated with human minds, such as learning and problem solving. AI solutions and automated decision-making (ADM) algorithms are becoming commonplace, with the term AI often encompassing everything from toasters to supercomputers. But will uncontrolled AI actually turn out to be a modern-day ‘Sorcerer’s Apprentice’? As technology itself does not have any moral stance, it will fall to technology creators and users to develop and apply an ethical framework to these tech solutions.

In this session, participants will:

  • Learn how AI is being used in today’s business world and where it could move to over the next few years.
  • Consider the risks of continued uncontrolled use of AI.
  • Explore what ethical frameworks could, and should, look like; how they could work; and how they could, or should, be integrated into ADM and AI solutions.

CS 9-1–Deep Dive: Angels or Demons? The Ethical Considerations of Artificial Intelligence (Part 2)

Tuesday, August 13 | 3:00PM – 4:00PM

Stephen Scott Watson, CIA, CISA, CFIIA
Director, Technology Risk Assurance
AuditOne UK

The term “artificial intelligence” (AI) is applied when a machine mimics cognitive functions associated with human minds, such as learning and problem solving. AI solutions and automated decision-making (ADM) algorithms are becoming commonplace, with the term AI often encompassing everything from toasters to supercomputers. But will uncontrolled AI actually turn out to be a modern-day ‘Sorcerer’s Apprentice’? As technology itself does not have any moral stance, it will fall to technology creators and users to develop and apply an ethical framework to these tech solutions.

In this session, participants will:

  • Learn how AI is being used in today’s business world and where it could move to over the next few years.
  • Consider the risks of continued uncontrolled use of AI.
  • Explore what ethical frameworks could, and should, look like; how they could work; and how they could, or should, be integrated into ADM and AI solutions.

CS 10-1–Oh NO! We’ve Been Hacked

Tuesday, August 13 | 4:30PM – 5:30PM

Sean Renshaw
Director, Risk Advisory Services
RSM US LLP

Jamie Burgess, CPA
Partner, Risk Advisory Services
RSM US LLP

Paul Alcock
Information Security Manager
Surgical Information Systems

Bruce Radke
Shareholder
Polsinelli  

This session will provide attendees with insights into how a cyber data incident occurs. Attendees will learn practical and proven steps to investigate, remediate, and respond to an incident, as well as how to identify key stakeholders. The panelists bring diverse legal and technical expertise that leverages decades of experience in helping clients investigate and respond to numerous data incidents.

In this session, participants will:

  • Develop an understanding of the key stages of responding to a cyber data incident.
  • Identify the key stakeholders that should be involved in responding to a cyber data incident.
  • Learn some practical aspects of how a cyber data incident response works in the real world.


Return to Event Page >>
 

Track 2—Technology & Artificial Intelligence

CS 1-2–Blockchain Security Controls: Practice and Audit

Monday, August 12 | 10:15AM – 11:15AM

Sridhar Vedhanabatla, CISM, CIPT
Security Architect
Gainsight

With industry racing to rapidly adopt the blockchain paradigm, it is imperative that architects and auditors understand how to review applications seeking trust, including closely studying and auditing every aspect— trust, consensus, operations, cryptographic strength, etc. This is more complex than anticipated, especially with absence of any standards in industry. This session addresses research into controls from both practice and audit perspectives.

In this session, participants will:

  • Learn about blockchain security controls and controls objectives.
  • Measure policy against procedures/operations to understand application outcomes and objectives.
  • Help auditors evaluate any generic blockchain system, irrespective of technology, platform, business, and implementation.

CS 2-2–Digitalizing IT Audit Workforces Through AI

Monday, August 12 | 11:30AM – 12:30PM

Lauren Berrington
Chief Audit Executive
The Bidvest Group Ltd.

Gustav Silvo, CIA
Project Owner of the Bidvest ALICE Project
The Bidvest Group Ltd.

IT auditors need to think about how to remain relevant in a disruptive future. We need to not only audit emerging technologies, but also adopt the use of these technologies to deliver our IT audit services. For this reason, we decided to disrupt ourselves by building an audit robot that performs IT audit services in a continuous and near real-time manner using neural networks without human intervention.

In this session, participants will:

  • Observe how machine learning applications are used to interpret different types of IT audit evidence (structured and unstructured data).
  • Discover how to apply cognitive automation (from natural language processing, machine learning, robotics through to AI) in IT audit programs to predict real-world user names and surnames, create unique user lists from disparate sources across the network with no unique identifiers, and track devices on networks with changing IP addresses.
  • Share in the lessons of resilience and complexity associated with building an IT audit robot that mimics the logic, rationale, decision-making, and problem-solving capabilities of a human IT auditor’s brain.
  • Explore how to position oneself (and possibly coexist with AI) in a disrupted future where AI is replacing the routine, repetitive audit analysis and where creativity, judgment, and imagination are required by the human IT auditor to remain relevant and valuable to business stakeholders.
  • Learn how we digitized a cybersecurity audit from taking 2.5 weeks to complete to 4.5 minutes with the same outcomes.

CS 3-2–Leveraging Risk Scoring Models to Drive Business Stakeholder Engagement

Monday, August 12 | 1:45PM – 2:45PM

F. Iman Joshua
Chief Data Protection Officer and CISO, Consumer Health and Services
CVS Health

In this session, we will learn how to engage stakeholders with near real-time risk scoring to drive cybersecurity initiatives. Through the integration of security monitoring tools, an eGRC platform, and data science techniques, it is possible to provide visualization of security control efficacy and better quantitative risk management. We will discuss the evolution of risk understanding with business stakeholders as a result of this bottom-up approach.

In this session, participants will:

  • Identify the top risk factors for divisions of a business.
  • Learn approaches to quantifying risk.
  • Define value-driven key performance indicators.

