17th annual iia and isaca spring training - … annual iia and isaca spring training ... the ancient...
TRANSCRIPT
1
If you are responsible for your company's internal auditing, information systems
security and integrity, accounting, finance, Sarbanes-Oxley compliance or other regulatory matters, or simply need continuing education, you will want to join us for
the 17th annual Detroit Spring Training event.
The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the annual Spring
Training Event. Each year, the Spring Training Committee spends a considerable amount of time planning a comprehensive series of course offerings for our members
and guests. The 2016 event is no exception. A number of classes sell out each year so register early. Don't miss this opportunity to
network with your peers, enhance your skills, and learn about new products and services in the marketplace! Our goal is to provide a world-class caliber training event
tailored to your needs. Class size and materials are limited. To be fair and equitable to all, we operate on a
first-come first-serve basis, and maintain a wait list for all sold out courses. Therefore, registrants are required to attend the course(s) for which they registered unless they
receive prior written approval from the Committee Chair. Registrants attending unauthorized classes will not be awarded continuing education credits. We look forward to seeing you at the Spring Training event!
- The 2016 Spring Training Committee
Welcome
RETURNING THIS YEAR–VENDOR EXPO!
We have invited many audit and assurance vendors to set up displays during the training event giving you an opportunity to learn about products and partners that are in the marketplace, and their associated benefits for your organization.
A Special Thanks to our Platinum Sponsors who continue to
give generous support to this annual event!
Monday Lunch– TBD Tuesday Lunch – TBD
Wednesday Lunch – TBD
2
Special Thanks
To our 2015 Vendors
Platinum VENDORs
Accretive Solutions
Experis Finance
PwC
Gold Vendors KPMG
Orion Solutions Group
Plante Moran
Resources Global Professionals
3
2016 TRAINING PROGRAM
TRACK MON APRIL 4 TUES APRIL 5 WED APRIL 6
A Coaching for Enhanced
Performance
(Don Levonius)
Driving Change Without Running Others Over
(Don Levonius)
Leading with Integrity and Authenticity
(Don Levonius)
B Enterprise Risk Management
(Paul Zikmund)
Lessons from Real Fraud Examinations: Case Studies
(Paul Zikmund)
Internal Audit’s Role in Fraud Risk Management
(Paul Zikmund)
C
Emotional Intelligence: The Heart of Leadership
(Dr. Keith Levick)
Managers to Leaders
(Dr. Keith Levick)
Conflict Management
(Dr. Keith Levick)
D
Best Practices in Internal Auditing
(Dr. James Roth)
Assessing the Risk / Control Culture: Challenges and Proven Techniques
(Dr. James Roth)
E Advanced Auditing for In-Charge Auditors
(Kathleen Crawford)
F Using Risk Assessment to Build Individual Audit Programs
(Greg Duckert)
G Internal Audit University
(Dr. Hernan Murdock)
H Introduction to Incident Response
(Mary Siero)
I Virtualization Security & Audit
(John Tannahill)
Cloud Management and Security
(John Tannahill)
J
Is Your Data Really Secure?...13 Ways to Avoid
Cyber Data Leaks
(Ken Cutler)
Cyber Audits of Identity and Access Control Management
(Ken Cutler)
K Auditors Role in IT Governance
(Mitch Levine)
Auditing Disaster Recovery & Business Continuity Planning
(Mitch Levine)
L Safeguarding Critical Assets
(Sajay Rai)
Introduction to Information Security for IT Auditors
(Sajay Rai)
4
TRACK A-1 COACHING FOR ENHANCED PERFORMANCE
(DON LEVONIUS, MONDAY) 7 CPEs
Seminar Focus and Features
As a leader, one of your most important responsibilities is to provide ongoing and effective
performance feedback and coaching for employees. Yet, many leaders neglect to do so or resort
to ambiguous statements like “Great job!” or “You’ve got to do better.” Great leaders provide
specific and actionable feedback and actively coach employees in a way that enhances their self-
awareness, self-efficacy, and job performance. This hands-on seminar helps learners master
proven models and techniques and develop an action plan for applying them in an actual
workplace situation.
By the end of this seminar, learners will be able to:
Identify essential elements of effective feedback
Organize observations, thoughts, and feedback using several feedback models
Apply proven coaching techniques to enhance employee self-awareness, self-efficacy,
and job performance
Develop an action plan for providing feedback and coaching for an actual employee
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
5
TRACK A-2
DRIVING CHANGE WITHOUT RUNNING OTHERS OVER (DON LEVONIUS, TUESDAY)
7 CPEs
Seminar Focus and Features
The ancient philosopher Heraclitus once said, “The only thing that is constant is change.” And
according to change guru John Kotter, “The rate of change is not going to slow down anytime
soon.” Change is both constant and pervasive. Whether your responsibilities require you to
influence incremental change or lead radical, transformational change, your success will be
determined by your ability to inspire others and convert their resistance and skepticism into
cooperation and commitment. This interactive seminar examines why most change initiatives fail
and introduces a systematic process that will help learners drive change in their own
organizations.
By the end of this seminar learners should be able to:
Describe why most change initiatives fail
Recognize common causes of resistance, as well as techniques for overcoming it
List and explain the stages of on an effective change initiative
Develop a customized action plan for driving change in their organization
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
6
TRACK A-3
LEADING WITH INTEGRITY AND AUTHENTICITY (DON LEVONIUS, WEDNESDAY)
7 CPEs
Seminar Focus and Features
Leadership is about collaborating with and influencing others. Great leaders are able to influence
not only their direct reports, but clients, colleagues, decision-makers, and others over whom
they have little or no formal authority. And while most leaders intuitively know right from
wrong, some seem more motivated by self-interest and achievement than by their obligation to
do the right thing. Do leaders have a moral duty to do what is right, despite the consequences?
Yes. Does ethical leadership often produce desired organizational results? Absolutely!
This seminar helps participants discover their purpose, discern the needs of others, identify win-
win solutions, exhibit grazia and sprezzatura in order to persuade others without being pushy,
and demonstrate how ethical behavior enables leaders.
Through the use of storytelling, videos, self-assessments, self-reflection, small group activities,
and ethical scenarios we will examine how collaboration, influence and ethical behavior enables
leaders.
