aNNual - Association of College & University Auditors

September 22-26, 2013

Norfolk Waterside Marriott

Norfolk, Virginia

RegiStRatioN BRochuRe2013a N N u a lcoNfeReNce

Come Aboard!We’re Expecting You at the ACUA Annual Conference!Come Aboard!

Early rEgistration DEaDlinE: aug. 12, 2013 latE rEgistration DEaDlinE: sEpt. 2, 2013

2013a n n u a lConfErEnCE

RegistRation BRochuRe

september 22-26, 2013norfolk, Virginia

2

association of College and university auditors

57th Annual Conferenceseptember 22-26, 2013 norfolk Waterside Marriott norfolk, Virginia

C ome Aboard to Norfolk where the top college and university audit professionals will be in September. This year’s Annual Conference will once again provide you opportunities

to learn innovative ideas, share best practices and take home new ways to tackle your chal-lenges. Come Aboard! We’re expecting you at the ACUA Annual Conference in Norfolk!

Monday’s general session will get you geared up for the conference and will prepare you for handling ethical issues on your campus. You will hear from nationally known speaker Dr. Bruce Weinstein, “The Ethics Guy.” His lively, interactive style will inspire and enlighten you about ethical intelligence.

On Tuesday, ACUA will hear from Tom Golden, former partner-in-charge of Pricewater-houseCoopers’ Chicago Investigations Practice. Tom’s general session will help you escape from becoming a fraudster’s next victim and provide the steps for an effective execution plan.

I am especially excited about Wednesday’s general session! Mark Tribus will guide every par-ticipant in seeking self-improvement. For the last two years, Mark has been guiding the ACUA Leads! participants with his energy and passion. Now, every Annual Conference attendee will have the opportunity to learn from him on Wednesday morning.

Our Tuesday afternoon lineup will meet every member’s needs. Again this year, we are offer-ing bonus sessions on Tuesday afternoon for those who prefer two additional CPE hours to valuable, but less formal, networking opportunities. As always, you will have ample oppor-tunities during the Annual Conference to network with other audit professionals in higher education, and the host committee has several activities ready for Tuesday afternoon.

Networking at ACUA is a great way to stay current on industry practices and prepare for risks in higher education. The Annual Conference will give you countless opportunities to meet, greet and network with your colleagues in higher education. Monday will include a private charter—the Spirit of Norfolk Dinner Cruise. You will spend time networking with other ACUA members while viewing many fascinating sights along the waterfront. On Wednesday night, come dressed in your most creative outfit to ACUA’s “Cruise with ACUA” dinner dance.

With seven tracks and 56 concurrent sessions, you have plenty of options to meet your con-tinuing education needs. The information technology, professional development and research & compliance tracks are packed full of sessions to help you grow in the profession. The roundtable sessions provide you opportunities for focused discussions on hot topics while the emerging issues and continuing issues tracks will help you prepare to address both new and ongoing challenges.

On behalf of ACUA’s Board of Directors, the Professional Education Committee, an excep-tional team of track coordinators and the Norfolk Host Committee, I invite you to come aboard and register today. I’m expecting you at the ACUA Annual Conference! Register by August 12, 2013, to take advantage of early bird registration.

Sandy Jansen, Chair ACUA’s Professional Education Committee

aCua Continuing EDuCation CrEDits

Conference participants are eligible to receive a maximum of 24.0 CPE credit hours. The

Association of College and University Auditors (ACUA) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regard-ing registered sponsors may be sub-mitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org.

The Association of College and University Auditors (ACUA) is an international professional organi-zation serving institutions of higher education across the globe.

Since its establishment in 1958, ACUA has provided its members a collegial forum for exchanging and sharing knowledge and generat-ing new ideas. ACUA is committed to increasing members’ knowledge of auditing, regulatory compliance and risk management in higher education.

Annual Conferences allow members to network and socialize at the same time. The combination of camara-derie and a focus on issues which relate to internal auditing in higher education continue to serve as the foundation for all ACUA activities.



3

first-tiME attEnDEE rECEption (By Invitation only)

Sunday, Sept. 22, 2013 5:00 p.m. – 6:00 p.m.

First-time attendees are invited to meet and greet the Board of Directors, past presi-dents, committee chairs and other ACUA leaders and learn what to expect and how to benefit from the activities and educa-tional opportunities provided by ACUA.

opEning rECEptionSunday, Sept. 22, 2013 6:00 p.m. – 7:30 p.m.

Come enjoy the opening of the Exhibit Hall where you can get reacquainted with longtime ACUA friends and make many new ones before visiting area restaurants for dinner on your own. Come for hors d’oeuvres and beverages while you visit with vendors to learn about their products and services and thank them for helping to support this conference through their participation and funding. Don’t forget to show your school pride by wearing your university/college-emblazoned attire!

BaCK By popular DEManD: MonDay lunCH taBlE topiCsMonday, Sept. 23, 2013 12:10 p.m. – 1:10 p.m.

ACUA’s Board of Directors will be hosting roundtable discussions during Monday’s lunch. There will be a variety of table top-ics including small shop talk, research uni-versity issues, volunteering with ACUA and NCAA issues. Don’t miss this chance to share and discover new information. On Monday, look for tables marked with the roundtable topic of your choice and join in!

off-sitE DinnEr EVEntMonday, Sept. 23, 2013 6:30 p.m. – 10:00 p.m.

Walk the short distance from the Norfolk Waterside Marriott to board the magnifi-cent Spirit of Norfolk for a private char-ter, exclusively for conference attendees. View many fascinating sights along the waterfront including spectacular sunset views on board this sleek and elegant ship. Enjoy cocktails, appetizers, dinner, dancing and even green-screen karaoke on this three-hour cruise.

BusinEss MEEtingTuesday, Sept. 24, 2013 10:30 a.m. – 12:00 p.m.

Join the ACUA Board of Directors Tuesday morning for the Annual Business Meeting.

optional nEtWorKing aCtiVitiEsThere are plenty of sights to see during your time in Norfolk! With the hotel’s prime location, you will not want to miss out on experiencing all that you can while you visit! Visit the Optional Networking Activities Web page to see some of the best of the best as suggested by ACUA’s Norfolk Host Committee.

DinnEr DanCEWednesday, Sept. 25, 2013 6:30 p.m. – 11:00 p.m.

“Cruise with ACUA”

Wear your most creative outfit to “Cruise with ACUA” at the annual ACUA Dinner Dance. Prepare to dance the night away experiencing ACUA’s famous camarade-rie with your new ACUA friends!

golf anyonE?How about a game of golf? Doug Horr is organizing two games, one Sunday and the other Tuesday afternoon. Please send Doug an email at [email protected] or call him at 201-216-5179 if you are inter-ested in playing.

EXHiBit HallSunday through Tuesday, visit our vendors in the exhibit hall to learn how their prod-ucts and services can assist you.

ConfErEnCE attirEBusiness casual attire is appropriate for the educational sessions. Be sure to pack a sweater or light jacket as meeting room temperatures tend to be cool. Don’t forget to wear your most creative cruise attire for the “Cruise with ACUA” – themed dinner dance on Wednesday night!

WEatHErNorfolk has an average high temperature in mid-September of 78 degrees with an average low near 65 degrees.

Conference Events

Thank You To Our Strategic Partners

http://www.acua.org/CPE_Events/OptionalNetworkingActivities.asp

mailto:[email protected]



4

Program-at-a-GlancesunDay, sEpt. 22, 20132:00 p.m.-6:30 p.m. Registration Open5:00 p.m.-6:00 p.m. First-Time Attendee Reception6:00 p.m.-7:30 p.m. Opening Reception in the Exhibit Hall

MonDay, sEpt. 23, 20137:00 a.m.-5:00 p.m. Registration Open7:00 a.m.-8:00 a.m. Continental Breakfast8:00 a.m.-8:20 a.m. Welcome & Announcements8:20 a.m.-10:00 a.m. General Session10:00 a.m.-10:30 a.m. Refreshment Break in Exhibit Hall10:30 a.m.-12:10 p.m. Track Session 112:10 p.m.-1:10 p.m. Luncheon Break in Exhibit Hall1:10 p.m.-2:50 p.m. Track Session 22:50 p.m.-3:20 p.m. Refreshment Break in Exhibit Hall3:20 p.m.-5:00 p.m. Track Session 36:30 p.m. – 10:00 p.m. Dinner Cruise

tuEsDay, sEpt. 24, 20137:00 a.m.-10:30 a.m. Registration Open7:00 a.m.-8:00 a.m. Continental Breakfast8:00 a.m.-8:20 a.m. Welcome & Announcements8:20 a.m.-10:00 a.m. General Session

10:00 a.m.-10:30 a.m. Refreshment Break in Exhibit Hall10:30 a.m.-12:00 p.m. Business Meeting/Prize Drawing1:00 p.m.-5:00 p.m. Optional Networking Activities2:00 p.m.-3:40 p.m. Bonus Sessions

WEDnEsDay, sEpt. 25, 20137:30 a.m.-5:00 p.m. Registration Open7:00 a.m.-8:00 a.m. Continental Breakfast8:00 a.m.-8:20 a.m. Welcome & Announcements8:20 a.m.-10:00 a.m. General Session10:00 a.m.-10:30 a.m. Refreshment Break10:30 a.m.-12:10 p.m. Track Session 412:10 p.m.-1:10 p.m. Luncheon1:10 p.m.-2:50 p.m. Track Session 52:50 p.m.-3:20 p.m. Refreshment Break3:20 p.m.-5:00 p.m. Track Session 66:30 p.m.-11:00 p.m. Dinner Dance

tHursDay, sEpt. 26, 20137:30 a.m.-12:00 p.m. Registration Open7:00 a.m.-8:00 a.m. Continental Breakfast8:00 a.m.-9:40 a.m. Track Session 79:40 a.m.-10:10 a.m. Refreshment Break10:10 a.m.-11:50 a.m. Track Session 8

Bonus sEssion inforMationTuesday, Sept. 24, 2013 2:00 p.m.-3:40 p.m.

Utilizing Hotline Benchmarking Data to Improve Ethics and Compliance Program Effectiveness Nate White, Senior Consultant, Ethical Leadership Group, NAVEX GlobalBenchmark data is extremely helpful in not only ascertaining areas of concern regarding your overall ethics compliance program, but also in providing a comparison against others in similar industries or organizational size. We’ll look at what your hotline data is telling you about activity within your organization, and what you can learn by comparing that data to others in similar positions. Taking the learning a step further, we’ll explore how you can use these find-ings to strengthen your overall program–and how one organization successfully did.

Participants will achieve the following learning objectives:

9 Explain what hotline reporting volumes and types of reports can tell you 9 Analyze key benchmarking data findings, by industry as well as overall 9 Describe how different industries vary in their reporting metrics 9 Explain best practices around data to present to your executive leadership and Board of Directors

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Behavioral Ethics Prerequisites: Experience with hotline data

Tuesday, Sept. 24, 2013 2:00 p.m.-3:40 p.m.

