ASSOCIATION OF PUBLIC PENSION FUND AUDITORS

PROFESSIONAL DEVELOPMENT CONFERENCE

Charleston, South Carolina November 2 – November 5, 2008

Earn up to 17 CPE Credits – See Details Inside

The Francis Marion Hotel 387 King Street

Charleston, SC 29403 (877) 756-2121

ABOUT YOUR SPONSOR

The Association of Public Pension Fund Auditors (APPFA) Professional Development Conference is a group-live conference designed to further enhance participants’ auditing skills and provide a forum for the exchange of ideas and concepts. Attendees should have a basic knowledge of accounting and auditing procedures, practices, and theory. There is no experience requirement and no advance preparation is needed. Participants attending this seminar will receive an attendance certificate following the completion of this program. Auditing and accounting professionals may qualify for 17 hours of Continuing Professional Education (CPE) credits by attending this conference, which is designed to comply with the American Institute of Certified Public Accountants’ Statement on CPE Standards. APPFA is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417, Web site www.nasba.org

THE CONFERENCE AGENDA

SUNDAY NOVEMBER 2nd

Welcome Reception 6:00 – 8:00 pm

MONDAY NOVEMBER 3rd

Continental Breakfast 7:30 – 8:30 am Introduction and Logistics 8:30 – 8:45 am

Kenneth R. Kasper, APPFA President Welcome and Opening Comments 8:45 – 9:45 am

Peggy G. Boykin, CPA, Director of SCRS Roll Call of the States 9:45 – 10:30 am

Richard Bendall, APPFA Vice President Mid-Morning Break 10:30 – 10:45 am

Remember to vote via absentee ballot before

you leave home!

MONDAY NOVEMBER 3rd (continued) Roll Call of the States (continued) 10:45 – 12:00 pm

Richard Bendall, APPFA Vice President Lunch 12:00 – 1:15 pm Member Verification Processes 1:15 – 2:45 pm

Bernie Buenaflor, CPA, CISA Afternoon Break 2:45 – 3:00 pm Pension Alligators Can Bite Auditors Too 3:00 – 4:45 pm

Susan M. Mangiero, AIFA, AVA, CFA, FRM APPFA Annual Business Meeting 4:45 pm Free Night

TUESDAY NOVEMBER 4th

Continental Breakfast 7:30 – 8:30 am What is Private Equity? 8:30 – 10:15 am

Jay Gentry, CPA (VRS) Mid-Morning Break 10:15 – 10:30 am

IT Structure and Management Controls 10:30 – 12:00 pm

Lisa Phipps, Director of IT (SCRS) Doug Hislop, Software Development Manager (SCRS) Greg Meetze, IT Systems Manager (SCRS) James Manning, IT Security Administrator (SCRS)

Lunch 12:00 – 1:15 pm Quality Assessment Reviews and Standards 1:15 – 2:45 pm

David J. MacCabe, CIA, CGAP, MPA Afternoon Break 2:45 – 3:00 pm

TUESDAY NOVEMBER 4TH (continued) The Value of Fiduciary Audits 3:00 – 4:30 pm

Nancy Williams, J.D. & Principal at Ennis Knupp

Dinner: Sticky Finger’s Restaurant 6:30 – 8:30 pm WEDNESDAY NOVEMBER 5th

Continental Breakfast 7:30 – 8:30 am System Development Life Cycle Methodologies 8:30 – 10:00 am

Dave Henderson, Ph.D. Mid-Morning Break 10:15 – 10:30 am Strong Controls, but the Wrong Controls 10:30 – 11:30 am

Dave Hancox, CIA, NYS Comptroller’s Office Conference Ends 11:30 am

SESSION DESCIPTIONS AND PRESENTERS

Monday November 3rd

Welcome and Opening Comments Peggy G. Boykin, CPA, Director of the South Carolina Retirement Systems Ms. Boykin is the director of the Retirement Division of the State Budget and Control Board. She was appointed to this position effective March 1, 2002. Prior to her appointment as division director, Ms. Boykin was assistant director and executive manager for Benefits Payroll at the South Carolina Retirement Systems. A native of Wagener, South Carolina, Ms. Boykin earned a bachelor’s degree in business administration from the College of Charleston in 1981. She earned her certified public accountant (CPA) accreditation in 1985. Ms. Boykin previously worked in private practice as a CPA and was a partner in the firm of Ham, Wood & Company, P.A., in Mullins, South Carolina.

