Tuesday | October 23, 2018 1:00 p.m. – 5:00 p.m. Workshop 1: Auditing: Beyond the Checklist James Vaughn, CIA, CFE, CAMS, CCEP Supervisor, Internal Audit MGM Resorts International While internal auditors document their work through the use of checklists, limiting your audit to the checklist questions prevents you from unlocking the value you can add to your client. We will discuss why we conduct gaming audits, current failure points, and what we as audit professionals can do to assist in the goal of keeping our properties out of trouble with regulators. In this session, participants will:

• Go beyond the slot checklist by understanding what the checklist is asking. • Go beyond the table games checklist by understanding marketing programs and being positioned to assist table

and marketing operations to test if revenue is being bought rather than earned. • Go way beyond a race and sports checklist that is only being written all across the U.S.

James Vaughn focuses on gaming and Title 31 compliance and since 2005, he has participated, led, or consulted on over 100 slot audits across the United States. During his time with MGM Resorts, he has developed multi-jurisdictional training for slots and has an interest in understanding the use of slot machines as a means of laundering money.

Wednesday | October 24, 2018 8:30 – 9:45 a.m. General Session 1: Big Data and Artificial Intelligence Patrick Schwerdtfeger Business Futurist and Author The explosion of big data technologies and the Internet of Things (IoT) have led to dramatic advancements in artificial intelligence (AI) and machine learning. These technologies are fueling innovation in predictive analytics, autonomous vehicles, virtual reality, and countless other fields. Patrick has accumulated dozens of case histories and success stories in a variety of different industries, allowing him to explain the trends in a way that people understand. His technology keynotes don’t get into technical specifications. Instead, they highlight trends and strategies for executive and managerial audiences.

In this session, participants will:

• Understand why artificial intelligence capabilities are accelerating • Hear case histories where AI technologies are being deployed • Predict which jobs are most likely to be replaced by automation • Learn how to anticipate disruptive innovation in this industry

Patrick Schwerdtfeger specializes in technology trends including artificial intelligence, Fintech, blockchain, and social media. He has lectured at numerous academic institutions and is a regular speaker for Bloomberg TV. Schwerdtfeger is the founder of Trend Mastery Inc. and host of the Strategic Business Insights video blog, with over 20,000 subscribers and 4 million views on YouTube. He has spoken about business trends, technology, and digital marketing at hundreds of conferences around the world, and discussed Learned Intuition at the TEDx Sacramento event in 2012. Schwerdtfeger authored the award-winning book Marketing Shortcuts for the Self-Employed, and other titles including Keynote Mastery: The Personal Journey of a Professional Speaker; Webify Your Business: Internet Marketing Secrets for the Self-Employed; and Make Yourself Useful: Marketing in the 21st Century. Schwerdtfeger has been featured by the popular press including the New York Times, LA Times, Reader’s Digest, CNN Money, NPR, Fortune, Bloomberg Businessweek, the Associated Press, MONEY Magazine, Forbes, and many others.

Wednesday | October 24, 2018 10:15 – 11:30 a.m. General Session 2: Panel Discussion: Understanding Unconscious Bias and Its Impact on Internal Audit Moderator: Harold Silverman, CIA, QIAL, CRMA, CPA, CISA Former Vice President, Internal Audit The Wendy's Company Panelists: Paulette Brown Partner Locke Lord LLP Dominique Vincenti, CIA, CRMA Former Vice President, Internal Audit Nordstrom Benito Ybarra, CIA Chief Audit and Compliance Officer Texas Department of Transportation Objectivity is a state of mind that leads to the way you make decisions and take action. While it is conceptually simple to do this, each of us carries perceptions and experiences that impact our decisions and actions. This session will aim to discuss the concept of unconscious bias and its impact on how we conduct our work and serve our organizations.

In this session, participants will:

• Understand the concept of unconscious bias. • Hear about examples of where unconscious bias can impact decisions and actions. • Understand the tie to the Standards. • Learn of ways to identify and prevent unconscious bias from impacting key decisions.

Harold Silverman currently serves as chairman of The IIA’s Global Professional Development Committee and sits on The IIA’s North American and Global Boards. He recently served as vice president of internal audit at The Wendy’s Company. Prior to Wendy’s, he was vice president of internal audit at Houghton Mifflin Harcourt Publishing Co. Before HMH, Silverman served as senior manager of internal audit at Raytheon Co., managing the team that performed audits at corporate locations and divisions in the northeast. Earlier in his career, he was an internal audit manager at PricewaterhouseCoopers and gained external audit experience at Arthur Andersen. Paulette Brown is a member of the labor & employment practice group of Locke Lord LLP and is the Immediate Past President of the American Bar Association. Throughout her career, she has held a number of positions, including in-house counsel to a number of Fortune 500 companies and as a Municipal Court Judge. For the past 30 years, Paulette has engaged in the private practice of law, focusing on all facets of labor and employment and commercial litigation. She has defended employers in cases involving discrimination on the basis of age, sex, marital status, sexual harassment, disability, race and national origin. Paulette has received results in class action employment discrimination cases based upon race and wage and hour claims. She is also experienced in all aspects of workplace training and collective bargaining. Paulette litigates in both federal and state courts, as well as arbitration forums for both unionized and non-union employees. She is a certified mediator for the United States District Court, District of New Jersey and a member of the Employment AAA Panel. Paulette is a frequent lecturer on labor and employment issues and issues related to electronic discovery and serves as Chair of the Labor and Employment Section of the New Jersey State Bar Association. She is also a member of the College of Labor & Employment Lawyer and American Law Institute. Additionally, Paulette has been recognized by the New Jersey Law Journal as one of the prominent women and minority attorneys in the State of New Jersey and by the National Law Journal as one of "The 50 Most Influential Minority Lawyers in America." She has been listed as a NJ Super Lawyer since its inception and for the past three years as one of the top 50 women lawyers and one of the top 100 lawyers. Ms. Brown has also repeatedly been named by US News as one of the Best Lawyers in America in the area of Commercial Litigation. Paulette also received DRI's Pioneer Diversity Award and the NJ State Bar Association's Excellence in Diversity Award, and she was honored with the Spirit of Excellence and Margaret Brent Women Lawyers of Achievement Awards by the American Bar Association Commission on Women in the Profession. In 2014, Paulette was honored by the Rutgers Law-Camden Black Law Students Association for exemplifying the values advocated by Dr. Martin Luther King Jr.

