Sunday September 25, 2016 3:00 – 5:00 PM Pre-Conference Case Study Anti-Fraud Collaboration Kendallville Bank Case Study Karthik Ramanna, Ph.D. Associate Professor of Business Administration Harvard Business School This case study was developed by the four organizations comprising the Anti-Fraud Collaboration to actively engage in efforts to mitigate the risks of financial reporting fraud. The Kendallville Bank Case Study explores potential material fraud at a fictitious regional bank. With a plot revolving around the questionable accounting decisions of a star executive, this hypothetical scenario is designed to foster a greater understanding of the importance to exercise skepticism in the financial reporting process at publicly traded companies. In this session, participants will:

Learn techniques to Identify financial reporting fraud.

Gain an understanding of an organization’s governance environment.

Share tips on dealing with fraud at the executive management level.

Dr. Karthik Ramanna joined the faculty of Harvard Business School in 2007. Currently an associate professor of business administration at HBS, he also held the school's Henry B. Arthur Fellowship, an appointment supporting the research and teaching of business ethics, and Marvin Bower Fellowship, an appointment to help faculty launch innovative new research agendas. Additionally, Dr. Ramanna is a faculty associate in the Weatherhead Center for International Affairs in Harvard’s Faculty of Arts & Sciences and an editorial board member of the Journal of Accounting & Economics, Accounting, Economics & Law, and the Journal of Financial Reporting. Dr. Ramanna teaches MBA-level courses, including Leadership and Corporate Accountability, studying the responsibilities of business leaders worldwide in lobbying regulators and combating corruption. Occasionally, he co-teaches in HBS’s executive education and doctoral programs. In 2012, Dr. Ramanna helped launch Leadership and Corporate Accountability—India, an executive program at HBS’s facilities in India.

Field of Study: Auditing Learning Level: Intermediate

Monday September 26, 2016 8:00 – 9:15 AM GS 1 Risk from a Regulatory Perspective Grace Dailey Senior Deputy Comptroller and Chief National Bank Examiner Comptroller of the Currency The Office of the Comptroller of the Currency charters, regulates, and supervises national banks

and federal savings associations. The focus of this session will be to discuss risks as seen

through the OCC’s National Risk Committee.

Grace Dailey directs the formulation of policies and procedures for the supervision and

examination of national banks and federal savings associations, chairs the agency's Committee

on Bank Supervision, and serves on the OCC's Executive Committee. She assumed this role in

2016. Dailey previously served as deputy comptroller for large bank supervision overseeing a

portfolio of the nation's largest banks. She has also served as examiner-in-charge for Citibank

and U.S. Bank and as assistant deputy comptroller for midsize and community bank supervision.

She has supervised banks of all sizes from OCC offices in Minneapolis, Chicago, and New York.

She was designated a Senior National Bank Examiner, the highest honor available to national

bank examiners. She also played an important role in the agency's implementation of

recommendations from its international supervision peer review recommendations as head of

the Process Improvement Working Group. She joined the OCC in 1983 as Assistant National

Bank Examiner.

Field of Study: Auditing Learning Level: Intermediate

Monday September 26, 2016 9:45 – 10:35 AM CS 1-1 Third Party Risk Management: How to Assess Program Risk in a World of Outsourcing, Interdependence, and Collaboration Michele Sullivan, CRMA Partner Crowe Horwath Gayle Woodbury Managing Director, Risk Consulting Crowe Horwath Leaders in Crowe Horwath LLP’s Third Party Risk Management practice will discuss current trends and expectations related to third-party risk management program design, including intensifying regulatory expectations. This session will provide perspectives and guidance on how organizations may build and mature programs, identification of third parties, application of risk assessment criteria, ongoing monitoring, and the establishment of applicable controls. In this session, participants will:

Understand what third-party risk is and what banks’ highest risks include.

Receive third-party management techniques — program improvements to better manage

third parties.

Explore case studies in which third-party failures caused significant issues and costs at

companies.

Michele Sullivan specializes in the financial services sector and has more than 20 years of experience with leading large, complex projects focused on matters of risk management, compliance, and governance. She leads Crowe’s firmwide third-party risk management practice and regularly advises clients on regulatory and risk management considerations when building third-party programs. In addition, Sullivan served in various practice management roles at Crowe. She is a founding member of Crowe’s customer experience steering committee and currently serves on the company’s executive committee. When not working with clients, Sullivan facilitates roundtables and workshops and is a frequent speaker across the country.

