The Radisson Hotel...Radisson Hotel Albany (formerly known as the Holiday Inn) 205 Wolf Rd Albany, NY 12205 The Continuing Professional Education (CPE) seminars are being offered by

1

The Radisson Hotel 205 Wolf Rd

Albany, NY 12205 (518) 458-7250

We have planned an outstanding

conference program that will

give you the chance to:

Customize your registration to fit your

schedule and interests. Choose one, two,

or three days

Earn up to 21 CPE hours at outstanding

educational sessions

Discover innovative solutions and gain

the tools you need to be more effective

Learn leadership secrets from national-

ly recognized industry leaders

Network with colleagues from across

the region

Explore the latest technological

advances in financial management

Stay up to date on issues that affect

your career

Improve your knowledge, skills and

abilities, and increase your promotional

potential.

The Conference That Counts 2018

Conference Overview

The New York Capital Chapter of the Association of Government Account-

ants, The Albany Chapter of The Institute of Internal Auditors, and the

Hudson Valley Chapter of ISACA are proud to host The Conference That

Counts (TCTC) 2018 with a special theme—”Mission: Possible”.

Please join us for an outstanding three-day continuing education event

offering challenging, informative, and exciting sessions designed to help

participants keep pace with changes in information technology, auditing,

fraud, and leadership skills. TCTC 2018 promises to be an excellent learning

and networking opportunity for both new and experienced financial manag-

ers, auditors, and accountability professionals. The program has been devel-

oped to ensure that TCTC 2018 delivers up to the minute, quality education-

al content that meets your high standards and professional needs. Up to 21

CPE hours can be earned by attending all three days.

This is the 23rd TCTC and it has become so popular over the years that you

must register early to ensure you get in. Also, keep in mind that registering

early can mean big savings for your agency or company’s training budget.

See the registration page for details. Business casual attire is appropriate for

this event. Since the conference rooms at the Radisson Hotel can vary in

temperature, we recommend that you dress in layers.

Don’t miss out! Early Bird registration ends 02/16/2018!

AGA IIA ISACA

The TCTC is being held on March 19 – 21, 2018

Radisson Hotel Albany (formerly known as the Holiday Inn)

205 Wolf Rd

Albany, NY 12205

The Continuing Professional Education

(CPE) seminars are being offered by a sponsor

approved by the New York State Board of

Public Accountancy to provide the

mandatory continuing education for

licensed CPAs working in New York.

Check to ensure that the CPE credits

offered meet the requirements of your

certifying organization.

NYS License No. 000329

Conference Dates and Location

Register online at:

http://www.eiseverywhere.com/tctc2018

Registration

Many TCTC presenters are making their presentation material available to

attendees online. They will not be printed for distribution at the conference.

You will find the PowerPoint slides online at

http://www.eiseverywhere.com/tctc2018 about two weeks before the

conference. Please remember to download these presentations and bring

them with you to TCTC 2018.

Get Your Conference Handouts Early

https://www.google.com/maps/dir/''/radisson+hotel+albany/data=!4m5!4m4!1m0!1m2!1m1!1s0x89de0c8a255c8807:0xd2c82a65b888493c?sa=X&ved=0ahUKEwjanZnnp_DRAhUK5iYKHcqxDuUQ9RcIjQEwCw



3

AGA IIA ISACA

TCTC 2018 SESSIONS

Monday

March 19, 2018

Session Description

Track General Networking Breaks:

10:00 — 10:30 am & 2:30 — 3:00 pm

Track I (IT) M101: The Small IT Audit Shop: Challenges & Opportunities

8:30 am—10:00 am

Small IT audit shops face many unique challenges among which are limited staff and resources. This could be discouraging,

especially when compared to their much larger counterparts. However challenging small audit life may seem, there is tremen-

dous opportunity to use and implement a manageable number of practical action items that can improve capability and make

the auditor’s professional life more satisfying. Be assured that you can establish, successfully run, and survive in a very small

IT audit function. While the small shop is distinctly different from their bigger brothers, there are also many aspects that

make them similar. In this session, you will learn how to:

• effectively enhance the positive characteristics of a small audit shop

• deliver lasting value

• turn challenges (things that can go wrong) into successes

• determine and achieve your/management's priorities

• focus on material, high-risk issues

• effectively use external providers to fill knowledge gaps

• standardize to support consistency

Speaker: Ross Wescott

Track II (Fraud) M201: Auditing for Internal Fraud

8:30 am—12:00 pm

Most frauds are committed by employees within an organization. This presentation discusses the more common schemes,

legal elements, detection techniques and methods of preventing occupational fraud.

Speaker: Dennis Dycus

Track III (Audit/

Leadership)

M301: Embracing and Evaluating Lines of Defense/Offense 8:30 am— 12:00 pm

Internal audit is commonly referred to as the third line of defense, at least among internal auditors. By understanding risk

management models such as the IIA’s Three Lines of Defense in Effective Risk Management and Control and the linkage to

control frameworks such as COSO’s Internal Control - Integrated Framework, internal auditors will be better prepared to

provide the Board and management a snapshot of the governance of an organization.