By the end of this seminar learners will be able to:
Integrate collaborative problem solving to avoid imposing or compromising
Demonstrate the ability to be unpretentious and unflappable
Differentiate between knowing how, and articulating why
Establish leadership’s role in organizational ethics
Consider how ethical leadership affects organizational performance and profit
Explain how ethical leadership provides a viable value proposition for leaders seeking to
drive organizational effectiveness
Apply three specific goals for actively listening to others
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
7
TRACK B-1
ENTERPRISE RISK MANAGEMENT (PAUL ZIKMUND – MONDAY)
7 CPEs
Seminar Focus and Features
There are increasingly escalating demands on organizations to implement and strengthen their
enterprise-wide risk management processes. Risk managers must now look to further
strengthen their oversight process to better identify, assess and manage risks across the
enterprise.
Internal Audit’s core role in regard to ERM is to provide independent and objective assurance to
the Board and Executive Leadership on the effectiveness of the ERM program to help ensure key
business risks are being managed effectively and appropriately in line with the organizations risk
appetite.
Core internal auditing roles in regard to ERM:
• Giving assurance on risk management processes
• Giving assurance that risks are correctly evaluated
• Evaluating risk management processes
• Evaluating the reporting of key risks
• Reviewing the management of key risks
The workshop identifies the practices and benefits of a dynamic enterprise-wide risk
organization. Through interaction and hands-on exercises, participants learn practical
approaches that they can immediately apply to their specific organization. The workshop starts
with a definition of ERM and a discussion of the basic tenets of a sound ERM practice -
organization, reporting, measuring, monitoring, and culture — much of which in some form is
already in place. The workshop will address how auditors can leverage these existing practices
to develop a robust approach program to determine the effectiveness of their organization’s
overall ERM program.
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
8
TRACK B-2 LESSONS FROM REAL FRAUD EXAMINATIONS: CASE STUDIES
(PAUL ZIKMUND – TUESDAY) 7 CPEs
Seminar Focus and Features
Conducting investigations of fraud presents various risks to any organization. Organizations
must develop and implement effective policies and procedures to reach the appropriate
conclusions while reducing legal liability for the organization.
This interactive session is designed to provide participants with a roadmap for understanding the
key elements of conducting successful fraud investigations. Through the use of real-life case
studies, attendees will evaluate and manage allegations of real cases and learn the following:
Key steps of any investigation
Navigating risks and avoiding pitfalls of compliance investigations
Managing physical and electronic evidence
Presenting investigative results
Managing sensitive issues
Remediation of misconduct
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
9
TRACK B-3 INTERNAL AUDIT’S ROLE IN FRAUD RISK MANAGEMENT
(PAUL ZIKMUND – WEDNESDAY) 7 CPEs
Seminar Focus and Features
From the IIA: “Internal auditors support management's efforts to establish a culture that
embraces ethics, honesty, and integrity. They assist management with the evaluation of internal
controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.
Although it is management's responsibility to design internal controls to prevent, detect, and
mitigate fraud, the internal auditors are the appropriate resource for assessing the effectiveness
of what management has implemented. Therefore, depending on directives from management,
the board, audit committee, or other governing body, the internal auditors might play a variety
of consulting, assurance, collaborative, advisory, oversight, and investigative roles in an
organization's fraud management process.”
In this session attendees will learn more about how internal auditors can help their organizations
mitigate and manage the risk of fraud. The session goals and objectives include the following:
Implementing a Fraud Risk Management Strategy
Elements of a comprehensive framework
Achieving continued support from the C Suite
Resources to ensure successful implementation
Managing the expectations of senior management
Proper staffing of engagements
Laws and regulations impacting fraud risk management
Tools and techniques for fraud training
Effective use of data analytics and tools to achieve results
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
10
TRACK C-1
EMOTIONAL INTELLIGENCE: THE HEART OF LEADERSHIP (DR. KEITH LEVICK, MONDAY)
7 CPEs
Seminar Focus and Features
Research has shown that Emotional Intelligence (EI) contributes more to a person’s success in
life than raw intelligence (IQ). Leaders and employees with a high EI are the ones who make
the best decisions, manage people more effectively and contribute most to the overall success
of the organization. Emphasis is placed on the development of specific skills that strengthen EI.
This course is based upon active learning, with rich, interactive exercises and applied
experiences.
Learning Objectives:
At the end of this course, participants will be able to:
Define emotional intelligence (EI)
Recognize the role of EI in the workplace
Describe an EI model
Build an intuitive muscle
Better manage emotions
Improve social awareness
Practice and enhance social and empathy skills
Listen and respond with empathy
Outcome:
Improved and enhanced Emotional Intelligence resulting in increased customer satisfaction,
relationships, retention, and improved internal employee interactions.
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
11
TRACK C-2
MANAGERS TO LEADERS (DR. KEITH LEVICK, TUESDAY)
7 CPEs Seminar Focus and Features
Managers manage; leaders inspire and motivate. This course focuses on the differences between
managing and leading while maintaining consistency in all areas of business operations. Team
building, communication, leadership style, and fostering a positive work environment are
addressed. Emphasis is placed upon building a variety of leadership skills.
This course is based upon active learning, with rich, interactive team based exercises, and applied
experiences.
Learning Objectives:
At the end of this course, participants will be able to:
Identify the differences between managers and leaders
Identify team leadership styles
Explore leader behavior
Recognize the elements of building positive relationships
Discover what motivates people and how to create a motivating climate
Identify levels of trust
Explore and understand common approaches to discipline
Practice a non-punitive approach to dealing with negative behavior
Outcome:
Enhanced leadership skills resulting in improved departmental functioning, communication, and
team interpersonal relationships.
Prerequisite: None Learning Level: Intermediate Field of Study: Auditing
12
TRACK C-3 CONFLICT MANAGEMENT
(DR. KEITH LEVICK, WEDNESDAY) 7 CPEs
Seminar Focus and Features
Negative conflict in a business setting can be expensive, counter-productive, time consuming, and
labor intensive. Constructive conflict can bring about new ideas and problem solving methods.
This program focuses on providing the skills necessary to manage negative conflict and promote
positive working relationships.
This course is based upon active learning, with rich, interactive exercises, case studies, and
applied experiences.
Learning Objectives:
At the end of this course, participants will be able to:
Recognize how and why conflict exists
Realize conflict represents differences in opinions and beliefs
Identify personal conflict resolution styles
Identify blockers that hinder the resolution process
Demonstrate a five (5) step collaborative process
Manage emotions
Take the perspective of others
Deal with negative
Outcome:
Enhanced ability to resolve workplace conflicts resulting in less hostility, fewer disputes, and
higher productivity.