IDEA-What Now? Learning Best Practices and New Tools in Version Nine Sheila Hammond, Director of Business Development, Audimation Services, Inc. Susan Jago, Director of Compliance Services, Ohio UniversityTechnology is the key to helping auditors get more work done in less time and essential to adding value. After you’ve selected and pur-chased a professional-grade tool, what’s the best way to get a fast ROI? Tapping into the user community can be helpful in learning how to use technology in an effective way. The use of data analysis technology is part of a bigger movement to help auditors increase audit coverage, perform more thorough and consistent audits and ultimately increase assurance levels.

Participants of this session will:

9 Observe a live demonstration of the new features and function-ality available in IDEA V9 including step-by-step applications including data sets and documentation 9 Define how to use predefined routines and tests to save time and effort while improving the consistency of every audit 9 Explain examples of how IDEA was used on specific audit proj-ects to achieve desired results within Ohio University’s audit department

September 22-26, 2013Norfolk, Virginia

5 rEgistration BroCHurE

9 Develop the documentation received into useable activities/audit programs 9 Explain best practices for using data analytics in higher educa-tion via small group discussions 9 Review key terms used by fellow ACUA members to search for p-card fraud 9 Identify FAQs and responses from the IDEA Help Desk team about using IDEA V9

Knowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None

Tuesday, Sept. 24, 2013 2:00 p.m.-3:40 p.m.

Leadership Perspectives: Taking Risks, Talking Risks and Achieving GoalsFacilitator: Dana R. Harris, ACUA Leads! Program Director, UNCWPanelists: Craig Anderson, Deputy Director University Audit, Virginia Commonwealth UniversityDeb Dahlke, Director of Operations Analysis, University of Nebraska-LincolnJoyce Massott-Burnett, Audit Manager, University of PennsylvaniaMichael L. Somich, Executive Director of Internal Audits, Duke UniversityChristine Swafford, Director, Indiana UniversityKimberly F. Turner, Chief Audit Executive, Texas Tech University System

How do leaders take risks? They are measured and thoughtful. Leaders observe and inquire to understand the environment, iden-tify strategic concepts, prepare and plan for conversations, gen-erate meaningful discussions, and reflect on the results. A leader is not necessarily the one at the top of the organizational chart. A leader brings ideas to the people who can act upon them.

The ACUA Leads! Executive Sponsors and participants chal-lenged one another to embark upon a leadership quest. Cohort I Executive Sponsors Mike Somich and Kim Turner will share the strategic discussion tools and techniques taught in ACUA Leads!. Several members of ACUA Leads! Cohort I will share their lead-ership quest stories, highlighting how they leveraged situational awareness and the support from their mentors to successfully engage other leaders in strategic risk discussions on their respec-tive campuses.

This panel discussion is open to anyone who wants to have a robust discussion about how leaders prepare, execute, reflect and achieve.

After this session, participants will be able to: 9 Identify strategic risks that will generate meaningful discussion on your campus 9 Use discussion tools and techniques to prepare and plan for strategic risk discussions 9 Lead discussions and reflect on the results

Knowledge Level: Overview Advanced Preparation: None Field of Study: Business Management Prerequisites: None

Bonus sEssion inforMation, continued



6

WHat’s your EtHiCs iQ? EtHiCal intElligEnCE for CollEgE anD uniVErsity auDitorsMonday, Sept. 23, 2013

BruCE WEinstEin, phD

8:20 a.m.-10:00 a.m.

“What’s Your Ethics IQ?” is a lively, interactive presentation that will show you how to apply five simple principles—the principles of ethical intelligence—to everything you do at work and beyond.

By the end of the session you will be able to:

9 Explain the five principles of ethical intelligence

9 Apply these principles to a wide range of problems you encounter with colleagues, your boss, direct reports, clients, family members and friends

9 Deepen the trust that others place in you through a renewed commit-ment to smart choices

Everyone who attends will receive a copy of the five principles on a sticky note, and some participants will receive prizes for answering questions. You’ve never had so much fun at an ethics presentation before!

Knowledge Level: Basic Advanced Preparation: None Field of Study: Behavioral Ethics Prerequisites: None

Dr. Bruce Weinstein, The Ethics Guy®, believes that the key to success is having not just emotional intelligence but ethical intelligence too.

He is a regular contributor to the “Huffington Post,” and his work has been featured in “Bloomberg BusinessWeek,” “USA Today,” “The New York Times,” and the in-flight magazine of American Airlines.

He has appeared on many national television programs, includ-ing NBC’s “Today,” ABC’s “Good Morning America,” CNBC’s “Fast Money,” CNN’s “Anderson Cooper 360,” and Fox News Channel’s “O’Reilly Factor.” His latest books are “Ethical Intelligence” (for adults) and “Is It Still Cheating If I Don’t Get Caught?” (for teens).

trust But VErify … to EsCapE BECoMing a frauDstEr’s nEXt ViCtiMTuesday, Sept. 24, 2013

toM W. golDEn, Cpa, CfE

8:20 a.m.-10:00 a.m.

This is not your typical fraud detection course. Today’s instructor knows that the participants are most likely good auditors, trained in the knowl-edge of their profession and conscientious about performing their responsibilities well. He knows that today’s auditor is fully aware that an undetected fraud could cause devastating financial and reputational harm to their organization and that they are the first line of defense. Today’s instructor also knows from personal experience how knowledge alone will fail unless cradled in someone with the right mindset and exe-cution plan. In this course, participants will learn first-hand:

9 Explain the meaning of professional skepticism 9 Define how to effectively communicate to others in the organization 9 Identify the true workplace meaning of Trust and the importance of Verification 9 Describe the absolute best fraud detection mechanism every organi-zation should apply 9 Identify interview techniques that win results

Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: None

Tom Golden is the former partner-in-charge of PricewaterhouseCoopers’ Chicago Investigations Practice. On his first audit of a public company, he discovered a massive leasing scam resulting in halting the audit just days before earnings release. The experience caused him to start a specialty practice in forensic accounting investigation which grew to become the second largest fraud practice for PwC in the U.S. A frequent presenter and often quoted, Tom was the lead author of the award-win-ning book “A Guide to Forensic Accounting Investigation,” now in its second edition. He is a CPA, CFE, former chairman of the Association of Certified Fraud Examiners (ACFE) and former Chairman of the Better Government Association of Chicago (BGA). Tom developed and taught DePaul University’s first Forensic Accounting Investigation course in 2002. He literally “wrote the book on fraud” and you are guaranteed to walk away a savvier auditor having attended one of his sessions. For more information about Tom, please visit www.tomgoldenspeaks.com.

Keynote Speakers

http://tomgoldenspeaks.com/

Photo Courtesy of VisitNorfolkToday.com




7

sEE anD lEaD sElf … tHEn sEE anD lEaD otHErsWednesday, Sept. 25, 2013

lt. ColonEl MarK triBus

8:20 a.m.-10:00 a.m.

Many thought leaders on the topic of leadership argue that leadership is needed more than ever in our increasingly volatile, uncertain, complex and ambiguous global environment.

The fundamental challenge for effective leaders is the capacity to KNOW self and seek self-improvement. It’s the notion that we are not “human doings” but “human BEings” with an essence, values and genius that we bring to the world of work. It is the discovery and relentless pursuit of our “BEing” that enables us to first see and lead self … and then see and lead others. The journey of self-awareness never ends. The Center for Creative Leadership suggests that the growth of a leader can be summarized as follows:

Growth = Experiences + New Knowledge + Reflection + Time

Participants will be able to explain the following concepts:

9 Components of building self-concepts, including strengths and areas for development 9 How a “weakness” actually serves us 9 Authenticity and the Human BEing vs. the Human Doing 9 Our “Best Stuff” and genius 9 Trust, the power of vulnerability and engaging others

Knowledge Level: Basic Advanced Preparation:None Field of Study: Personal Development Prerequisites: None

A graduate of West Point and Harvard Business School, Mark Tribus’ passions are leadership development, team-building and designing inspirational experiences that create lasting change. Mark served a 20-year career in the US Army, including a combat tour in Afghanistan. He is now President of his own firm, Mark Tribus, Inc., where he is com-mitted to building winning teams–one leader at a time.

Mark has developed and taught leadership courses at West Point and Duke University. He regularly facilitates retreats for companies interested in developing authentic, high-functioning and effective teams. Mark has designed and executed numerous leader development experiences for business executives, doctors, MBA programs and college merit scholar programs. He has also conducted countless unique team-building expe-riences for elite athletic teams.

Keynote Speakers



8

TRACkS TRACk A TRACk B TRACk C TRACk D

Emerging Issues Professional Development/ Management

Research & Compliance

Information Technology

TRACK CooRDINAToRS

Selene Coward and Lisa Gaetano

Monica Moyer and Trisha Silvasy

Janet Bishop and Amy Hughes

Steve Kieff and Nikki Pittman

SESSIoN 1Monday, Sept. 23

10:30 a.m.-12:10 p.m.

Matt R. Gardner and Shannon D. Wiese

Construction Auditing Risks and Capital Project Cost

Recovery Strategies for 2013 and Beyond

Christopher Derickson, Kevin Robinson and

Raina Rose TagleAuditing the “A” Word:

Risk in Academic Processes

Frank Bossle and Kimberly Ginn

Who’s Watching the Subs? Internal Audit Approaches to Review Sub-recipients on

Sponsored Projects

Emily A. Knopp and Stephanie Marino

Auditing IT Governance: An In-depth Perspective


1:10 p.m.-2:50 p.m.

Sharon Kurek and Randy Pearman

Briefing on Recent Changes Impacting Internal Audit in

Higher Education

Ruthe HoldenMastering Change: How to Make Your

Recommendations Stick

David Clark and Julie Luster

How to Think Like a Federal Auditor – Keeping Pace

with the Changing Face of Research Regulations

Courtney oxman and Kevin Savoy

Using IT Performance and Security Scanning to Expand

Defense in Depth


3:20 p.m.-5:00 p.m.

Mike Cullen and Emily A. Knopp

A Framework for Auditing Mobile Devices

Monica Dawaldi, Angela Hoon, Monica Moyer and

Trisha Silvasy Making a Case for the Value of Internal Audit - Expanding

your Recognition and Influence

Byron MorganEvaluating Compliance with OMB A-21 – Cost Principles for Educational Institutions

Mark PhillipsAuditing System Development

Life Cycle for Both Non-IT and IT Auditors

SESSIoN 4 Wednesday, Sept. 25

10:30 a.m.-12:10 p.m.

Ruth Stevens and Matthew Lerner

Assessing Controls for Non-Financial Reporting

Danny M. GoldbergProject and Time

Management for Auditors

Laurie Malatesta and Sylvia Thompson

Auditing for Clery Act Compliance

Nathan ZierfussWhere to Evaluate Cloud

Services Security: Marketing or Controls?