During this thought provoking session, gain insight on a model designed to articulate how risk management duties are spread

across the organizations while ensuring accountability and ownership does not get lost in the shuffle.

At the end of this program, attendees will be able to:

• Explain the roles and responsibilities of risk management

• Determine how the lines of defense are, or not, implemented in your organization

• Identify potential areas of blurred responsibilities and independence

• Seek opportunities for collaboration and coordination with others within your organization

Speaker: Gina Eubanks

4

AGA IIA ISACA

Monday

March 19, 2018

Session Description

Track General Monday—Lunch

12:00 pm—1:10 pm

Track I (IT) M102: Taking the Mystery out of IT Audit 10:30 am— 12:00 pm


Track I (IT) M103: SOX and the IT Auditor

1:10 pm— 2:30 pm


Track II (Fraud) M201: Auditing for Internal Fraud (Continued)

1:10 pm—2:30 pm

Most frauds are committed by employees within an organization. This presentation discusses the more common schemes,

legal elements, detection techniques and methods of preventing occupational fraud.


Track III (Audit/

Leadership)

M302: Strategically Aligning Recommendations

1:10 pm—2:30 pm

Internal audit must constantly work to earn and sustain the status of respected advisor with the board and executive manage-

ment. One way to achieve this status is by linking all internal audit activities to the strategies of the organization, function or

process. The board relies on internal audit to offer recommendations that link to the success of the organization.


• Link internal audit activities to strategy

• Collaborate with clients

• Develop relevant recommendations management will be excited to implement


Track I (IT) M104: Using Cobit5 as an Audit Tool

3:00 pm—4:30 pm


5

AGA IIA ISACA

Monday

March 19, 2018

Session Description

Track II (Fraud)

M202: Business Ethics 3:00 pm—4:30 pm

In every organization ethics begin with top management. An action may be legal, but is it the right thing to do? This presen-tation addresses how your business ethics guide you in determining your actions as well as the actions of individuals you su-

pervise.

Please note: This session qualifies for required ethics CPEs for AGA, ACFE, IIA, and other certifications, but does not qualify for New York State CPAs.


Track III (Audit/

Leadership)

M303: Assessing Organizational Culture 3:00 pm—4:30 pm Internal Audit is in a unique position to provide independent observations about the organization’s culture. A value-added

service internal audit can provide is sharing insights on the organization’s culture to management and stakeholders. This can

range from conducting a specific audit project to including elements in internal audit activities.


• Explain elements included in the evaluation of culture

• Identify and explore signs of good and bad culture

• Incorporate culture into internal audit activities


Track General TCTC Social Event— Location: 205 on Wolf Lounge

4:30 pm—6:30 pm

Join us for a complimentary drink and appetizers to end our first day of TCTC.

AGA IIA ISACA

6

AGA IIA ISACA

Tuesday

March 20, 2018

Session Description


10:00 — 10:30 am & 2:30 — 3:00 pm

Track I (IT)

T101: NIST Cybersecurity Framework Module 1 8:30 am—10:00 am

In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which

called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable,

performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large or-

ganizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of

Standards and Technology (NIST).

In this day-long session we will discover how the framework works, how to implement it and what the proposed changes are

as this framework moves to version 1.1. This session will be an overview of what the framework is, who needs to follow it, why

your company may decide this framework is a good solution to use. We will also demo a free tool to help you understand

where your current weakness is and how you can improve your compliance.

Speaker: Jayson Ferron

Track II (Fraud) T201: GAO's Fraud Risk Framework 8:30 am—10:00 am

In this session, I will provide an overview of GAO’s Fraud Risk Framework including:

• How and why GAO developed the Framework

• The focus on fraud risk (as opposed to fraud)

• How the Framework can be used

• The role of the Fraud Reduction and Data Analytics Act (FRDAA) applying the Framework

• Overview of the 4 components in the framework:

1. Commit 2. Assess 3. Design and implement 4. Evaluate and adapt

• How others can use the Framework (e.g., for audit criteria)

Speaker: Rebecca Shea

Track III (Audit/

Leadership)

T301: The Five Tiers of Audit Competency - How Do You Measure Up 8:30 am—10:00 am

This session will describe the five tiers of auditor competency and how they impact auditor performance and succession plan-ning. She will correlate each of the tiers to specific auditor roles and job functions and discuss approaches you can use to build competency in yourself and others.

By participating in this session, you will be able to:

• Explain the connections between competency development, high impact and value-added auditing, and succession planning

• Acquire insights concerning your own professional competency development

• Develop a plan to leverage and expand your existing competency

• Evaluate your Department’s approach to competency development

• Walk away with tactics you can use to develop audit competency in yourself and others

TARGET AUDIENCE

This session is intended for auditors at all levels who want to hone their own and others’ key performance skills and abilities.