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
13
TRACK D-1 BEST PRACTICES IN INTERNAL AUDITING
(DR. JAMES ROTH, MONDAY) 7 CPEs
Seminar Focus and Features
This seminar presents a wealth of practices from world-class internal audit departments. You will
get their actual evaluation tools and related documents. You will also learn how they apply the
tools, and how to tailor their practices to your own organization. After the seminar, you will be
able to use these examples as models to create or enhance your own value-added practices.
Topics include:
Audit Department Structure and Annual Planning Process
Best Practice Principles and examples – intertwine with management; participative,
qualitative, strategy focused audit planning
How to Plan, Monitor, and Aggregate Results to Form an Entity-wide Opinion Based on
the organization’s strategy and COSO 2013
Value-Added Audit Methodologies
Best Practice Principles and Risk-Based Auditing
Practices That Enhance Audit Projects – Staff Skills Matrix, Best Practice Web Site and
Database, Use of Guest Auditors, Criteria for Evaluating Performance Measures
Trends and Innovations in Audit Reports
Emerging Practices
Assessing the risk management process
Advising and assessing the governance process(es) and organizational strategy
Auditing social media and mobile devices
Assessing the use of “big data”
Staffing, Work Environment, Marketing and Measuring
Staffing and Work Environment – Best Practice Principles
Competency Model for Staffing and Career Development
Career Planning Form
Marketing Internal Audit
Post-Audit Customer Survey and Audit Department Performance Metrics
How to Get There From Here: Transforming Internal Audit
Audit Department Customer Analysis
Creating a Shared Vision for the Future
Developing and Implementing the Internal Audit Strategic Plan
Discussion Guide for Customer Input
Audit Department Strategic Plan
Summary – Profile of a Value-Adding Internal Audit Department
Prerequisite: None
Learning Level: Intermediate
Field of Study: Auditing
Continued on next page
14
TRACK D-2
ASSESSING THE RISK / CONTROL CULTURE: CHALLENGES AND PROVEN TECHNIQUES
(DR. JAMES ROTH, TUESDAY-WEDNESDAY) 15 CPEs
Seminar Focus and Features
Through discussion and exercises you will:
Be exposed to the latest thinking and guidance on evaluating culture
Learn how eight leading organizations from various industries are evaluating the risk and
control culture
Share your techniques for evaluating culture with other attendees and get feedback from
your peers and Dr. Roth
Work through hands-on exercises in evaluating elements of culture
Proven evaluation tools from world-class audit departments
Examples of audit report comments on weaknesses in the culture
Topics covered during this two-day seminar include:
Why Evaluate the Risk Culture?
Risk culture is a growing concern for Internal Audit’s stakeholders
What our Standards and the real world say
Challenges, Potential Pitfalls, Keys to Success
Cultural trade-offs
Challenges: complexity and subjectivity of culture, resistance of key players, other
Keys to success
Approaches and Techniques
Overview of evaluation techniques and tips for scope, execution, reporting, and staffing
How nine audit departments – five in financial services, one each in healthcare,
manufacturing, travel, and public sector – are auditing culture
Audit Project Evaluation Techniques
Key to success and five essential principles for evaluating aspects of culture
Bringing cultural issues into the risk assessment
Guidelines for evaluating risk culture during audit projects
Guidelines for developing and administering audit project surveys and example from IIA
research
Entity-Wide Evaluation Techniques
Guidelines for entity-wide structured interviews and guides from IIA research
Guidelines for developing, advising, assessing and using entity-wide surveys
Advantages / disadvantages of each cultural evaluation technique
Reporting Cultural Issues
Guidelines and keys to success
Audit report techniques that lower the defensiveness of local management
Audit rating systems that include “management awareness of risk”
Prerequisite: Fundamentals of Internal Auditing or equivalent experience.
Learning Level: Intermediate
Field of Study: Auditing
15
TRACK E ADVANCED AUDITING FOR IN-CHARGE AUDITORS
(KATHLEEN CRAWFORD, MONDAY-WEDNESDAY) 22 CPEs
Seminar Focus and Features
In this three-day session you will learn all of the elements involved in leading traditional and
operational risk-based auditing from the unique perspective of the in-charge position. With
peers, attendees will review such concepts as audit program flexibility, risk assessment, priority
setting during fieldwork, and effective oral and written communications of audit findings. This
course covers preliminary fieldwork, audit program development, COSO, risk assessment, and
auditing the control environment in today's business climate.
What You Will Learn:
Managing Fieldwork
Auditing Concepts: The In-Charge's Perspective
The Changing Control Environment
Marketing and Selling Internal Audit
Preliminary Fieldwork and Program Development
Risk Assessment Strategies
Applying Project Management to Internal Audit
Fraud Awareness
Effective Communications
High-Profile Case Studies - Lessons Learned
Improving the Productivity of the Audit Process
Incorporating Best Practices throughout the Audit Department
Prerequisite: Internal Audit University or equivalent experience.
Learning Level: Intermediate
Field of Study: Auditing
16
TRACK F
USING RISK ASSESSMENT TO BUILD INDIVIDUAL AUDIT PROGRAMS (GREG DUCKERT, MONDAY-WEDNESDAY)
22 CPEs
Seminar Focus and Features
In this revealing three-day seminar you will learn how to use risk assessment - generally applied
to annual audit plans - to help build individual audit programs that will boost auditor productivity
and provide the control assurance required by Sarbanes-Oxley. You will explore the differences
between traditional, control-based risk assessment and a new, business risk-based approach
that addresses management's concerns at the individual audit level. This progressive risk-based
approach will demonstrate how assurance and consultative auditing can be performed
simultaneously to maximize your audit resources and generate high-impact outcomes.
Attendees will learn how to recognize primary risks critical to any organization and to evaluate if
there are appropriate controls in financial, information systems, compliance, and operational
audits. You will then investigate the innovative methodology in a practical, case-based work
session that will lead you step-by-step through the development of an individual audit program
that can be executed in your own organization. You are encouraged to bring an audit subject
and background information to use in this class exercise. Attend this timely seminar to learn
how to focus your audits on the business concerns of the audit committee, senior management
and the organization's operations.
What You Will Learn:
Traditional Approaches to Risk Assessment
Information Sources Required to Truly Determine Risk
Maximizing Your Audits with Sound Data and Informed Judgment
A Business-Risk Approach to Value-Added Audit Programs
Focusing the Audit on Risk: A Multi-Level Approach
Risk Assessment in the Four Major Types of Audits
Maximizing Your Value: Talking Business Not Audit
Prerequisite: Internal Audit University or equivalent experience.