Dominique Vincent, in her last position and for almost 9 years, was the VP of internal audit at Nordstrom, a Fortune 250 Company and one of the US leading Fashion Specialty Retailer. Her 20 years of experiences includes internal audit management positions principally in the retail industry for prominent international retailers: Marks & Spencer – UK or Kering (former PPR) – France (Gucci, Yves Saint Laurent, Alexander McQueen, Balenciaga, Stella McCartney, Puma etc.…). For 6 years prior to joining Nordstrom she was a Chief Officer at The Institute of Internal Auditors where she was overseeing the organization's professional, research and technical practices, developing guidance or representing the internal audit profession working on Governance Risk & control issues, closely with other professional, national or international institutions and regulators such as the US Securities and Exchange Commission, International Organization of Supreme Audit Institution, the International Federation of Accountants or the OECD to name a few. Benito Ybarra has more than 17 years of audit experience and oversees TxDOT's Internal Audit and Compliance divisions; their functions are aimed at improving controllership, risk management, accountability, and governance. He is a member of The IIA's North American Board and serves on the Publications Advisory Committee. Ybarra also serves on the internal audit and peer review committees of the American Association of State Highway and Transportation Officials and the (Texas) State Agency Internal Audit Forum.

Wednesday | October 24, 2018 12:45 – 1:45 p.m. CS 1-1: RPA and AI in IA: Will We Be Obsolete Soon? Kyle Martin, MISM Corporate Director, Internal Audit Penn National Gaming and Hollywood Casinos Scott Springman Managing Director Protiviti Steve Wang Managing Director Protiviti Most people believe that 50% of tasks within the organization can be automated by robotic process automation (RPA), and the percentage can be even higher with the use of artificial intelligence (AI). This organizational transformation will impact internal audit and these changes can also be expected within the internal audit department itself. Internal auditors need to be proactive and transform themselves to stay relevant. In this session, participants will:

• Receive an overview of recent trends in RPA and AI in internal audit. • Discover how RPA actually looks like within an internal audit department (via demonstration). • Discuss IA’s need to transform to avoid becoming obsolete.

Kyle Martin Bio Being Finalized Scott Springman has primary service delivery focus on IT audit and consulting. He has helped companies in the gaming and hospitality industries improve their IT controls for over a decade and has managed and executed many projects in the areas of performance and functionality testing, program management, security assessments, Sarbanes-Oxley / SSAE16 / state gaming requirements / HIPAA regulatory compliance, pre-implementation reviews, and a multitude of IT and business process reviews. Steve Wang has more than 16 years of internal audit and business risk consulting experience, leading both co-sourced and outsourced internal audit engagements. He has extensive internal audit and enterprise risk management experience working in the manufacturing, hospitality & gaming, telecommunications, retail, and banking industries. Prior to joining Protiviti, Wang worked at two public accounting firms. CS 1-2: Leading With Emotional Intelligence Raoul Ménès, CIA, CCSA, CRMA, FCPA, FCMA, FCMC, CFE, CCEP-I Chief Audit Executive AV Homes, Inc. Intelligence Quotient (IQ) is useful in academia, but what about in our work environments? Is there something missing that IQ doesn’t address? Emotional Intelligence (EI) allows us to identify, assess, and manage our own emotions and understand those of others. This presentation will help you recognize and understand emotions while guiding your actions. In this session, participants will:

• Understand the meaning of an Intentional Leader. • Define Emotional Intelligence (EI). • Gain knowledge of how emotions affect people. • Understand the effect one has on their team’s emotional environment. • Follow four methods and expose a model to improve one’s emotional quotient (EQ).

Raoul Ménès has been delivering internal audit, risk management services for more than 24 years. His experience includes optimizing internal audit and enterprise-wide risk management programs, and performing risk assessments. Currently, he has established his organization’s internal audit activities and strengthened the ERM and compliance functions to be value-added, risk-based, and strategically aligned throughout the corporation. Ménès has deep expertise in fraud risk assessment, interview and interrogation, fraud detection, investigation, and employee theft examinations. He is the author of numerous thought papers on IA, ERM, and GRC and a frequent speaker on internal audit, risk management, ethics, compliance, and leadership. CS 1-3: Using Fake Data to Uncover Real Problems (and Solutions) Daniel McCarville Senior Research and Data Analyst University of Oregon

As auditors, we like to use real data to find real problems in our client organizations. Data analysis often has two drawbacks: first, we often lack a criterion for how data should look, which makes it difficult to detect problems; second, data sets only tell us about what has happened, while managerial stakeholders are interested in solutions. Computer simulation can help us solve both of these problems. In this session, participants will:

• Understand the basics of how computer simulation works. • Describe uses, benefits, and limitations of computer simulations. • Identify engagements where simulated data will be useful to an audit. • Discuss simulation case studies to understand the value, usage, and limitations of simulated data.