Gayle Woodbury is an experienced operational risk executive with expertise in governance, risk and compliance (GRC), third-party vendor management, and control design and assessment, with a demonstrated track record for driving collaboration and organizational change. She is recognized for using a unique blend of business, audit, communication, and technology skills to transform business requirements into effective and efficient enterprisewide solutions. Woodbury has more than 15 years of experience leading audit, risk management, compliance, and process improvement initiatives. She has worked in industries including financial services, human resource outsourcing, technology, communications, and manufacturing with organizations including Ceridian Corporation, MCI/Verizon, Kimberly-Clark Corporation, and Arthur Anderson. Woodbury is a popular speaker at trade events. Field of Study: Auditing Learning Level: Beginner CS 1-2 Auditing Culture and Conduct Moderator: Rehanna Anait Managing Director PwC Panelist: Patrick Simonnet Credit Suisse Lori Beal VP Audit Strategy and Operations Prudential Insurance Company of America Andrew Jackson, CIA, CISA Chief Audit Executive TCF Financial Winnie Tam

Legal and Internal Audit Goldman Sachs U.S. regulators are increasing their focus on culture and behavior and as a result, so are boards and audit committees. Internal audit must refrain from owning the transformation of an organization’s culture, but it is well positioned to assess the approach taken by the organization to enhance culture and behavior and provide insight into the effectiveness of actions taken. Assessing culture and behavior is a challenge because it is nebulous and intangible. The use of an organization’s existing data combined with the development of hard and soft metrics/measures and enhanced testing techniques can enable a credible assessment of culture and behavior ... with a soupçon of judgment in the mix. In this session, participants will:

Better understand the concept of conducting an audit of culture and behavior.

Identify and define the cultural layers that may exist in an organization.

Learn the importance of developing a structured framework that can be integrated into

existing audit methodology.

Explore the use of hard and soft metrics and measures to assess and test culture and

behavior.

Review the benefits of building a sustained metric-based framework for auditing culture

and behavior.

Rehana Anait has more than 15 years of experience working with regulators and international financial services institutions. She began her career at the UK regulator, The Financial Services Authority where she assisted with development of the supervisory risk assessment framework. Anait then spent time supervising banking and capital markets institutions for compliance with regulatory requirements. In 2005 she joined the PwC London banking and capital markets regulatory practice where she led the delivery of large regulatory compliance and conduct risk design and implementation projects. She also spent 5 years in PwC’s financial services internal audit practice managing and delivering outsourcing and co-sourcing contracts to mid-tier and large banks. She became an expert in the delivery of internal audit quality assurance reviews and global audit methodology transformation projects. During this time, Anait supported PwC London’s focus on conduct and culture and now leads the conduct and culture team in PwC’s New York office.

Patrick Simonnet is the global head of market behavior and conduct and joined the organization in 2014. Previously, he was an executive director for JP Morgan Chase and had a leading role in establishing their Enterprise Program Management. Simonnet also designed and implemented a quality assurance function to ensure the quality, consistency, transparency, and sustainability of EPM’s delivery and completion. He was also a senior audit manager in JPMC’s audit department where he led and managed their global investment bank and legal and compliance audit teams. Simonnet also worked as a capital markets consultant/expert to the World Bank and the International Monetary Fund. Prior to that, he worked for Goldman, Sachs & Co. in offices around the world. During his 14 years at Goldman, Sachs, Simonnet held a number of executive positions including head of audit for the Americas Region. Lori Beal joined Prudential in 2015 and is leading a firm-wide effort to create a unified culture framework focusing on communication, measurement, and monitoring. Previously, she held a policy role at the Federal Reserve Board in Washington, DC, and prior to that, held various internal audit, risk management, and treasury leadership roles at JPMorgan Chase, Lloyds Banking Group, and Southeast Bank. Andrew Jackson has been with TCF Financial since 2012. Previously he served as CAE of First Horizon National Corporation and executive vice president and corporate auditor in charge of the internal audit function at First Tennessee Bank. Jackson is a member of The IIA’s Financial Services Advisory Board and the Financial Services Conference Board.

