Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Monday | October 1, 2018 8:30 – 9:30 a.m.
Opening Keynote: A Conversation With Senator Dodd
Facilitator:
Vernon Stafford
Executive Vice President and Chief Audit Executive
First Horizon National Corp.
Speaker:
Senator Chris Dodd
Session Description Being Finalized
Vernon Stafford is responsible for corporate internal audit and credit assurance. Prior to joining First Horizon
in 2013, Stafford served a distinguished 33-year career as a national bank examiner for the Office of the
Comptroller of the Currency (OCC), having served as an assistant deputy comptroller (ADC) in OCC’s Midsize
Bank Supervision since mid-2011. As ADC, Stafford supervised a staff of midsize bank examiners-in-charge
(EIC) and a portfolio of midsize banking companies ranging in assets of $13 billion to $90 billion. After serving
in various positions as a field bank examiner and regional analyst, he served as director for OCC’s Core Policy
Development division (now Operational Risk & Core Policy) for about five years, with responsibility for
developing and implementing supervisory policy for national banks. In 2001, Stafford was appointed director
for large bank supervision, a division responsible for the supervision of the largest banking companies in the
national banking system. In 2006, he was appointed EIC of supervision for First Tennessee Bank, N.A.,
responsible for the day-to-day supervisory activities of the banking company, where he served until 2011.
Senator Chris Dodd Bio Being Finalized
Monday | October 1, 2018 9:45 – 11:00 a.m.
General Session 1: Regulatory Panel
Moderator:
Kevin Ryan, CIA, CFSA
Chief Risk Review Officer and General Auditor
KeyCorp
Panelists:
Tom Crock, CISA
National Bank Examiner
Office of the Comptroller of the Currency
Additional Panelists Being Finalized
Session Description Being Finalized
Kevin Ryan is responsible for managing all risk review (internal audit and credit risk review) activities at
KeyCorp and is a member of the organization’s executive council and executive leadership team. He began his
career in 1982 at Chase Manhattan Corp. as part of the management associate program in finance. After two
years, he took a position with KeyCorp’s internal audit group. He worked extensively on audits pertaining to
non-banking subsidiaries (lease, mortgage, and insurance) and undertook progressively responsible roles
through departments and management to arrive in his current position. Ryan is a former board member of
The IIA’s International Internal Auditing Standards Board and currently serves as vice chair of The IIA’s
Financial Services Advisory Board (FSAB).
Tom Crock Bio Being Finalized
Monday | October 1, 2018 11:15 a.m. – 12:15 p.m.
CS 1-1: Data Analytics in Internal Fraud Detection
Brian Allen, CPA, CISA, CISSP
Senior Director, Internal Audit Data Analytics
TIAA
Ken Cooper, CFE
Director, Internal Investigations
TIAA
Mike Cowell, CIA, CISA
Executive Vice President and Chief Auditor
TIAA
Internal audit functions consider fraud a component of their auditing responsibilities. Data analytics programs
provide scalable, repeatable, and cost-effective approaches to identifying indicators of potential internal
fraudulent activity across an organization. This course presents strategies, approaches, and techniques for
developing internal fraud detection procedures. In addition, it includes opportunities to apply those tools and
techniques in real-world scenarios and shares insights on the value of collaboration between internal audit
and internal investigation professionals.
In this session, participants will:
Learn actionable strategies for developing a proactive internal fraud identification program that
leverages analytics.
Design approaches for implementing point-in-time and recurring analytics, including development,
consumption, and disposition approaches.
Gain an appreciation of the value added when internal audit and internal investigation collaborate to
identify potential internal fraud and mitigate future occurrences for an organization.
Experience demo(s) of analytics procedures, generating actionable considerations for implementation
at their organization.
Brian Allen Bio Being Finalized
Ken Cooper Bio Being Finalized
Mike Cowell leads the internal audit division at TIAA, a Fortune 100 diversified financial services organization.
In this role, he provides strategic direction to the audit leadership team covering all legal entities and
businesses of TIAA. The internal audit division includes the internal audit team and a dedicated internal
investigation team. Cowell is a former member of the IIA Global Board of Directors, IIA North American Board,
and Board of Governors for the IIA–Charlotte Chapter. He is currently a member of the IIA Financial Services
Advisory Board and the Conference Board’s Council of Chief Audit Executives.