Daniel McCarville uses data analysis and computer simulation techniques for performance evaluation. He is currently senior data and research analyst for the University of Oregon and was previously a legislative auditor for the state of Kansas. McCarville has developed computer simulations and simulations for academic research, government, and private industry across a variety of industries. His experience focuses on using advanced statistical methods to detect problems and evaluate the impact of recommendations.

Wednesday | October 24, 2018 2:00 – 3:00 p.m. CS 2-1: Blockchain and Cryptocurrency Technology: Auditing Techniques and Challenges Jeran Cox IT Auditor National Indian Gaming Commission (NIGC) This course will cover a brief history of bitcoin and other cryptocurrencies, dealing with uses of blockchain technology — both legal and illegitimate. Topics related to the usefulness of cryptocurrencies from an auditing perspective will be covered, as well as the difficulties and dangers for auditors, accountants, and regulators. In this session, participants will:

• Hear about the history of bitcoin and other cryptocurrencies. • Learn uses of blockchain technology, both legal and illegitimate, and understand the usefulness of

cryptocurrencies from an auditing perspective. Jeran Cox is an IT auditor with NIGC, responsible for IT vulnerability assessments at casinos nationwide as well as auditing CFR543.20 and providing IT-related expertise and training. He has five years of experience in the gaming industry and a combined nine years in IT-related fields. Prior to NIGC, Cox worked for VGT in both technical compliance and QA roles. He first became acquainted with the gaming industry at WMS as a QA tester of web-based games for European-facing online casinos. Cox is fluent in Japanese.

CS 2-2: A Seat at the Table or Musical Chairs? Ron Reigle, CIA, CFE Chief Compliance Officer Marnell Gaming LLC The nature and duties of internal audit, along with regulatory requirements, provide internal audit a seat at the table. But what can you do to increase the chances of your seat not being lost in a real-world game of “musical chairs”? In this session, participants will:

• Learn how to strengthen a critical component of leadership: their character. • Understand how to ensure they are communicating in the manner commensurate with their critical role. • Gain awareness of the importance of collaboration with the many chairs at the table.

Ron Reigle is a 25+ year veteran of the gaming industry. He is currently responsible for directing his company’s compliance plan, along with the internal audit and fraud-fighting efforts. Previously, Reigle was a vice president of corporate compliance and internal audit as well as a director of corporate compliance, internal audit manager, surveillance department manager, assistant controller, and director of security for various casinos. He created a Title 31 training video and authored two gaming books. Reigle is the co-founder, past chairman, and current member of the advisory board of The IIA’s Gaming Audit Group and serves on the board of governors. CS 2-3: Leveraging Analytics to Uncover Fraud in Casinos and Gaming Steven Pesklo, CFE President SoftLake Solutions Sonia Portillo Gaming Audit Program Manager Maryland Lottery Agency Data analytics can be an important ally when trying to identify potentially fraudulent activities or compliance issues within the gaming and casino industries. How to begin? What to look for? What are the benefits of using analytics? What have been some of the challenges? How can visualization be leveraged? This presentation will be interactive, with audience participation and discussion of specific case studies from the gaming industry. In this session, participants will:

• Compare their data analysis practices with other organizations in the gaming and hospitality industries. • Learn commonly used industry best practices for audit data analysis to better identify fraud. • Understand the impact of quickly changing data analysis technologies. • Jumpstart a data analysis function by discovering what they don’t know about the potentials in their data.

Steven Pesklo is president of SoftLake Solutions, specializing in providing expert data solutions, including software and consulting in areas of internal audit, fraud and forensic investigations, and privacy and compliance. He is a frequent national speaker on topics around all things data, including data analytics and data governance for audit and criminal investigations. Pesklo has implemented data analysis and governance solutions for many organizations worldwide. He also teaches on topics of data analytics and governance at the Graduate School in Washington, DC. Sonia Portillo Bio Being Finalized

Wednesday | October 24, 2018 3:20 – 4:20 p.m. CS 3-1: Cyber Security: The Eye of the Storm Karen Andersen Manager, Cyber Security Services and Risk Advisory Eide Bailly The Eye of the Cyber Storm discusses cyber security challenges, common areas of concern, and lessons learned from some high-profile data breaches and recent news headlines. Attendees will understand how cyber risk aligns to business objectives, as well as how to create technical audit plans, evaluate cyber risk, design mitigation strategies, and explain to boards and executives the alignment of technical risk to business objectives. In this session, participants will:

• Dive into case studies of recent data breaches. • Learn preventative measures and mitigation strategies. • Identify key technical areas and how to audit effectively. • Gain tools to have effective communications to the board.

Karen Andersen has more than 21 years of technical consulting experience across a wide variety of industries. She works with clients to perform cybersecurity assessments, risk assessments, technical audits, critical data classification, security policy development, data mapping, and investigations, as well as to consider HIPAA and PII identification and notification. Andersen is adept at explaining technical concepts to non-technical individuals, helping organizations identify technical risks and align them to business objectives, performing data privacy and third-party security assessments, and acting as a security subject matter expert on projects to develop security requirements, implement effective security programs from the board perspective, and facilitate end-user security awareness training. CS 3-2: Ethical Tropes: Part 1 James Vaughn, CIA, CFE, CAMS, CCEP Supervisor, Internal Audit MGM Resorts International

Ethical tropes are the generalized governors of the actions we take when making decisions in our everyday lives. By understanding the governors over the actions that an individual takes, we can understand how the individual interacts within corporations and society. We will also discuss what society expects as ethical behavior and the “big stick” that society uses to enforce its expectations. In this two-part session, participants will:

• Understand how ethics are the price of admission to society. • Analyze how ethical tropes are used as shortcuts by each of us as the basis of our decision making. • Gain awareness of how individual ethics become corporate ethics. • Examine how society governs individual and corporate ethics.