SESSIoN 5 Wednesday, Sept. 25 1:10 p.m.-2:50 p.m.

Melissa B. Hall and Mary W. Krauss

There’s an App for That! Mobile Phone Apps That You

Can’t Live Without!

Sandy Jansen and Stephanie Steeves

Calming the Rough Seas of Editing: Establishing

Departmental Report Writing Standards

Margaret MurphyNavigating Customized

Verification

Tim MarleyIT Audit: From Risk

Assessment to Reality


Kara Kearney International Activities and

Audit Risk

Peter Cataldo and Matt Hicks

Implementing a Cost Effective Quality Assessment

Review

Brett M. BakerNSF OIG Audit Workplan

and Data Analytics

Ron Hulshizer Penetration Testing and Social Engineering in a

University Setting

SESSIoN 7 Thursday, Sept. 26

8:00 a.m.-9:40 a.m.

Sonya von HeykingImpacting Student

Success: Reaching Beyond Compliance in Student

Award Programs

Sterling RothHow Much Like a Business? Internal Auditing Views of

Academic Culture, Business Culture, and Measuring Achievement Differences

Steve HoffmanSeven Things University

Auditors Should Know About Tax - Tax Just for Auditors

Jim Purcell Integrating IT Audit –

We Can Do It!

SESSIoN 8 Thursday, Sept. 26

10:10 a.m.-11:50 a.m.

Sharon KurekData Analysis: Let the Data

Do the Work!

Lori CoxThe Ten Commandments of Leadership – Understanding,

Applying, and Promoting Effective Leadership

Rodney A. WalshExploring the HIPAA Security

Rule in the College and University Environment

Carlos S. LobatoIT Compliance Framework for Institutions of Higher

Education

2013 Track Matrix



9

TRACk E TRACk F TRACk G TRACkS

TUES

DA

y B

oN

US

SESS

IoN

S 2:0

0 p

.m. -

3:4

0 p

.m.

TUESDAy BoNUS SESSIoNS

Continuing Issues Fraud & Investigations Specialized Knowledge & Roundtables Bonus Sessions

2:00 p.m.- 3:40 p.m. Andrea Reece and

Christine SwaffordLaura Donovan and

Melissa B. HallJames Shiveley and

Jeb TysonTRACK

CooRDINAToRS

Charles G. ChaffinWho Shot the Auditors? The

Inside Story

Lori Tesch A Practical Approach to Designing, Executing and

Analyzing a Fraud Risk Assessment

Justin T. NobleNCAA D1 Roundtable

SESSIoN 1Monday, Sept. 23 10:30 a.m.-12:10 p.m.

Nate White, NAVEX Global

Utilizing Hotline Benchmarking Data

to Improve Ethics and Compliance Program

Effectiveness

Michael L. SomichNavigating the Intersection

of Internal Audit with Compliance and Risk

Management

Tom Bacigalupi and Carol Westbrook

Student Housing Gets Haunted by Ghost Employees

Leigh GollerLarge Campus Roundtable

SESSIoN 2Monday, Sept. 231:10 p.m.-2:50 p.m.

Sheila Hammond and Susan Jago

IDEA-What Now? Learning Best Practices

and New Tools in Version Nine

Kimberly F. TurnerCan Your Institution

Withstand a Governance Hurricane? Performing

Governance Audits and Risk Assessments

Melissa B. Hall No One Uses Facebook

Anymore … Do They? Using New Social Media Tools in

Fraud Investigations

Betsy Bowers and Brian Daniels

When Mother Nature Gets Angry with Your Campus –

Disaster Recovery Roundtable

SESSIoN 3Monday, Sept. 233:20 p.m.-5:00 p.m.

PanelACUA Leads!

Leadership Perspectives: Taking Risks, Talking Risks and Achieving

Goals

Cheryl Lloyd and Kimberly A. NewmanUniversity of California

Enterprise Risk Management Roll Out! How to Implement an Effective ERM Program in a Multi-Campus University

System

Mike Batson, Paul Coleman and Michael Monaghan Fraud Investigation,

Prevention and Deterrence Best Practices

Dick Dawson and Kimberly F. Turner

The ACUA Risk Dictionary Roundtable - Not your

Grandmother’s Roundtable

SESSIoN 4 Wednesday, Sept. 25 10:30 a.m.-12:10 p.m.

Pamela S. RypkemaRisk Managers:

Collaborators, not Competitors

Roger FrankTravel Fraud: Are You Being

Taken for a Ride?

Barry WhiteIT Auditors and Directors

Roundtable


LaDonna FlynnAre You Auditing Your

Student Health Center? If Not Why Not?

Steven D. AndersonPreventing Financial Aid Fraud and Identity Theft

Lori Cox, Monica Moyer and Trisha Silvasy

Small Shop Roundtable


Justin T. NobleEnrollment Management:

Navigating the Rough Seas of Recruiting and Admissions

Nejolla KorrisLie To Me: Secrets of Linguistic Lie Detection

Phillip Armanas and Phillip Draber

Mid-sized Audit Shops - Roundtable and Roundup

of Risk Management, Researchers and Cowboys

SESSIoN 7 Thursday, Sept. 26 8:00 a.m.-9:40 a.m.

Clay Dean and Len ohnstad

Be a Trusted Advisor! Perform Voluntary

Assessments of Risks and Internal Controls!

William H. BeeckenTestifying as an Expert

Witness

Joe oringelLet’s Get Rolling with Data Analytics and Continuous

Auditing Roundtable

SESSIoN 8 Thursday, Sept. 26 10:10 a.m.-11:50 a.m.

2013 Track Matrix



10

Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.A.1 Construction Auditing Risks and Capital Project Cost Recovery Strategies for 2013 and BeyondMatt R. Gardner, Practice Leader-Construction Audit Svcs., Honkamp Krueger & Co., P.C.Shannon D. Wiese, Manager, Risk Advisory Services, Honkamp Krueger & Co., P.C.Cost recovery or savings reviews of your con-struction activity could save your organization 1-3 percent of its construction cost and boost IA’s value to an organization. You will learn about the common contract documents and forms, inher-ent risks in the construction industry and the con-trols you should have in place to mitigate those risks. You will additionally learn about the types of construction contracts and their accompany-ing risks, the bidding and award process, con-trolling construction costs, as well as the payment and closeout process. Lastly, you will learn about the various types of construction audits, when a construction audit is necessary and how projects should be selected. You will see firsthand the common mistakes, fraudulent activity and errors that occur in construction projects of all sizes and in various industries. After attending this session, participants will be able to: 9 Assess the complete lifecycle of audit con-struction projects and related activities

9 Analyze why, when and how to audit a con-struction project

9 Recognize how to combat construction fraud with the latest and greatest tools available


Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.A.2 Briefing on Recent Changes Impacting Internal Audit in Higher EducationSharon Kurek, Director of Internal Audit, Virginia TechRandy Pearman, Associate Director Internal Audit, Georgia Institute of TechnologyThe Auditing and Accounting Principles Com-mittee (AAPC) members have been engaged in reviewing professional news to stay informed of any standard changes proposed by the IIA, COSO and AICPA applicable to the ACUA membership. In this session presented by the AAPC Chairs, attendees will hear an overview of the updated COSO Internal Control Integrated Framework and IIA Standards, as well as updates on other professional guidance and position papers. After attending this session, participants will be able to: 9 Interpret the new, updated guidance

9 Discuss suggestions on how to implement the principles and standards into their audit functions

Knowledge Level: Update Advanced Preparation: None Field of Study: Auditing Prerequisites: Basic education surrounding internal audit and higher education

Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.A.3 A Framework for Auditing Mobile DevicesMike Cullen, Senior Manager, Baker TillyEmily Knopp, Audit Director, Angelo State Univ.Now that mobile devices bring more diverse technologies to campus, how can internal audit help the institution identify and manage risks? This presentation will describe different types of mobile device management strategies, how mobile devices impact colleges and universities and how internal audit can assess mobile device management based on a framework. After attending this session, participants will be able to: 9 Recognize different approaches for managing mobile devices including centralized, decen-tralized, and BYOD management

9 Identify the impacts of mobile devices on campus

9 Critically analyze mobile device risks using a framework focused on people, devices, applications/websites and data

9 Define key mobile device management con-trols to incorporate into audit work plans


Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.A.4 Assessing Controls for Non-Financial ReportingMatthew Lerner, Internal Auditor, Long Island UniversityRuth Stevens, Internal Audit Director, Long Island UniversityTrustees and senior management rely on non- financial information to evaluate the success of their institution. Many external agencies also collect and publicize comparative data to assess the quality of an institution. Recent reports of col-leges and universities misrepresenting important information about their institutions highlights a growing risk faced by colleges and universities: publically reported non-financial data may be inaccurate, misleading or fraudulent.The internal audit function can play an important role in helping trustees and senior management identify risks and make certain that internal con-trols are put in place to mitigate those risks. This session will focus on the role of the internal audit function in reviewing and assessing controls

related to the reporting of non-financial informa-tion. After attending this session, participants will be able to: 9 Identify key exposure areas 9 Assess the effectiveness of internal controls related to non-financial reporting

9 Formulate best practice-based recommen-dations for management to improve policies and controls and prevent misreporting

Knowledge Level: Basic Advanced Preparation: None Field of Study: Management Advisory Services Prerequisites: None

Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.A.5 There’s An App for That! Mobile Phone Apps That you Can’t Live Without!Melissa B. Hall, Associate Director, Forensic Audits, Georgia Institute of TechnologyMary W. Krauss, IT Audit Manager, Georgia Institute of TechnologyDo you have a smartphone? If you have a smartphone and don’t use multiple apps, you are missing a great opportunity to boost your total efficiency and work smarter, not harder. In 2012, ACUA joined the mobile app market by launching the ACUA app, allowing members to be completely up to date with announcements, deadlines and all things related to college and university auditing! Join us to explore how not only the ACUA app works, but also many other time saving and organizational apps that you will soon wonder how you lived without. Bring your smartphone (Android or Apple) and follow along. After attending this session, participants will be able to: 9 Download and investigate all the features of the ACUA app

9 Identify a variety of free apps that can save time and increase efficiency

9 Compare the value difference in free and paid apps

Knowledge Level: Basic Advanced Preparation: None Field of Study: Business Management & Organization Prerequisites: None

Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.A.6 International Activities and Audit RiskKara Kearney, Assistant Director of Internal Audit, Boston UniversityAs colleges and universities expand overseas, a number of unique risks arise. This presentation will encourage auditors to understand the chal-lenges of international activities, such as employ-ment law, international tax and student safety. After attending this session, participants will be able to:

Track Sessions



11

9 Identify the various types of international activities that exist at higher education insti-tutions and the specific risks associated with each type of activity

9 Explain why international activities are a growing concern from a regulatory, tax, operational and public relations vantage point