CS 4-2–Driving Actionable Intelligence Using Advanced Analytics

Monday, August 12 | 3:00PM – 4:00PM

Arvind Mehta, CISA, C-EH
Vice President, IT Audit and Analytics
EXL Service, Incorporated

Laura A. Lowenhaupt
Vice President, Associate General Auditor
New York Life Insurance Company

Most internal audit organizations have embarked on the journey of audit analytics to enhance the assurance process. However, a majority of them are still just using basic analytics. But how many have been able to successfully see and unlock the potential of advanced analytics to drive risk sensing and intelligence, enable exception-based audits, and provide deeper insights and foresights to their audit committees?

In this session, participants will:

  • Recognize the potential of advanced analytics within the internal audit function to provide deeper insights and foresights to audit committees.
  • Establish ideas to drive risk sensing and intelligence using analytics.
  • Evaluate real-life examples of how advanced analytics are used.
  • Devise a high-level roadmap to drive risk sensing and intelligence in their organizations.

CS 5-2–Implementation of Continuous Auditing and Continuous Monitoring Programs

Monday, August 12 | 4:30PM – 5:30PM

Hania Abrous–McCarthy, CIA, CRMA, CPA, CGMA
Managing Director
Gladclif LLC

Susan Stapleton
Vice President, Customer Advisory
Greenlight Technologies

Adam Losner
Chief Audit Executive
Broadridge Financial Solutions, Incorporated

Susan Zortea
Global Governance Lead
Jabil Circuit

Guidance on continuous auditing and monitoring has been plentiful over the last number of years; however, the implementation of an end-to-end program has proven challenging to many internal audit departments. Along with judicious use of data analytics, there are other components that play key roles in a program that can raise the profile and enhance the value proposition of any internal audit department.

In this session, participants will:

  • Distinguish between continuous auditing and continuous monitoring and understand the existing related IIA guidance.
  • Leverage the experiences of the panel to consider different approaches and components to continuous auditing and data analytics programs.
  • Follow suggested roadmaps for a successful continuous auditing/continuous monitoring program.

CS 6-2–Deep Dive: Auditing Continuous Monitoring Processes and Validating Sound Security Practices (Part 1)

Tuesday, August 13 | 10:15AM – 11:15AM

Jeff Roth, CISA, CGEIT, CISSP-ISSEP, CCSFP, QSA
Regional Director
NCC Group

This session will provide a solid walkthrough of the foundations of an effective continuous monitoring (CONMON) program and how to develop and execute agile and effective assessments of CONMON processes. From monitoring system configuration, vulnerability, management, and file integrity to regular incident response and continuity plan testing, this session focuses on audit program development, assessment execution, and reporting processes.

In this session, participants will:

  • Understand the key elements of an effective and efficient CONMON program.
  • Learn methods and techniques for assessing and evaluating CONMON processes and overall program capabilities.
  • Discover a reporting process that provides reasonable assurance the CONMON program is effective, efficient, and remains aligned with organizational requirements.

CS 7-2–Deep Dive: Auditing Continuous Monitoring Processes and Validating Sound Security Practices (Part 2)

Tuesday, August 13 | 11:30AM – 12:30PM

Jeff Roth, CISA, CGEIT, CISSP-ISSEP, CCSFP, QSA
Regional Director
NCC Group

This session will provide a solid walkthrough of the foundations of an effective continuous monitoring (CONMON) program and how to develop and execute agile and effective assessments of CONMON processes. From monitoring system configuration, vulnerability, management, and file integrity to regular incident response and continuity plan testing, this session focuses on audit program development, assessment execution, and reporting processes.

In this session, participants will:

  • Understand the key elements of an effective and efficient CONMON program.
  • Learn methods and techniques for assessing and evaluating CONMON processes and overall program capabilities.
  • Discover a reporting process that provides reasonable assurance the CONMON program is effective, efficient, and remains aligned with organizational requirements.

CS 8-2–Compliance Automation: Seamless and Continuous Adoption of CCF by Adobe

Tuesday, August 13 | 1:45PM – 2:45PM

Prasant Vadlamudi, CIA, CISA, CISSP
Director, Technology GRC
Adobe

Rahat Sethi
Manager, Technology GRC
Adobe

Common Controls Framework (CCF) by Adobe is the foundational framework and backbone of the company’s security compliance strategy. CCF by Adobe was open sourced for peer organizations to leverage in meeting their compliance objectives. As the next level of organic maturity, Adobe is developing and implementing a controls automation framework to enable near real-time monitoring of the controls’ operating effectiveness and also reduce their manual point of failure.

In this session, participants will:

  • Learn how Adobe is automating CCF to help new services and product teams onboard the controls at a much faster scale.
  • Hear how Adobe is eliminating compliance fatigue imposed on the operations and engineering teams, and still reducing risk through CCF controls automation.
  • Understand how Adobe is making auditing a near real-time continuous monitoring activity rather than an annual audit.
  • Discover how automation is the next level of maturity for CCF by Adobe and how other industries can benefit from it.

CS 9-2–Data Analytics and Compliance Automation

Tuesday, August 13 | 3:00PM – 4:00PM

Wes Luckock
Manager
Grant Thornton

Michael Baker
Senior Manager of Internal Audit and Data Analytics
Western Union

Cherie Axelrod
Senior Vice President, General Auditor
Western Union

Ethan Rojhani
Partner, Controls Advisory
Grant Thornton LLP

Compliance activities are often expensive, inefficient, and burdensome. How can we apply cloud and data analytics technologies to reduce costs, create efficiencies, and enhance the value of compliance activities? Through the enablement of automated continuous monitoring. We will discuss the latest cloud and analytics technologies and explain how to apply them within your organization to automate compliance activities.

In this session, participants will:

  • Identify opportunities for compliance automation and analytics within internal audit.
  • Apply cloud-based technologies to automate compliance activities.
  • Describe the challenges and benefits of automating compliance functions.