James Vaughn is currently a supervisor of internal audit with MGM Resorts International, focusing on compliance (gaming and Title 31) along with ethics and governance. Since 2005, he has participated, led, or consulted in numerous slot audits across multiple US jurisdictions. During his time with MGM Resorts, Vaughn has developed multi-jurisdictional training for slots as well as an interest in understanding the use of slot machines as a means of laundering money. CS 3-3: Building a Gaming Analytics Program That Pays for Itself Grant Houle, CIA, CISA Director, Corporate Governance The Mohegan Tribe Kevin Legendre Auditor The Mohegan Tribe Samantha Webster, CPA, CFE Corporate Governance Manager The Mohegan Tribe Our internal audit team collaborated with operations to develop an analytics program that combats fraud and pays for itself through results. Using nontraditional financial data and the IDEA platform, we overcame challenges and partnered with key stakeholders to establish effective fraud monitoring controls. Our program involves analyzing known frauds, identifying key data points, establishing red-flag analytics, and communicating results for a timely investigation process that catches both bad guys and errors. In this session, participants will:

• Learn strategies for handling unconventional data. • Explore outside-the-box thinking for developing valuable analytics. • Build, sustain, and grow a data analytics program through collaboration and continuous improvement.

Grant Houle has over 16 years of professional experience in accounting, audit, and financial management, including 10 in gaming at Mohegan. He currently oversees the internal audit team at Mohegan’s flagship Connecticut property. The team is responsible for compliance and operational audits across IT and business units. In addition, he managed the operational accounting team for two years, overseeing gaming, hotel, and inventory accounting. Prior to Mohegan Sun, Houle was associate vice president of operations and finance with Ticket Network. Kevin Legendre has more than three years of experience in auditing. He has been with Mohegan for three years. His background includes a lead role in the execution and development of gaming analytics. Samantha Webster has over 10 years of audit and accounting experience in the forensic, governmental, and gaming fields. She oversees the use of IDEA software for data analytics at the Mohegan Tribe.

Wednesday | October 24, 2018 4:30 – 5:30 p.m. CS 4-1: Auditing Analytical Models Allan Sammy, CIA, CPA, CGA Director, Data Science and Audit Analytics Canada Post Analytical models (AM) have made their way into every aspect of business and are being relied upon as decision support and, in some cases, actually making the decisions. Due to the importance of AM to risk management strategies, internal auditors need to develop and execute periodic audits of analytical controls (AC) to determine if they are designed appropriately and operating effectively. This session will provide auditors with the knowledge/toolkit to conduct these audits. In this session, participants will:

• Gain insights into AMs and their benefits. • Understand the role of internal auditors and how to perform a model risk assessment. • Learn about AC review scoping and AC review approaches.

Allan Sammy has 20+ years of experience in risk management, investigations, and internal audit. At Canada Post, he works with IA clients companywide to provide assurance and advisory services related to advanced analytics and data modeling. Additionally, he leads development of big data capabilities and utilization as well as coordination of IA department analytic initiatives. Previously, Sammy was director of fraud risk management at the Ontario Lottery and Gaming Corporation and head of internal audit at the Canadian Air Transport Security Authority. He has published articles on auditing analytic models and using artificial intelligence and neural network models for fraud detection. CS 4-2: Ethical Tropes: Part 2 James Vaughn, CIA, CFE, CAMS, CCEP Supervisor, Internal Audit MGM Resorts International

Ethical tropes are the generalized governors of the actions we take when making decisions in our everyday lives. By understanding the governors over the actions that an individual takes, we can understand how the individual interacts within corporations and society. We will also discuss what society expects as ethical behavior and the “big stick” that society uses to enforce its expectations. In this two-part session, participants will:

• Understand how ethics are the price of admission to society. • Analyze how ethical tropes are used as shortcuts by each of us as the basis of our decision making. • Gain awareness of how individual ethics become corporate ethics. • Examine how society governs individual and corporate ethics.

James Vaughn is currently a supervisor of internal audit with MGM Resorts International, focusing on compliance (gaming and Title 31) along with ethics and governance. Since 2005, he has participated, led, or consulted in numerous slot audits across multiple US jurisdictions. During his time with MGM Resorts, Vaughn has developed multi-jurisdictional training for slots as well as an interest in understanding the use of slot machines as a means of laundering money. CS 4-3: Game Performance Paul Bycroft, CIA, CGAP, CRMA Auditor National Indian Gaming Commission Daniel Catchpole, CPA Audit Manager National Indian Gaming Commission This course is designed to help participants gain an understanding of game statistics. The objective is to create an interactive environment where attendees will learn how statistics can aid in identifying issues on the gaming floor. Topics will focus on the analysis of gaming machine game statistics. In this session, participants will:

• Gain an enhanced understanding of the inherent risks associated with gaming machine statistics and how internal controls standards are intended to mitigate those risks.

• Learn how to identify games that may require investigation. Paul Bycroft has over 13 years of gaming audit experience. He has worked as an auditor for the National Indian Gaming Commission (NIGC) since 2009 and as an auditor-in-charge since 2016, with responsibility for conducting and leading gaming regulatory compliance audits, presenting training related to NIGC gaming regulations, and responding to a variety of questions from casino personnel and tribal regulators. Previously, as a corporate internal auditor for MGM Mirage (currently MGM Resorts International), Bycroft conducted gaming, Title 31, and construction audits related to the City Center project.