Speaker: Ann M. Butera

7

AGA IIA ISACA

Tuesday

March 20, 2018

Session Description

Track I (IT) T102: NIST Cybersecurity Framework Module 2 10:30 am—12:00 pm






In this daylong session we will discover how the framework works, how to implement it and what the proposed changes are





Track III (Audit/

Leadership)

T202: Applying the Fraud Risk Framework 10:30 am—12:00 pm In this session, I will provide a deeper dive into how we have used the GAO Framework to examine fraud risks in various pro-grams including:

• Highlights from GAO’s review of Social-Security Disability Benefits (initial application of the Framework) and CMS Med-

icaid and Medicare antifraud activities

• Data Analytics in GAO’s review of Medicare Provider Enrollment

• Undercover testing in GAO’s review of ACA Enrollment Controls

• Other reviews using the Framework

Speaker: Rebecca Shea

Track III (Audit/

Leadership)

T302: 3 Ways to Deliver Quality 10:30 am—12:00 pm This interactive working session will expand on the third tier of auditor competency: project management. She will explain

how your values affect your priorities and time management. She will describe several ways you can enhance your planning

and scheduling competencies to manage audits efficiently and effectively and deliver results on schedule.

By participating in this session, you will be able to:

• Acquire insights concerning your attitudes on time management practices and find out if your outlook is helping or hurt-

ing you as you manage audit projects

• Manage time and other resources effectively and efficiently throughout an audit

• Handle and adapt to unforeseen incidents during audits

• Use project management tools to deliver effective and timely results at each stage of the audit or project

TARGET AUDIENCE

This session is intended for auditors who need to achieve useful audit project results on time and within budget.

Speaker: Ann M. Butera

Track General Tuesday—Lunch

12:00 pm—1:10 pm

8

Tuesday

March 20, 2018

Session Description


10:00 — 10:30 am & 2:30 — 3:00 pm

Track I (IT)

T103: NIST Cybersecurity Framework Module 3 1:10 pm—2:30 pm In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which





In this daylong session we will discover how the framework works, how to implement it and what the proposed changes as

this framework moves to version 1.1. This session will be an overview of what the framework is, who needs to follow it, why




Track II (Fraud) T203: Breaking the Code of Fraud 1:10 pm—2:30 pm Finding fraud scenarios hiding within core business systems requires skillful adjustments in your approach and technique.

Mr. Vona has spent more than 30 years perfecting the science and art of using data analytics to search for fraud scenarios,

which differs from finding data anomalies. He will share his systematic approach to identifying fraud scenarios and their rela-

tionship to data, including planning, pattern recognition and practical applications of analytics.

Learning Objectives:

• Identify fraud scenarios within core business systems by applying data mining techniques

• How fraud concealment and strategy impact your plan, and what adjustments you may need to make to ensure your suc-

cess

• Recognize patterns within the data that may indicate the presence of a fraud scenario

• Use the five critical data elements to effectively identify fraud scenarios

• Determine the frequency of analysis to prevent unnecessary losses across the organization

Speaker: Leonard W. Vona

Track III (Audit/

Leadership)

T303: The Actionable Audit Report 1:10 pm—2:30 pm Do your audit reports produce the desired results? Do your readers feel compelled to act? If you answered no to either of

these questions, then it’s time to sharpen your “report-thinking” and “report-writing” skills to convey credibility and get re-

sults! In this highly-interactive discussion, participants will learn how to:

• Think things through when formulating the audit observation.

• Use and answer the 25 Questions to Report Writing Excellence.

• Develop reports that provide clients with clear, concise information and the impetus to act.

Speaker: Margie Bastolla

AGA IIA ISACA

9

AGA IIA ISACA

Tuesday

March 20, 2018

Session Description


10:00 — 10:30 am & 2:30 — 3:00 pm

Track I (IT) T104: NIST Cybersecurity Framework Module 4 3:00 pm—4:30 pm






In this daylong session we will discover how the framework works, how to implement it and what the proposed changes are





Track I (IT) T204: Payment Diversion Schemes & Public Sector Transparency Risk 3:00 pm—4:30 pm

Speaker: Michael Dudley

Track II (Fraud)

T304: Interactions for Positive Change: Saying It Right When the Stakes are High 3:00 pm—4:30 pm

Interactions for positive change are important for the growth and success of leaders, managers, and teams. When we under-

stand the foundation of great interactions and then put those foundational skills into practice, we feel more confident and

others see us as more credible. Crucial interactions ̶ those which involve opposing opinions, strong emotions, and high

stakes ̶ often determine success in both our professional and personal lives. When faced with a crucial interaction, we have

three choices: avoid it; face, but deliver poorly; or face and handle well. During this session, we will:

• Discuss three skills that underpin interactions for positive change.

• Analyze underlying fears that often delay crucial interactions.