CS 10-2–Transforming Internal Audit Using New Technology

Tuesday, August 13 | 4:30PM – 5:30PM

Stephen Mills, CIA, CCSA, ACA
Managing Director
Promontory Financial Group, LLC (an IBM Company)

Emerging technologies represent a transformational opportunity for the internal audit profession to realize the vision of internal audit as a pro-active, insightful, and future-focused activity. The alternative will be to become increasingly irrelevant.

In this session, participants will:

  • Learn how new technologies can transform existing practices for risk assessment, audit testing, and reporting.
  • Discover how new technologies will impact all facets of an internal audit function, including management, staffing, process, and tools.
  • Reinforce the urgency to proactively embrace change.
  • Understand the linkage between the use of new technologies and application of the Core Principles for the Professional Practice of Internal Auditing.


Return to Event Page >>
 

Track 3—Governance, Risk, Control, & Compliance

CS 1-3–Casual Collison: A Case Study on Collaborative Process Automation

Monday, August 12 | 10:15AM – 11:15AM

Catherine Schlegel
Internal Auditor
Fannie Mae

Alena Jeanmaire, CISA
Lead Auditor
Fannie Mae

This session presents a case study on SOX technology testing and the incorporation of automation, data analytics, and data visualization. From pilot ideation to closing out the audit file, and with lessons learned from various collaborative techniques we adopted along the way, we achieved not only monetary savings through a reduced consulting budget, but also reclaimed some much-needed work hours and calendar days in our schedule.

In this session, participants will:

  • Learn from our experience on what works and what doesn’t with different collaborative approaches in data analytics.
  • Identify examples and gain insight into the type of testing processes suitable for automation.
  • Discuss the role and value of data visualization in highlighting observations and tracking remediation.

CS 2-3–Who is Responsible for the Security of Cloud-based Information Systems?

Monday, August 12 | 11:30AM – 12:30PM

Sarbari Gupta, PhD, CISSP, CISA
President and CEO
Electrosoft Services, Incorporated

Cloud computing’s advantages over traditional hosted systems include hardware footprint reduction, elasticity, delegated security, and improved availability. Regardless of the cloud computing model chosen — infrastructure/platform/software-as-a-service — the cloud system owner (CSO) may have significant security responsibility for risk management and compliance with applicable standards. We describe a methodology to determine the CSO’s retained security responsibility and an approach to managing the risk of operating cloud-based information systems.

In this session, participants will:

  • Recognize that adoption of cloud services does not imply full delegation of security responsibility.
  • Analyze cloud service offerings to discover the retained security responsibility of the CSO.
  • Configure and complement security controls provided by cloud services to manage organizational security risk.

CS 3-3–Deep Dive: The Auditor’s Role in Fraud Risk Management (Part 1)

Monday, August 12 | 1:45PM – 2:45PM

John Hall
President and Founder
Hall Consulting, Incorporated

Few business risk areas offer auditors greater opportunity for value-add service. Why? Across all departments, we simply know more than most others about fraud prevention, deference, quick detection, and incident response. In the first half of this session, you’ll learn a proven, six-part strategy you can take back and use in your work. In the second, you’ll brainstorm ideas for managing specific fraud risks.

In this session, participants will:

  • Identify how to bring value to those they serve through effective fraud risk management actions.
  • Explore how to adapt the six-step fraud prevention approach to their unique organizational style, risks, and needs.
  • Discover what works and what gets in the way from other participants during the brainstorming and open discussion periods.
  • Recognize what still needs to be done by their organization and clients to fully implement a meaningful fraud risk management program.

CS 4-3–Deep Dive: The Auditor’s Role in Fraud Risk Management (Part 2)

Monday, August 12 | 3:00PM – 4:00PM

John Hall
President and Founder
Hall Consulting, Incorporated

Few business risk areas offer auditors greater opportunity for value-add service. Why? Across all departments, we simply know more than most others about fraud prevention, deference, quick detection, and incident response. In the first half of this session, you’ll learn a proven, six-part strategy you can take back and use in your work. In the second, you’ll brainstorm ideas for managing specific fraud risks.

In this session, participants will:

  • Identify how to bring value to those they serve through effective fraud risk management actions.
  • Explore how to adapt the six-step fraud prevention approach to their unique organizational style, risks, and needs.
  • Discover what works and what gets in the way from other participants during the brainstorming and open discussion periods.
  • Recognize what still needs to be done by their organization and clients to fully implement a meaningful fraud risk management program.

CS 5-3–Vendor Compliance and the Mitigation of Third-Party Risks

Monday, August 12 | 4:30PM – 5:30PM

Jan Anisimowicz, PMP, CISM, CRISC
Director, Audit, Risk, and Compliance
CandF Sp z o.o.

This presentation will cover what we need to know about our vendors and their risk profiles. The speaker will discuss recommendations for ensuring the compliance of vendors, including GDPR data processors. A real-life vendor management case study will be presented, and a short vendor management survey will be conducted, with real-time results and analysis provided.

In this session, participants will:

  • Understand how to create vendor risk profiles in their organization.
  • Hear recommended steps to ensure third-party compliance.
  • Learn how to choose the most risky vendors for audit and implement security controls verification.
  • Discover strategies to mitigate risks coming from third parties, including data processors.

CS 6-3–Aligning Enterprise Risk Management with Environmental, Social and Governance-related Risks

Tuesday, August 13 | 10:15AM – 11:15AM

Rodney Irwin
Managing Director & Senior Management Team
World Business Council for Sustainable Development


CS 7-3–Greater than the Sum of Its Parts: Modern Investigative Tactics

Tuesday, August 13 | 11:30AM – 12:30PM

Garrett McGinn, CFE
Partner, Research and Development
DigiStream Investigations

Dozens of successful risk managers identified the most effective referral criteria, which, combined with tens of thousands of days of surveillance and other investigative data, enabled impactful conclusions to be drawn to drastically alter how the public entity utilizes investigations. The many investigative options currently available can help avoid costly mistakes, such as ordering multiple days of surveillance without first exploring less expensive alternatives. Hear real-life case examples of investigations gone right and wrong.