Daniel Catchpole Bio Being Finalized

Thursday | October 25, 2018 8:30 – 9:45 a.m. General Session 3: BSA Hot Topics for Casinos Donna Mayer BSA Casino Technical Advisor Internal Revenue Service Learn current Bank Secrecy Act (BSA) casino hot topics, including the recent Supreme Court sports betting ruling. Do you know the BSA issues if your casino adds sports betting? Topics will also include customer due diligence, critical reporting data fields, and Real ID Act identification. Do you know if your casino may accept a driver’s license that is not compliant with the Real ID Act? In this session, participants will:

• Evaluate customer due diligence requirements for casino Bank Secrecy Act (BSA) compliance. • Understand common errors with certain critical data fields on Currency Transaction Reports. • Determine if a driver’s license is or is not compliant with the Real ID Act and whether it is or is not acceptable for

BSA compliance. • Assess any BSA impact from the May 10, 2018, Supreme Court ruling on sports betting.

Donna Mayer is an IRS Bank Secrecy Act (BSA) technical advisor, specializing in casinos. She serves as a technical and program advisor, providing guidance and direction to BSA casino examiners throughout the country. Previously, Mayer was responsible for hiring, training, and supervising the newly formed BSA casino examiner group in Nevada. She has worked in the BSA program of the IRS since 1991. She identified and conducted a BSA examination that resulted in one of the largest food stamp fraud cases in U.S. history.

Thursday| October 25, 2018 10:05 – 11:05 a.m. CS 5-1: Server-based Gaming Sean Mason IT Auditor National Indian Gaming Commission This course will discuss the many different variations of server-based systems and game download systems. As use of this technology increases in gaming, a basic understanding of the positives and negatives of the systems is vital. Knowing the specifics of deploying such a system and also how to audit the systems effectively is essential.

In this session, participants will: • Learn the difference between eprom-based, downloadable, and server-based games. • Understand the positives and negatives of each system. • Gain awareness of security issues related to server-based and downloadable games.

Sean Mason has been in the gaming industry since 2000, and his long history includes working with outside companies to offer independent auditing consulting of casino operators’ IT networks. Additionally, he has conducted product demonstrations of new technology and training on different gaming concepts to regulatory agencies, as well as performed network testing to identify weaknesses. Mason played a key part in GLI University and NIGA Masters training, an on-going training system that produces seminars and roundtables for regulators around the world. He has also appeared on multiple panels at various industry tradeshows regarding network security, system verification, and server-based gaming. CS 5-2: Applying a Risk-based Internal Audit Approach to Marketing Rodrigo Macias, CFE Partner, Gaming and Hospitality Advisory Services Group MGO CPAs & Advisors LLP Kenny Weingart, CFE Internal Audit Manager Shingle Springs Tribal Gaming Commission With its creative freedom, innovative ideas, and abundance of customer development initiatives, the casino’s marketing function seems to have the perfect storm of high-dollar budgets with little to no independent oversight, allowing the opportunity for internal and external fraud. The perceived challenge within marketing is that regulatory standards do not specifically address this area, external financial audits are based on a materiality level, and internal audits functions typically focus only on gaming audits. In this session, participants will:

• Understand the major process performed by marketing and the potential associated risks. • Develop a tailored internal control testing methodology to audit the marketing function. • Obtain practical tools for evaluating patron reinvestment and return on investment (ROI) analysis of special

events. Rodrigo Macias has provided consulting and compliance testing services to over 50 Commercial and Tribal casinos across the country. His experience includes performing gaming and non-gaming internal audits, developing casino-wide risk assessments, AML compliance audits, training and development of internal audit departments, as well as overseeing engagements on casino fraud prevention and litigation support. Kenny Weingart Bio Being Finalized

CS 5-3: AML for Casinos: Updates and Answers to Implementation Concerns Theresa Merlino Managing Partner RSM US LLP Anna Wheland, CAMS Director, Title 31 and AML Compliance Wind Creek Hospitality Establishing a system of internal controls to assure ongoing compliance with the Bank Secrecy Act (or BSA; also known as Title 31) is critical to managing the regulatory risks of a casino. Failure to have an effective program in place can have both legal and business repercussions. In this session, participants will:

• Learn about the current regulatory expectations for AML compliance. • Review AML processes and procedures and discuss insights for implementing an AML compliance program. • Understand common AML issues identified during external reviews.

Theresa Merlino is a principal in RSM’s national gaming and hospitality services practice, providing services to gaming and resort entities across the United States. She joined RSM in 1999 and recently assumed the role of office managing partner for the Las Vegas office. Merlino has designed, authored, and implemented internal control systems for start-up casinos and resorts, as well as worked with numerous established gaming and hospitality companies to update and improve their internal control systems. She has also developed significant expertise in designing and implementing anti-money laundering controls for the gaming industry. Anna Wheland began working for the Poarch Band of Creeks in 2006 as a cage cashier. She joined the regulatory compliance department in 2008, progressing from regulatory compliance agent to director of Title 31 and AML compliance. In this role, Wheland is responsible for Title 31 and AML compliance for six properties across three jurisdictions.