Learning Level: Intermediate
Field of Study: Auditing
17
TRACK G
INTERNAL AUDIT UNIVERSITY (DR. HERNAN MURDOCK, MONDAY-WEDNESDAY)
22 CPEs
Seminar Focus and Features
In this intensive three-day seminar, attendees will master fundamental operational auditing
techniques and learn how to use a risk-based approach to enhance your audits of the
purchasing, marketing, human resources, information technology (IT), management,
finance/treasury and accounting functions.
Participants will explore the objectives of major business operation areas and learn how to
identify the key risks threatening them. You will find out how to make your audits more efficient
and effective and how to use data analytics to gain an in-depth understanding of business
processes. You will cover such critical areas as the impact of SOX, ERM and GRC on the
organization, uncovering fraud schemes that threaten business operations, and the role of IA in
helping management build strong risk management and strategic planning processes. You will
leave this high-impact seminar with the skills necessary to go beyond outputs and to examine
the organization’s ability to achieve the necessary outcomes.
What You Will Learn:
Operational Auditing
Components of Operational Audits
Auditing the Purchasing Function
Auditing the Marketing and Sales Function
Auditing the Human Resources Function
Auditing the Finance, Treasury and Accounting Functions
Auditing IT
Auditing the Management Function
The Future of Operational Auditing
Prerequisite: None
Learning Level: Basic
Field: Auditing
18
TRACK H INTRODUCTION TO INCIDENT RESPONSE
(MARY SIERO, MONDAY-WEDNESDAY) 22 CPEs
Seminar Focus and Features
While preventative controls remain a critical component of an effective information security
program, the ability to detect and respond to security incidents continues to increase in
importance. The number of breaches reported each year, combined with evidence of
increasingly sophisticated attacks, only serves to emphasize the need for organizations to have
staff members skilled in managing information security incidents.
This seminar is designed to provide the knowledge and experience you need in order to develop
critical incident response policies and procedures, as well as identify technologies that can help
you effectively manage security incidents. Through both discussion and hands-on exercises you
will gain specialized knowledge of security incident response.
Upon completion of this course, participants will receive a CD that contains tools and resources
used during the course.
What You Will Learn:
Incident Response Fundamentals
Policies, Procedures and Training
Supporting Technologies and Incident Reporting
Prerequisite: This course is geared to individuals with a general familiarity and working
knowledge of information technology, including those with two or more years of experience and
training in IT Audit, Information Security, and/or Information Technology.
Learning Level: Basic
Field of Study: Auditing
19
TRACK I-1
VIRTUALIZATION SECURITY & AUDIT (JOHN TANNAHILL, MONDAY)
7 CPEs
Seminar Focus and Features
This one-day session will focus on the audit and security issues related to the use of Virtual
Machine environments
Key Learning Objectives:
Understand VMware Virtual Machine architecture and security components (VMware vSphere)
Understand VMware ESXi and vCenter security and control features
Understand audit objectives for the ESXi and vCenter environments
Topics to be covered include:
1. VM Concepts (based on VMware technology)
VMware ESXi and vCenter Server Overviews
Security Architecture and Design Issues
Threats & Vulnerabilities and Audit & Control Objectives
2. VMware ESXi Server Audit
Security Configuration Standards and Security Management
Configuration and Patch Management
Host Level Management Security
User Account and Administrator Access Controls
Logging & Monitoring
VM Files and Settings
Guest VM Configuration
Guest to Host Isolation Controls
Network and Firewall Security
3. VMware vCenter Audit
Architecture & Design
Auditing Management Server Configuration and Components
Inventory Control Areas
Controls over Administrative Users (Data Center Administrator, VM Administrator etc.)
Roles (e.g. System and Sample Roles) and Objects
Permissions and Permission Privileges Group Management
Security Monitoring
4. Security and Audit Tools & Techniques
Note: This session will include discussion of other VM Technologies in the Concepts session,
including Microsoft Hyper-V and Linux KVM
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
20
TRACK I-2 CLOUD MANAGEMENT AND SECURITY
(JOHN TANNAHILL, TUESDAY-WEDNESDAY) 15 CPEs
Seminar Focus and Features
This two-day session will focus on the audit and security issues related to managing and securing
Cloud Computing environments.
Key Learning Objectives
Understand Cloud architectures and security & control components
Understand Cloud Service Models
Understand key risk and control issues with the different Cloud deployment models
Technical Concepts
Cloud Risk Assessment, and Governance and Operation Controls
Case Study: Development of Audit Objectives and Audit Program Steps using CSA Cloud
Controls Matrix
Topics covered include:
1. Cloud Computing Concepts
Overview of Cloud architectures
NIST Cloud Definitions
2. Cloud Service Models
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Other Service Models such as Security as a Service.
3. Cloud Deployment Models
Public Cloud
Community Cloud
Private Cloud
Hybrid Cloud
Example Deployments
4. Security and Control Issues
Key Risk, Governance and Security Issues
Control Requirements with focus on CSA’s Cloud Controls Matrix and key mappings
NIST; ENISA; Cloud Security Alliance Security and Audit Resources
5. Audit Tools & Techniques
Use of SOC Reports
Example Audit Programs
Prerequisite: None
Learning Level: Intermediate
Field of Study: Auditing
21
TRACK J-1 IS YOUR DATA REALLY SECURE?...13 WAYS
TO AVOID CYBER DATA LEAKS (KEN CUTLER, MONDAY)
7 CPEs
Seminar Focus and Features
Information is the most valuable asset, the lifeblood, of any organization - private industry,
government, non-profit. Data leakage through a myriad of Cyber-related conduits has become
the number one security issue, regardless of an organization's size, industry, or geographic
location. Valuable data is leaking out in every direction, often totally undetected, until it’s too
late, by the victimized organizations. Some Cyber leaks are accidental, others are overt and
targeted.
Key CyberSecurity risk assessment questions include:
What is your data worth to someone else?
What are the legal implications if the security of proprietary or personal data is
compromised?
We will heighten your awareness by pinpointing "A Dirty Baker’s Dozen”: 13 common
CyberSecurity Leakage Exposures and How to Avoid Them. CyberSecurity data leakage risk
areas covered range from paper documents to web-enabled applications. In this workshop, we
will discuss:
Identifying and categorizing common avenues of Cyberdata leakage and associated risks
Reported examples of real Cyber attacks, leaks, and investigations
Top down CyberSecurity safeguards and IT Audit Practices to protect information
confidentiality and privacy
Sources of additional information and tools
Prerequisite: A basic management understanding of IT, Information Security, and Audit
terminology and concepts is assumed.