Field of Study: Auditing Learning Level: Intermediate CS 1-3 The Evolving Use of Data Analytics in Internal Audit Arslan Khan, CIA CISA, CRISC, PMP Head of Analytics Internal Audit Director Citi Barb Goldstein, CRMA Managing Director Protiviti

Mudit Gupta Data Analytics Manager MetLife Susan Huggler Director in the Audit Services USAA Ron Guzman, CISA Managing Director JPMorgan Chase & Co. As organizations become more data-driven, CAEs not only recognize the importance of providing clarity around the risks involved in doing so, but also understand the need for internal audit to leverage this information as part of its auditing program and activities for the organization. This session is based on Protiviti’s 2016 Internal Audit Capabilities and Needs Survey. In this session, participants will:

Discuss strategic goals for internal audit data analytics functions.

Explore the roles of technology, people, and processes.

Acknowledge and learn to deal with data access challenges.

Talk about expansion of continuous monitoring capabilities.

Discuss considerations on advancing the internal audit analytics function.

Arslan Khan focuses on embedding data analysis into the internal audit process, and increasing analytics usage across audits globally. In addition, he brings a strategic view on developing analytics-enabled auditing solutions that provide larger coverage, and enable continuous auditing capabilities. Khan co-authored a book soon to be published, Audit Analytics: A Framework for Control Enhancing Assurance. His areas of interest are advanced analytics that provide risk foresight to audit teams, analysis of unstructured data, and machine learning. Prior to joining Citi, Khan was an internal audit analytics leader in the consulting industry, specializing in advising clients on internal audit analytics. Another area of expertise is in utilizing data analytics to develop surveillance and monitor tools for compliance with regulatory reporting

requirements. Khan’s consulting projects included assisting Fortune 500 companies in setting up data analytics departments, helping organizations move to a mature data analytics lifecycle. Barbi Goldstein leads the U.S. east region internal audit practice for the financial services industry, and has spent her career leading a variety of engagements for internal audit departments. Goldstein serves on the audit committee for the Plainview-Old Bethpage School district in New York. Ron Guzman is the global data analytics lead for the audit department, responsible for the program to integrate analytics that provides insight across all audit activities. He is a member of the cross line of business and global technology audit leadership teams. Guzman started with the firm in 2007 and prior to his current role, he was responsible for leading a global technology team responsible for auditing technology infrastructure, corporate functions, and information security. Before joining the firm, Guzman held various roles leading and performing activities related to technology risk and controls at EY, Citibank, and his own independent LLC servicing financial service firms. He has more than 20 years of experience within financial services supporting technology, risk, and audit functions. Mudit Gupta is responsible for building common capabilities in core shared locations to be leveraged by a global audit organization, including data, technology audit, general audit, and more. His role also includes continuing to lead the data-driven risk management and auditing vision for MetLife’s global internal audit department. Having built the data and analytics Center of Excellence from the ground up, he also had the opportunity to lead the technology and data risk coverage for MetLife’s global horizontal business and functional areas until early 2014. Gupta was instrumental in advance the adoption of analytics within the audit work. His team consists of data science and audit specialists of varying backgrounds. Gupta enjoys speaking and publishing at industry events and journals on topics of analytics, auditing, and leadership. Sue Huggler joined USAA in 200, and provides data analytics and continuous auditing support to the department as well as serving as a primary contributor for departmental efforts in strategic and operational planning and talent management. Prior to joining USAA, Huggler served in the U.S. Army for 25 years with expertise in the intelligence and data analytics field, having served assignments at the joint, tactical, and strategic levels, culminating at the Office of the Secretary of Defense. In addition, she has extensive leadership experience, having commanded at the company, battalion, and group level. Her focus has been on leadership,

critical thinking and strategic planning, process management and improvement, creative problem solving, and operational synchronization and integration. Field of Study: Auditing Learning Level: Intermediate

Monday September 26, 2016 10:45 – 11:35 AM CS 2-1 Retail Banking Audit Transformed Through Automated Testing Milton Prime, CIA, CPA Senior Director, Retail Preferred & Consumer Operations Jim McCole, CISA, CPA Audit Director Data Analytics Steve Pollick, CISA Audit Director, Retail Banking Retail Audit Bank of America’s audit function expanded its investment in data analytics and uses its retail audit team’s approach to maximizing this investment as this presentation’s foundation. Starting with the audit cycle from annual planning, to engagement planning, fieldwork, and follow-up describing the role data analytics can play and providing examples of how tools and techniques helped provide deeper and more efficient assurance. Perspectives on the benefits of tools developed in other parts of the audit plan and lessons learned that were applied to other areas of development will be shared. Lessons learned through more traditional manual samples to previews of leading practices approaches incorporating data analytics will be provided. In this session, participants will:

Review time spent identifying and collecting data – the foundation has been the

investment to link to the right data.