Thursday | October 25, 2018 11:15 a.m. – 12:15 p.m. CS 6-1: Internal Audit Delivery: Root Cause and Considerations for IA’s Contributions Ernest (JJ) Merlino, CPA Director, Risk Advisory Services, National Gaming and Hospitality Practice RSM US LLP Jason Palmer, CPA, CFE Senior Manager, Audit Services Group Las Vegas Sands Corp. (LVSC)

Julio Razo, CFE, MSM Global Compliance, Audit Senior Manager Las Vegas Sands Corp. (LVSC) Internal audit departments in the gaming industry play a significant role in monitoring ongoing compliance with applicable MICS and other regulatory control matters, such as operational risks, special projects, and AML/BSA requirements. However, too often, IA departments can slip into only auditing compliance, and opportunities to drive greater value to the organization are missed. We will address common concerns management has of internal audit, and specific actions they can perform when evaluating root cause analysis. In this session, participants will:

• Gain insights into best practices for identification and evaluation of root cause analysis. • Understand approach and methods to evaluate impact of issues cited to the business as a whole. • Learn about the link between the evaluation of root cause analysis and operational improvements to support

management/operations. Ernest “J.J.” Merlino has dedicated his 19 years of experience to the unique needs of the gaming and hospitality industry. In his current role, he leads the Las Vegas office consulting practice, assisting clients with efforts in regulatory compliance and Minimum Internal Control Standards (MICS), development of effective internal audit departments, creation of anti-money laundering programs, development of anti-money laundering risk assessments, assistance with mitigation of Bank Secrecy Act/FinCEN examinations, facilitation of casino openings, and assessments of operational process improvement and profitability enhancement. Merlino joined the firm in 2011 with a background in gaming and hospitality operations management to the practice, including experience with finance, accounting, internal and external audit, accounting and internal control systems, and regulatory compliance expertise within the gaming and hospitality industry. Prior to joining RSM US, he worked in the Las Vegas gaming industry, most recently as the director of compliance for multiple properties on the Las Vegas Strip. In addition to his work with commercial casinos, Merlino has served multiple tribal gaming enterprises in various internal audit, external audit, and consulting capacities. Jason Palmer has over 12 years of combined financial/operational audit, compliance audit, Sarbanes-Oxley compliance, and program management experience. He joined LVSC in 2012 and is currently a senior manager in the audit services group, with overall responsibility for operational audits and special projects/management requests. This includes partnering with counterparts at Marina Bay Sands and Sands China Ltd. to manage global audits. Previously, Palmer was a senior auditor for Deloitte and Touche, performing financial statement audits, and an audit staff member at MGM Mirage, performing gaming compliance and construction audits. Julio Razo has over 15 years of combined IT, compliance audit, fraud investigation, and program management experience. As global compliance, audit senior manager at LVSC, he has overall responsibility for anti-corruption and data analytics on a global basis. Previously, Razo was global compliance manager for Johnson Controls, where he designed and established the internal audit compliance program (anti-corruption, anti-competition, international trade, data privacy, and conflict minerals) on a global scale, incorporating a risk-based approach and forensic style audits with strong data analytics. Earlier, as global compliance leader at GE Healthcare, he designed and implemented Foreign Corrupt Practices Act (FCPA) controls for the company.

CS 6-2: Internal Audit Transformation: Increasing Audit Engagement’s Impact Louise Labrie, CPA Director Grant Thornton LLP Shaddi Ramezan, CPA Senior Manager Grant Thornton LLP Karl O. Stingily, CPA Senior Vice President and Chief Audit Executive Caesars Entertainment Internal audit functions are rapidly changing through new technology, automation, and decreasing budgets. Teams are seeking various ways to continue adding value to the business beyond meeting compliance requirements. With several objectives in mind, internal audit teams are challenging the status quo by developing a more strategic alignment with their business units. Internal audit strategy focuses on risks that would inhibit achievement of business objectives, enable value creation, and support cost reduction. In this session, participants will:

• Analyze typical challenges companies face. • Describe the transformation journey of the internal audit function. • Define “quick-win” solutions to improve internal audit function delivery.

Louise Labrie is a director in Grant Thornton’s advisory services practice and is the national leader in charge of internal audit transformation initiatives. In her 23+ years of internal audit experience at the firm, she was a partner in the strategy and performance consulting group and also partner-in-charge of the business risk and internal audit practice for the Province of Quebec. Labrie has served as lead partner for 200+ internal audit projects. Her experience includes performing and leading internal audits for gaming, entertainment, and hospitality service companies, with an emphasis on rationalization projects to ensure the business was focusing on the highest risk areas when developing an annual internal audit plan. Shaddi Ramezan brings nine years of experience in governance, risk, and compliance services and assisting companies with developing transformation roadmaps for enterprise wide initiatives. She has been responsible for leading workshops with stakeholders to document current state pain points and solution a three year transformation roadmap. Sample future state customer experience delivery models were developed to visually depict the new customer experience at the conclusion of the roadmap implementation.

Shaddi has also led process improvement assessments through the application of lean six sigma methodology. In addition to designing the to-be state for various improvement initiatives and developing implementation timelines, Shaddi oversaw the design of metric dashboards to periodically report to Management the progress of various Continuous Improvement Process (CIP) initiatives throughout the year and the corresponding proven cost savings to companies.