Level: Intermediate
Field of Study: Auditing
22
TRACK J-2
CYBER AUDITS OF IDENTITY AND ACCESS CONTROL MANAGEMENT (KEN CUTLER, TUESDAY-WEDNESDAY)
15 CPEs
Seminar Focus and Features
The road to reliable internal control and CyberSecurity compliance can be very treacherous, full
of potholes and rocks…and many forks to ponder. Compliance requirements come from all
directions, shapes, and sizes…not to mention heightened attention to the protection of payment
card data, personally identifiable information (PII), identity theft, and security breach disclosure
legislation. Logical access controls represent the single most significant security safeguard to
protect valuable data from unauthorized access…and the most common area of important audit
findings by internal and external auditors.
In this widely applicable workshop, we will provide a framework for consistent and effective
auditing of logical access controls. Case studies will be used to demonstrate real examples of
common access controls and data collection methods for operating systems, database servers,
and other software environments, emphasizing free and/or low‐cost audit software procedures.
Attendees will receive sample work programs and checklists that can be used to perform
effective logical access audits in any context.
In this seminar, we will discuss:
Assessing common risks and regulatory compliance requirements associated with
identity and access control management
Identifying the key building blocks of logical access controls: identification and
authentication, access
Authorization, privileged authority, system integrity, audit logs
Locating technical and administrative access controls in today’s complex IT application
environments: network, operating systems, database management systems, directory
services, single sign‐on
Dealing with software bugs, patch management, and change control issues that can
undermine effective access controls
Defining the audit work program: Tools and techniques for reviewing access controls in
prominent system software and application environments
Sources of industry best practice CyberSecurity and CyberAudit frameworks and
checklists
Prerequisites: Understanding of risk management processes and basic information security
concepts
Learning Level: Intermediate
Field of Study: Auditing
23
TRACK K-1 AUDITORS ROLE IN IT GOVERNANCE
(MITCH LEVINE, MONDAY) 7 CPEs
Seminar Focus and Features
This seminar is intended to provide attendees with the base level knowledge required to
perform IT Governance audits. This seminar is designed for IT, Integrated and Operation
Auditors along with compliance personnel at all levels.
Topics include:
Introduction to Governance, Risk and Compliance
Alternative approaches for the set-up of IT compliance functions
IT Governance Responsibilities
Introduction to the key areas of IT Governance
Understanding how IT Governance audits have evolved
Recommended Audit Scope for the key areas of IT Governance audits
Understanding the Core Components of IT Governance Organization
o Small organizational approaches
o Mid-Size organizational approaches o Multi-national & large organizations o Private versus public sectors
Evaluating the adequacy of the IT Governance organizational structure
Assessment of IT Governance core areas
o Risk Assessment processes
Enterprise
Application
Project
o Monitoring IT Controls
o Implementation of the Data Classification standard
o Data Retention and Records Management
o IT Policies, standards and procedures
o GBLA Assessments
o Entity Level Control Assessments
o IT Compliance with laws, regulations and contracts
Management reporting relating to IT Governance
How to audit compliance functions
Audit Report approaches for IT Governance Audits
Case Study
A case study will provide the understanding of how to assess the IT Governance structure, risk
management and compliance functions.
Prerequisite: A basic understanding of information security and IT controls.
Learning Level: Basic
Field of Study: Auditing
24
TRACK K-2
AUDITING DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING
(MITCH LEVINE, TUESDAY-WEDNESDAY) 15 CPEs
Seminar Focus and Features
This seminar provides the base level knowledge required to perform a Disaster Recovery and
Business Continuity audit.
I. Introduction
Overview of Business Continuity and Disaster Recovery Plans
Traditional types of audits covering Business Continuity and Disaster Recovery
II. Business Impact Analysis (BIA)
Understanding Recovery Point Objects (RPO) and Recovery Time Objectives (RTO) and
how they are used to validate backup and recovery strategies
Alternative methods for establishing the BIA
Approaches to auditing the BIA
III. Risk Assessment
Alternative methods for establishing the Risk Assessment
Approaches to auditing the Risk Assessment
IV. Backup Strategies
Alternative methods for data backups including backup, replication and clustering
Approaches to auditing the data backups
V Business Continuity/Disaster Recovery Plans
Understanding the different types of Business Continuity strategies
Purpose and administrative component of plans
Alternative methods used within the industry
Business level plan development and deployment including IT Plan components, such as
onsite disaster recovery, migration to the offsite DR site, operating at the DR Site and
return from DR site to the production site
VI. Disaster Recovery/Business Continuity Testing
Alternative methods and approaches to conducting DR / Business Continuity Tests
VII. Other types of Business Continuity Plans
Pandemic Plans
Case studies will provide an understanding of how to audit the Business Continuity strategy,
Offsite Disaster Recovery Testing and evaluating backup strategies to ensure they meet RPOs &
RTOs and the project initiatives used to create the RPOs and RTOs.
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
25
TRACK L-1 SAFEGUARDING CRITICAL ASSETS
(SAJAY RAI, MONDAY) 7 CPEs
Seminar Focus and Features
This one day session will introduce the challenges faced by most organizations in safeguarding
the critical assets. The session will provide ways an organization can approach the protection of
critical assets.
Before lunch, we will introduce the concepts of Outside In and Inside Out. We will also lay the
foundations on how the organizations are managing the safeguarding of their critical assets. We
will identify an approach which will discuss topics like Data Classification and Data Loss
Prevention (DLP). A 3-12 month action plan will be discussed which can be adopted by an
organization to safeguard critical assets.
Then we will focus on the action items an organization must take in the first three months and
will walk the audience through each of the steps with practical examples. Some of the topics
will include:
Data Classification Policy and examples
Process of classifying data (and examples on how to classify data)
Process of labeling classified data (Example of SharePoint for Microsoft classified
documents)
Discussion of role of a data owner
Example of a classification tool
Then we will focus on protecting the data which has been classified. The session will discuss the
examples of how a DLP solution can assist in protecting and monitoring the classified data.
After lunch, the focus will shift towards emerging technology risks and discuss the role an
auditor can play within their organization. Some of the topics will be:
Managing Social Media risks
Managing Smart Device and BYOD risks
Managing Third Party Service Provider risks
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
26
TRACK L-2 INTRODUCTION TO INFORMATION SECURITY FOR IT AUDITORS
(SAJAY RAI, TUESDAY-WEDNESDAY) 15 CPEs
Seminar Focus and Features
This two day session will provide an introduction to information security concepts and is geared
for IT auditors who are new to their role or experienced auditors who are joining the IT audit
group.