Discuss building a foundation of related tests and analyses across related populations.

Define how and why planning across audits was pivotal.

See how automation created benefited the organization beyond the retail audit

portfolio.

Discuss advantages of employing the right exception testing, continuous auditing, or

dashboards.

Share lessons learned, including how customers view this audit approach.

Milton Prime is responsible for the audit activities covering products and sales within the consumer and GWIM lines of business. He joined Bank of America in 2012, from PHH Corporation where he held executive positions including building and leading the internal audit practice, global vendor operations, and program management over client integrations. Prime’s prior executive roles include balance sheet risk management, MIS finance, change leadership, finance, and treasury. He is a certified risk professional. Jim McCole is a director in the corporate audit division managing the audit automation team, responsible for developing automated tests and providing data analysis solutions to the audit teams. He also serves as the data steward executive for corporate audit. McCole joined the bank in 1996 as a technology auditor and has held various management positions within corporate audit with a focus on applying technology to automate audit testing work and developing analytical tools for monitoring risk. Steve Pollick supports consumer banking and global wealth and investment management, responsible for oversight of all customer channels including financial centers, call centers, digital, and Merrill Lynch branches. Pollick has more than 12 years of internal audit experience at Bank of America covering retail banking, consumer operations, and consumer automation. Additionally, he has lead and directed audit testing of key regulatory matters. Pollick holds a Six Sigma Black Belt certification Field of Study: Auditing Learning Level: Intermediate CS 2-2 People Strategies That Work: How to Retain, Engage, and Inspire Audit Professionals Moderator: Fran Huber, Ph.D., PMP Chief of Staff MUFG

Panelists: Bill Chippendale, CIA Managing Vice President of Internal Audit Capital One Carrie Weber Vice President, Internal Audit Ameritas Mike Flynn, CIA, CFSA, CRMA Vice President and Professional Practices Audit Director Fifth Third Bank Kathryn Junge, CIA Senior Vice President, Talent Development Manager BB&T It’s a one-stop-shop: each of these topics – Retaining, Engaging, and Inspiring – could easily take an entire hour, but this is your chance to learn best practices from a panel of experienced audit executives on each of these subjects that roll up under the title of Talent Management. As important, you will also learn strategies that haven’t worked and why. In this session, participants will:

Learn why it is important to have strategies to retain, engage, and inspire audit professionals.

Hear real-life examples from the panelists on how they built foundations of talent in their organizations.

Gain practical examples of how to retain, engage, and inspire your audit team.

Share in what has worked and what hasn’t in terms of talent management in internal audit.

Fran Huber leads a team of professionals to drive strategies promoting and supporting an effective workforce. She is an executive leadership team member helping define division priorities, structure. and routines. Huber joined MUFG with 10 years of financial services experience, leading international teams focused on communication and branding, program and

project management, reporting and analytics, and employee experience. She taught at the university level for 10 years while conducting research on prison, family, and health communication. Huber is ITIL and Greenbelt certified.

Carrie Weber has 20 years of experience in public accounting and private industry, including

being a senior manager at Deloitte & Touche, a CFO of a bank, and an internal audit director at

a Fortune 500 public company.

Mike Flynn leads the internal audit division’s professional practices group, which is responsible for overseeing, facilitating, and continuously improving various departmental administrative and infrastructure activities and strategic initiatives for a department of approximately 120 professionals. Prior to joining Fifth Third Bank, Flynn was a senior manager in EY’s internal audit services group. He began his professional career as a staff auditor with EY, progressing to audit senior manager, where he performed financial statement audits. Bill Chippendale leads the internal audit function for Capital One’s Consumer Bank. He has

more than 20 years of management consulting and audit experience assisting and leading audit

functions for mid-size and large financial services companies, and others. Prior to Capital One,

Chippendale served in audit and consulting capacity at JPMorgan Chase and EY, for clients in

the financial services industry. He speaks at various industry conferences on internal audit

leading practices.