Shaddi has assisted clients facilitate their annual risk assessment process to develop and re-assess a three year internal audit plan; this included planning and scoping audits, to executing audit programs; reporting and presenting observations/recommendations to business process owners, Executive Management, and Audit Committee. She has also assisted clients to develop an audit approach to identifying and executing strategic internal audits in an effort to provide better alignment with business strategy and overall additional value add. Some notable projects include, but are not limited to: offer management review, integration playbook review, and accounting operations process improvement assessment. Karl Stingily has served as chief audit executive at Caesars Entertainment since 2016, overseeing regulatory compliance, business process, and IT audit support, as well as leadership of teams supporting SOX compliance and fraud investigation. Previously, he rose through the ranks at FedEx: staff auditor and manager in internal audit; managing director/controller for Asia-Pacific and Canada; vice president/chief financial officer for Canada; vice president of worldwide revenue operations; and vice president of internal audit responsible for internal audit support of FedEx Express and FedEx Ground, including a team of approximately 90 auditors based in Memphis, Pittsburgh, Hong Kong, Brussels, Dubai, and Johannesburg. CS 6-3: Due Diligence: Regulatory and Law Enforcement Expectation Paul Camacho, CAMS Vice President, AML Compliance Station Casinos From a risk base prospective, casinos are required to use “all available information” to identity red flags and gain a comfort in the funds entering the gaming establishment. “All available information” includes not only public records, but also what player development and hosts know about patrons. It means training personnel to identify badges of fraud and criminal activity. Yes, there is “know your customer,” but there is also “know your source.” In this session, participants will:

• Learn what triggers due diligence and an enhanced due diligence investigation. • Discover what is included in “all available information” (Google, transaction analysis, public records,

surveillance, security, casino personnel intelligence, patron management notes, credit files, etc.). • Determine how the process can be adequately documented using a case management system and documenting

communications, including who, what, where, when, why, what, and how. • Understand the expectation to risk rate patrons after a review and mitigating source of funds risk. • Identify when a casino should contact law enforcement as an escalating procedure (strong law enforcement and

regulatory expectation). • Learn how to protect the company by ensuring there is no appearance that the casino is facilitating money

laundering.

Paul Camacho is vice president of anti-money laundering (AML) compliance for Station Casinos and the former special agent in charge for the Las Vegas IRS criminal investigation field office. He played an integral role in developing the American Gaming Association’s best practices for casino AML programs. He has given numerous presentations on casino AML and provided training to the FBI, Department of Homeland Security, IRS, and California Gaming Control Board on money laundering and Bank Secrecy Act (BSA) matters. Camacho contributes frequently to ACAMSTODAY and is the founding member of the Las Vegas Casino AML/BSA working group. In 2017, he was selected by Governor Brian Sandoval to provide expert testimony to the Nevada Gaming Policy Committee on AML treatment of marijuana-related businesses.

Thursday | October 25, 2018 1:45 – 2:45 p.m. CS 7-1: A Comprehensive Approach to Effective Network Assessments Karen Andersen, CISM Manager, Cybersecurity Services and Risk Advisory Eide Bailly Would you like to gain a thorough understanding of network assessments, in plain English? This technical session will provide an overview of network assessments, the objectives, and how to incorporate effective audit components as part of a solid information security strategy. In this session, participants will:

• Discuss the types of network assessments and their respective purposes. • Be able to identify what a vulnerability scan is. • Learn what a penetration test is. • Understand components of an effective audit strategy.

Karen Andersen has more than 21 years of technical consulting experience across a wide variety of industries. She works with clients to perform cybersecurity assessments, risk assessments, technical audits, critical data classification, security policy development, data mapping, and investigations, as well as to consider HIPAA and PII identification and notification. Andersen is adept at explaining technical concepts to non-technical individuals, helping organizations identify technical risks and align them to business objectives, performing data privacy and third-party security assessments, and acting as a security subject matter expert on projects to develop security requirements, implement effective security programs from the board perspective, and facilitate end-user security awareness training. CS 7-2: Construction Auditing for Gaming and Hospitality Jake Ortego, PE, CCE, CCA President JA Cost Engineers and Advisors, Inc. This session will discuss the fundamentals of construction auditing, with specific examples for gaming and hospitality.

In this session, participants will: • Understand what construction audit is and the unique nuances that make it a special type of audit. • Learn the primary components of a construction audit, and what can and cannot be audited. • Hear some specific examples from actual casino and hospitality projects.

Jake Ortego is co-founder and president of JA Cost Engineers and Advisors, focused on bringing clarity and reasonability to construction projects to prevent and avoid overruns, delays, and disputes. He provides both external consulting and internal audit co-sourcing, where he leads and manages internal audit staff for the organization’s construction auditing efforts. Ortego has participated in nearly every aspect of capital improvement processes, from inception through design, construction, and closeout, for projects ranging from the millions to over $1B. He sits on the advisory board for the National Association of Construction Auditors. CS 7-3: Partnering With the Tribal Gaming Commission: Audit Investigation Case Study Ron Jacobs, CIA, CFE Director, Compliance and Audit Red Hawk Casino This session will focus on a purchasing internal audit that led to a four-month fraud investigation. A human resources manager earned the trust of management and misused that trust by embezzling more than $500,000 over a period of about seven years. Internal audit partnered with the Tribal Gaming Commission’s investigative team to detect the fraud, and ultimately aided authorities in prosecuting the individual. In this session, participants will:

• Understand why purchasing policy violations can be indicators of fraud. • Develop ideas on when to expand audit scope to test for fraud. • Learn how to partner with seasoned investigators/fraud examiners during an audit-turned-investigation. • Discover internal controls that could save their organization from similar schemes.

Ron Jacobs oversees the BSA/AML program, tribal and casino compliance, and the performance of casino operational internal audits as director of compliance and audit at Red Hawk Casino. He has been an internal auditor or regulatory compliance professional in the gaming, hospitality, and tribal government industry for more than 12 years. Prior to Red Hawk Casino, Jacobs held positions as regulatory compliance director, internal audit manager, and corporate internal auditor for Thunder Valley Casino Resort and Caesars Entertainment, Inc.