Topics to be covered include:
Cyber Security Fundamentals
Risk Management
Network Security tools and technologies
Intrusion Detection and Prevention
Virtualized, Shared and Distributed Computing
Application Security and Penetration Testing
Cyber Incident Response Management
Cloud Security
This session will provide practical take-aways for each of the topics and will discuss experiences
of the speaker in terms of what works and what does not.
Prerequisite: None
Learning Level: Basic
Field of Study: Auditing
27
ABOUT THE INSTRUCTORS….
Kathleen M. Crawford is a Senior Consultant for MISTI and President of Crawford Consulting &
Communications LLC. Previously, she was an Internal Auditor for Vinfen Corporation, where she
assisted management in the standardization of operations, developing policies and procedures and
improving processes. A member of the IIA, she is a past President of the Greater Boston Chapter of
the IIA and a member of the ACFE.
Ken Cutler, CISSP, CISM, CISA is a Senior Teaching Fellow with CPEi, specializing in Technical
Audits of IT Security and related IT controls. He is the President and Principal Consultant for Ken
Cutler & Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array
of Information Security and IT Audit management and technical professional services. He is also the
Director – Q/ISP (Qualified Information Security Professional) programs for Security University.
An internationally recognized consultant and trainer in the Information Security and IT audit fields, he
is certified and has conducted courses for: Certified Information Systems Security Professional
(CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor
(CISA) and CompTIA Security+. In cooperation with Security University, he recently was featured in
two full length training videos on CISSP and Security+.
Ken was formerly Vice‐President of Information Security for MIS Training Institute (MISTI), Chief
Information Officer of Moore McCormack Resources, a Fortune 500 company. He also directed
company‐wide IS programs for American Express Travel Related Services, Martin Marietta Data
Systems, and Midlantic Banks, Inc.
Ken has been a long‐time active participant in international government and industry security
standards initiatives, including: The President’s Commission on Critical Infrastructure Protection,
Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation
Criteria (ITSEC), US Federal Criteria, and Department of Defense (DOD) Information Assurance
Certification Initiative.
He is a prolific author on information security topics. His publications include: Commercial
International Security Requirements (CISR), a commercial alternative to military security standards
for system security design criteria, NIST SP 800‐41, “Guidelines on Firewalls and Firewall Policy”, of
which he was co‐author, and various works on security architecture, disaster recovery planning,
wireless security, vulnerability testing, firewalls, single sign‐on, and the Payment Card Industry Data
Security Standard (PCI DSS).
He has been frequently quoted in popular trade publications, including Computerworld, Information
Security Magazine, Infoworld, Information Week, CIO Bulletin, and Healthcare Information Security
Newsletter, and has been interviewed in radio programs My Technology Lawyer and Talk America.
Ken received his Bachelor of Science degree in Business Administration and Computer Science
degree from SUNY Empire State College.
Greg Duckert, CPA, CIA, CISA, CMA is the Founder of Virtual Governance Institute. He has held
audit director positions in the manufacturing, construction and healthcare industries, assuming
responsibilities for financial, operational and information systems auditing functions. His expertise
includes risk assessment, data-centric ERM and continuous auditing.
28
ABOUT THE INSTRUCTORS….
Keith Levick, Ph.D, CEO The CEO of Goren and Associates, Dr. Levick has over 25 years of experience
in training, professional coaching, and consulting. As a psychologist, he has spent many of his clinical
years in private practice. In 1987, he began to transfer his clinical expertise into the field of business
management.
For the past 20 years Dr. Levick has coached managers and executives in a variety of industries in the
area of personal and professional productivity, change management and interpersonal skills. He has
coached many executives in their transition from the world of management into the world of leadership.
He has developed many award winning leadership training programs and workshops that are being used
by Fortune 500 organizations nationwide. Some of his clients include Chrysler, GM, Daimler, Monroe
Bank & Trust, MGM Detroit Grand Casino, X-Ray Industries, and many other Fortune 500 companies.
As an executive coach, Dr. Levick is a firm believer in the value of coaching. “With high impact effective
coaching, people are able to remove some of the blinders to see what is possible. Coaching can help
executives and leaders to discover their core habits that are working and those that are not; only then
can they reach their highest potential.”
Dr. Levick has written and lectured extensively in the area of the psychology of leadership. As a
professional and key-note speaker, he lectures on a variety of business and health-related issues around
the country. Dr. Levick was a regular guest for 15 years on a local ABC-TV talk show, Kelly & Company.
Currently, he serves as a local expert for a NBC and an ABC affiliate television station in the Detroit area.
Dr. Levick served on the Executive Board for the American Heart Association where he collaborated in the
development of several health-related programs and continues to be a consultant. Dr. Levick is the
founder of the Center for Childhood Weight Management, a unique pediatric obesity program. He is an
Adjunct Professor at Lawrence Technological University and South University. Dr. Levick is also the
author of two books and numerous professional articles; and is the Associate Publisher of a national
magazine Customer Care News.
He received his Bachelor of Science (1973), Master of Social Work (1976), and Doctorate in Counseling
(1992) from Wayne State University.
Mitchell Levine is the founder of Audit Serve, Inc. which is an IT Audit & Systems consulting company.
For the last 25 years at Audit Serve, Mr. Levine has split his time between traditional IT & Integrated
Audit consulting projects, Restructuring IT Departments, PCI Implementations, and performing pre- and
post-implementation reviews of system migrations. Mr. Levine spends 220+ days per year consulting
which is the basis for the material which is included in the seminars.
Over the past seven years Mr. Levine has presented over 75 seminars to nineteen different ISACA & IIA
chapters. Mr. Levine also was the primary writer and editor of Audit Vision which is published bi-monthly
and has a subscription base of over 3,500 audit & security professionals.
Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his
duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus
and the corporate financial systems.
29
ABOUT THE INSTRUCTORS….
Don Levonius, M.A. is a Principal Consultant, Victory Performance Consulting LLC. As a consultant,
trainer, and national public speaker, Don Levonius draws on over 17 years of progressive leadership
experience, including 13 years with The Disney Company and 4 years with the Institute of Internal
Auditors. He taught organizational communication for the University of Central Florida, is a leadership
development instructor with Valencia State College, and holds master’s degrees in human resource
development and business & organizational security management. Don is also an author for the
Association of Talent Development.
After years of leading security and investigations for major retail chains and Disney theme parks, Don
was asked to help create and lead Disney Security Training Institute in an effort to help combat the
emerging threat of terrorism following the horrific attacks in 2001. Under his leadership, Disney security
training was transformed to become an international benchmark for private and public sector security
organizations.