Kathryn Junge joined BB&T in 1998 and has held various positions within the company. In her

current role, she is responsible for providing leadership in the delivery and creation of a

professional development program to assess and evaluate audit services talent, as well as drive

programs to ensure audit services talent is sufficient, well trained, and well skilled for effective

delivery of a proactive, risk-based audit assurance approach.

Field of Study: Personnel/HR

Learning Level: Intermediate CS 2-3 Leveraging Root Cause for Real Action

Robert Mainardi, CFSA, CRMA President Mainardi and Company Without properly identifying root cause, management will provide an action which will be a symptom fix or an unsustainable solution. This session will teach participants what root cause represents and how to find it along with the keys to leveraging business partnerships for true actions to add value to the process. In this session, participants will:

Get to the heart of the matter by understanding root cause analysis.

Discuss the value of partnering to build and maintain real action.

Explore how to assure that implemented action is sustainable.

Robert Mainardi started his own consulting company after 21 years of working in the internal

audit profession in the financial services industry. His company develops and facilitates custom

internal audit training as well as evaluates, creates, and implements formal audit

methodologies including continuous auditing programs. Previously, Mainardi was the vice

president of internal audit for the Penn Mutual Life Insurance Co. and also served in audit

leadership roles for The Vanguard Group, Aetna, and Prudential Insurance. He is the author of

Harnessing the Power of Continuous Auditing. Mainardi is an active member of The IIA, having

served as a distinguished faculty member for more than 20 years as well as a popular speaker at

The IIA’s All Star conference and other events. Mainardi has merited the Six Sigma Green Belt

certification, earned the Qualification in Control Self-Assessment, and is certified to perform

Quality Assessment Reviews.

Field of Study: Auditing Learning Level: Intermediate

Monday September 26, 2016 11:35 AM – 12:35 PM Lunch: Perspectives From the House Financial Services Committee Moderator: Kevin Ryan, CIA, CFSA Chief Risk Officer and General Auditor Key Bank The Honorable Steve Stivers (R-OH) Congressman, Ohio’s Fifteenth Congressional District U.S. House of Representatives The Honorable Joyce Beatty Congressman, Ohio’s Third Congressional District U.S. House of Representatives U.S. House Financial Services Committee members Rep. Steve Stivers (R-OH) and Rep. Joyce Beatty (D-OH) will discuss what the Committee intends to accomplish in the remaining days of the 114th Congress as well as their projections for what the Committee’s 2017 priorities may be. Kevin Ryan has been with Key Bank since 1984, starting with the internal audit group and holding progressively responsible positions since then; he is now a member of KeyCorp's executive council and executive leadership team. He has overseen audits on non-banking subsidiaries including lease, mortgage, and insurance and became a member of the organization’s due diligence team reviewing potential mergers and acquisitions. Ryan has had responsibility for retail lending audit activities and the internal audit group, as well as the consumer finance risk management group and all corporate risk management services including internal audit, credit risk review, lending compliance, and consumer asset quality reporting relating to consumer finance business lines. In 2007, he was given responsibility for managing the market risk review and model validation group. Ryan is vice chair of The IIA’s Financial Services Advisory Board and previously served on International Internal Auditing Standards Board. He began his career in 1982 with Chase Manhattan.

U.S. Rep. Steve Stivers is serving his third term for Ohio’s 15th congressional district and sits on both the Financial Services Committee and the House Rules Committee. Prior to running for Congress, Rep. Stivers served in the Ohio State Senate, and prior to that, he worked for the Ohio Company and Bank One, focused on promoting economic development and encouraging job creation. Rep. Stivers is also a career soldier who served 30 years in the Ohio Army National Guard and holds the rank of Colonel. U.S. Rep. Joyce Beatty is serving her second term for Ohio’s third congressional district and sits on the Financial Services Subcommittee on Housing and Insurance as well as Oversight and Investigations. Prior to serving in Congress, Rep. Beatty was elected to the Ohio House of Representatives and also served five terms in the Ohio General Assembly where she rose to become the first female Democrat House Leader in Ohio’s history. Following her service in the Ohio General Assembly and State House, she became the senior vice president for Outreach and Engagement at Ohio State University. Field of Study: Auditing Learning Level: Beginner