CS 1-2: Creating Business Value Through Effective Third-Party Management Auditing
Abel Clark
CEO
TruSight
Brian Kostek
Managing Director
Protiviti
Jim McDonald
Managing Director
Protiviti
Third-party risk management continues to be a topic of focus for organizations of all sizes, and while programs
continue to be enhanced, the value of real-time, value-based auditing has never been more important.
Evaluating the framework, completing data analysis, and providing support to first and second line risk
management activities can help reduce costs, enhance processes, and drive value for the organization.
In this session, participants will:
• Consider the regulatory landscape.
• Outline key considerations and guiding principles when implementing, refreshing, or auditing a third-
party management program.
• Timeline the rise of “de-risking” vendors.
• Discuss cybersecurity risk management for technology vendors.
Abel Clark Bio Being Finalized
Brian Kostek Bio Being Finalized
Jim McDonald is a managing director in Protiviti’s risk and compliance practice. He has deep knowledge of
financial services regulations and hands-on experience in bank supervision and policy related matters. He
retired from the OCC after 35 years, serving most recently as a senior member of the OCC supervisory team at
a top 5 U.S. bank and as chief of staff for the examiner-in-charge. In this role, he held direct responsibility for
the bank’s risk management, global compliance, and internal audit functions. McDonald drove the OCC’s
efforts to attain effective bank remediation efforts across all matters of regulatory concern, and was
instrumental in guiding the bank to establish and implement an effective risk framework, risk appetite, risk
culture, and global compliance program.
CS 1-3: Internal Audit's Pathway to the Future: CAE Panel Discussion
Monica O'Reilly
Principal
Deloitte & Touche LLP
Many internal audit departments are finding ways to innovate processes to deliver greater assurance, advise
stakeholders, and anticipate risk. What innovations are making the greatest impact, and do internal audit
stakeholders agree? Join a panel of banking, insurance, investment management, and real estate CAEs as we
explore how they’re preparing for the future of internal audit and examine their reactions to recent survey
data from 1,000+ CAEs worldwide.
In this session, participants will:
• Consider the technology-driven developments expected to impact internal audit in the next three to
five years.
• Develop a point of view on a resource model that will meet the needs of the internal audit of the
future.
• Map key areas in the audit lifecycle where they will innovate and add value for their stakeholders.
• Develop ideas of how they want to innovate and identify the technology, skills, budget, and
methodologies needed.
Monica O'Reilly Bio Being Finalized
Monday | October 1, 2018 1:30 – 2:30 p.m.
General Session 2: Session Details Being Finalized
Larry L. Hattix
Senior Deputy Comptroller for Enterprise Governance and Ombudsman
Office of the Comptroller of the Currency
Session Description Being Finalized
Larry L. Hattix Bio Being Finalized
Monday | October 1, 2018 2:45 – 3:45 p.m.
CS 2-1: Harnessing the Power of Innovation to #DrivePositiveChange
Marc Sabino
Chief Auditor, Innovation
Citigroup
Robotics, analytics, and artificial intelligence are just some of the buzzwords in today’s audit world. But what
do they really mean within the context of audit innovation? And how can audit departments around the globe
truly harness the power of innovation to enhance assurance and improve the stakeholder experience?
In this session, participants will:
• Learn how innovation can enhance the overall stakeholder experience.
• Deep dive into practical, real-life examples demonstrating how implementation of innovative solutions
leads to tangible results.
• Leave with an understanding of how innovation can be used to drive enhanced assurance and greater
insights.
Marc Sabino was appointed chief auditor, head of innovation for audit at Citigroup in August 2017. He is
responsible for the internal audit innovation team, which includes the strategic vision of an innovation
strategy to support the mission of drive positive change and be a game changer in the industry. Sabino leads a
team that identifies and executes innovation, automation opportunities, and performs data analytics to drive
insights and operational efficiency.
CS 2-2: Real-Time Insight: Assurance Over the Organization’s Strategic Plan
Stacey L. Schabel, CPA
Vice President & Chief Audit Executive, Jackson
North American Audit Director, Prudential plc
Executive management, boards, audit committees, and regulators value real-time insight on the most
business-critical areas. This session will focus on how internal audit can align with this expectation through
assessment of the plans, program management activities, and governance driving the organization’s strategic
plan.
In this session, participants will:
• Learn about the types of assurance stakeholders value most.
• Become familiar with an approach that can be used to assess the likelihood of success of their
organization’s strategic plan.