• Reduce misunderstandings with colleagues and audit clients by inviting them into the conversations you desire.

Speaker: Margie Bastolla

10

Wednesday

March 21, 2018

Session Description


10:00 — 10:30 am & 2:30 — 3:00 pm

Track I (IT)

W101: Conducting an IT Risk Assessment 8:30 am—10:00 am

Many IT organizations do not have a formal program of IT risk and fraud assessments. However, most do have components

that constitute approaches to risk assessment that incorporate fraud prevention and detection. Assessments, if done at all,

sometimes miss vital components that leave IT executives with a false sense of security. In this session, you will learn how to:

• Establish a conceptual model for risk assessment

• Assemble measurable and unique risk characteristics

• Implement a practical risk assessment from the model and characteristics

• Understand and communicate assessment results

• Use IT risk assessment critical success factors to achieve risk assessment victory


Track II (Fraud) W201: Fraud Schemes – How They Were Committed, Found and Investigated 8:30 am—12:00 pm

This class will start with general information regarding fraudulent behavior and how to get started with a fraud investigation

and then move to various types of fraud schemes. The objective of this class is to expose the participants to several types of

fraud schemes; how they were committed, how they were discovered and how they were investigated.

This will be done by using examples of real frauds that were investigated by the instructor. In addition, for each type of fraud

scheme the participants will discuss how the fraud could have been prevented or discovered timely.

Speaker: Allen Brown

Track III (Audit/

Leadership)

W301: Analyzing Processes: Tools for Operational Auditing 8:30 am—12:00 pm

Internal auditors continue to expand the application of operational auditing, reaping the benefits provided by this value-

adding approach to audit work. Based on the top-selling book Business Process Mapping: Improving Customer Satisfaction,

this session discusses how tools such as process mapping, customer mapping, and RACI matrices can be used by internal audi-

tors for more effective operational audits, while showing how they can be used in any situation where auditors are being called

on to identify opportunities for increased efficiency and effectiveness.

Speaker: Michael Jacka

Track I (IT) W102: Bringing Home Big Brother: Personal Data Privacy in the Surveillance Age 10:30 am—12:00 pm Have you ever purchased something online, then saw an ad for a related item in your social media feed? Do you ever wonder

who, or what, is listening to your conversations when your intelligent assistant is waiting for your commands? You give away

a significant amount of indirect information about yourself every day, whether you are online or offline. The online services

you use often have the freedom to decrypt and view your emails, photos, contacts, and documents. Something as innocuous

as what you buy, or who you follow on social media, can be used by organizations and individuals to determine key facts

about who you are and your personal habits. Continued > > >

AGA IIA ISACA

11

AGA IIA ISACA

Wednesday

March 21, 2018

Session Description


10:00 — 10:30 am & 2:30 — 3:00 pm

Track I (IT)

W102: Bringing Home Big Brother: Personal Data Privacy in the Surveillance Age (Continued) 10:30 am—12:00 pm You don't even have to provide the information yourself--your family, friends, and colleagues are inadvertently sharing your

information for you.

This presentation will help you to understand how companies find and share information about you. You'll learn how privacy

policies affect you, and you will be able to make better choices about what information you share online and how you use

electronic assistants. You'll also understand the technological and business reasons for companies to use your data. And

finally, you'll learn basic strategies and tactics for protecting your online identity and data.

Speakers: Todd Brasel & Michelle Warner

Track General Wednesday—Lunch

12:00 pm—1:10 pm

Track I (IT) W103: Cyber Security Jeopardy 1:10 pm—2:30 pm Please join us for Cyber Security Jeopardy, an informal panel-type session in a familiar game-show format, similar to that

famous televised quiz competition, created by Merv Griffin and hosted by Alex Trebek. The event is a security awareness

lesson presented as a game, where panelists compete by providing questions to security-related answers that are offered by

our host, from categories, across several industries. It is sure to be an informative and engaging experience that you won’t

want to miss!

Speakers: Todd Brasel & Michelle Warner

Track II (Fraud) W203: Fraud Schemes - How Were They Found and Investigated (Continued) 1:10 pm—4:30 pm

Speaker: Allen Brown

Track III (Audit/

Leadership)

W302: Using Your Brain: Aspects of Critical Thinking for Internal Auditors

1:10 pm—4:30 pm Critical thinking continues to be recognized as a primary skill for internal auditors at all levels. However, there is not a great

deal of agreement on what is meant by "critical thinking", let alone how best to develop this skill.

This session will share approaches and practices that can be used to help enhance critical thinking. Participants will have a

better understanding of what critical thinking means and how critical thinking should be applied and developed throughout

the audit process.

Speaker: Michael Jacka

Track I (IT) W104: The Cyber Threat Landscape 3:00 pm—4:30 pm Learn about how the FBI goes about identifying and investigating cyber threats in conjunction with their law enforcement partners and the private sector. This presentation will provide a summary of current cyber threat categories, the cyber actors

responsible for these threats, and some case summaries related to successful cyber investigations.