Don was later promoted to lead operations and guest service training for 23 Walt Disney World Resort
hotels (25,000 guest rooms), 200 retail and dining locations, and Disney Transport (monorails,
watercraft, and buses). He subsequently became a senior leader of Disney University, the company’s
corporate university.
In 2009, Don left Disney, founded Victory Performance Consulting (VPC), and began providing learning
solutions for a number of organizations including General Electric, NBC Universal, the Florida Attorney
General’s Office and The Institute of Internal Auditors (IIA). The IIA subsequently hired Don full-time to
manage and direct development of its curriculum and learning strategies and delivery of over 200
leadership development seminars annually.
Today Don leads the VPC team in serving a growing list of clients, including: ASIS International,
Association of Certified Fraud Examiners, CoreNet Global, Florida Attorney General’s Office, Florida
Crime Prevention Association, Just$ave Foods, Land O’Lakes, Inc., Lowes Foods, Society for Human
Resource Management, Institute of Internal Auditors, YRC Worldwide, and others.
Dr. Hernan Murdock, CIA, CRMA is a Senior Consultant with MISTI. Prior to MISTI, he was the
Director of Training at Control Solutions International and a Senior Project Manager leading audit and
consulting projects for clients in the manufacturing, transportation, high-tech education, insurance and
power generation industries. He authored the books 10 Key Techniques to Improve Team Productivity
and Using Surveys in Internal Auditing, and articles on whistleblowing programs, international auditing,
mentoring programs, fraud, deception, corporate social responsibility and behavioral profiling.
Sajay Rai CPA, CISSP, CISM has more than 30 years of experience in information technology,
specializing in information technology processes, IT architecture, security, business continuity, disaster
recovery, privacy, IT audit and information risk. Mr. Rai is the Founder and CEO of Securely Yours LLC.
Securely Yours LLC is focused on delivering innovative solutions through delivery channels like Software-
as-a-Service, Managed Services and traditional IT consulting. Mr. Rai’s clients are in the financial,
manufacturing, retail, healthcare, federal and state agencies and utility industry.
Prior to starting Securely Yours LLC, Mr. Rai was a Partner with Ernst & Young LLP for 10 years and was
responsible for the information advisory practice in the Detroit Metro area. He also served as the
national leader of EY’s Information Security and Business Continuity practices. Mr. Rai’s clients included
General Motors, Blue Cross Blue Shield of Michigan, Yazaki North America, Tecumseh and Federal Mogul.
He also served as a member of his firm’s Partners Advisory Council.
30
ABOUT THE INSTRUCTORS….
Sajay Rai continued
Mr. Rai also worked with IBM for 13 years, most recently serving as an executive of the national
Business Continuity and Contingency consulting practice. He was instrumental in starting the company’s
Information Security consulting practice and managing its information technology consulting practice in
Latin America.
Mr. Rai co-authored a recently published book, “Defending the Digital Frontier – A Security Agenda”,
which guides business and IT executives on how to develop an effective and efficient information
security program within their enterprise. He also co-authored Institute of Internal Auditors’ publications
of “Sawyer’s Internal Audit Handbook 6th Edition” and the publication of IIA’s Global Technology Audit
Guide (GTAG) No. 9 on the topic of Identity and Access Management.
Mr. Rai is a member of IIA’s Professional Issues Committee (PIC). He also serves on the board of ISACA
Detroit Chapter, IIA’s Detroit Chapter, Society of Information Management (SIM) Detroit Chapter and as
a member of Walsh College’s Accounting Advisory and Technology Committees. Mr. Rai is a regular
speaker at industry conferences on information security, business continuity, disaster recovery,
technology strategy and is frequently quoted in magazines and newspapers. He has also served as
expert witness in litigation cases in the area of information technology and information security.
He holds a Master’s degree in Information Management from Washington University of St. Louis, and a
Bachelors degree in Computer Science from Fontbonne College of St. Louis.
James Roth, PhD, CIA, CCSA, CRMA is president of AuditTrends, LLC, a training firm devoted to
identifying and communicating the best of current internal audit practice. Dr. Roth has three decades of
progressive internal audit and teaching experience. His publications include nine AuditTrends seminars
and sixteen major works for the IIA International, including:
Vision University (the IIA’s executive training program for CAEs)
Best Practices: Value-Added Approaches of Four Innovative Internal Auditing Departments
Adding Value: Seven Roads to Success
Best Practices: Evaluating the Corporate Culture
In 2008 the IIA gave Dr. Roth the Bradford Cadmus Memorial Award, which was “established…to honor
individuals making the greatest contribution to the advancement of the internal audit profession.”
Energetic and motivating, Jim is one of the highest rated speakers on internal auditing.
Mary G. Siero, CISSP, CISM, CRISC is an executive level Information Technology Consultant with
experience in several industries in both IT and business departments. Her diverse background has
provided her with a unique perspective about IT's role and the value it can bring to the businesses it
supports. Ms. Siero has over 30 years' experience in engineering and technology from industries such as
Gaming and Hospitality, Healthcare, Consumer Products, Manufacturing and Education. Over her career,
Ms. Siero has developed and managed IT security, risk, compliance and operational environments for
multiple organizations. She was honored as the CISO of the Year and has provided testimony for the
State of Nevada Information Technology Board regarding The Current and Future Cyber Threat. She is a
frequent speaker at national conferences on the topics of IT security and risk management and is the
author of several journal articles and "Safeguarding Your Organization's Data: A Call to Action"
published in 2013.
31
ABOUT THE INSTRUCTORS….
John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing in information
security and audit services. His current focus is on information security management and control in
large information systems environments and networks. His specific areas of technical expertise
include UNIX and Windows operating system security, network security, and Oracle and Microsoft
SQL Server security. John is a frequent speaker in Canada, Europe and the US on the subject of
information security and audit.
John is a member of the Toronto ISACA Chapter and has spoken at many ISACA Conferences and
Chapter Events including ISACA Training Weeks; North America CACS; EuroCACS; Asia-Pacific CACS;
International and Network and Information Security Conferences. He is the 2008 Recipient of the
ISACA John Kuyer Best Speaker/Best Conference Contributor Award.
Paul E. Zikmund serves as Deputy Chief Compliance Officer, Bunge in White Plains, NY where he
manages programs and controls designed to promote an organizational culture committed to
integrity, ethical conduct, and compliance with the law. He manages and conducts investigations of
compliance matters, fraud and ethics violations. Paul assists with the development and
implementation of tools and techniques to mitigate enterprise fraud & compliance risk, manages the
company’s third party risk management program, and administers compliance training and
awareness programs.