Ms. Boykin is a graduate of the Budget and Control Board’s Executive Institute and the Governor’s Center at Duke University. She received her certified retirement administrator designation in 1999. Ms. Boykin is a member of the American Institute of Certified Public Accountants, the South Carolina Association of Certified Public Accountants, the Government Finance Officers Association, the South Carolina Government Finance Officers Association, the National Council on Teacher Retirement, the National Association of State Retirement Administrators, and the National Association of Government Defined Contribution Administrators.

Roll Call of the States Richard Bendall, APPFA Vice-President A representative from each participating organization will speak to the group about current audit areas, ongoing projects, and recent legislation affecting their pension fund. They will discuss how they get results, overcome obstacles, and prepare for issues in their audit shops. Dialogue will be facilitated to present possible solutions for problems and ongoing issues. This session is designed to prompt networking by identifying peers working on similar projects, and facing similar challenges.

Member Verification Processes Bernie Buenaflor, CPA, CISA Identity theft is one of the nation's fastest growing crimes. This presentation will explore how falsified identities affect the pension industry, some of the best practices currently in use to combat it, and some of the emerging trends in technology-aided identity verification. Bernie Buenaflor has been an auditor since 1985, originally with the public accounting firm of Deloitte Haskins and Sells, and later with Packard Bell NEC Computers and LACERA. He currently is LACERA's privacy program contact person, as well as a Principal Internal Auditor. In

conjunction with APPFA's Best Practices Committee, Bernie will share some of his insights and research into current member verification practices and trends for the future.

Pension Alligators Can Bite Auditors Too Susan M. Mangiero, AIFA, AVA, CFA, FRM

Unprecedented billion dollar losses logically beg questions about risk management and valuation policies and practices. New accounting rules are forcing transparency. Lawsuits are soaring as institutional investors seek redress in court. Legislators vow to lay down a heavy hand. Is this the beginning of the end of the market environment as we know it? This presentation addresses some of the many pain points that put auditors squarely in the risk hot zone. It will include an overview of fiduciary breach allegations that arguably increase liability and teach lessons that help to improve best practices. Dr. Susan M. Mangiero, CFA, is president of Pension Governance, LLC. Her industry experience spans a host of areas, including asset-liability management, portfolio analysis, capital markets, hedge effectiveness testing, forensic finance, financial statement analysis, risk management, statistical modeling, and valuation. Dr. Mangiero has worked on several trading desks, consulted with U.S. and international institutional investors and worked for two treasury departments. She is a prolific writer, with articles appearing in publications such as Investment Lawyer, Valuation Strategies, RISK, Expert Evidence Report, and Bankers Magazine. She is the author of Risk Management for Pensions, Endowments and Foundations (John Wiley & Sons, 2005) and has written chapters for Litigation Services Handbook: the Role of the Financial Expert, The Handbook of Interest Rate Risk Management and Cases in International Finance. Dr. Mangiero has earned the designation of Accredited Valuation Analyst from the National Association of Certified Valuation Analysts and is certified by the Global Association of Risk Professionals as a Financial Risk Manager. She holds a BA in economics from George Mason University, an MA in economics from George Washington University, an MBA in finance from New York University, and a PhD in finance with a minor in math from the University of Connecticut.

APPFA Annual Business Meeting The APPFA membership will meet to conduct the business of the organization, including membership changes, financial and budget reports, and conference status. One attendee from each participating fund should attend.