Speaker: Eric Lurie

12

AGA IIA ISACA

SPEAKER BIOS Margie Bastolla CIA, CRMA

Margie Bastolla Facilitations, LLC

Margie Bastolla, CIA, CRMA is Principal of Margie Bastolla Facilitations, LLC. She helps

internal audit departments streamline report-writing processes and produce clear,

impactful audit reports. An internal auditing leader and educator for over 25 years, Margie

facilitates seminars on topics ranging from audit report writing and leadership skills to risk

management and internal control.

A professional speaker, facilitator, and educator, she has consulted and trained thousands

of internal auditors and hundreds of organizations in over 40 countries. Her clients

include the United Nations, the U.S. military, Fortune 500 companies, and private and public-sector organizations around the

world.

Previously an executive for The Institutes of Internal Auditors, Inc. in Altamonte Springs, Florida, Margie served as Vice

President of the Research Foundation, Global Director of Advocacy, and Director of Onsite Training Programs. Prior to The

IIA, she was an internal auditor with Worthen Banking Corporation and a public accountant with Deloitte in Little Rock,

Arkansas.

Margie and her husband, Anthony, live in Orlando, Florida.

Todd Brasel NYSTEC

Todd is a Principal Consultant with NYSTEC's Information Security practice, where he

manages complex security projects and helps clients to understand their security profile

and to plan secure systems. Todd has over 15 years of experience in software development.

He is an ISC-2 Systems Security Certified Practitioner and is pursuing an MBA in IT

Management and a CGS in Information Security from SUNY Albany.

Allen Brown, CPA, CFE Allen is the former Assistant Legislative Auditor for Local Government Services for the state of Louisiana Legislative Auditor’s Office. In this position he oversaw local government audits and directed the Investigative Audit group. During his tenure with the Louisiana Legislative Auditor he participated in hundreds of fraud investigations including one that resulted in the closing of a state agency. Allen retired from the Louisiana Legislative Auditor’s Office in January of 2014. Allen is a graduate of the University of Louisiana at Monroe and, in addition to being a Certified Fraud Examiner, is a licensed Certified Public Accountant. He began his career in financial audit, had experience with federal programs and helped establish an investigative audit division at the Legislative Auditor’s Office. He has testified before legislative committees, grand juries and during trial. Allen also served over eight years as director of internal audit for the Louisiana Community and Technical College System. The system has 49 campuses throughout the state.

Continued on next page > > >

13

AGA IIA ISACA

SPEAKER BIOS

Allen Brown, CPA, CFE (Continued) Prior to joining the community college system, Allen was Practice Leader for Forensic and Investigative Services for the firm of Deloitte & Touche. While with Deloitte & Touche he directed projects in the continental United States, Hawaii, Mexico, Bermuda, Morocco and England. Allen also worked with one of the major US law firms in three law suites involving the tobacco industry. Allen is a member of the American Institute of Certified Public Accountants, the Louisiana Association of Certified Public Accountants, the Association of Certified Fraud Examiners and is past president of the Louisiana Association of College and University Auditors. Allen began teaching for ACFE in the 1990s and has taught fraud investigative courses throughout the United States, Canada, Asia, Australia, and the Caribbean.

Ann M. Butera, CRP

The Whole Person Project

Ann M. Butera, CRP is President of The Whole Person Project, Inc., an organizational development consulting firm. She is a frequent speaker at internal audit conferences and has worked with audit departments of all sizes to provide auditors with the tools and techniques needed to improve risk management practices within their organizations.

Ann is a frequent columnist and webinar leader for Protiviti’s Knowledge Leader. She is regularly cited in Who’s Who and has been honored by Women On The Job with the Business Achievement Award. She is a member of the IIA, the American Society for Training and Development, the Association of Government Accountants, and the National Association of Corporate Directors. She served as Audit Committee Chair for a financial services firm.

She is the author of Mastering the Five Tiers of Audit Competency: The Essence of Effective Auditing. In it, she shares best practices for every stage of the audit and explains how and why the most effective auditors master five essential compe-tencies. New and seasoned auditors will benefit from her insight culled from over 30 years’ experience training thousands of their peers. Ann Butera received her Masters of Business Administration in Organizational Development from Adelphi University. She holds a CRP (Certified Risk Professional) designation from BAI, and is a Summa Cum Laude graduate of Long Island University/C.W. Post College.

Dennis Dycus, CPA, CFE, CGFM

Having retired from the Office of the Comptroller of the Treasury of the State of Tennes-see in June of 2012, I spent over thirty-nine years overseeing the audits of all forms of local governments in Tennessee. These audits included cities, towns, utility districts, school activity and cafeteria funds, housing authorities, quasi-governmental entities and certain not-for-profit organizations.

As director of the Division of Municipal Audit, I was involved with the division’s staff in conducting over five-hundred investigations related to fraud, waste and abuse in which millions of dollars of public funds were discovered lost due to fraud. Many cases were successfully prosecuted resulting in a substantial recovery of funds.