• Experience a real-life example of this type of audit being executed and understand keys to success,
stakeholder reactions, and common pitfalls.
• Receive a sample audit program designed to support the assessment of their organization’s strategic
plan.
Stacey Schabel is responsible for the North American Group-wide Internal Audit team, which examines and
evaluates the key activities and processes supporting the North American operations of Prudential plc, which
includes Jackson National Life Insurance Company. She assists the Board, Audit and Risk Committee members
and executive management in protecting the assets, reputation and sustainability of the organization through
assessment and reporting of the overall effectiveness of risk management, control and governance processes.
Schabel is a member of the IIA’s Global Financial Services Guidance Committee, the IIA chief Audit Executive
Engagement Committee Chair for the Lansing, Michigan Chapter, as well as a CPA and FINRA Series 6
registrant.
CS 2-3: Advancing the Internal Audit Profession
Moderator:
Faizal Chaudhury, CPA, CGMA
Vice President, Internal Audit
Sallie Mae Bank
Panelists:
Star McDade, CPA
Vice President and Portfolio General Auditor
American Express Company
Maggie Phan, CIA, CISA
Senior Vice President and Head of Audit Practices and Operations
Brown Brothers Harriman
Dana Randell, CPA
Senior Vice President and Head of Audit, Professional Practices
Synchrony Financial
IA departments at financial institutions face unique challenges in today’s business climate. Increasing demands
and expectations of stakeholders (regulators, audit committees, management, etc.) are driving the profession
to find ways to evolve and grow. Learn how the professional practice function within IA plays a critical and
integral role in ensuring IA departments meet the evolving demands of key stakeholders while also helping
enhance and maximize the IA value proposition.
In this session, participants will:
• Gain expert insights into recent regulatory exams (horizontal reviews of internal audit).
• Learn about disruption of traditional internal audit processes and how technology, data analytics, and
artificial intelligence/RPA can be leveraged to drive efficiencies.
• Understand the role of professional practices in branding and marketing internal audit to build
strategic relationships internally, throughout the industry, and with regulators.
• Discuss training and talent management, value-added QARs, best practices for professional practice
teams, and how key metrics and stakeholder reporting can drive the profession forward.
Faizal Chaudhury has over 20 years of dedicated experience as an audit professional. Prior to joining Sallie Mae, he held audit leadership positions at TD Bank and Bank of America. Chaudhury’s other experiences include working as an external auditor for EY and Crowe Horwath. He is also a frequent speaker at various national and local professional association conferences related to auditing. Star McDade is a multi-disciplined financial services professional with strong personal values and a diversity of
experience that helps shape her perspective. She is currently responsible for directing internal audit activities
for the global commercial services and the global merchant/network services businesses, as well as for various
oversight functions, including operational risk management, global privacy and enterprise data governance,
and big data. McDade’s earlier AmEx roles included vice president, chief of staff, and head of professional
practices and quality assurance. Previously, she provided audit and advisory services to hedge fund, private
equity, mutual fund, and government investment pool clients at PwC in Houston and New York City.
Maggie Phan has more than 18 years of combined experience in internal audit in the financial services and
banking industries, including audit leadership roles at large financial institutions such as Fidelity, Brown
Brothers Harriman & Co., and Mitsubishi UFJ Trust & Banking. She is fluent in Cantonese, Mandarin, and
Vietnamese.
Dana Randell has over 18 years of experience in audit and assurance activities, with a focus on financial
services. Her extensive background spans consumer lending and bank compliance, including fair lending,
UDAAP, and AML compliance requirements. She leads the Synchrony internal audit professional practices
group and is currently developing a digital audit strategy for the department, focusing on leveraging data
analytics, automation, and technology to develop auditors of the future. Previously, Randell spent 12 years in
public accounting focused on audit and assurance work in the financial services, retail, and construction
industries.
Monday | October 1, 2018 4:15 – 5:15 p.m. CS 3-1: Introduction to Blockchain and Cryptocurrencies, Including Assurance and Compliance
Considerations
A. Michael Smith
Partner
PwC
Rapidly evolving technologies are creating a critical need for business, technology, and compliance functions
to be prepared, adaptive, and agile to emerging challenges. Specifically, blockchain — a distributed ledger
technology underpinning cryptocurrencies and being tested by a variety of companies to track ownership of
assets without a central authority — is now everywhere. Supporters claim it to be a panacea for the high
overhead costs associated with financial services transactions.