In this session, participants will:

  • Learn why the traditional investigative referral process is wasteful via statistical findings and change popular opinions on how to utilize surveillance.
  • Understand the differences between traditional social media investigations and geosocial investigations, and how these techniques are utilized to discover hidden content regarding people and places.
  • Discuss how to use unconventional approaches to uncover fraud such as canvassing ski resorts, cruise lines, and hospitals.
  • Discover cost-effective tricks of the trade that have a higher probability of reducing claims exposure than surveillance alone.
  • Understand the legal and privacy implications of using geosocial and other investigations to combat fraud along with best practices for collecting, preserving, authenticating, and presenting cyber evidence.

CS 8-3–Establishing Business Cases and Measuring ROI for Enterprise GRC Programs

Tuesday, August 13 | 1:45PM – 2:45PM

Eric Parker, CRMA, CISA
Managing Director
KPMG LLP

Brian Cooper
Senior Vice President, Program Management, and Head, GRC Center of Excellence
Regions Financial Corporation

Measuring ROI for GRC investments is no longer optional; it’s a business imperative. While risk and compliance professionals readily grasp the potential of GRC-enabling technologies, executive leadership must carefully weigh the costs and benefits of a GRC implementation just as they do other top organizational initiatives. In this session, we will discuss techniques for estimating current costs and future state benefits; defining meaningful GRC business cases; and ensuring ROI is measured throughout the GRC lifecycle.

In this session, participants will:

  • Discuss evolving expectations of executive leadership with respect to building business cases and measuring ROI for GRC investments.
  • Identify meaningful examples of costs and benefits that organizations should evaluate for their GRC program and technology.
  • Learn about effective tools and techniques for preparing comprehensive GRC program and technology business cases and measuring ROI throughout the GRC lifecycle.

CS 9-3–Prepare for Data Governance Revolution with a Risk-Based Approach

Tuesday, August 13 | 3:00PM – 4:00PM

Steven Minsky
CEO and Founder
LogicManager

We’ve arrived at an age when consumer expectations have vastly outpaced regulatory requirements. Data breaches severely damaged the reputations of Equifax, Facebook, Marriott, and others, not because of regulatory folly, but because of consumer outrage. In turn, however, lawmakers are responding to the outcry for better data privacy by following in the footsteps of GDPR. How will you manage the onslaught of new regulations on top of heightened consumer demands?

In this session, participants will:

  • Learn how to operationalize cybersecurity and data privacy policies across departments and levels.
  • Consider how a risk-based approach can help companies adapt to changing regulations and stakeholder expectations.
  • Explore metrics that monitor the effectiveness of cybersecurity programs and progress towards compliance.
  • Discuss best practices for reporting cybersecurity effectiveness to the board and regulators.

CS 10-3–Received a SOC Report: Now What?

Tuesday, August 13 | 4:30PM – 5:30PM

Jude Viator, CIA, CISA, CRISC
Consulting Associate Director
P&N

Internal and external auditors, as well as organizational management, often receive System and Organization Controls (SOC) reports and do not fully understand their intent and/or the information being presented. From the standpoint of a professional that not only issues the reports regularly, but also reviews them, this presentation intends to address the purpose of the reports and provide real-life usage opportunities to promote effective and efficient report use.

In this session, participants will:

  • Briefly address the purpose and scope of SOC 1 and 2 reports.
  • Outline the key sections of each report, including key takeaways from the reports.
  • Address key report users and how internal audit should/can assist.
  • Summarize SOC 1 and 2 reports, while emphasizing key focus areas and possible takeaways to promote efficient and effective use of provided SOC reports.


Return to Event Page >>
 

Track 4—Leadership, Career, Communication, Culture, & Ethics

CS 1-4–Deep Dive: Ethics in Internal Audit: Case-based Learning (Part 1)

Monday, August 12 | 10:15AM – 11:15AM

Patricia Miller, CIA, QIAL, CRMA, CPA, CISA
Owner
PKMiller Risk Consulting, LLC

All internal auditors face ethical decisions in their careers. They need a strong foundation and understanding of ethical expectations to make the right choices. It is also imperative that audit management set the right tone and coach their teams so that the right choices are made.

In this session, participants will:

  • Develop an understanding of the nature of ethics, the IPPF, and the Code of Ethics.
  • Follow a framework for making ethical decisions.
  • Consider, in small teams, different ethical scenarios and the best choices to make.
  • Gain an appreciation for the challenges facing internal auditors in their role and in determining how to handle situations uncovered in audits.
  • Discuss, if time allows, auditing the ethical environment of their organizations.

CS 2-4–Deep Dive: Ethics in Internal Audit: Case-based Learning (Part 2)

Monday, August 12 | 11:30AM – 12:30PM

Patricia Miller, CIA, QIAL, CRMA, CPA, CISA
Owner
PKMiller Risk Consulting, LLC

All internal auditors face ethical decisions in their careers. They need a strong foundation and understanding of ethical expectations to make the right choices. It is also imperative that audit management set the right tone and coach their teams so that the right choices are made.

In this session, participants will:

  • Develop an understanding of the nature of ethics, the IPPF, and the Code of Ethics.
  • Follow a framework for making ethical decisions.
  • Consider, in small teams, different ethical scenarios and the best choices to make.
  • Gain an appreciation for the challenges facing internal auditors in their role and in determining how to handle situations uncovered in audits.
  • Discuss, if time allows, auditing the ethical environment of their organizations.