9 Recognize the different legal issues impacting international activities from both the US and international perspective

9 Identify risks unique to international activities such as VAT, health and safety, FCPA and ITAR

9 Perform an audit of an international activity – including testing procedures, how to search for unusual activity

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with international audit risks

Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.A.7 Impacting Student Success: Reaching Beyond Compliance in Student Award ProgramsSonya von Heyking, Director, Internal Audit, University of LethbridgeUniversity auditors have a key opportunity to influence student recruitment and retention success by providing assurance and consulting services around the utilization, compliance and optimization of student awards and funding. Our unique competencies allow us to leverage robust public research with our passion for making a difference in our schools. Even if controls are well designed and functioning, universities need con-fidence that their student award money is having the best possible impact on their strategic objec-tives. In the presenter’s experience, a well-de-signed student award assessment can have the added benefit of bolstering the respect and trust between the audit function and senior executives: a real win-win! After attending this session, par-ticipants will be able to: 9 Explain why auditors should go beyond com-pliance and controls in student award audits

9 Identify key objectives for a broader assessment

9 Determine ways to report results and commu-nicate key findings

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with student award programs

Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.A.8 Data Analysis: Let the Data Do the Work!Sharon Kurek, Director of Internal Audit, Virginia TechThe higher education industry has implemented information systems to automate many business processes in support of its teaching, research, and outreach goals. Internal auditors have been presented with an opportunity to make a strate-gic change in their approach to audit. In order to have a cost-effective and value-added audit, auditors need to maximize their use of analyti-cal tools during the planning phase. Routinely selecting random or judgmental transactions to test audit objectives is a thing of the past. Data analysis provides a uniform method of analyzing statistics related to routine tests of large data sets and reduces large data sets into more mean-ingful data sets for targeted sample selection. Data analysis is the process of finding the right data to answer your question, understanding the processes underlying the data, discovering the important patterns in the data and then commu-nicating your results to have the biggest possible impact. After attending this session, participants will be able to: 9 Explain the benefits of utilizing data analysis in audits

9 Identify ideal business processes for utilizing data analysis

9 Explain key concepts and lessons learned from Virginia Tech’s experience

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with data analysis

Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.B.1 Auditing the “A” Word: Risk In Academic ProcessessChristopher Derickson, Assistant Provost & University Registrar, Univ. of North Carolina at Chapel HillKevin Robinson, Executive Director, Internal Auditing, Auburn UniversityRaina Rose Tagle, Partner, Baker TillyHow can internal audit help ensure that academic policies, procedures, and processes are well designed and operating effectively? Traditionally, internal audit has focused on administrative activities that have a direct financial impact on institutions. However, deficiencies in academic processes can have a high impact on institutions through the loss of accreditation and reputation damage. The panel in this session will include perspectives from academic and internal audit leaders. The discussion will focus on auditable risks and related controls in academic admin-istrative processes, ways for internal audit to assess the design and effectiveness of academic

processes and common challenges and lessons learned from auditing academic processes and working with academic leaders. After attending this session, participants will be able to: 9 Identify auditable risks and related controls in academic processes

9 Suggest ways for internal audit to provide assurance for risks related to academic processes

9 Navigate common challenges encountered when auditing academic processes and working with academic leaders


Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.B.2 Mastering Change: How To Make your Recommendations StickRuthe Holden, Chief Auditor, Los Angeles County Metropolitan Transportation AuthorityAuditors work hard developing technical skills, research audit areas and expend significant time and effort drafting quality reports with thought-ful recommendations. At times, after issuing the audit report, nothing happens or recommenda-tions are implemented at a snail’s pace.This session will provide an understanding of the soft skills needed to facilitate change to avoid alienating the people responsible for implement-ing change. This session will provide participants with a better understanding of change theory and behavioral economics and how both of these tools can be used to better design the audit process to help audit clients buy into and own the changes recommended. After attending this session, participants will be able to: 9 Explain change theory 9 Become a change agent – auditors can become more effective by understanding the process of change

9 Analyze behavioral economics and identify how auditors can use it as an audit tool

Knowledge Level: Overview Advanced Preparation: None Field of Study: Personal Development Prerequisites: None

Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.B.3 Making a Case for the Value of Internal Audit-Expanding your Recognition and InfluenceMonica Dawaldi, Director, Baker TillyAngela Hoon, Principal, KPMG LLPMonica Moyer, Director of Internal Audit, Saint Leo UniversityTrisha Silvasy, Director of Internal Audit, Saint Joseph’s UniversityDoes your institution truly appreciate the value that your internal audit department provides?

Track Sessions



12

Even though internal auditors provide a vital service, there may be opportunities to gain rec-ognition and expand influence throughout the institution. Based on the article “Raising the Stature of Internal Auditing,” from “Internal Auditor Magazine,” February 2011 edition, this session will enable participates to: 9 Identify five areas where an internal audit department can assess current practices against the IIA standards

9 Distinguish opportunities for internal auditors to market their contributions

9 Gain knowledge through examples of suc-cessful efforts from other institutions that sup-port the value proposition of internal audit


Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.B.4 Project and Time Management for AuditorsDanny M. Goldberg, Partner, Professional Development, SuneraAuditors who would like to gain insight regarding basic project management skills and how to apply them to the internal audit process should attend this session. This session examines project man-agement roles and environments, the project life cycle, various techniques of work planning and control and evaluation to achieve project objec-tives. Tools available to project managers are dis-cussed throughout in this session. After attending this session, participants will be able to: 9 Explain the basics of project management 9 Budget and track progress effectively 9 Apply the basics of project management to the internal audit process

Knowledge Level: Basic Advanced Preparation: None Field of Study: Business Management & Organization Prerequisites: None

Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.B.5 Calming the Rough Seas of Editing: Establishing Departmental Report Writing StandardsSandy Jansen, Executive Director, Audit & Consulting Services, University of TennesseeStephanie Steeves, Associate Auditor, University of TennesseeIssuing clear, well-written audit reports on a timely basis is a challenge for many audit shops. The editing process to get there can leave both writers’ and editors’ nerves frayed. This session will provide you with the skills and tools to sail from draft report to final smoothly and swiftly.

After attending this session, participants will be able to: 9 Develop departmental report writing stan-dards to streamline the editing process

9 Design a report writing process in their audit departments to ensure audit reports meet the needs of the institution, including the board, senior management and clients

9 Recognize the need for using a consistent format that clients are accustomed to, an executive summary for executive manage-ment, and a professional, neutral tone to share the conclusions

9 Integrate processes so that new staff members can also write audit reports in the same structure and tone as others in the department


Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.B.6 Implementing a Cost Effective Quality Assessment ReviewPeter Cataldo, Audit and Compliance Director, University of CaliforniaMatt Hicks, System-wide Audit Director, University of CaliforniaIIA Standard 1312 requires an external assess-ment every five years. This presentation will focus on the “self-assessment with independent validation” approach used by the University of California (10 campus system). This session will cover the following: 9 Preparation of a timeline and scope document

9 Evaluation, consolidation and adaptation of self-assessment tools from the IIA Quality Assessment Manual

9 Development of a TeamMate Quality Assessment Review (QAR) template

9 Overview of consolidation of campus self-as-sessments, including the identification of best practices and areas for improvement

9 Coordination of campus results with a “sys-tem-wide” self-assessment

9 Identifying external independent validation team and scope of review

After attending this session, participants will be able to: 9 Identify criteria necessary to implement a thorough self-assessment process

9 Explain required documentation and report-ing standards

9 Evaluate your institution’s conformity to the Standards


Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.B.7 How Much Like A Business? Internal Auditing Views of Academic Culture, Business Culture, and Measuring Achievement DifferencesSterling Roth, Chief Audit Officer, Georgia State UniversityIn today’s economic climate, some look at insti-tutions of higher learning like a traditional busi-ness model. Using the results of the presenter’s academic survey of 144 research universities, this session will explore the views of Chief Audit Executives and Internal Audit Directors on areas such as culture, achievement measurement, audit plan development in academic areas and char-acteristics of successful internal auditors. After attending this session, participants will be able to: 9 Explain the basis and objectives of the aca-demic survey

9 Evaluate the applicability of the results to other institutions of higher learning

9 Discover the characteristics the survey respondents identify as important attributes for a successful auditor, an effective reporting relationship to Boards and Committees, and key audit areas in academic areas such as research, teaching and public service


Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.B.8 The Ten Commandments of Leadership-Understanding, Applying, and Promoting Effective LeadershipLori Cox, Director, Internal Audit, Pima Community CollegeAre leaders born or made? Is there a difference between leadership and management? Do effec-tive leaders share any similar traits and/or attri-butes? Does one style of leadership work in all situations?This session explores the answers to these ques-tions and others on the Ten Commandments of Leadership*: Understanding, Applying, and Promoting Effective Leadership (*Based in part on the book by Eric Harvey and Steve Ventura) After attending this session, participants will be able to: 9 Recognize traits of great leaders 9 Identify leadership challenges 9 Identify the common leadership perceptions 9 Explain common definitions of leadership 9 Explain the Ten Commandments of Leadership

Knowledge Level: Overview Advanced Preparation: None Field of Study: Personal Development Prerequisites: None

Track Sessions



13

Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.C.1 Who’s Watching the Subs? Internal Audit Approaches to Review Sub-recipients on Sponsored ProjectsFrank Bossle, Executive Director, Johns Hopkins InstitutionsKimberly Ginn, Principal, Baker TillySub-recipient agreements for grants or contracts inherently present an increased level of risk and concern related to charging costs to an award. The prime award recipient is responsible for all costs charged to a project, but as research moves away (to sub-recipients) from the confines of the institution it becomes exponentially more com-plex to provide an appropriate level of oversight, monitoring and auditing of research activities. This session will discuss the common challenge areas related to working with sub-recipients and where internal audit can provide value including potential audit objectives and procedures.Topics covered will include: 9 Due diligence and sub-recipient setup 9 Financial and technical progress monitoring 9 Cost oversight and monitoring 9 Higher-risk sub-recipient areas (e.g., interna-tional organizations, affiliate agreements)

After attending this session, participants will be able to: 9 Identify challenges to monitoring sub-recipients

9 List areas of particular concern which could affect their institution

9 Detail audit approaches for reviewing sub-re-cipient progress and costs


Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.C.2 How To Think Like a Federal Auditor-keeping Pace With the Changing Face of Research RegulationsDavid Clark, Manager, Baker TillyJulie Luster, Senior Auditor, Princeton UniversityRecent history has shown many institutions in the news or on the wrong end of a government audit for concerns that often wouldn’t appear as a top institutional risk. In an ever-changing regu-latory environment, it is often difficult for internal auditors to know how to best deploy resources to address compliance risks related to conduct-ing research. This session will discuss ways for internal auditors to shift from reliance only on the standard risk assessment process for identifying potential research compliance concerns to utiliz-ing external resources to inform a research-fo-cused audit plan.