In this session, participants will:
• Learn blockchain concepts, what blockchain means for their organization, and the benefits and
unknowns of blockchain applications.
• Delve into industry use cases in financial services and gain assurance for blockchain use cases.
• Understand cryptocurrency and why it requires their attention.
• Discuss the regulatory environment and anticipated regulatory changes.
A. Michael Smith has over 28 years of public and private industry experience, encompassing IT internal audit,
cybersecurity, privacy, IT governance risk and compliance, and national/international regulatory requirements
in the IT space. He has lived and worked in Europe and led teams in EMEA and APAC. Smith is responsible for
PwC’s U.S. internal technology audit services practice for financial services companies and has led projects or
worked in all financial services sectors. He also leads the blockchain assurance practice globally, helping clients
deal with the complexities of risk, control, and assurance in blockchain infrastructures. Smith was previously
global director of technology audit for Bank of New York Mellon.
CS 3-2: Striking a Balance: IA’s Critical Role in Regulatory Issue Remediation
Moderator:
TJ Scallon
Advisory Partner, Internal Audit and Enterprise Risk
KPMG
Panelists:
Gilles Karpowicz
General Auditor
BNP Paribas USA and North America Wholesale
Allyson Kidik
Senior Vice President and Senior Deputy General Auditor
KeyBank
Vincent Pinelli
Chief Operating Officer and Head of Audit Professional Practices
MUFG Internal Audit for the Americas
This discussion on regulatory issue validation will address topics such as demonstrating operational
effectiveness and sustainability, linkage with audit issues and self-identified issues, coordination with business,
and evolving regulatory expectations.
In this session, participants will:
• Understand evolving regulatory expectations related to regulatory issue validation and lessons learned.
• Discuss practices for demonstrating operational effectiveness and sustainability.
• Identify the benefits and practical application of linking regulatory issues with those issues identified by
internal audit and the other lines of defense.
• Share practices for coordinating with the first and second lines of defense during regulatory issue
remediation and validation.
TJ Scallon has 24 years of experience providing audit and advisory services to global financial institutions. As
an advisory partner within KPMG’s internal audit and enterprise risk practice, he works closely with senior
management in areas such as governance, risk and compliance, internal controls and audit frameworks, issue
remediation, and enterprise risk management across all three lines of defense. Prior to joining the advisory
practice, Scallon was an audit partner within KPMG’s financial services audit practice, serving some of the
firm’s largest banking and capital markets clients. He currently serves as the financial services lead for internal
audit and enterprise risk nationally and as KPMG’s New York office banking and capital markets industry
leader.
Gilles Karpowicz Bio Being Finalized
Allyson Kidik Bio Being Finalized
Vincent Pinelli Bio Being Finalized
CS 3-3: Reading the Tea Leaves: Handling Complaints/Concerns
Ayush Agarwal, CA, CFA
Audit Director
SunTrust Bank
Most organizations receive a significant number of complaints/concerns from various sources, but fail to
realize the importance of data and analytics around the information collected, which, if aggregated and
utilized appropriately, could provide senior management, the audit committee, and board of directors with
invaluable information and insights into a company’s culture and potential red flags.
In this session, participants will:
• List the various avenues through which a typical organization receives complaints/concerns.
• Describe regulatory expectations concerning whistleblowing/complaints.
• Understand some of the gaps that currently exist at most organizations, preventing them from using
complaints/concerns information in a meaningful manner.
• Develop ideas for aggregating and analyzing data related to complaints/concerns. Ayush Agarwal has over 20 years of experience in the financial services industry performing internal/external
audits, including 10 years with public accounting firms and 10 ten years of dedicated capital markets
experience. As audit director for corporate functions at SunTrust, he is responsible for evaluating and
recommending improvements in the effectiveness of risk management, control, and governance processes.
Agarwal’s primary areas of audit responsibility encompass finance and accounting, HR, legal, and marketing.