CS 3-4–Seat at the Table: Engaging Executives in ERM Discussions

Monday, August 12 | 1:45PM – 2:45PM

Karen C. Begelfer, CIA, CRMA, CPA
Vice President, Corporate Audit Services
Sprint Corporation

Vlado Gjorgjioski
Director, Internal Audit and ERM
Sprint

We will explore various strategies and ERM tools that can be used to engage leadership in risk discussions and produce meaningful output.

In this session, participants will:

  • Examine how an ERM program delivers value to an organization, especially to senior leadership.
  • Explore different ERM exercises that are relevant and engaging for senior leadership.
  • Discuss how to position, both in written and verbal communications, ERM as a critical management tool.

CS 4-4–How Successful Teams Are the “IT” Factor in Success

Monday, August 12 | 3:00PM – 4:00PM

Shivani York
CEO and Founder
BrandPartnerGroup.com

Even the most successful entrepreneurs occasionally find running a business more challenging than they expected. Many work longer hours and get less return on their investment of time and money than they would like. By applying practical tools to strengthen the core components of the business, owners, leaders, and managers of entrepreneurial organizations can achieve better business operations, faster growth, and maximum traction.

In this session, participants will:

  • Discover the Six Key Components of successful businesses.
  • Gain practical tools to allow them to work “on” their business rather than “in” it.
  • Learn how to gain control of the issues surrounding their business by learning to look.
  • Get traction and ability to create a highly accountable and disciplined organization, leading to fast growth.

CS 5-4–Writing for Understanding

Monday, August 12 | 4:30PM – 5:30PM

Wade Cassels, CIA, CRMA, CISA, CFE
Senior Auditor
Nielsen

If internal auditors do not effectively communicate audit results, then the audit’s value may be lost. This session teaches practical techniques for writing audit reports that successfully communicate the desired message.

In this session, participants will:

  • Learn to improve the quality and effectiveness of their written communications.
  • Understand how to write from the perspective of the reader (and his/her business objectives).
  • Gain insights into creating a narrative and economizing words.
  • Discover how to avoid common errors that hinder understanding.
  • Hear tips for utilizing graphics and visual cues to promote understanding.

CS 6-4–Mitigating Human Risk: Creating a Security Culture

Tuesday, August 13 | 10:15AM – 11:15AM

Dr. Tracy Celaya, CISSP
President/Principal Consultant, Professional Training and Coaching
GO Consulting International

Ira Winkler, CISSP
President
Secure Mentem

Information security culture guides how an organization functions when protecting critical assets, including data and infrastructure, and when mitigating the human the security risk. An organization’s first line of defense is always its people, which means that influencing employees’ security behavior to create a security culture is your first line of critical defense. This presentation will share the results of a proprietary investigation of effective security cultures among prominent security leaders.

In this session, participants will:

  • Describe security culture and identify why humans make it a critical line of defense.
  • Discuss the formula, “PEOPLE + SECURITY CULTURE = CRITICAL DEFENSE.”
  • Examine components and characteristics of effective and imagined security cultures.
  • Design and develop a security culture as a first line of critical defense.

CS 7-4–Strategies and Insights for Communicating with the Board and Executives

Tuesday, August 13 | 11:30AM – 12:30PM

Tracie Marquardt, CPA
Audit Communication Specialist
Quality Assurance Communication

Reporting to the board and executives is a task every CAE and audit director must perform. But how successfully are you communicating the right information at the right time? Why are some messages received, but others ignored? IIA Standards provide some guidance, but there’s much more to it: Understanding how we take in information and make decisions is key to knowing what to deliver, when, why, and how.

In this session, participants will:

  • Distinguish between communication needs for operational levels, the board, and executives.
  • Understand the main pitfalls of communicating with the board and executives and how to overcome them.
  • Establish varying methods of communication, including frequency and content.
  • Formulate communication strategies to ensure their messages about risk and results are heard and acted upon.

CS 8-4–Voicing Conviction: Keys to Persuading Decision Makers

Tuesday, August 13 | 1:45PM – 2:45PM

Orlando R. Barone
Faculty Instructor
Temple University

Your best argument is not enough. Persuasiveness requires that you look and sound convincing as an IT auditor asking executives and board members to approve your audit proposal or accept your recommendations for corrective action. IT auditors will learn how to educate without condescension or arrogance, how to interact effectively with decision makers who are technically uninformed or technically knowledgeable, and how to use voice and gesture to achieve the optimal tone and appropriate results.

In this session, participants will:

  • Describe the process of translating technical descriptions into effective explanations suitable to the non-expert.
  • List and practice techniques of voice, gesture, and posture to transmit assertions that are persuasive to high-level decision makers.
  • Define and practice the steps to establishing positive rapport and achieving a desired emotional tone.
  • Review practical examples of effective and less effective interactions between IT auditors and decision makers.

CS 9-4–Advisory/Consulting and Independence: How Can They Coexist?

Tuesday, August 13 | 3:00PM – 4:00PM

Rachel Tressy, CPA
Senior Vice President and Chief Auditor
Voya Financial

How, as internal auditors, can we provide advisory services to our business partners and still retain our independence? Historically, some audit teams have stayed away from advisory/consulting activities because of fear of blurring the lines. This session will examine some strategies for advisory/consulting activities that help internal audit teams build relationships and add value to the business while maintaining independence.

In this session, participants will:

  • Share challenges experienced in maintaining independence while performing advisory activities.
  • Develop strategies to avoid blurring the lines when conducting advisory activities.
  • Describe successful advisory activities and their impact on businesses being supported.

CS 10-4–The Art of Change: How Great Leaders Never Settle

Tuesday, August 13 | 4:30PM – 5:30PM

Erika Ray
Managing Director
Protiviti

Whether covert or overt, resistance to necessary change spawned by disruptive innovations can be lethal. Coupled with concerns about the inability to adjust existing operations and IT infrastructure to compete with more nimble competitors, one of the top risks organizations face today is a cultural concern related to overall resistance to change within their organizations. As major business model disruptors emerge, there is a growing focus on the speed with which the second and third line anticipate and respond to change in their organizations and on their own teams.