Michael Dudley

Michael Dudley is the Principal Deputy Director of the United Nations Investigation Division in New York. He has more than 25 years' experience in international legal and investigation matters, serving in the private sector and 4 different United Na-tions agencies. He has particular expertise in public procurement fraud, forensic interviewing and digital forensics. Mr. Dudley holds a B.A. in Business Administration, a J.D. and an LL.M in International Business Legal Studies.

14

AGA IIA ISACA

SPEAKER BIOS

Jayson Ferron, CEHi, CISSP, CHFli, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP

Jay is a multi-certified Information Security Subject-Matter-Expert (SME) and with more

than 30 years of professional experience, which includes Security & Compliance, Integration

and Transformation Initiatives, IS Management Process and Operational Metrics Definition

and Documentation. Customers include Community Health Network of Connecticut, Inc.

(CHNCT), Cigna Insurance, Microsoft, Rogers Communications, GM, AT&T, USMC, US Air

Force, US ARMY and DISA. Other customers include banks, government agencies, health

agencies and providers. Jay is Past President of Greater Hartford Chapter of ISACA.

Gina Eubanks, CIA, CISA, CRMA, CCSA Gina Eubanks, CIA, CISA, CRMA, CCSA, co-authored “Leveraging COSO Across the

Three Lines of Defense”, July 2015, published by COSO. She is a passionate leader and

facilitator with more than 24 years in performing governance, risk management and

internal audit activities for a variety of industries in both private and public-sector.

Currently, Gina is a Principal of Eubanks Risk Consulting LLC with concentration on

training and consulting in the areas of leadership, governance, risk, internal audit and

compliance.

Most recently, Gina was Vice President of Professional Services at the Institute of

Internal Auditors (IIA) where she led quality assessment reviews, chief audit executive

services, and industry knowledge centers. Prior to joining the IIA, Gina was an internal audit director at a mortgage processing

company and at Deloitte for 15 years. At Deloitte, she was part of the global internal audit leadership team.

In addition, Gina is an Audit Committee member for a large credit union and serves on a board for a behavioral health services

organization.

Vince Hannon

NYSTEC

Vince Hannon is a Principal Consultant at NYSTEC with more than 25 years of experience

in IT, including more than 20 years in cyber security. Vince has extensive experience in

both the public and private sectors, including: program management and strategic plan-

ning, network and application security architecture, identity and access management, risk

assessment and data classification, metrics and reporting, data loss prevention, policy and

standards development, regulatory compliance, security training and awareness, incident

response, and others. Vince holds an ISACA Certified Information Security Manager and a

BA in Computer Science and Mathematics from the College of Saint Rose.

15

Erie Lurie

FBI

Mr. Lurie entered on duty with the FBI in February 2003. Following training at the FBI Academy in Quantico, VA, he served a

temporary duty assignment to FBIHQ in the Strategic Information and Operations Center (SIOC). In July 2003, Mr. Lurie reported

to the Washington Field Office (WFO) where he investigated counterintelligence violations for a number of years, before transfer-

ring to a public corruption squad. While at WFO, Mr. Lurie also held the position of certified firearms instructor, and Rapid De-

ployment Team Loadplanner. In June 2011, Mr. Lurie was promoted to Supervisory Special Agent in the Operational Technology

Division, Technical Response Unit (TRU). With TRU, he supervised a team of Electronics Technicians deploying domestically and

internationally to provide communications solutions in support of FBI missions. Additionally, Mr. Lurie managed the network

and satellite connectivity teams within TRU. In April 2013, Mr. Lurie reported to the Albany Division as supervisor of the Cyber

Intrusion and CART programs. He also serves as a firearms instructor and the Albany divisions Crisis Management Coordinator.

SPEAKER BIOS

Rebecca Shea, Ph.D. U.S. GAO

As an audit Director in GAO’s Forensic Audits and Investigative Service (FAIS) team, Ms. Shea is

responsible for leading reviews to identify fraud, waste, and abuse across a diverse array of

government programs administered by IRS, the Department of Homeland Security, and the

Department of Transportation, among others. These reviews frequently employ data analytics to

identify indicators of potential fraud.

In her 19 year tenure with GAO, Ms. Shea has led audits across a wide range of federal issues,

including examinations of road conditions on tribal lands, VA’s real property management, the

reliability of OPM human resource databases, safety culture and inspection issues in biosafety

labs, and EEO issues at DOE labs. Ms. Shea received her Ph.D. in sociology from Vanderbilt

University.

Continued on next page > > >

AGA IIA ISACA

Mike Jacka, CIA Mike Jacka is an award-winning columnist and author known for his work with Internal Auditor

magazine including the blog “From the Mind of Mike Jacka” and the magazine’s lighter side

pieces such as “Alice in Auditland”, “Auditing Songs for the Holidays”, and "Auditors Anony-

mous". Retiring from a 30-year career in internal audit with Farmers Insurance, he is now the

Chief Creative Pilot for Flying Pig Audit, Consulting, and Training Solutions (FPACTS).