Tuesday | October 2, 2018 8:30 – 9:45 a.m. General Session 3: Details Being Finalized
Tuesday | October 2, 2018 10:00 – 11:00 a.m. CS 4-1: Advancing IT Audit’s Capabilities to Conduct Cyber Security Audits
Jon Coughlin, CISA, CISSP
Technology Audit Director
PNC Bank
David Dunn, CIA, CPA, CITP
Assistant General Auditor, Information Technology
PNC Bank
Lee Williams
Audit Director, Information Technology Audit- Infrastructure and Cyber Security
PNC Bank
Practical tips, examples, and techniques for strengthening audit’s cybersecurity coverage extend beyond
traditional approaches, focusing on what works well, opportunities for improvement, and potential evolution
required to address emerging laws and regulations (cyber ANPR, state privacy laws). Alternate approaches
include leveraging SMEs and data analytics to add incremental value to audit’s output (data protection,
firewall rules, vulnerability assessments). An overview of audit structures will feature dedicated security
testing and ethical hacking components.
In this session, participants will:
• Learn the inherent limitations in applying traditional audit testing techniques to cyber security areas of
focus, and the need to evolve in response to emerging laws and regulations.
• Identify specific areas where alternate testing approaches from audit can increase the value provided
within cyber security audit activities.
• Develop ideas for implementing value-added security testing within their organizations, based on
examples of data loss prevention, firewall rule auditing, and vulnerability management analysis.
• Understand a potential model for successfully building an ethical hacking team directly within the audit
function.
Jon Coughlin leads audit coverage of PNC’s technology infrastructure and security functions. He has had
accountability for leading the audit team’s coverage of infrastructure, security, fraud, technology risk
management, and technology project auditing at various points since 2012. Coughlin previously delivered
technology risk and control services in complex, highly regulated environments as a senior manager within
Deloitte & Touche’s enterprise risk services function. While in public accounting, he served clients with a focus
on technology external/internal audit, technology risk management, and security governance. For 17+ years,
he has delivered technology, risk, and control related services, with broad, global experience in the financial
services, healthcare, retail, and manufacturing industries.
David Dunn leads the internal audit function for PNC’s information technology as assistant general auditor for
The PNC Financial Services Group. Previously, he was senior vice president and senior audit director of global
technology and operations for Bank of America. Dunn’s 24+ years of experience in technology, audit, and
financial services includes The Royal Bank of Scotland, where he served as head of operational risk
management and director of ORM technology and the Basel II program. Dunn’s early roles included executive
vice president, head of operational risk management, technology executive, and director of information
systems audit at Capital One Financial; director of quality assurance at PeopleSoft; and project manager at
Corning.
Lee Williams Bio Being Finalized
CS 4-2: Effectively Assessing a Risk Governance Framework
Julie Scammahorn, CIA, CRMA
Chief Auditor, Citibank, N.A.
Citibank
Assessing a firm’s risk governance framework continues to be a challenge for auditors around the world. What
are the key success factors to ensure an effective assessment? How does an effective assessment tie into the
identification of emerging risk? And when emerging risks are identified, how are they addressed through the
three lines of defense?
In this session, participants will:
• Gain an understanding of key factors to consider when assessing a firm’s risk governance framework.
• Learn tactics that can be employed to identify emerging risks.
• Recognize how identification of emerging risks ties into the three lines of defense model.
Julie Scammahorn is responsible for the ongoing assessment of businesses’ risk and control environment
through evaluation of financial, operational, and administrative controls; governance; and risk management
practices as well as adherence to laws, regulations, and Citigroup and Citibank, N.A. policies. She also is the
regional chief auditor for North America, overseeing the program assurance provided over Citi’s businesses
across the region. Prior to joining Citi in 2014, Scammahorn was the general auditor and senior vice president
of American Express Company, and also served as general auditor at Bank of America Corporation (legacy
Countrywide Financial Corporation). Scammahorn started her career in banking with NationsBank (Bank of
America) and was the senior vice president and audit director responsible for the global audits of Banc of
America Securities. She is a member of The IIA’s Financial Services Advisory Board.
CS 4-3: Focusing on Talent Management Programs for Audit Divisions
Anita Bagg
Senior Vice President and Audit Director
Bank of America
Jason Cahaly
Senior Vice President and Audit Director
Bank of America
Gouri Veerubhotla
Senior Vice President and Audit Director
Bank of America
Internal audit is a people business. Our people can make or break the work that we do; no matter how good
our strategic priorities and audit plans can be, they must be executed by people at all levels within the audit
organization. Audit departments must focus on developing strong and diverse talent at all levels. This includes
discussing employee engagement initiatives, training approaches, college hire programs, and rotation
programs throughout the department.