Monday September 26, 2016 1:00 PM – 1:50 PM CS 3-1 Evolving Internal Audit Practices: Principles and Tips for Keeping Pace with Changing Risk Management Views and Practices Moderator: Mark Sparano Chief Audit Executive U.S. Bancorp Panelists: Joseph T. Arlt, CIA Audit Manager, Corporate Audit Services U.S. Bancorp Jeff Donahue, CIA Senior Director Capital One Faizal Chaudhury, CPA, CGMA Vice President, Internal Audit Salliemae Michael Richards, CPA EVP, Corporate Audit State Street Corporation Bank risk management frameworks continue evolving to promote effective governance and risk management that is systematic, transparent, credible, timely, and verifiable. Internal audit, as the third line of defense, is a critical activity in a risk management framework. As regulatory expectations and thought leadership (such as COSO ERM) change, internal audit practices must evolve. The development of a flexible assessment framework reflective of the leading practices is critical to assessing the adequacy and effectiveness of governance and risk management. This panel discussion will focus on internal audit approaches at four financial institutions of various

sizes, risk profiles, and regulatory oversight structures. In this session, participants will:

Gain recognition of the many risk management frameworks used to develop assessment

approaches.

Obtain tips on developing a flexible assessment framework that takes changes in

people, processes, and technology into account.

Explore different approaches to both coordinating with, and providing challenge to, risk

management.

Hear different approaches for internal audit to communicate conclusions to

stakeholders such as senior management, audit committees, and risk committees.

Mark Sparano has experience in public accountancy, internal audit and risk management, all in

the financial services industry. Over the course of his career, he led professionals at KPMG,

Bankers Trust, and Charles Schwab. Currently, he leads more than 250 internal audit

professionals at U.S. Bank. Prior to joining U.S. Bank in 2010, he served as chief audit executive

for Mellon Financial Corporation [Mellon Bank] as well as chief risk officer for U.S. Trust.

Joe Arlt oversees the company’s enterprise and operational risk management work. He developed a risk management assessment framework and oversees the planning and execution of the enterprisewide risk management audit plan that culminates in an annual opinion on the adequacy and effectiveness of governance and risk management. Arlt has 11 years of internal audit experience and 14 years of financial services experience. He regularly participates in external peer groups and provides thought leadership to the profession through participation with various trade groups and events. Jeff Donahue has over 20 years of experience in the financial services industry, concentrated within internal audit, enterprise and operational risk, and Basel. He currently leads the Corporate Audit Services (CAS) group’s risk management audit team, and has been with the company since 2010. His primary responsibility is the development and execution of audit’s assurance coverage over Capital One’s second line of defense risk management functions, including ERM, operational risk management, and credit risk management, as well as first line of defense risk management functions. Donahue also leads audit’s Basel implementation assessment activities, ensuring satisfaction of heightened regulatory requirements, providing

broad risk management audit support and training to the audit department, and leading efforts in CAS’ continued advancement of its risk coverage approach through continuous risk assessment and continuous auditing practices. Faizal Chaudhury is responsible for leading audits across multiple business units/functions and has primary ownership of the internal audit department’s professional development activities, including training, quality assurance, and internal audit policies and procedures. Chaudhury has more than 20 years’ experience as an audit professional. Prior to joining Sallie Mae, he held audit leadership positions at TD Bank and Bank of America. His other experiences include working as an external auditor for EY and Crowe Horwath. Field of Study: Auditing Learning Level: Intermediate CS 3-2 An Insider's Guide to Communicating With Executive Stakeholders Mark Martinelli, CAMS, CPA Chief Audit Executive Brian Scherbaum, CPA Senior Vice President, Internal Audit Synchrony Financial Internal audit’s ability to effectively communicate with executive stakeholders has a significant impact on the credibility, stature, and success of the department. Learn the key elements from an insider who will breakdown needed communication routines throughout the internal audit lifecycle. Examples of successes and failures will be shared from the presenter’s career experiences as a chief auditor and business executive. In this session, participants will:

Get valuable insight into the information needs of executive stakeholders, including the

CEO, CFO, Chief Risk Officer, and audit committee members.

Learn why effective communication with these stakeholders is critical to the internal audit

function’s success.

Receive proven methods on how to deliver concise, value-added information.

Gain insights from examples of both successful and ineffective communication routines.

Discuss tips on making the most of your executive stakeholder meetings, including actions

to start and stop.