In this session, participants will:

  • Hear from audit executives who are helping to shape the change process in their organizations.
  • Discuss the common phases people go through when faced with change, including the social and technical aspects of the change process.
  • Outline common reasons why people resist change within their organizations and what actions leaders can take to engage their teams in the change process.
  • Detail how to recognize, reward, and measure success of embracing change within an organization.


Return to Event Page >>
 

Spotlight Sessions

SS1–Remove Bias From Your Vulnerability Management Program

Tuesday, August 13 | 5:40PM – 6:10PM

Scott Donnelly
VP, Solutions Engineering
Expanse

Vulnerability scanners are indispensable in an IT team's toolkit. Unfortunately they have one big flaw: they can only scan what you tell them to scan. But what about the assets you don't know about? A robust security program is incomplete – and your vulnerability management tools are not being used to their full potential – if you do not address their limitations dealing with unknowns.

In this session, participants will be able to:

  • The limitations of vulnerability management tools
  • The risks associated with unknown assets
  • Methods you can use to find those unknown assets

SS2–Bringing Digital Transformation to GRC

Tuesday, August 13 | 5:40PM – 6:10PM

Gregory Conn
GRC/IRM Advisory Solution Architect
ServiceNow

In today’s world, digital transformation is viewed as a necessity to keep pace with growth and to stay relevant with the competition. But what does digital transformation mean for Governance Risk and Compliance processes? How should organizations be leveraging GRC technology to enable GRC digital workflows for their organization. An effective GRC solution should enable all personas including senior executives, risk managers, auditors, control owners, and global process owners to engage in the GRC process and digitize their experience as they work. Join us and find out how we think about digitally transforming GRC processes at ServiceNow, and how the Now Platform is uniquely positioned to unlock your digital experience.


Return to Event Page >>
 

Innovation Sessions

 

IN2: Building CISOs in the Boardroom: Translating Tactical Cybersecurity into Business Objectives

Sponsored by CyberSaint Security, Inc.

Monday, August 12  | 9:50AM – 10:10AM

George Wrenn
CEO & Founder
CyberSaint Security

Learn Cybersecurity is now a critical aspect of business success. In this session, you will learn tangible steps that will align your cybersecurity compliance and risk initiatives with business outcomes. Learn to represent your tactical progress in business terms and show business leaders that a strong cybersecurity program can be the difference between business growth and a direct hit to the bottom line.

After completing this session you will be able to:

  • Reflect cybersecurity program progress in business outcomes
  • Discuss cybersecurity in a business context to build relationships and get buy-in from the CEO and the Board
  • Learn how to use agile, lightweight integrated risk management programs to facilitate communication and increase visibility into your cybersecurity posture in real-time

IN3: How to Improve Security, Privacy and Compliance in the Cloud with Continuous Oversight

Sponsored by SecurityScorecard, Inc.

Monday, August 12 | 4:05PM – 4:25PM

Fouad Khalil
VP Compliance
SecurityScorecard

New and emerging technologies and practices create new challenges for information assurance professionals that they have not had to address until recently. Also increasingly used are third party outsourced services, often through cloud connections. These are all in addition to the longstanding information security threats and vulnerabilities that have existed for many years, and some for many decades.

The concept of monitoring information system security has long been recognized as sound and valuable management practice. A large portion of compliance requirements for information security and privacy are supported by such monitoring in addition to continuous assurance and oversight activities.  Some key activities to include in information security, privacy and compliance programs include:

  • Continuous assurance throughout the full data lifecycle, including continuous monitoring, continuous awareness, and continuous compliance.
  • Continuous supply chain management for vendor security, privacy and compliance management and oversight.
  • Continuous cloud assurance, for the various types of clouds currently being used.
  • Continuous improvement to ensure security, privacy and compliance activities remain relevant and effective.

After completing this session you will be able to:

  • How do all these challenges impact risk levels throughout any type of organization?
  • What are the benefits of continuous oversight?
  • Call to action on how to best proceed.

IN4: Building the Foundation for the Next Generation of Audit Management

Sponsored by Refinitiv

Tuesday, August 13 | 7:45AM – 8:05AM

Peter Kohler
Risk Solutions Director
Refinitiv

Learn how the audit world will be impacted by emerging forces like AI, allowing auditors to expand their reach and help the business grow. This session will discuss the changing technological landscape and what the future will look like in 5 years. Gain insight into the next generation audit technology that can help you drive an agile, real-time, holistic view of risk to empower strategic decision making.

After completing this session you will be able to:

  • Understand current trends and opportunities in audit
  • Discuss the benefits and limitations of AI in audit
  • Articulate technology and cloud audit concerns

IN5: The Data Breach vs. The Ethics Breach: How to Prepare for Both

Sponsored by OneTrust, LLC

Tuesday, August 13 | 9:50AM – 10:10AM

Alex Bermudez
Privacy Consulting Manager, Americas
OneTrust, LLC

In today’s age of 72-hour breach reporting and the 24/7 news cycle, data breaches seem like a daily headline. While consumers may no longer be shocked by their data being lost or stolen, the way in which an incident occurs can impact the level of reputational damage following an breach. Stakeholders are understanding the difference between a data breach that may occur from a security flaw and an “ethics breach,” where a company was careless with personal information or sought to capitalize on the improper use of data. In this session, we’ll review case studies from recent breaches and analyze which situations qualify as an “ethics breach.” We’ll also handout an incident and breach toolkit, including tips to avoid the catastrophe of an ethics breach violation in your company.