In this session, participants will:
• Explore ways to think about and develop employee engagement programs for their audit shop.
• Discuss integration of training programs, beyond minimal training requirements.
• Learn ways to manage direct college hire programs for their organization.
• Identify opportunities for broader rotation programs throughout their department, including audit
practice-related rotations for business line auditors.
Anita Bagg leads the BOA audit division’s employee development, training, and engagement efforts, and also
oversees the corporate audit analyst program, which recruits college talent and oversees rotations within the
division. She chaired a council focused on driving an inclusive and diverse work environment, simplification of
day-to-day operations, and professional development. Bagg was previously an auditor and business advisor
responsible for independent assessment of the Merrill Lynch brokerage business, and she audited the global
wealth and investment management chief operating office. Upon joining BOA in 1995, she led projects and
strategic initiatives related to risk assessments, audit planning, and audit committee reporting as part of the
practices team. Early in her career, she was with PricewaterhouseCoopers.
Jason Cahaly Bio Being Finalized Gouri Veerubhotla Bio Being Finalized
Tuesday | October 2, 2018 11:15 a.m. – 12:15 p.m. CS 5-1: Unleashing the Power of Continuous Auditing
Christopher Paulison, CPA
Partner
Grant Thornton, LLP
New competitors are using innovative technologies to meet consumer expectations. In response to these
disruptive technologies, financial institutions are rethinking their business models and developing new ways to
provide products and services. As a result, risk profiles at financial institutions are changing. This session will
explore how internal auditors can prepare to audit these technologies and use these technologies to increase
efficiencies within internal audit.
In this session, participants will:
• Identify innovative technologies and their impact on financial institutions.
• Examine the challenges of auditing innovative technologies.
• Discuss what internal audit departments should be doing to address these new risks.
• Explore ways internal audit can use innovation to improve efficiencies in their processes.
Chris Paulison has over 25 years of experience and serves as the leader for Grant Thornton’s financial services
center of excellence for internal audit. He is active in the financial institutions marketplace, providing client
services to banks of varying sizes and complexity, and has led large-scale global process transformations,
benchmarking/cost productivity/organizational design projects in the areas of business operations, internal
audit, regulatory compliance, and risk management; as well as supervision of simultaneous work across five
continents. Prior to Grant Thornton, Paulison served as partner for a Big 4 firm where he led the firm’s internal
audit/risk practice for the midwest region in financial services. He also served as the CAE for a Fortune 20
company. Paulison has worked with clients including HSBC, ABN AMRO, Ally, Bank of America, Bank of China,
BB&T, Citi, Deutsche Bank, Fidelity, Goldman Sachs, JP Morgan Chase, Morgan Stanley, PNC, RBS, US Bank, and
Wells Fargo.
CS 5-2: Co-Sourcing and Outsourcing: Why Do It?
Moderator:
Sabrina Serafin, CISA
Partner and National Practice Leader
Frazier & Deeter
Panelists:
Matthew Burgess, CPA
Executive Vice President and Chief Internal Auditor
First Financial Bancorp
Paul Calhoun, CPA
Executive Vice President and Chief Audit Executive
TowneBank
Bradley Carroll, CIA, QIAL, CFSA, CRMA, CPA, CFF
Senior Vice President and Director, Internal audit
State Bank Financial Corporation
Steve Jameson, CIA, CPA, CFE
Executive Vice President and Chief Internal Audit & Risk Officer
Community Trust Bancorp, Inc.
This will be a panel discussion on why to out/co-source. (Standard 1210; SME for specific areas, HR constraints
in small banks, cost considerations). Participants will learn the characteristics of each, pros/cons (SMEs, direct
report to AC, scope creep, workpaper ownership, workpaper/report consistency), and how each CAE manages
the out/co-source arrangements at their institution (who selects/engages, who manages, multiple partners or
one for all out/co-sourcing needs, effect on QAIP program, meeting SR 13-1 requirements).
In this session, participants will:
• Recognize the difference between co-sourcing and outsourcing; analyze the characteristics of each and
determine which are pros and cons in their model.
• Determine the level to which their department should rely on co-sourcing or outsourcing: strategic
placement to supplement work or complete transfer of the audit plan?
• Develop a plan for seamless integration among multiple SME partners (co-sourced or outsourced) and
in-sourced staff.