Mark Martinelli joined Synchrony Financial in 2014, after having enjoyed a lengthy career with HSBC/hsbc.com, starting as hsbc.com’s CFO before taking on the roles of president and CEO. He served various roles before leaving the company as the senior executive vice president and chief auditor for HSBC North America. Martinelli joined HSBC in the U.S. as part of Republic National Bank of New York in 1991, and held various senior officer positions in finance, strategy, planning, and audit. Prior to joining HSBC in the U.S., he was a senior manager with KPMG. Martinelli served on the Audit Committee of the New York Clearing House from 2007‒14 and as its chair from 2011‒13. He has been a director on the Baruch College Fund (BCF) Board of Trustees since 2010, and a member of the BCF Audit Committee since 2010 including a four-year term as chair. Martinelli has been a featured speaker on accounting, banking matters and auditing and served as an adjunct professor at Baruch College from 2000‒03. Martinelli has served on St. John’s University Department of Accounting and Taxation Executive Advisory Board. He also is a member of the NYSCCPA Internal Audit Committee. Brian Scherbaum joined Synchrony in 2014 as the head of Risk and Credit Audit. Prior to joining Synchrony, he was an internal audit director for Capital One overseeing the execution of the company’s credit card internal audit plan. Prior to Capital One, Scherbaum spent 13 years at HSBC holding a variety of positions within the internal audit department, including senior vice president with responsibility for audit coverage of the retail banking and wealth management businesses within North and South America. His experience has been predominately focused on risk management and operations for consumer finance and credit card products. Field of Study: Auditing Learning Level: Intermediate CS 3-3 Driving Value Using Data Analytics Imtiaz Hussain, CPA

Audit Director Bank of New York Mellon The session will look at innovation driving changes in financial services institutions, explore the types of data analytical solutions internal audit could deliver, and how that could generate value for the organization. Participants will gain insight into organizational models that could be of value in delivering optimized audit projects. In this session, participants will:

Learn about innovative uses of data analytics in financial services.

Identify data analytics solutions and discussion their optimization.

Explore effective design of the audit organization to support the use of data analytics.

Imtiaz Hussain is the head of audit for EMEA investment services operations audit and is also responsible for the international global delivery centers (GDCs) in India, Manchester, and Poland. His primary responsibilities include delivery of audit projects and seamless operations of the GDCs. Hussain is a member of the BNY Mellon EMEA Culture and Conduct Council, Global Innovation Council, and Emerging Risk Think Tank. He sits on several steering committees including the Third-party Governance Committee, Investment Services Committee, India Risk Review Board, and Poland Board. Hussain joined BNY Mellon in 2011 as the head of finance controls in the EMEA finance organization. Prior to joining BNY Mellon, he was the EMEA head of audit for Flowserve Corporation and a senior manager at Jefferson Wells. He holds several certifications in the fields of banking, project management, and technology risk management. Field of Study: Auditing Learning Level: Intermediate

Monday September 26, 2016 2:00 PM – 3:15 PM GS 2 Emerging Risks: 12 Month Focus at the CFPB Paul Sanford Assistant Director Office for Supervision Examinations Consumer Financial Protection Bureau 12 Month Focus at the CFPB Paul Sanford has served in a variety of capacities in the financial services industry for the past 28 years. Prior to his current role, he served as chief of staff, office of large bank supervision for CFPB. Prior to that, Sanford served as executive secretary at FFIEC overseeing operations. Before the FFIEC, he served as an instructional designer with the OCC and an examiner with the FDIC. Before becoming a federal regulator, Sanford was a commercial loan analyst with a $32 billion financial institution. Sanford is a veteran of the United States Marine Corps and Army National Guard. Field of Study: Auditing Learning Level: Intermediate

Monday September 26, 2016 3:45 PM – 5:00 PM GS 3 Sound Bites: Leading Practices in Internal Audit Facilitator: Jason Pett Partner –Risk Assurance US Internal Audit Solutions Leader | Risk Assurance US Financial Services Sector Leader PwC Jason Pett has been delivering a range of risk management, external audit, and internal audit services to leading global and national organizations for more than 20 years. His extensive experience also includes providing implementing and optimizing enterprisewide risk management programs and systems and performing risk assessments to organizations in a variety of industries. Pett has assisted organizations in the design of start-up internal audit, ERM, and compliance functions as well as working with companies to transform existing functions to be value-added, risk-based, and strategically aligned with other lines of defense and the business. He has managed both outsourced and co-sourced internal audit engagements for a variety of companies. Pett also has extensive experience incorporating best practices, such as embedding data analytics into all components of risk management and control, and leveraging deep industry and technical expertise from across PwC into the planning, execution and reporting of internal audit projects, risk management programs and compliance testing solutions. He is an author of both PwC's annual Risk in Review and State of the Internal Audit Profession studies and a frequent speaker on the topics of compliance, internal audit, risk management, and control. Presenters: Coordination with Centralized Testing Functions Brian Portman Principal EY In this rapid-fire session, speakers will discuss testing function models commonly used by other businesses and the overall benefits of a centralized process, such as possible cost reductions,