After completing this session you will be able to:

  • Breakdown the difference between an data breach and an “ethics breach”
  • Hear key insights from recent data breaches and learn how to avoid these mishaps
  • Outline what stakeholders, teams, tools and processes should come together in the event of a breach
  • Gain an incident and breach toolkit to prepare your organization ahead of a breach

IN8: Cover Your Blind Spots! Include the Inaccessible or Sensitive Assets into Your Overall Vulnerability and Compliance Program

Sponsored by Qualys, Inc.

Wednesday, August 14 | 9:50AM – 10:10AM

Mark Holub, CISA, CISSP
Security Solutions Architect
Qualys, Inc.

Extending compliance and vulnerability coverage to highly critical infrastructure can be a challenge when organizations leverage extra layers of protection, such as air-gapped networks, to secure assets such as infrastructure-controlled devices. This talk covers traditional and new data collection methodologies organizations can use to extract vulnerability and configuration data from systems that are otherwise difficult or impossible to assess. Learn how to achieve this crucial protection by eliminating blind spots and prevent exposure to cyber-attacks across all infrastructure.

After completing this session you will be able to:

  • Know how to define your blind spots for devices that are in YOUR environment.
  • Know what the enterprise is doing today in lieu of being able to assess these devices.
  • Realign your vulnerability and compliance practices.


Return to Event Page >>
 

Workshops

Workshop 1—Introduction to COBIT 2019 – 7.5 CPE

Sunday, August 11 | 8:30AM-5:00PM

Registration Fee: $600

Top-Rated SpeakerMark Thomas, CGEIT, CRISC
President
Escoute Consulting 

Intended Audience
Those with existing familiarity with COBIT 5 who are interested in understanding the latest version of the COBIT framework. This course will also highlight the key differences between COBIT 5 and COBIT 2019.

Course Description
COBIT is a framework for the governance and management of enterprise Information and Technology that supports enterprise goal achievement. This one-day course highlights the concepts, models and key definitions of the new COBIT 2019 framework and explains the differences between this recent release with COBIT 5. This course will prepare you to take the COBIT 2019 exam.

Course Learning Objectives

  • Recognize the context, benefits and key reasons COBIT is used as an information and technology governance framework.
  • Compare the key attributes of COBIT 2019 with COBIT 5.
  • Discover the updated COBIT principles for governance system framework.
  • Identify the changes to the COBIT publications scheme.
  • Describe the updated components of a governance system
    • Governance and management objectives
    • Components of the governance system
    • Focus areas
    • Design factors
  • Compare the updated COBIT 2019 goals cascade with COBIT 5.
  • Differentiate COBIT based performance management using maturity and capability perspectives.
  • Discover how to design a tailored governance system using COBIT 2019.
  • Describe the relationships between the COBIT Design and Implementation Guides.
  • Explain the key points of the COBIT business case.
  • Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.

Workshop 2—Tactics (and Courage) to Appraise Corporate Culture – 7.5 CPE

Sunday, August 11 | 8:30AM-5:00PM

Registration Fee: $600

Robert B. Kuling, CIA, CRMA
Partner, Risk Advisory
Deloitte & Touche LLP (Canada)

 

 

Jason Minard
Senior Vice President and Manager of Controls, Testing & Regulatory Review
Wells Fargo

Course Description
In response to heightened expectations from stakeholders, the imperative for internal auditors to understand and anticipate cultural risks has never been higher. High-profile breakdowns in numerous industry sectors have prompted organizations to evaluate their view of the “right” culture, social license, and competitive advantage. Internal audit’s objectivity, skills, and enterprisewide perspective are well-positioned to ascertain whether risks arising from culture have been identified and addressed, and whether “hotspots” exist within the organization. This includes assessing all aspects of culture risk management, ranging from employee engagement to investigation protocols.

This session will prompt internal auditors to refine their efforts or develop a starting point for this sensitive, high-impact audit domain. According to research conducted by Deloitte and The IIA, only 28% of internal audit functions have formally evaluated the organization’s culture within the past three years. Numerous cultural elements will be outlined and discussed, including tone, values, motivations, psychological health, organizational bias, cultural artifacts, and social media. Lessons learned from organizational examples are included to stimulate dialogue. Practical approaches for planning and executing high-impact engagements to mitigate reputational and financial damage will be presented.

In this session, participants will:

  • Identify and describe cultural impacts on business performance.
  • Articulate and describe cultural elements and artifacts in their respective organization(s).
  • Incorporate culture risk dimensions into the internal audit plan.
  • Develop strategies (e.g., standalone audits, bolt-on, analytics, agile) and apply various methods, tools, and metrics to appraise culture.
  • Recognize and mitigate bias and management pressures.
  • Apply various techniques to report and engage stakeholders.

Content

  • Presentation format, including content on culture risk frameworks, sources of audit evidence, case studies, root cause analysis, and reporting formats
  • Brainstorming and interactive exercises – group and individual

Workshop Information

Field of Study – Auditing
Knowledge Level – Intermediate to advanced
Advance preparation – None
Delivery Format – On-Site Training (Group-Live)


Return to Event Page >>
 

Keynotes

Opening Keynote Speaker

Shift Your Brilliance – Leading Amidst Change and Uncertainty

Simon T. Bailey
Breakthrough Strategist

Business change moves at the speed of light. To keep pace, individuals within an organization must raise the bar on their performance and reset their mindset. The leadership skills of yesterday will not carry the day in today’s continually evolving economy.

As the business climate changes in the midst of gender parity, #MeToo, pay equity, diversity, and inclusion, we, too, must change and embrace what Simon T. Bailey calls the “Vuja de Moment.” This is the opposite of déjà vu and is an invitation to disrupt what is comfortable and convenient to embrace what needs to emerge to remain relevant, innovative, and competitive.