Tuesday November 4th What is Private Equity? Jay Gentry, CPA As a recovering Auditor for a public pension plan and a current Investment Officer within the Private Equity Team of the same public pension plan, Jay will describe the asset class known as Private Equity. The session will describe Private Equity to include the various strategies, who can

invest and the general form of the investments. An example of the life cycle of a Private Equity investment will de-mystify the numbers behind: leverage buyout, growth and venture capital investing. Finally, a look at Private Equity from an Auditor’s perspective will be provided. Jay has 20 years of audit experience starting in Public Accounting and ending with the last 13 years within the Virginia Retirement System where in his role as Audit Supervisor he audited all aspects of the retirement system. He is now a Private Equity Investment Officer for the retirement system and his duties include the analysis and evaluation of private equity opportunities, monitoring of accounting and performance results of the program. Jay has a BBA in Accounting with a minor in History from James Madison University, is a licensed Certified Public Accountant, a Certified Investments and Derivatives Auditor and is currently sitting for the Chartered Financial Analyst exams. IT Structure & Management Controls Lisa Phipps, Director of IT, South Carolina Retirement Systems Doug Hislop, Software Development Manager, SC Retirement Systems Greg Meetze, IT Systems Manager, South Carolina Retirement Systems James Manning, IT Network Security Administrator, SC Retirement Systems Employees from the IT Department of the South Carolina Retirement Systems will present a collection of IT oriented topics. The topics include information security, privacy issues, disaster recovery, policies, procedures, and production change control. They will also share their experiences from a recent IT Penetration Audit. Ms. Phipps has been a South Carolina state employee for 24 years (23 in the IT area). She is a member of SCRS’ Executive Management Team and manages all aspects of SCRS’ Information Technology Department. Her IT experience includes software development, systems administration, project management, electronic document management, and database administration. Ms. Phipps earned a BS in Business Administration from the University of South Carolina in 1984, an AAS in Data Processing from the State University of New York in 1982, the Project Management Professional (PMP) certification in 2006, and the Senior State Certified Project Manager (SSCPM) designation in 2004. She is a member of Public Retirement Information System Management (PRISM), SC Government Management Information Sciences (SC.GMIS), the SC Information Technology Directors Association (SCITDA), the Project Management Institute (PMI), and the Software AG User Group (SAGGroup). Doug Hislop is the Software Development Manager at the South Carolina Retirement Systems. His responsibilities include ensuring the Retirement Systems has the software systems it needs to perform its duties, budget and provide software development resources for division projects, and managing the division’s software development staff and processes. His 17 years of IT work experience includes network and systems security, systems administration, project management, and software development. Doug holds a BS in Business Administration from Southern Wesleyan University and an Associate in Computer Programming from Midlands Technical College. Doug is a Certified Project Management Professional through the Project Management Institute and a South Carolina Senior State Certified Project Manager (SSCPM). Doug is an active member of SC Government Management Info Sciences (SC GMIS) organization and the Southeastern Software AG User Group.

Greg Meetze joined South Carolina Retirement Systems in 2005 as Systems Manager. He has more than twenty years of information technology (IT) experience. He is responsible for managing the systems administration staff and overseeing day-to-day activities including network infrastructure, physical security, data security, help desk support, and disaster recovery. Greg holds a Masters in Business Administration, a Master in Computer Resources and Information Management and a BS in Business Administration. He is an active member of SC Government Management Information Sciences (SC GMIS), SC Information Technology Directors Association (SCITDA) and the International Systems Security Association (ISSA) James Manning joined South Carolina Retirement Systems in 2006 as Network Security Administrator. He has more than eight years of information technology (IT) experience. He is responsible for defining security policies, managing network and security infrastructure, discovering and managing vulnerabilities, and documenting security procedures across all platforms. James has his Masters from the University of South Carolina and holds the following certificates, C/EH, MCP, and A+. He is an active member of SC Government Management Information Sciences (SC GMIS) and the International Systems Security Association (ISSA).

Quality Assessment Reviews - What Internal Audit Standards Require David J. MacCabe, CIA, CGAP, MPA The Institute of Internal Auditors and the U. S. Government Accountability Office require that professional internal auditors obtain periodic external quality assessment reviews (QARs). This session will answer the following and other QAR-related questions:

* What are the implications of these requirements for public pension fund auditors? * What has been the QAR experience of APPFA members? * What has been the QAR experience of other entities – public sector and private sector? * What are the implications or downside of not complying with the QAR standards? * How can my audit shop prepare for a successful QAR? * How can APPFA members help me get ready for the QAR?