He is a top-rated instructor and the co-author of Business Process Mapping: Improving Customer

Satisfaction (now in its second edition), Auditing Social Media: A Governance and Risk Guide, and

the recently published The Marketing Strategy: A Risk and Governance Guide to Building a Brand.

Leonard W. Vona, CPA, CFE

Fraud Auditing, Inc.

Leonard W. Vona is the CEO of Fraud Auditing. He is a forensic accountant with more than 38 years of diversified auditing and forensic accounting experience, including a distinguished 18-year private industry career. His firm advises clients in areas of litigation support, financial investigations, fraud detection and fraud prevention. Mr. Vona is the author of three books published by Wiley, Fraud Risk Assessment: Building a Fraud Audit Program and The Fraud Audit: Responding to the Risk of Fraud in Core Business Systems, Fraud Data Analytics Method-ology: The Fraud Scenario Approach to Uncovering Fraud.

16

AGA IIA ISACA

Ross Wescott Wescott & Associates Ross Wescott is Principal of Wescott and Associates, established in 2016 to provide IT audit, risk, governance, and control consulting to a variety of industries and government. For over 30 years, he worked in corporate internal audit shops performing a full scope of IT and general internal audit work including IT audit program development and implementation using leading standards including Cobit5; internal audit strategy, policy, standards, procedures, and guide-lines development and maintenance; risk identification and assessment; controls identification, design and evaluation; and, data analytics.

Ross Wescott graduated from Portland State University in 1975 with a major in Mathematics/Computer Science and from Marylhurst University in 1986 with a Master in Management. He is a Certified Internal Auditor, Certified Information Systems Auditor, Certified Computer

Professional, and a Credit Union Enterprise Risk Management Expert. He is a current and active member of the Institute of Internal Auditors and the Information Systems Audit and Control Association. He has been published in the major Internal Auditing publications and has been a speaker at conventions and conferences on many Internal Audit topics.

SPEAKER BIOS

Leonard W. Vona, CPA, CFE (Continued)

Mr. Vona has successfully conducted more than 100 financial investigations and fraud auditing engagements for some of the largest high profile corporations in the United States. The net result of his efforts has saved clients millions of dollars through recovery or defense strategies. His financial investigation experience includes embezzlement, business disputes, asset theft, bribery & corruption, malpractice, and disbursement schemes. Mr. Vona’s trial experience is extensive, including appearances in federal and state courts. He is qualified as an expert witness, as a CPA and a CFE, and is cited in West Law for the success-ful use of circumstantial evidence.

Mr. Vona graduated from Siena College with honors, receiving a Bachelor of Business Administration in Accounting. Mr. Vona is a member of the American Institute of Certified Public Accountants, the National Association of Certified Fraud Examiners. He was the 1994 President of the N.Y. Capital Chapter of the Association of Government Accountants and the founding President of the Albany Chapter of Certified Fraud Examiners. Website: www.leonardvona.com

Michele Warner NYSTEC

Michele is a Senior Consultant with NYSTEC's Information Security practice. She currently

assists the NYS DOH Bureau of Information Security and Privacy with defining data sharing

agreements. She is an attorney with more than five years of hands-on experience in document

management, quality assurance, and other areas of information technology. She holds a JD from

Albany Law School.

Rob Zeglen NYSTEC

Rob Zeglen is the Information Security Practice Lead at NYSTEC, with more than 25 years of experience in information technology. Rob has a broad range of experience in cyber security and related technologies that includes leading the development and execution of key risk-mitigating activities, risk assessments, and vulnerability testing projects. These accomplishments are complemented with private sector experience at Netscape, Sun Microsystems, GE Global Research, and Knolls Atomic Power Laboratory. Rob is an accomplished speaker and holds both a Certified Information Security Systems Professional (CISSP) and MS in Computer Science.

http://www.leonardvona.com/

17

AGA IIA ISACA

REGISTRATION FORM

1. Fill in the information below

2. Circle your choices (no more than one session per time period please)

3. Registration Fees

Track

Monday—March 19, 2018 Tuesday—March 20, 2018 Wednesday—March 21, 2018

Early A.M.

Late A.M.

Early P.M.

Late P.M.

Early A.M.

Late A.M.

Early P.M.

Late P.M.

Early A.M.

Late A.M.

Early P.M.

Late P.M.

I M101 M102 M103 M104 T101 T103 T104 W101 W102 W103 W104 T102

II M201 M202 T201 T203 T204 W201 W202 W203 W204 T202

III M302 M303 T301 T303 W301 W302 M301 T302 T304

Registration Fees Postmarked

Fee Schedule

By February 16, 2018 After February 16 2018

Member* Non-Member Member* Non-

Member

One Day $160 $235 $185 $260

Two Days $285 $410 $335 $460

Three Days $360 $535 $460 $635

Name (Mr., Mrs., Ms., Miss) _________________________________________________________________________

(Last) (First) (Middle)

Title/Position Company/Agency

Address

City State/Province Zip/Postal Code Country

Phone Fax Name for Badge ID

e-mail Address

Seating is Limited – Register Early!