Thursday | October 25, 2018 3:05 – 4:05 p.m. CS 8-1: Ten Common Cybersecurity/IT Compliance Gaps in the Hospitality Industry Ralph Villanueva, CIA, CRMA, CISA, CISM, PCI-ISA IT Security and Compliance Analyst Diamond Resorts International

In the speaker’s five-plus years in a typical hotel and restaurant business, he observed a number of practices that created gaps, posing serious cybersecurity and compliance risks. He will share these insights, as well as actions taken to remediate these gaps. He believes fellow internal auditors struggling with the same issues can use the solutions discussed in this presentation to address those issues and add value to their organization. In this session, participants will:

• Catalogue a list of cybersecurity and IT compliance gaps within their organization using readily available frameworks such as PCI-DSS, COSO, COBIT5, and NIST.

• Develop an effective plan of action that encompasses people, processes, and technologies within their organization.

• Secure solid senior management support for their plan of action. Ralph Villanueva has been keeping his employers compliant with IT compliance requirements across numerous and diverse regulations since 2010. His more than a decade of staff and managerial experience in auditing, accounting, and financial management provides him with insights on how to bridge the collaboration gap between IT and the rest of the organization when it comes to enforcing IT compliance requirements. Villanueva has also spoken professionally at national and international conferences of major organizations. CS 8-2: Branding: Making the Leap From Auditor to Trusted Advisor Sanjay Patel Chief Operating Officer Illinois Power Agency The concept of “branding” is not new. Organizations spend millions towards establishing, nurturing, enhancing, differentiating, and sometimes reinventing their brands. Similarly, the criticality of personal branding has become a focal point for achieving goals and objectives in the challenging and competitive journey to professional fulfillment. This interactive session examines the importance of defining, developing, and managing your personal brand to make the leap from auditor to trusted advisor. In this session, participants will:

• Learn how to define and establish their personal brand. • Examine the importance of “auditing” their personal brand. • Understand the value of managing their personal brand to achieve trusted advisor status.

Sanjay Patel has more than 25 years of progressive risk, control, and audit-related experience in state government, management consulting, IT, and financial services. Patel’s focus on personal branding and ability to use his communication skills have helped him position internal audit as a value-add business partner. He has developed and delivered many training presentations on topics including communication, crisis management, and regulatory compliance, and has conducted webinar presentations to worldwide audiences. Patel is also a self-published author of "From Layoff to Take-Off," an e-book blending storytelling and self-help concepts.

CS 8-3: Designing Fraud Detection Audit Procedures for Procurement, Payroll, and Point-of-Sale Joe Busby, CIA, CFE, CAMS Director, Compliance Sycuan Casino Rodrigo Macias, CFE Partner, Gaming and Hospitality Advisory Services Group MGO CPAs & Advisors Procurement, payroll, and point-of-sale transactions are highly susceptible to fraud and abuse, as all three areas require human input to function. Operations invest significantly in systems and applications to streamline processes, and rely on system controls to ensure segregation of duties. However, all three areas top the charts in regards to number of fraud cases and loss amount. This session discusses the key internal controls that must be in place to prevent and detect fraud. In this session, participants will:

• Be equipped with practical tools and methodologies for performing an internal audit focused on detecting fraud risk for procurement, payroll, and point-of-sale.

• Understand key ratio metrics, pattern analysis, system and application user access reviews, and identification of red flags.

Joe Busby has over 15 years of experience in tribal and commercial gaming, including external and internal auditing, surveillance, regulatory compliance, and casino operations, in Alabama, Pennsylvania, California, Arizona, Washington, Wisconsin, Florida, Minnesota, Kansas, Oklahoma, and Nevada. He has been involved in multiple fraud related investigations that were successfully prosecuted in multiple jurisdictions. Busby has also provided consulting services for a wide range of gaming-related industries, including food & beverage and hotel operations, both domestically and internationally. Rodrigo Macias is a partner in MGO’s gaming and hospitality advisory services group, with over 11 years of experience. He has provided risk advisory and compliance testing services to over 40 commercial and tribal casinos nationwide. His experience includes outsourced internal audit, risk management, and fraud prevention and investigation. He has led compliance testing engagements (including anti-money laundering compliance audits), as well as casino consulting projects focused on operational improvements of cash operations, revenue audit, and training and development of casino internal audit departments. Macias has also been an integral part in documenting casino-wide policies and procedures for multiple systems re-engineering engagements.

Thursday | October 25, 2018 4:15 – 5:30 p.m. General Session 4: Rubber Band Resilience: How to Stretch During Disruptive Events Kathy Parry Founder and Owner Corporate Energy, LLC With quotes like, “transform or die” and “disruption is king,” it is pertinent that changes, especially those from technology, regulations, and staffing, be embraced by gaming and hospitality professionals. The ability to apply a disruption-friendly mindset to industry shifts will be necessary to serve organizations, grow revenue, and retain personnel. This session will equip attendees with the skill set to move through transitions while continuing to produce. In this session, participants will:

• Understand the different reactions to adversity and how to use them to develop a positive outcome. • Increase awareness of growth mindset to keep teams engaged and productive during transitional events. • Discover their own unique coping mechanisms and how to employ them to gain control over situations. • Learn to escalate both personal and organizational energy levels to decrease absenteeism and increase

retention and productivity. Kathy Parry is a recognized authority in personal energy, productivity, and resilience who uses her passion to ignite positive changes for professional leaders and empower others to become more resilient and energized. Prior to launching her own speaking and consulting business, she was a trainer for a super-regional bank on their merger and acquisition team. In this role, she helped others integrate new technology and transition through organizational transformation. Parry works with Fortune 500 corporate leaders, association members, and talent development specialists to help professionals plan for resilience to positively move through disruptive circumstances. Attendees leave her sessions with an action list to power-up their lives and create positive mindsets towards change.