Prior to joining Bunge, Paul worked as the Senior Director Forensic Audit at Tyco International in
Princeton, NJ and the Director Litigation Support Services at Amper, Politziner, & Mattia, LLP, in
Philadelphia, PA where he was responsible for developing, implementing, and administering fraud
risk management services to Tyco and to clients. He possesses nearly 28 years of experience in this
field and has effectively managed global compliance and forensic audit teams at various Fortune 500
companies.
Paul is a Certified Fraud Examiner, Certified Ethics and Compliance Management professional, and a
Master Analyst in Financial Forensics. He received a Bachelor of Science degree in the Administration
of Justice and a Certificate of Accountancy from The University of Pittsburgh. He continued his
education with a Masters of Business Administration at the University of Connecticut, a Masters of
Accountancy at Auburn University and a Masters of Business Ethics and Compliance at the New
England College of Finance. Paul has authored various articles relating to fraud detection,
prevention, and investigation. He speaks regularly at seminars and conferences on the topic of
ethics, compliance, and fraud risk management. He also teaches graduate level fraud and forensic
accounting, white collar crime, and auditing courses at Rider University in New Jersey, LaSalle
University in Pennsylvania, and Carlow University in Pennsylvania.
32
REGISTRATION INFORMATION Participation is limited so registration will be accepted on a first-come, first-served basis. Pricing
has been established to provide the maximum educational benefit for the lowest cost.
Therefore, we will not be offering discounts from the established prices for early registration,
membership affiliation or groups. Dress code for the training is business casual.
Morning refreshments will be provided from 7:30 – 8:30 AM, and general sessions will be from
8:30 AM – 4:30 PM each day. Lunch will be provided daily with vegetarian options.
Due to circumstances outside of our control, we may find it necessary to reschedule or cancel
sessions, or change instructors. We will give registrants advance notice of such changes, if
possible.
Payment and Cancellation Policy
Please note all times are stated in Eastern Standard Time (EST). All reservations must be made
online at www.isaca-det.org or https://chapters.theiia.org/detroit. Telephone, fax, and mail-in
registrations will not be accepted.
All payments must be received by midnight 3/22/16. Payments may be made at the time of
registration using Visa, MasterCard, Discover or American Express, or check payments may be
mailed to the address listed below.
Cancellations may be made online until midnight on Tuesday 3/22/16 without penalty. Any
cancellation received after Tuesday midnight 3/22/16, and before Monday midnight 3/28/16 will
be charged a non-refundable service fee based on the CPEs of the registered course being
cancelled. No refunds will be given for registrations that are cancelled after midnight 3/28/16.
CPEs
Non-Refundable
Service Fee
7 $25
15 $50
22 $75
Payments (payable to: IIA Detroit) should be mailed to the address below. Please do not remit
payment to the ISACA Detroit Chapter. Training or registration questions should be sent to
IIA - ISACA Spring Training
Geralyn Jarmoluk – Administrator
78850 McKay Rd
Romeo, MI 48065
Hotel Information
The Spring Training Committee has arranged for a discounted group rate of $119 per night at
the Hyatt Place Hotel at the Suburban Collection Showplace. Reservations may be made by
calling the Hyatt Place at 1-800-233-1234 and requesting Group code ‘G-IIA5’ or by logging
on to http://novi.place.hyatt.com. Once arrival and departure dates have been entered, click on
‘special rates’ and enter the Group Code ‘G-IIA5’ in the Group Code Box. Make sure to make
your reservation by 3/4/2016 to receive the discounted rate.
33
TRACK INFORMATION
Track Session Dates Fee
A-1 Coaching for Enhanced Performance
(7 CPEs) 4/4 $275
A-2 Driving Change Without Running Others Over
(7 CPEs) 4/5 $275
A-3 Leading with Integrity and Authenticity
(7 CPEs) 4/6 $275
B-1 Enterprise Risk Management
(7 CPEs) 4/4 $275
B-2 Lessons from Real Fraud Examinations: Case Studies
(7 CPEs) 4/5 $275
B-3 Internal Audit’s Role in Fraud Risk Management
(7 CPEs) 4/6 $275
C-1 Emotional Intelligence: The Heart of Leadership
(7 CPEs) 4/4 $275
C-2 Managers to Leaders
(7 CPEs) 4/5 $275
C-3 Conflict Management
(7 CPEs) 4/6 $275
D-1 Best Practices in Internal Auditing
(7 CPEs) 4/4 $275
D-2 Assessing the Risk / Control Culture: Challenges and Proven Techniques
(15 CPEs) 4/5 – 4/6 $550
E Advanced Auditing for In-Charge Auditors
(22 CPEs) 4/4 – 4/6 $825
F Using Risk Assessment to Build Individual Audit Programs
(22 CPEs) 4/4 – 4/6 $825
G Internal Audit University
(22 CPEs) 4/4 – 4/6 $825
H Introduction to Incident Response
(22 CPEs) 4/4 – 4/6 $825
I-1 Virtualization Security & Audit
(7 CPEs) 4/4 $275
I-2 Cloud Management and Security
(15 CPEs) 4/5 – 4/6 $550
J-1 Is Your Data Really Secure?...13 Ways to Avoid Cyber Data Leaks
(7 CPEs) 4/4 $275
J-2 Cyber Audits of Identity and Access Control Management
(15 CPEs) 4/5 – 4/6 $550
K-1 Auditors Role in IT Governance
(7 CPEs) 4/4 $275
K-2 Auditing Disaster Recovery & Business Continuity Planning
(15 CPEs) 4/5 – 4/6 $550
L-1 Safeguarding Critical Assets
(7 CPEs) 4/4 $275
L-2 Introduction to Information Security for IT Auditors
(15 CPEs) 4/5 – 4/6 $550
34
Spring Training Location
Suburban Collection Showplace 46100 Grand River Ave
Novi, MI 48374
From the West
Take I-96 East to Beck Road (exit #160), turn right and head south on Beck Road for 0.4 miles.
Turn left onto Grand River Avenue and head east for .5 miles. Turn left into Suburban
Collection Showplace. Park in the lot on the right as you enter the complex.
From the East
Take I-96 West to Novi Road (exit #162), turn left and head south on Novi Road. Follow Novi
Road 0.4 miles to Grand River. Turn right and head west on Grand River 1.25 miles. Turn right
into Suburban Collection Showplace. Park in the lot on the right as you enter the complex.