The presenters will address the various forms of external resources available and best practices on how to apply this information to circumstances at your institution and leverage audit resources to address changing concerns. After attending this session, participants will be able to: 9 Identify external resources to keep abreast of trends in regulatory enforcement and Inspector General focus

9 Describe recent examples of unexpected audit results

9 Explain techniques to prioritize resources as needed based on the continually shifting compliance risk profile

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: A general understanding of research compliance within higher education

Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.C.3 Evaluating Compliance with oMB A-21, Cost Principles for Educational InstitutionsByron Morgan, Chief Audit Executive, University of MemphisThis session will cover key compliance issues asso-ciated with OMB Circular A-21(Cost Principles for Educational Institutions) that are common to colleges and universities that receive externally sponsored funding from federal sources. A-21 establishes cost accounting principles and speci-fies the allowability of costs for grants and coop-erative agreements. Various federal Office of Inspector General (OIG) offices continue to con-duct audits that focus on specific provisions from A-21 relative to effort reporting and charging of administrative costs.After attending this session, participants will be able to: 9 Identify the key compliance issues that derive from OMB A-21

9 Identify the primary risk areas to include in the annual risk assessment plan

9 Discuss and understand effort reporting (pay-roll costs) and identify audit strategies

9 Identify the risk areas associated with admin-istrative costs and identify audit strategies for auditing these costs

9 Identify resources and tools that will help per-form audits regarding compliance with A-21


Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.C.4 Auditing for Clery Act ComplianceLaurie Malatesta, Audit Senior, Pennsylvania State System of Higher Education

Sylvia Thompson, Audit Senior, Pennsylvania State System of Higher EducationThe Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Clery Act) requires higher education institutions that participate in federal student financial aid fund-ing to annually disclose information about crime occurring on and surrounding their campuses. Colleges and universities need to ensure risks regarding campus safety and security are ade-quately managed, and compliance with Clery Act requirements is achieved. Internal audit is a valuable resource for an institution to utilize in its evaluation of Clery Act compliance. After attend-ing this session, participants will be able to: 9 Possess an understanding of the Clery Act 9 Identify Clery Act compliance requirements 9 Review the contents of the Annual Security and Fire Safety Reports

9 Perform a Clery Act compliance auditKnowledge Level: Basic Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None

Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.C.5 Navigating Customized VerificationMargaret Murphy, Director, Financial Aid, Eastern Virginia Medical SchoolWith the advent this year of customized ver-ification and the five types, determining what’s required and whether or not the school has ade-quately complied is just as challenging for audi-tors as financial aid professionals. At the end of this session, you will be able to: 9 Explain what Title IV verification is 9 Identify the new categories 9 Recognize how regulations may change annually

9 Explain acceptable documentation 9 Determine if the institution’s policies and procedures are compliant

9 Distinguish conflicting information vs. selected for verification

9 Assess when verification is not requiredKnowledge Level: Intermediate Advanced Preparation: Yes, presentation will be provided to attendees. Field of Study: Specialized Knowledge & Applications Prerequisites: Experience with customized verification

Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.C.6 NSF oIG Audit Workplan and Data AnalyticsBrett M. Baker, Assistant Inspector General for Audit, National Science Foundation, Office of Inspector General

Track Sessions



14

This presentation will cover NSF OIG audit plan-ning, approaches, communication and auto-mated technologies for NSF operational and grant oversight. Material will also cover the use of data analytics for enhanced grant oversight and application opportunities for oversight and accountability professionals. The presentation will also address current government-wide topics being addressed in the federal audit community, such as Recovery Act, OMB grant reform and improper payments.After attending this session, participants will be able to: 9 Describe the NSF OIG approach to opera-tional and grant oversight

9 Assess the use of data analytics 9 Identify current topics being addressed in the Federal audit community

Knowledge Level: Overview Advanced Preparation: None Field of Study: Auditing Prerequisites: None

Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.C.7 Seven Things University Auditors Should know About Tax – Tax Just for AuditorsSteve Hoffman, The Tax TranslatorAuditors play an important role in tax risk man-agement at their university. While they are focused on an issue, a tax matter may be present at the same time. This session will provide audi-tors with an understanding of tax issues. Topics covered will include: 9 Sales Tax 9 Unrelated Business Income Tax 9 Taxable and Nontaxable Fringe Benefits 9 Presidents and Coaches Contracts 9 International Students 9 Form 990–How to use it 9 Other Taxes

At the conclusion of this session, participants will be able to: 9 Identify various ways taxes can impact an institution–not only from a financial risk but also from a reputational or media risk

9 Utilize techniques used to expose tax gaps when conducting an audit

9 Discuss updates on current tax law changes 9 Implement a successful tax compliance pro-gram at their institutions

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Taxes Prerequisites: Experience with tax issues

Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.C.8 Exploring the HIPAA Security Rule in the College and University EnvironmentRodney A. Walsh, Director, BKD, LLPColleges and universities are affected directly and indirectly by the HIPAA security rule, one aspect of the entire Health Insurance Portability and Accountability Act (HIPAA). In this course we will discuss the issues surrounding the relation-ship of the health care covered entities to the col-lege or university; the security rule’s relationship to the privacy rule; review each of the standards set forth in the security rule, including adminis-trative, physical and technical safeguards as well as discussions regarding the breach and compli-ance regulations; and evaluate your compliance with the rule and conducting a security risk anal-ysis. After attending this session, participants will be able to: 9 Explain the purpose and intent of the security rule requirements, along with recent updates

9 Understand the relationship between HIPAA Security, Privacy and Meaningful Use requirements

9 Consider the relationship between the college or university and their related health care organizations and covered entities

9 Implement an “enterprise-wide” risk assess-ment and gap analysis methodology

9 Identify additional compliance elements including breach, contingency planning, and managing business associate relationships

Knowledge Level: Overview Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: Experience

Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.D.1 Auditing IT Governance: An In-Depth PerspectiveEmily A. Knopp, Audit Director, Angelo State UniversityStephanie Marino, Manager, Baker TillyManaging IT at a higher education institution can be challenging, especially since most college and universities have multiple decentralized IT units. By using a consistent framework for IT decision making, an institution can trust that decisions will align with strategic and operational plans of not just IT, but the institution as a whole. This session will focus on equipping internal auditors with the knowledge to perform a comprehensive IT gov-ernance review that addresses strategic planning processes, project portfolio management, IT pro-fessional development, asset management and procurement, and budgeting/financial manage-ment. After attending this session, participants will be able to: 9 Recognize how IT governance impacts col-lege and universities

9 Apply and incorporate current IT governance trends to audit programs

9 Properly scope an IT governance audit, including identifying key scope areas, involved parties/stakeholders and key ques-tions to answer

9 Suggest ways for internal audit to support IT in developing and managing governance processes

Knowledge Level: Intermediate Advanced Preparation: Yes, participants will be expected to become familiar with specific online resources, which will be provided by the presenters, prior to the session Field of Study: Auditing Prerequisites: Education in IT performance & security scanning

Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.D.2 Using IT Performance and Security Scanning to Expand Defense in DepthCourtney oxman, Associate Director IT Audit, University of VirginiaKevin Savoy, Director Hospital and IT Audit, University of VirginiaThe goal of this session will develop a practical understanding of how IT performance and secu-rity scanning (IT scanning) can be applied to the Defense in Depth Security Model to support and enhance the Information Security Program and potentially affect the necessary cultural changes to strengthen the overall information security posture of an organization. After attending this session, participants will be able to: 9 Define the Defense in Depth Security Model 9 Define IT performance and security scanning and apply to the Defense in Depth Security Model

9 Identify IT scanning opportunities for manag-ing physical security performance, network security and client/server and host-based

9 Using an IT scanning strategy to effectuate change in organization

9 Identify industry references, resources and trends

9 Identify audit considerationsKnowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience in IT performance and security scanning

Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.D.3 Auditing System Development Life Cycle for Both Non-IT and IT AuditorsMark Phillips, Director of Internal Audit, Duke University/Duke University Health SystemOften internal auditors are asked to participate and evaluate system implementations. By under-standing the System Development Life Cycle (SDLC) auditors can participate and guide their clients for a successful launch of their system. The

Track Sessions



15

SDLC methodology is used for designing, testing and implementing business solutions. The SDLC is a sequence of stages whereby the output of each stage becomes the input for the next. The objective of the SDLC is to fulfill stakeholder/user needs by implementing quality system/applica-tions in a cost effective way. Internal auditors should be aware of how the SDLC is used for implementations. The presenter will discuss his involvement with large system implementations at Duke University/Duke University Health System and how the integration of the IT and non-IT audit skills were needed for the understanding of internal audit participation.At the end of this session, participants will: 9 Recognize common language used in system implementations

9 Determine the governance structure and the stages of a SDLC such as: 9 Requirements Definition 9 System Design 9 Development (i.e., Build) 9 Testing and Integration (including defini-tion of the various testing types)

9 Acceptance, Installation and Deployment 9 Maintenance

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: A basic understanding of the system development life cycle

Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.D.4 Where to Evaluate Cloud Sevices Security: Marketing or Controls?Nathan Zierfuss, Chief Information Security Officer, University of AlaskaEvaluating the security of new or existing cloud services can be complicated by marketing that obscures the nuances of security in a complex system. After attending this session, participants will be able to: 9 Identify key elements to look for in a secure cloud service provider

9 Carry out due diligence responsibilities, with respect to security, of both service provider and consumer

9 Recognize where marketing can obscure details important to evaluating security

9 Recognize terms of service role within the security function

9 Implement a methodology for insuring an organization’s security needs are met in a way auditors can evaluate

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Overall understanding of cloud services

Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.D.5 IT Audit: From Risk Assessment to RealityTim Marley, IT Audit Manager, University of OklahomaThis presentation will be a case study follow-ing through the steps involved in developing an IT audit program for a three year college, multi-campus internal audit team. This will include co-sourcing with a consulting firm to identify the IT audit universe and produce an IT isk assessment from which an IT audit program can be developed. The presenter will discuss optios for resourcing the IT audit function with an emphasis on identifying and training from your organnization. Specific tools and techniques will be discussed including risk analysis and various audit steps. After attending this session, partici-pants will be able to: 9 Perform a system-wide IT risk assessment 9 Promote the IT audit function to your audit committee

9 Evaluate resource needs for the IT audit function

9 Analyze your own IT audit universe 9 Prioritize IT risk in your audit universe 9 Develop IT audit steps for your institution


Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.D.6 Penetration Testing and Social Engineering in a University SettingRon Hulshizer, Director, IT Risk Services, BKD, LLPColleges and universities are affected by internal and external threats to their IT infrastructure and data by a host of sources. Ron will present an executive level discussion of risks and threats and some practical steps for reducing the risks from these threats using penetration testing and social engineering testing. After attending this session, participants will be able to: 9 Identify emerging technologies and threats facing colleges and universities at all levels

9 Identify and prioritize the risks posed by emerging technologies and learn practical steps to manage them

9 Describe some of the tools and techniques used by people that present IT security problems

9 Understand the risks related to IT security and possible compensating controls to lower the risks

Knowledge Level: Overview Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: None

Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.D.7 Integrating IT Audit – We Can Do It!Jim Purcell, Senior IT Auditor, University of TennesseeThis presentation will help all auditors to become comfortable with integrating elements of IT audit into many types of audit work. We will learn about integrated audit principles, an information system risk assessment technique and informa-tion system audit controls. The presentation will include a case study to help auditors relate to the concepts demonstrated. After attending this session, participants will be able to: 9 Integrate IT audit controls into a traditional audit work plan

9 Carry out an Information System Risk Assessment

9 Select appropriate Information System IT Audit Controls


Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.D.8 IT Compliance Framework for Institutions of Higher EducationCarlos S. Lobato, IT Compliance Officer, New Mexico State UniversityInstitutions of higher education are increasingly expected to comply with various regulatory requirements specifically focused at data privacy and protection. This can result in an overlap of effort that can be avoided if a university-wide IT compliance framework is implemented to ensure compliance at a high level with applicable fed-eral and industry regulations such as FERPA, HIPAA, GLBA, the Red Flags Rule, and PCI DSS. New Mexico State University has developed an IT compliance framework model.We’ll share our lessons learned and this model to help other institutions benchmark their IT compli-ance efforts. After attending this session, partici-pants will be able to: 9 Benchmark their existing practices with the discussed IT framework

9 Determine the regulations relevant to their institutions

9 Recognize how to review the regulations for similar requirements to streamline the imple-mentation and testing of controls

9 Establish a streamlined method for testing the controls while reducing redundancy and making efficient use of audit resources and seek guidance and collaboration from their IT security professionals, i.e. Chief Information Security Officer (CISO) or similar

9 Create value for their institution by lending a user-friendly perspective to compliance

Track Sessions



16

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: Education & Experience

Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.E.1 Who Shot the Auditors? The Inside StoryCharles G. Chaffin, CAE, (Retired) University of Texas SystemIn April 2012, two respected University of Texas Chief Audit Executives were forced into retirement, and the former UT Southwestern President was disgraced following a critical investigation report of his foreign travel. The negative publicity sent shock waves throughout higher education and the internal audit profession. One of the CAEs will share his perspective and lessons learned in the development of internal controls that were in place and the breakdown in the governance pro-cess that led to the debacle. After attending this session, participants will understand: 9 Identify the disruption and impact that attor-neys and investigative reporters can have on an institution using the open records act

9 Recognize the implementation of internal controls that were put into place to prevent fraud

9 Recall the investigative reporters’ unsubstan-tiated allegations reported over a five-year period and the strategies to combat the negative publicity

9 Explore the breakdown in the governance structure which led to incorrect decisions that are still being felt over a year later


Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.E.2 Navigating the Intersection of Internal Audit with Compliance and Risk ManagementMichael L. Somich, Executive Director, Office of Internal Audits, Duke UniversityThe intersection of Internal Audit’s (IA) role and activities with the assessment and monitoring of compliance requirements and institutional risks can lead to confusion. Myriad variations exist in how these three functions operate in relation to one another. This session will be designed to equip each participant with the tools needed to navigate a program appropriate for their institu-tion. After attending this session, participants will be able to: 9 Describe effective roles and activities of internal audit in compliance and risk man-agement and determine which would be most appropriate for your institution

9 Highlight leading practices for effective compliance and enterprise risk management programs to assist in implementation or audits of the programs

9 Identify ways to enhance current compliance and risk management activities and internal audit’s related role, at their institutions

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Basic understanding of enterprise risk management principles

Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.E.3 Can your Institution Withstand a Governance Hurricane? Performing Governance Audits and Risk AssessmentsKimberly F. Turner, Chief Audit Executive, Texas Tech University SystemWhen higher education institutions are in the news for information technology breaches, research misconduct, or athletics violations, those issues are often symptoms of a deeper problem: ineffective governance. Perhaps more than any other type, governance risks can cause a reputational storm surge because poor gover-nance often causes other processes and controls to break down. But governance, by definition, means the ship docks in someone’s harbor, which means addressing the issues can be deli-cate. After attending this session, participants will be able to: 9 Examine tactical steps to use in assessing governance risk

9 Analyze potential impacts of various types of governance risks from the boardroom to the classroom.

9 Apply audit steps to address potential prob-lem areas

9 Implement strategies to mitigate governance risks at all levels

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Experience with governance audits

Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.E.4 University of California Enterprise Risk Management Roll out! How to Implement an Effective ERM Program in a Multi-Campus University SystemCheryl Lloyd, ERM Deputy and Director-Liability Programs, University of CaliforniaKimberly A. Newman, Program Manager, ERMIS, University of CaliforniaThe University of California’s ERM program (launched in 2009 and adopted by the Board of Regents in 2012) helps the university quickly perceive changes in its environment, analyze

these changes, develop a plan for response and execute this plan. Implementing a single robust ERM program in a multi-campus system can be challenging. In addition to requiring strong sponsorship from institution-wide leaders, these leaders must also be willing to implement change in various levels of the organization. Using ERM experts, tools and tips, as well as a cadre of ERM trainers and evangelizers, the UC’s program reaches thousands of employees, students and faculty every day in the 10-campus, 5 medical center-system. After attending this session, par-ticipants will be able to: 9 Describe the UC approach to ERM, including lessons learned and best practices

9 Create an action plan for their own institutions

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Management Advisory Services Prerequisites: Experience with ERM programs

Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.E.5 Risk Managers: Collaborators, Not CompetitorsPamela J. Rypkema, Risk Manager, Gallaudet UniversityInternal Auditors and Risk Managers both ana-lyze campus risks, strive to ensure compliance, and proactively improve the institutional man-agement of risk. These professionals are not competitors, but rather collaborators who each contribute complementary skills, experience and perspectives to campus Enterprise Risk Management. Learn how to effectively collabo-rate using ERM principles in three specific con-texts: (1) complying with federal law during aca-demic research, (2) investigating and resolving whistleblower claims, and (3) monitoring policies and controls in overseas programs. After attend-ing this session, participants will be able to: 9 Understand ERM principles 9 Describe appropriate roles and boundaries between internal audit and risk management functions

9 Compare and contrast internal audit and risk management approaches to ERM

9 Analyze possible ways internal auditors and risk managers can collaborate to manage risk

9 Plan the next steps after the participants return to campus to foster more effective col-laboration with the institutional risk manager

Knowledge Level: Advanced Advanced Preparation: None Field of Study: Management Advisory Services Prerequisites: Basic understanding of risk management principles

Track Sessions



17

Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.E.6 Are you Auditing your Student Health Center? If Not Why Not?LaDonna Flynn, Internal Auditor, Pittsburg State UniversityThis presentation will assist the attendee in understanding: 9 Why they should be auditing their student health center

9 The unique risks related to an on campus student health center

9 How to develop an audit program to audit the risks

9 How to perform some of the more difficult audit steps

After attending this session, participants will be able to: 9 Identify risks related to a student health center

9 Develop audit program related to the identi-fied risks

9 Understand how to perform some of the unique audit steps related to health care


Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.E.7 Enrollment Management: Navigating the Rough Seas of Recruiting and AdmissionsJustin T. Noble, Audit Director, Texas Tech University SystemOur institutions face ever-growing pressure to identify, recruit and yield both higher quality and larger quantities of students. In doing so, staff and systems are placed under ever-increasing risks to reach both strategic and financial targets. This presentation will review the recruiting and admissions processes and the Banner systems our institution utilizes to monitor and control its activities. After attending this session, partici-pants will be able to: 9 Define the common steps in the “recruiting funnel”

9 Conduct basic audit steps to review Banner decision rules

9 Apply a set of tools to conduct controls test-ing in manual application reviews


Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.E.8 Be A Trusted Advisor! Perform Voluntary Assessments of Risks and Internal Controls!Clay Dean, Director of Internal Audit, Kennesaw State UniversityLen ohnstad, Associate Director of Internal Audit, Kennesaw State UniversityThis program provides auditors with new and innovative ideas on how to help departmental managers quickly determine where gaps exist in both their risks and internal controls. These gaps can be identified by periodically partnering with departmental managers on a Risk and Internal Control Assessment.A Risk and Internal Control Assessment is a voluntary teaming activity where departmental managers and their key employees work together with Internal Audit to reduce the gaps between identified and unidentified risks and current and adequate internal controls. After attending this session, participants will be able to: 9 Understand the benefits of a Risk and Internal Control Assessment

9 Develop self-assessment questionnaires for the key risk types (e.g., operational, financial, and compliance) your office can confidently discuss with departmental managers

9 Develop a Risk and Internal Control Assessment process for your organization

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Management Advisory Services Prerequisites: Knowledge of effective internal control structures

Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.F.1 A Practical Approach to Designing, Executing, and Analyzing a Fraud Risk AssessmentLori Tesch, Director, Forensic Audits, Wayne State UniversityIn this course, participants will learn how to design a manageable and effective fraud risk assessment that can be used as a tool to measure and monitor the institution’s fraud awareness. This session will also teach how to identify poten-tial risk areas to be considered in the annual audit plan and areas that may require immediate intervention. We will explore what makes a good fraud risk assessment and the considerations for developing an effective assessment. Discussion will also include using results to become more proactive in managing fraud related risk. After attending this session, participants will be able to: 9 Design a manageable and effective fraud risk assessment appropriate for their institution

9 Assess inexpensive and easy tools and approaches available for the execution of the assessment

9 Quickly analyze results 9 Effectively communicate results to the appro-priate parties

9 Integrate the fraud risk assessment into the audit plan

9 Use the results to become more proactive in the fight against fraud


Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.F.2 Student Housing Gets Haunted by Ghost EmployeesThomas Bacigalupi, Detective, George Mason University Police Dept.Carol Westbrook, IT Audit Manager, George Mason UniversityThis program will present a case study of a mil-lion dollar payroll fraud scheme perpetrated by employees of one the university’s largest con-tractors. The ringleader was convicted and is serving sentence. The university received more than three-quarters of a million dollars in actual settlement. The investigation was conducted by a specially created joint task force made up of university police and internal audit. The present-ers are the lead members of that task force for their respective departments. After attending this session, participants will be able to: 9 Explain various investigative techniques and evidence gathering procedures related to payroll fraud by employees of a university contractor

9 Describe how controls were circumvented or abrogated

9 List techniques for acquisition and develop-ment of adequate and competent evidence to support the criminal court case as well as to secure a satisfactory financial settlement with the contractor

9 Analyze how synergism of a cooperative police/auditor team can enhance the effec-tiveness and efficiency of the investigation process


Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.F.3 No one Uses Facebook Anymore … Do They? Using New Social Media Tools in Fraud InvestigationsMelissa B. Hall, Associate Director, Forensic Audits, Georgia Institute of TechnologyStaying on top of changing social media sites is critical to your fraud investigations, as social media can help you uncover personal and