Register and Pay by February 16,

2018 to receive an “Early Bird”

Discount!

*AGA member?

*ISACA member?

Yes No

Yes No

*IIA member?

*CPA?

Yes No

Yes No

Group Discounts: The following discounts are available to groups. The rates for members and non-members noted above will still apply.

To obtain these discounts, groups must be registered by February 16, 2018. Early registration is encouraged to ensure availability. A full-time

equivalent (FTE) constitutes three days of training. For example, one FTE can be broken down into one person attending for three days,

three people attending for one day each, or any other combination. Discounts for groups are as follows:

50 or more FTEs, 20%; 20 to 49 FTEs, 15%; 10-19 FTEs, 10%, and 5 to 9 FTEs, 5%.

4. Indicate Method of Payment

18

AGA IIA ISACA

REGISTRATION FORM

Make your completed registration and payment to:

TCTC

c/o Hudson Valley ISACA

PO Box 1458

Albany, NY 12201-1458

Hotel reservations can be made by calling the Radisson Hotel Albany (formerly known as the Holiday Inn) at 1 (800) 333-3333 or (518)

458-7250 (24 hours a day) or going to their website at (www.radisson.com). Please mention that you are with the Association of

Government Accountants (AGA) block to take advantage of the conference group rates:

Single or Double occupancy - $115 per room/day or the prevailing government rate.

Please make your luncheon selections.

Monday Chicken Parmesan - Lightly breaded and topped with marinara, mozzarella, and Parmesan cheese served over Penne Pasta)

Cranberry Quinoa Couscous Salad (Nut, Egg, Soy, Shellfish free, Vegetarian)

Seared Steak Salad (Gluten, Nut, Dairy, Egg free) - Sliced steak served over sturdy greens with caramelized red onions and

dressing

Tuesday Chicken Cordon Bleu (Nut, Soy, Shellfish free) - Lightly breaded and filled with Honey Ham and Gruyere Cheese

Mild Mushroom Ravioli (Nut, Soy, Shellfish free, Vegetarian) - Tossed with Caramelized vegetable medley and brown butter

Open Faced Salmon Salad on Grilled Pita (Gluten, Nut, Egg, Soy, Shellfish free) - Grilled marinated salmon served on a

warm gluten free pita with spring greens, couscous and quinoa blend, Greek yogurt, boursin cheese, and lemon juice

Wednesday

8. Menu Choices

6. Cancellation Policy

Cancellations received up to March 14, 2018, will be fully refundable. Substitutions can be requested at any time up until the time of

the conference. Substitutions of a non-member for a member will result in the additional non-member fees being charged.

Individuals who do not cancel on or before March 14, 2018 are not eligible for a refund.

7. Hotel Reservations

5. Register

9. Social Hour

Check here if you plan to attend the social hour on Monday, March 13, 2017 after the last session.

New England Pot Roast with Vegetables (Gluten, Nut, Dairy, Egg, Soy, Shellfish free) - Stewed eye round of beef, carrots,

potatoes, and onions

Pearl Barley and Tomato Salad with Herbs (Vegetarian, Nut, Dairy, Egg, Soy, Shellfish free) - Garden greens, vine ripened

cherry tomatoes, Persian cucumbers, chopped mint tossed with fresh lemon juice and olive oil vinaigrette

Pan Seared Tilapia (Gluten, Nut, Egg, Soy, Shellfish free) - With Citrus Infused Roasted Vegetable Couscous, lemongrass

beurre blanc and sautéed spinach

Check here if you have special dietary needs.

19

AGA IIA ISACA

TCTC CHARITY - CAPITAL CITY RESCUE MISSION

For additional information, please check out the website:

https://www.capitalcityrescuemission.org/

The 2018 TCTC will be sponsoring the Capital City Mission, “the homeless and poor of the Capital Region are served. Since

the Mission does not require individuals to be registered with the city, state or county, as “payables”, like so many other

agencies; many who come to the Mission are the poorest of the poor.” During the three day conference donations will be

collected. The charity has requested the following items:

• Shampoo/conditioner

• Deodorant

• Soap/body wash

• Shaving cream/razors

• Lotion

• Toothbrush/toothpaste

• Socks/underwear (new, especially the larger size)

• Hats/gloves (men’s especially)

https://www.capitalcityrescuemission.org/

20

TCTC GRID

Documents

The Radisson Hotel...Radisson Hotel Albany (formerly known as the Holiday Inn) 205 Wolf Rd Albany, NY 12205 The Continuing Professional Education (CPE) seminars are being offered by