Collaborative problem-solving triumphs over traditional top-down directives. Solution-oriented individuals are forward-looking in their thinking. Forward-looking thinking must permeate throughout the corporate culture. You must shift and embrace new methodologies to survive, compete, and thrive through the ever-changing demographic, technological, and regulatory marketplace changes that affect businesses today.

No one is immune to these predictable changes. The traditional winning formulas of yesterday will not hold up to the technological solutions that will continue to automate “traditional” business processes.

Simon T. Bailey will teach you to:

  • Stay relevant and ensure your company stays competitive in the marketplace
  • Guide even the most tenured employees to reposition themselves and revitalize their role
  • Perform a mindset reset to break through the existing paradigm
  • Maintain clarity and confidence during transition and uncertainty
  • Give participants actionable tools to take ownership and develop the vision needed to be a leader for the future

Success magazine calls Simon T. Bailey one of the top 25 people who will help you reach your business and life goals through practical advice and specific tactics. He joins a list that includes Oprah Winfrey, Brene Brown, and Tony Robbins. His expertise focuses on change, leadership, and customer experience. He's worked with over 1,500 organizations in 45 different countries. As an innovator, educator, executive advisor, speaker, and author, he shapes the lives of men and women around the world.

Prior to founding his company, Simon held the role of Sales Director for the world-renowned Disney Institute and worked in the hospitality and tourism industry for 20 years. His strategies drove the acquisition of an Orlando-based healthcare system and catapulted a hospitality company to be ranked #1 in customer service on Expedia.com.

Simon emboldens individuals to impact the world by sharpening natural talents. Outside of his learning and development programs for organizations, Simon's consumer-facing Lynda.com courses powered by Linkedln have been viewed by more than 600,000 people in 100 countries.

When Simon is not working, he spends quality time with his two active teenagers, roots for the Buffalo Bills, and is an avid moviegoer. He believes his most important role is to be a great dad and to volunteer in serving the least, the last, and the lost men in society.


Closing Keynote Speaker

Embracing Disruptive Innovation

Patrick Schwerdtfeger
Business Futurist

Disruptive innovation invalidates existing business models. That’s why it’s become so important for executives around the world. Technology is evolving along an exponential curve. Entire industries are collapsing as new (mostly digital) business models provide better outcomes for fewer dollars. Disruptive innovation generally comes from the edges of industries, not the center. It comes from ‘adjacent markets’ often catching executives by surprise. Patrick dissects the topic and leaves attendees with a series of questions they can use to spot possible threats and also opportunities within their business models.

Patrick Schwerdtfeger is a business futurist specializing in technology trends including artificial intelligence, Fintech, and blockchain. He has lectured at numerous academic institutions including Stanford and Purdue Universities and is a regular speaker for Bloomberg TV. Schwerdtfeger is the founder of Trend Mastery Inc. and host of the Strategic Business Insights video blog, with over 25,000 subscribers and 6 million views on YouTube. He has spoken about business trends, technology, and digital marketing at hundreds of conferences around the world, and discussed “Learned Intuition” at TEDx Sacramento. Schwerdtfeger authored the award-winning book “Anarchy, Inc.: Profiting in a Decentralized World with Artificial Intelligence and Blockchain” (2018, Authority Publishing) and other titles including “Keynote Mastery: The Personal Journey of a Professional Speaker”; “Webify Your Business: Internet Marketing Secrets for the Self-Employed”; and “Make Yourself Useful: Marketing in the 21st Century”. Schwerdtfeger has been featured by the popular press including the New York Times, LA Times, Reader’s Digest, CNN Money, NPR, Fortune, Bloomberg Businessweek, the Associated Press, MONEY Magazine, Forbes, and many others.


GS1–Your Personal Brand

Tuesday, August 13 | 8:30AM-9:45AM

Nancy Haig, CIA, CCSA, CFSA, CRMA
Director, Internal Audit and Compliance
Alvarez & Marsal

A brand . . . for me? We have all heard the buzz words, but what exactly is a “personal brand,” and why is it important? Who needs a personal brand? To succeed in business, you do. Like an organization’s culture, a personal brand exists whether you know it or not, so how do you go about intentionally creating yours, and once you have one, how do you manage it?

In this session, participants will:

  • Learn what a personal brand is and why having one is important to professional/career success.
  • Explore the relationship between personal brand and leadership ability.
  • Gain tips for utilizing various tools and techniques to create, promote, and manage their own brand.
  • Consider the impact of social media on personal brand.

GS2–The Future of IT Audit and Industry 4.0

Wednesday, August 14 | 8:30AM-9:45AM

Brennan P. Baybeck, CISA, CISM, CRISC, CISSP
ISACA Board Chair

Your enterprise is adopting emerging technologies at record speed and grappling with the opportunities and pitfalls of digital transformation. As a result, IT auditors are needing to add new approaches, skills and expertise at record speeds as well.

Based on research from ISACA and Protiviti about the future of IT audit, this session will help prepare auditors for the future of their profession. Which skills are in most demand? How can auditors best position themselves with the talent that hiring managers will be seeking? And how will AI impact the profession? This session will address all of those questions and more.

With Industry 4.0 and the exponential change it is driving, auditors must remain relevant and valued partners in their organizations. This session will help them understand and utilize the technology that is driving change and fueling their enterprise’s digital transformation activities.

ISACA Board Chair Brennan P. Baybeck will explain how traditional audit roles will be realigned with how businesses are operating, and how auditors can reposition themselves as key leaders and influencers who can guide their organization’s IT audit program into the future – and ahead of the threats.

In this session, participants will:

  • Understand the top technology challenges for IT auditors and how to gain skill in these areas
  • Identify governance, risk and audit concerns posed by new technologies and Industry 4.0.
  • Understand how new regulations are impacting IT audit
  • Analyze your professional development pathways to meet the new demands that IT audit professionals will face as their organizations undergo digital transformation.


Return to Event Page >>