Track Sessions



18

professional relationships, conflicts of interest, travel patterns and much more. Last year at the conference, we learned how to use social media (focus on Facebook) to examine the subject of an investigation. This year, we will explore in depth other sites such as Instagram, Google+, LinkedIn, Twitter, Flickr and YouTube. Come prepared for hands on learning, as we review examples of how the social media sites have assisted in verifying fraud, waste and abuse in actual investigations. Participants are encouraged to share their own stories of social media use. After attending this session, participants will be able to: 9 Develop strategies for using social media in fraud, waste or abuse investigations

9 Identify other investigation resources avail-able on the Internet

9 Identify popular social media sites used todayKnowledge Level: Update Advanced Preparation: None Field of Study: Specialized Knowledge & Applications Prerequisites: Experience with social media tools

Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.F.4 Fraud Investigation, Prevention and Deterrence Best PracticesMike Batson, Director of Internal Audit, Tennessee State UniversityPaul J. Coleman, Sr. Special Agent, National Science FoundationMichael Monaghan, Director of Financial, Operational and Compliance Audit, Harvard UniversityMost auditors don’t have a problem accurately assessing even the most difficult control envi-ronments, making management recommenda-tions, and following up to make sure they are implemented. However, auditors are increasingly called to respond when fraud occurs, and to help prevent and detect fraud in its early stages. While there are many tools available, such as risk assessment programs and data analysis/analytics tools, auditors need to use all infor-mation available to them. Through years of criminal investigations at the National Science Foundation, the Office of Inspector General has tried and tested investigation, detection and pre-vention techniques that work. Join this discussion for best practices and techniques. After attending this session, participants will be able to: 9 Maximize personal relationships to increase fraud detection, prevention, and deterrence potential on campus

9 Utilize instinct management, and tone at the top assessment into current practices to detect and deter fraud

9 Adapt current fraud investigation, preven-tion and deterrence techniques to be more effective


Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.F.5 Travel Fraud: Are you Being Taken for a Ride?Roger Frank, Director of Investigations, University of FloridaThis session will present information and trends related to travel fraud, as well as three case studies involving travel fraud. General informa-tion will include the types of travel fraud typically committed, the financial impact of travel fraud nationwide, how careful review of travel docu-mentation can help to identify inappropriate or fraudulent travel activity, and controls specifically designed to prevent and detect travel fraud. The session will include examples from three inves-tigations conducted at the University of Florida that involved travel fraud including travel costs incurred while on sabbatical, travel incurred for personal convenience rather than business necessity and a scheme to defraud the university through vehicle rental. After attending this ses-sion, participants will be able to: 9 Identify common practices utilized by employ-ees to commit travel fraud

9 Utilize review procedures to identify travel fraud

9 Develop controls to reduce the risk exposure from travel-related fraud


Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.F.6 Preventing Financial Aid Fraud and Identify TheftSteven D. Anderson, Special Agent in Charge, U.S. Department of EducationThis program will provide the participants with information about identifying and preventing college and university-based fraud and identity theft as it relates to financial aid management. The session will analyze case studies and discuss systemic weaknesses that have enabled fraud to occur in other organizations. After attending this session, participants will be able to: 9 Identify common red flags that are indicators of fraudulent activity frequently committed by college and university employees and gain an understanding of what causes good employ-ees to go bad

9 Identify common areas of weakness or blind spots in their work environments that make it easier for fraud and identity theft to occur

and gain an understanding of how to correct these deficiencies

9 Identify steps that should be taken when a problem is found, including working with investigators, preserving evidence, and handling management that want to “sweep it under the rug”

Knowledge Level: Overview Advanced Preparation: None Field of Study: Auditing Prerequisites: None

Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.F.7 Lie To Me: Secrets of Linguistic Lie DetectionNejolla Korris, CEO, InterVeritas International Ltd.The detection of deception is an integral part of many workplace environments today. From the more traditional uses for law enforcement and military; it is a growing field for auditors, human resources, lawyers and journalists. Linguistic lie detection is a methodology that assists in deter-mining if an individual is lying or telling the truth. But more than that, it also assists in highlighting areas of extreme sensitivity.Discover what types of questions produce the most effective responses. Discover how a truth-ful person speaks vs. an untruthful person and how to maintain a rapport with the person you are interviewing without revealing what you know or don’t know about a case. After attending this session, participants will be able to: 9 Become more effective in all your business relationships by learning about linguistic lie detection

9 Explain how linguistic lie detection is used in business and investigative areas

9 Recall the basics of information gathering and how to interpret the information you receive

9 Participate in an interactive setting, where you will be able to apply linguistic lie detec-tion basics to a variety of high-profile media cases and see what the subject really meant


Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.F.8 Testifying as an Expert WitnessWilliam H. Beecken, Director, Fraud Services,Auditors receive subpoenas to testify as expert witnesses as the result of finding fraud, misuse of assets, intellectual property theft, inappropriate use of computers, and/or contractual mischarg-ing and violations, which result in civil or crim-inal trials. Auditors know their audit finding(s), but are not prepared for the rigors of subjecting

Track Sessions



19

their audit work during a civil or criminal trial. This presentation covers testifying as an expert witness so the auditor knows what to expect and how to act. It covers the law concerning expert witnesses (i.e., U.S. Supreme Court decisions in the Daubert and Kumho Tire cases), preparation for trial, understanding depositions and direct and cross-examinations, and cross-examination tactics opposing counsel will use to get the expert witness to agree with the opposing expert witness, set up the closing arguments for the opposing counsel, and/or confuse the jury. After attending this session, participants will be able to: 9 Know how to conduct themselves once they receive a subpoena

9 Reduce their discomfort with the process 9 Fulfill their duties of educating the judge and jury on the facts of their audit


Monday, Sept. 23, 201310:30 a.m.-12:10 p.m.G.1 NCAA D1 RoundtableJustin T. Noble, Audit Director, Texas Tech University SystemNCAA compliance is in a state of intense change. Navigating these changes will require audit shops to be nimble and have effective working relationships with their athletic programs. This session will include group discussion on emerg-ing topics and trends in the NCAA Division 1 programs. Attendees will be polled before the session in order to determine the best scope for the discussion. After attending this session, par-ticipants will be able to: 9 Discuss common risks, emerging trends and audit best practices in NCAA compliance reviews

9 Use shared experiences, information and results of the group’s efforts to improve NCAA compliance activities on our campuses


Monday, Sept. 23, 20131:10 p.m.-2:50 p.m.G.2 Large Campus RoundtableLeigh Goller, Director, Internal Audit, Duke UniversityLarge campus universities and university sys-tems are unique and complex environments. Economic, regulatory and social changes have pervasive influence on business operations, com-pliance expectations and financial planning. This session will include group discussion.

9 After attending this session, participants will be able to:

9 Discuss common risks, emerging trends and audit best practices

9 Use shared experiences, information and results of the group’s own focused efforts to improve value resources on their campuses

Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Business Management & Organization Prerequisites: Education and work experience within a large university system

Monday, Sept. 23, 20133:20 p.m.-5:00 p.m.G.3 When Mother Nature Gets Angry With your Campus – Disaster Recovery RoundtableBetsy Bowers, Associate Vice President, University of West FloridaBrian Daniels, Associate Director, Internal Audit, Virginia TechYour campus has just suffered a catastrophic event. What do you do next as the internal audi-tor? The importance of disaster recovery plan-ning, as well as the actual disaster recovery, is greater than ever. After the physical recovery, we must be prepared to assist our institutions recover, functionally. Recent high profile disasters, such as Hurricanes Sandy and Katrina, tornadoes, fires, earthquakes and the tsunami in Japan, have provided examples to learn from. Identifying the characteristics of high-performing disas-ter preparedness functions will help auditors as they assess their institutional environments. This roundtable session will focus on internal audit’s role in ensuring their institution is prepared to deal with a disaster’s impact on functionality and information technology. After attending this ses-sion, participants will be able to: 9 Discuss emerging trends including cloud computing and outsourcing

9 Identify successful approaches among higher education institutions

9 Discuss the interrelation of various business continuity planning elements

9 Debrief with auditors that have experienced disasters on their campus

Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing Prerequisites: Education & Experience

Wednesday, Sept. 25, 201310:30 a.m.-12:10 p.m.G.4 The ACUA Risk Dictionary Roundtable-Not your Grandmother’s RoundtableDick Dawson, Executive Director of Audit, Compliance, and Risk Services, University of Texas at San AntonioKimberly F. Turner, Chief Audit Executive, Texas Tech University System

Conduct an interactive session where attendees actively participate in the discussion. Topics cov-ered will include discussion of how institutions use the Risk Dictionary for addressing their annual audit plan and project-level risk assessment. Additional discussion will center around potential improvements to the Risk Dictionary that will bet-ter serve ACUA members. Encourage avid users and contributors of the Risk Dictionary to attend and provide their thoughts and comments. Issues and thought provoking questions will be pro-vided to the attendees prior to the conference in order to encourage discussion. Knowledge Level: Intermediate Advanced Preparation: None Field of Study: Auditing Prerequisites: Education & Experience

Wednesday, Sept. 25, 20131:10 p.m.-2:50 p.m.G.5 IT Auditors and Directors RoundtableBarry White, Director Information Technology Auditing, Johns Hopkins InstitutionsThis roundtable provides an open forum for directors and technical auditors to discuss issues pertinent to the higher education information systems auditing arena. IT Auditors are regu-larly challenged as new technologies present new risks. Registrants will be surveyed for discus-sion topics in the weeks prior to the conference. Recent roundtables have included lively and insightful discussion on information technology risk assessment and mitigation.After attending this session, participants will be able to: 9 Address IT risks with such topics as identity theft, ERP implementation challenges, cloud computing, wireless device control

9 Identify best practices and baseline secu-rity for: networked systems, data recovery, role-based security, analytical tools, student systems, data warehousing, PCI/DSS compli-ance, HIPAA, Hi-Tech Act, virtualization, net-work vulnerability testing, hacking, incident response, intrusion detection and intrusion prevention, security over web applications and e-commerce systems, malware and pre-serving data integrity in shared databases

9 Determine how other institutions are address-ing these risks, their initiatives and compare your organization against them

9 Prioritize IT risks and develop an effective audit plan

9 Develop a list of peer contacts for future networking

Knowledge Level: Intermediate Advanced Preparation: Yes, presenter will contact participants for subject matter requests Field of Study: Accounting Prerequisites: Education and work experience as an IT auditor

Track Sessions




Wednesday, Sept. 25, 20133:20 p.m.-5:00 p.m.G.6 Small Shop RoundtableLori Cox, Director Internal Audit, Pima Community CollegeMonica Moyer, Director Internal Audit, Saint Leo UniversityTrisha Silvasy, Director Internal Audit, Saint Joseph’s UniversityThis roundtable/panel discussion will focus on key areas for small shops including audit activity operations, quality assurance and governance. Prior to the conference, attendees will be asked for input on their key challenges and how they address those key challenges. Q&A will be incor-porated throughout the session as we move from topic to topic.After the session, participants will be able to: 9 Develop techniques to operate the small shop more effectively