David MacCabe is an internal audit professional with over 25 years experience as a chief audit executive. He has directed internal audit teams at a large institutional investor, a human services agency, and the Texas state government accounting authority and revenue collector. He has also served in executive management positions and directed a major federal-state partnership program with a $42 million budget and over 700 employees. Dave was the founding chair of the Texas State Agency Internal Audit Forum and has been active in the Institute of Internal Auditors (IIA). He currently serves on the Board of Research & Education Advisers (vice chair) and the IIA Research Foundation. Dave is an instructor for the IIA and in the Certified Public Managers Program at the Hobby Center for Public Service at Texas State University. He was an active member of the Association of Public Pension Fund Auditors from 1998-2007, served on the Best Practices Committee, and initiated some of the first APPFA quality assurance reviews among public pension funds. Dave regularly conducts assurance, consulting, and QAR projects and

makes presentations on a variety of subjects including chief audit executive leadership, the human side of auditing, quality assurance/peer reviews, ethics and governance, audit committees, and building relationships with management. He has led or participated in over 25 Internal Audit quality assessment reviews involving Texas state agencies, public pension funds, Fortune 500 companies, and a non-profit corporation.

The Value of Fiduciary Audits – What you don’t know can hurt you Nancy Williams, J.D. & Principal at Ennis Knupp + Associates Fiduciary audits have many aliases such as operational reviews, governance reviews, second opinions, etc. Along with having an array of different names, they also come in various shapes and sizes. They can involve a check-up for various processes related to investments or benefits administration. They can include an evaluation of actuarial issues, investment decisions, governance practices, or organizational design. What is the value of a fiduciary audit and how does it work? When and why might an organization consider a fiduciary audit? What resources (fees and staff) are required to conduct one? Who conducts them? What are the possible outcomes from a fiduciary audit? This session will provide answers to all these questions and a general overview of fiduciary audits so fiduciaries or others responsible for a public pension fund can determine if and when a fiduciary audit will be of value to their organization. Nancy leads the efforts in the areas of fiduciary audits, strategic planning, trustee education, and plan governance matters at Ennis Knupp + Associates. Prior to joining the firm in 2005, Nancy was the National Governance and Policy Unit Leader at Mercer Investment Consulting, and prior to that, the National Public Sector Practice Leader at Mercer Human Resource Consulting. In addition to her experience as a consultant, Nancy served as the Deputy Director and General Counsel with the Colorado Public Employees’ Retirement Association. She was also the General Counsel of the State Teachers Retirement System of Ohio. Early in her career, she was a trustee on several public retirement boards. Nancy has worked with over 100 public sector entities and several pension funds outside the U.S. Nancy holds a B.S. degree from Ohio State University and a Juris Doctor degree from Capital University Law School. Some of Nancy’s affiliations include: Founder and Past President of the National Association of Public Pension Attorneys, Advisor to the Commissioners on Uniform State Laws (Model Public Pension Fund Management Act), Advisor to the CFA Institute (Private Equity Subcommittee), Advisor to the National Association of Corporate Directors, and Member of the Public Employees Committee of the International Foundation of Employee Benefit Plans.

Dinner at Sticky Fingers (BBQ) Restaurant Located just six blocks from the hotel at: 235 Meeting Street Charleston, SC 29401 (843) 853-7427 Directions: Walk across Marion Square, turn right onto Meeting Street, then walk five blocks.

Wednesday November 5th System Development Methodologies & Information Systems Audit

Dave Henderson, Ph.D. Dr. Henderson’s presentation will provide an overview of systems development methodologies (i.e., SDLC) as well as techniques for auditing systems development methodologies. The presentation includes an overview of traditional systems development methodologies, Agile systems development methodologies, use and adoption of systems development methodologies, as well as systems development methodology tailoring. The presentation will conclude by focusing on the implications of how development teams use methodologies on auditing the systems development process. Dave Henderson is an Assistant Professor of Accounting at the College of Charleston, where he teaches Managerial Accounting, Accounting Information Systems, IT Governance and Systems and Infrastructure Lifecycle Management, and Information Systems Security and Control. He has accumulated over 10 years of experience in the Information Technology field in various roles including financial analyst, financial systems developer, and project manager. He holds a B.A. in Economics and Business Administration from the University of Mary Washington, an M.S. in Information Systems Technology from George Washington University, and a Ph.D. in Accounting and Information Systems from Virginia Tech. He is a member of ISACA and has presented several articles on systems development at various Accounting and Information Systems conferences.