Sabrina Serafin Bio Being Finalized
Matthew Burgess Bio Being Finalized
Paul Calhoun Bio Being Finalized
Bradley Carroll began his career in internal audit with Central Bank LA after graduating from college. Upon the
sale of Central Bank, he moved to an internal auditor position for Carter's Childrenswear and Wachovia Bank.
He then pursued public accounting for the next 14 years, starting and then selling a CPA practice. Carroll
transitioned back into internal audit when he was hired as the CAE of a two-year old $3 billion community
bank using outsourced services for internal audit with the challenge of developing and staffing the bank’s own
internal audit function.
Steve Jameson Bio Being Finalized
CS 5-3: How Strong Is Your Ability to Effectively Challenge Management?
Stephen Mills, CIA, CCSA, ACA
Managing Director
Promontory Financial Group
Andrew Jackson, CIA
Chief Audit Executive
TCF Financial Corporation
U.S. bank supervisors have significant underlying concerns regarding internal audit's independence,
objectivity, and true ability to effectively challenge management. This session will discuss common regulatory
criticisms in this area and explore an approach and framework to self-assess and evaluate internal audit
strength and vulnerabilities regarding independence, objectivity, and challenge. The session will outline
tangible steps that can be taken to strengthen and demonstrate effective challenge to bank supervisors and
the audit committee.
In this session, participants will:
• Describe and recognize the relationship between independence, objectivity, and challenge.
• Construct a framework to evaluate strengths and weaknesses relating to effective challenge.
• Formulate tangible actions to improve independence, objectivity, and the ability to truly challenge
management.
Stephen Mills has extensive global experience, having lived and worked in Asia, Europe, and the U.S. As a
managing director in Promontory Financial Group’s New York office, he advises clients in the areas of internal
audit and internal control frameworks, risk management, corporate governance, regulatory relationships,
compliance transformation, quality assurance and compliance testing, and regulatory compliance, including
BSA/AML and sanctions, mortgage servicing and loss mitigation practices, and model validation. Previously,
Mills spent nearly 20 years in global positions with American Express as a senior member of the global internal
audit team. He was general auditor of the company’s major U.S. and international bank subsidiaries, with
responsibility for global internal audit regulatory relationships.
Andrew Jackson has been with TCF Financial since 2012. Previously he served as CAE of First Horizon National
Corporation and executive vice president and corporate auditor in charge of the internal audit function at First
Tennessee Bank. Jackson is a member of The IIA’s Financial Services Advisory Board and the Financial Services
Conference Board.
Tuesday | October 2, 2018 1:15 – 2:30 p.m. General Session 4: CEO Perspectives: Internal Audit’s Value Proposition Facilitator: Christine Katziff Corporate General Auditor Bank of America Panelists Being Finalized In this panel session, chief executive officers representing a wide range of financial institutions will share their
perspectives and discuss the value they seek from internal audit in their organizations, effective
communication with stakeholders, current challenges across the industry, and more.
In this session, participants will:
Hear directly from a panel of CEOs about the value of their audit teams.
Discuss the expectations of the role internal audit plays within their organizations.
Understand effective methods to build ongoing communication and trust with executive management.
Christine Katziff Bio Being Finalized
Tuesday | October 2, 2018 3:00 – 4:15 p.m. Closing Keynote: Creating Impactful Relationships With the C-Suite Margie Bastolla, CIA, CRMA Principal Margie Bastolla Facilitations, LLC In addition to good analytical skills, an understanding of the business, and knowledge of the organization’s key
risks, a great internal auditor should possess a knack for building solid relationships with management and the
C-suite. Not only are internal auditors with strong professional relationships happier and more productive at
work, if they are known and trusted by audit clients and executives, their recommendations are more likely to
be embraced.
In this session, participants will:
Discover seven practical ways to enhance relationships with management and the C-suite.
Identify personal hang-ups that prevent them from building impactful relationships.
Learn what to say — and how to say it — during conversations with executives. Margie Bastolla is a professional trainer and speaker who provides customized, onsite training for internal auditors on both technical and soft skill topics. She has worked in over 40 countries, conducting hundreds of seminars, workshops, and conference sessions for corporations, government entities, U.N. agencies, and IIA chapters and institutes. Bastolla draws on 30 years of leadership experience in internal auditing, international relations, association management, and public accounting. Previously, she was an executive with The IIA’s global headquarters and an auditor with Worthen Banking Corporation and Deloitte.