9 Understand the quality assurance process with a small shop

9 Understand the governance process as it relates to a small shop


Thursday, Sept. 26, 20138:00 a.m.-9:40 a.m.G.7 Mid-Sized Audit Shops-Roundtable and Roundup of Risk Management, Researchers, and CowboysPhillip Armanas, Manager, Audit & Risk Management, University of South AustraliaPhillip Draber, Director, Risk & Assurance Services, Edith Cowan UniversityA mid-size audit shop roundtable with a presen-tation on the contemporary issue of research in higher education and the risks that have emerged. Increasing pressures on funding sources, regulators seeking alignment of teach-ing and research, and increased red tape all cause research to emerge as a key risk area in higher education. The changing environment, impact on risk management and internal audit and compliance functions will be discussed using an international comparison. Open discussion will be encouraged in order to share our individ-ual thoughts and experiences.After attending this session, participants will be able to: 9 List emerging trends in approaches to risk management, particularly in the higher edu-cation environment

9 Describe contemporary issues regarding research and research supervision activities in the context of risk management

9 Describe emerging risks within higher education regarding research and research supervision

9 Determine the best way to add value through auditing research and research supervision activities

9 Create a network of mid-sized audit shop colleagues to roundup resources with the cowboys


Thursday, Sept. 26, 201310:10 a.m.-11:50 a.m.G.8 Let’s Get Rolling with Data Analytics and Continuous AuditingJoe oringel, Managing Director, Visual Risk IQIt is all too common for audit departments to invest in data analysis software and even train-ing, but then for the software to sit on the shelf and for the investment not to be realized. Even departments who use such audit software regu-larly tell us that they are using only a fraction of its capabilities. Does this sound like someone you know? Why?Join us for an interactive session which will include a mock audit planning meeting where attendees will jointly plan an audit of one or more business processes specific to higher education. Learn techniques to connect brainstorming, data acquisition and script writing that successful audit teams use to maximize their investment in audit data analysis tools.This will be a tool-neutral session, meaning that take-aways will be practical regardless of whether your team uses IDEA, ACL, SQL or even Microsoft Excel for audit data analysis.Knowledge Level: Basic Advanced Preparation: None Field of Study: Auditing, Management Advisory Services Prerequisites: Education & Experience

Track Sessions





21

norfolK WatErsiDE Marriott235 E. Main St. Norfolk, VA 23510

Hotel Information

S urround yourself in our newly renovated accommodations seamlessly combined with traditional charm at Norfolk Waterside Marriott, a downtown Norfolk hotel set in the heart of the historic district. Located on the picturesque Elizabeth River waterfront,

our Norfolk, Va., hotel combines stunning river views with marble accents, classic wood styling and eclectic artwork. From its convenient connection to the Waterside Convention Center to the nearby Children’s Museum of Virginia, Norfolk Naval Station or the Virginia Zoo, the location is ideal for the 2013 ACUA Annual Conference.

Check-in time is 4:00 p.m. and check-out time is 11:00 a.m.

HotEl rEsErVationsPlease make reservations directly with the Norfolk Waterside Marriott by visiting the ACUA Reservation Page. If you need additional reservation help, please call the Marriott national reservation line at 1-888-236-2427. Be sure to mention that you are attending the ACUA Annual Conference to receive the group room rate listed below.

Room Rate: $129 single/double, plus tax (13%)

Based on room availability, the group room rate may also apply three days before and after the conference (Sept. 19-29).

The cut-off date for reservations is Tuesday, Sept. 3, 2013. Be sure to make your reservations as soon as possible as rooms are likely to sell out prior to the cut-off date. As a courtesy for others, please do not book more rooms than necessary, caus-ing other attendees to miss out on booking in the conference hotel.

transportationtaXis Taxis from the airport are about $25 each way plus gratuity.

sHuttlE sErViCEThe Norfolk Waterside Marriott does not provide shuttle service. Shuttles are available through Orange Peel Transportation. Reservations are required and can be made by calling 757-463-7500. The fee is $25 one-way.

parKing Self-Parking: Discounted rate of $12 per day Valet Parking: $26 per day

http://www.marriott.com/hotels/travel/orfws-norfolk-waterside-marriott/?toDate=9/27/13&groupCode=ASUASUA&stop_mobi=yes&fromDate=9/21/13&app=resvlink




Annual Conference InformationEarly rEgistration DEaDlinE: aug. 12, 2013 latE rEgistration DEaDlinE: sEpt. 2, 2013 on-sitE rEgistration: aftEr sEpt. 2, 2013

Important DatesRegistrations processed on-site may cause a delay at the time you check in at the registration desk. If you need to register after Sept. 2, please bring your completed registration form and payment directly to the conference.

WHo sHoulD attEnD?Internal Auditors, Risk Managers, IT Security Professionals, Chief Business Officers, Controllers, Ethics and Compliance Officers, Governmental Auditors and IT Auditors

full rEgistration fEEs inCluDE: 9 Instructional materials and handouts 9 Sunday Opening Reception 9 Daily Continental Breakfast 9 Daily Refreshment Breaks 9 Monday and Wednesday Luncheons 9 Monday Off-Site Dinner Event 9 Wednesday Dinner Dance

singlE-Day rEgistration fEEs inCluDE: 9 Monday or Wednesday:• Instructional materials and handouts• Continental breakfast, refreshment breaks, luncheon and

evening dinner event ($365) 9 Tuesday or Thursday:• Instructional materials and handouts• Continental breakfast and refreshment breaks ($210)

guEst rEgistration fEEs inCluDE: 9 Sunday Reception 9 Monday Off-Site Dinner Event 9 Wednesday Dinner Dance

rEgistration ConfirMationFor those registrations received prior to Sept. 2, 2013, ACUA will send a confirmation letter by email or U.S. mail. When you receive your confirmation letter, please check the spelling of your name, address and the events for which you have registered to ensure that they are correct. If there is an error, please contact Susan Hime at the ACUA Executive Office at 913-895-4784. The information on your confirmation letter will be the information used for your name badge. If you do not receive a confirmation letter within three weeks of registering, please contact our office to confirm receipt of your registration.

rEgistration CanCEllation poliCyWritten notice of cancellations received before Aug. 12, 2013, will be fully refunded. Cancellations received from Aug. 13 to Sept. 2, 2013, will be refunded less a $100.00 processing fee. On or after Sept. 3, 2013, cancellation refund requests will be considered on a case-by-case basis. Substitution of registrants is allowed.

QuEstions?For more information about our cancellation policy, complaints or questions about registering, please contact the ACUA Executive Office at 913-895-4620 or via email [email protected].



23

ACUA Registration FormstEp 1 – naME BaDgE & rostEr inforMation (List as you would like to appear on your name badge)

Name _________________________________________________________________________________________________________________________

Preferred First Name for Badge ____________________________________________________________________________________________________

Job Title________________________________________________________________________________________________________________________

Institution ______________________________________________________________________________________________________________________

Mailing Address _________________________________________________________________________________________________________________

City, State/Province _______________________________________________ Zip Code __________________________ Country ____________________

Phone __________________________________________________________ Fax ___________________________________________________________

Email (required) ____________________________________________________________________________________________________________

Are you a first-time attendee? Yes No

Are you interested in being a proctor? Yes NoACUA fully complies with the legal requirements of the ADA and the rules and regulations thereof. Please check here and describe below if there are any special accommodations you need to participate fully in the ACUA Annual Conference including food restrictions and any hearing or visual assis-tance you might need.

stEp 2 – liaBility WaiVEr anD EMErgEnCy ContaCtPlease read and sign. I agree and acknowledge that I am undertaking participation in ACUA events and activities as my own free and intentional act and I am fully aware that possible physical injury might occur to me as a result of my participation in these events. I give this acknowledgement freely and knowingly and that I am, as a result, able to participate in ACUA events and I do hereby assume responsibility for my own well-being. I am aware that photographs will be taken during the conference and may be published in the College and University Auditor or on the ACUA website.

Signature Date

Emergency Contact Name/Relationship/Phone

Please use a separate form for each registration; a photocopy of original is acceptable. Please type or print and be sure to include your email address. To register online, please visit the Annual Conference page of the ACUA website at www.acua.org.

stEp 3 – rEgistration fEEs Postmarked by Postmarked by August 12 September 2ACUA Member – Full Conference $920 $1,070Non-Member Institution – Full Conference $1,070 $1,220Single-Day registration – Member Mon or Wed $365 $365Single-Day registration – Member Tue or Thu $210 $210Single-Day registration – Non-Member Mon or Wed $415 $415Single-Day registration – Non-Member Tue or Thu $235 $235

Single-Day Registrants only. Please indicate which day(s) you plan to attend: Monday, September 23 Tuesday, September 24 Wednesday, September 25 Thursday, September 26

Tuesday Bonus Sessions (pick only one choice)Utilizing Hotline Benchmarking Data to Improve Ethics and Compliance Program Effectiveness $50

IDEA-What Now? Learning Best Practices and New Tools in Version Nine $50

ACUA Leads! Leadership Perspectives: Taking Risks, Talking Risks and Achieving Goals $50

Guest Registration $200 (includes Opening Reception, Monday Off-Site Dinner Event and Wednesday Dinner Dance)

Guest Name:

Registrations received after September 2 will be processed on-site.



24

stEp 4 – EVEnt/sEssion rEgistration

SESSIoN REGISTRATIoN

Choose only one track per session (see matrix).

Session 1

Session 2

Session 3

Session 4

Session 5

Session 6

Session 7

Session 8

PLEASE INDICATE WHICH EVENTS YoU WILL BE ATTENDING

First-Time Attendee ReceptionSunday Opening ReceptionMonday LunchMonday Off-Site Event Wednesday LunchWednesday Dinner Dance

stEp 5 – payMEnt inforMationCheck enclosed (please make checks payable to ACUA in U.S.

currency via a U.S. bank)

Purchase Order (PO) enclosed

MasterCard VISA American Express Discover

Card No.

Exp. Date

Name as it appears on the card

Signature

Cancellation Policy: Written notice of cancellations received on or before August 12, 2013, will be fully refunded. Cancellations received from August 13 - September 2, 2013, will be refunded less a $100 processing fee. On or after September 3, 2013, cancellation refund requests will be considered on a case-by-case basis. Substitution of registrants is allowed.

stEp 6 – sEnD your rEgistrationTo register, complete this registration form and return it, along with the appropriate registration fee to:

ACUA Executive Office P.O. Box 14306 Lenexa, KS 66285-4306

FAX 913-895-4652

Online Registration

Registrations can be completed and submitted online via the ACUA website at www.acua.org. A link to the registration form is located on the 2013 Annual Conference page under the CPE Events menu.

aNNual - Association of College & University Auditors

Documents

Transcript of aNNual - Association of College & University Auditors