Strong Controls, But the Wrong Controls David R. Hancox, CIA, CGFM Auditors and regulators often place too much emphasis on the wrong control components under the misguided premise that control activities (i.e., policies and procedures) are the most critical elements of an organization's success. This misplaced focus can cause managers to respond with strong — but wrong — preventive controls over day-to-day activities, which ultimately frustrates efforts to correct an organization's real problems. Unfortunately, the focus on control activities is often for the wrong reason. Auditors routinely recommend that management segregate duties with the explanation that it is necessary to provide a check and balance on employees' duties, but the message this sends to employees is that they are not trusted. Mr. Hancox will explore what auditors and regulators need to do to identify and implement the right controls to prevent the past practices, which have harmed major organizations involved in fraud and scandals over the years, from reoccurring. Mr. Hancox is an Audit Director in the Division of State Government Accountability in the NYS Comptroller’s Office. He is co-author of two books: Government Performance Audit in Action (The 3rd Edition was published in January 2008) and State and Local Government, Program Control and Audit: Handbook for Managers and Auditors. He is on the faculty of Siena College and the Government Audit Training Institute - Graduate School, USDA. In 2005, he was selected as the Educator of the Year and in 2007 he received the National President’s Award from the Association of Government Accountants.

REGISTRATION INFORMATION

Registration Info The conference registration form and fee of $200.00 must be received by October 3, 2008 to reserve your place at the conference. See registration form, which is located on the APPFA website, for details. The registration fee includes all materials, continental breakfasts, lunches, breaks and a good dinner at Sticky Fingers Bar-B-Que restaurant on Tuesday evening. Refunds are available if written cancellation notice is received 10 days before the conference. Refunds will not be issued after that date. For more information regarding administrative policies, please view our website at www.appfa.org. Business casual attire is appropriate. Please be aware that the temperature in the meeting room may be cool so a jacket is recommended. Also, outside temperatures in Charleston in early November average between 55° and 70° Fahrenheit.

Refund Policy Refunds are available if a written cancellation notice is received 10 days before the conference. Refunds will not be issued after that date.

Complaint Policy Complaints regarding conferences or other matters must be written and should be sent to APPFA, PO Box 156, Wynantskill, NY 12198. Complaints will be forwarded to the President who will decide how to address the complaint. The complaint must contain the name, address, phone number, and e-mail address of the person submitting the complaint. All complaints submitted will receive a written response.

HOTEL INFORMATION

The conference will be held at the historic Francis Marion Hotel. The Francis Marion combines 1920’s style and grace with 21st century comfort and convenience in the heart of historic Charleston on Marion Square. Please call the hotel directly to make your room reservations by Friday, October 3, 2008. Remember to tell the hotel that you are with the Association of Public Pension Fund Auditors to ensure you receive the special conference rate. If you register online use the code APPFA The Francis Marion Hotel 387 King Street Charleston, SC 29403 Phone: (843) 722-0600 or Toll Free (877) 756-2121 www.thefrancismarion.com The single or double occupancy rate for a standard (traditional) room will be the prevailing General Services Administration lodging rate or $141, whichever is higher. Room rates do not include applicable state and local taxes which are extra and currently total 12.5%.

A room deposit equal to one night’s stay is required to hold each individual’s reservation. Such deposit shall serve to confirm the reservation for the dates of the conference, and upon check-in, shall be applied to the final night of the reserved stay. The deposit is refundable if notice is received by the hotel at least one week prior to arrival and a cancellation number is obtained. All deposits may be charged at the time of the reservation. Departure dates will be verified upon check-in. After check-in, any individual attendee departing prior to their departure date will be charged an early termination fee of 50% of the room rate plus sales tax.

Transportation Most major car rental companies serve the Charleston Airport. However, city taxis and shuttle buses are also available just outside the baggage claim area. The hotel is approximately 12 miles from the airport. The approximate cost for a taxi ride is $26 each way. For the shuttle: about $12 each way.