more consistent program execution, enhanced coordination, model scalability and agility, as well as the transparency that will come about. In this session, participants will:

Discuss current trends in centralizing testing functions under one organizational

structure.

Identify pros and cons of this centralized model.

Explore considerations for off-shore vs. onshore testing models.

Review how companies can move towards this centralized model.

Understand what should be centralized, what should remain status quo.

Discuss common pitfalls companies have experienced when moving in this direction.

Brian Portman has nearly 17 years of management experience and 10 years of experience in the financial services industry serving clients in the areas of internal audit, compliance, and risk management. He currently leads several internal audit co-source and outsourcing arrangements and has hands-on experience in the development and implementation of risk assessment and audit execution processes and frameworks. Prior to joining EY, Portman worked as a bank examiner with the Office of the Comptroller of the Currency, where he conducted examinations of national banks to ensure compliance with federal banking regulations. Playing in the Gray: Maintaining Independence Danny Goldberg, CPA, CIA, CISA, CCSA, CGEIT, CRISC, CRMA Founder GoldSRD Financial Services’ internal audit departments have the difficult role of balancing independence while adding value and serving as a trusted adviser to the organization. Can internal audit maintain the many roles inside the organization and still be effective in all of them? This session will discuss this delicate balance and how internal audit can stay effective as the Third Line of Defense while assisting as a trusted adviser. In this session, participants will:

Understand the many roles internal audit plays in a financial service organization.

Identify and discuss how to balance the roles effectively.

Learn which roles are most valuable and how to do "everything" without losing

independence.

Danny Goldberg oversees his firm which is a leading provider of staff augmentation, executive

recruiting, and professional development services. He has nearly 20 years of audit experience,

including five as a CAE/audit director at two diverse companies and has been speaking and

training for many years working with many Fortune 1000 organizations in their methodology

development and training efforts. Goldberg was named as one of the Fort Worth Business Press

40 Under 40 for 2014, and is the author of People-Centric© Skills: Communication and

Interpersonal Skills for Internal Auditors.

Facilitating Audit Committee Leadership through On-going Training Barbara Martin, CIA, CCSA, CRMA Principal Expert Audit Management LLC The success of an internal audit department is largely dependent on the support and

knowledge of audit processes by members of the governing body and the audit committee. This

session will explore methods for facilitating high levels of audit committee expertise, promoting

on-going education, and engaging committee members in the audit process. It will identify

critical points for committee development and possible roles of the CAE, staff, and external

sources. Mechanisms to systematically include ongoing audit committee learning opportunities

in audit communications and to respond to changes in leadership and committee structure will

be discussed.

In this session, participants will:

Learn processes for promoting audit committee leadership and ongoing

improvement.

Explore methods to incorporate audit training into audit committee presentations

and to engage audit committee members in the process.

Discuss techniques for analyzing committee strengths and weaknesses for

customized training.

Examine strategies for dealing with audit committee member turnover and

committee restructure.

Identify critical points for committee development and learn methods for member

briefing.

Barbara Martin has more than 20 years of executive management and CAE experience. Her company provides internal audit services ranging from crisis management and forensic review to department setup and restructure, risk assessment implementation, and audit performance. She specializes in assisting upper management with customized services including assistance with audit committee presentation and training. Martin has consulted with a range of private companies and governmental entities including various financial institutions, state governments, hospitals, manufacturers, and Indian reservations. Prior to starting her company, as CAE she established three new audit departments and re-engineered two departments in industries including transportation, housing, finance, and medical services. Martin has performed Quality Assurance Reviews for government entities and has conducted seminars on over 30 topics in North America. Auditing Risk Culture Christopher Paulison, CPA, MBA Partner Grant Thornton LLP This program is designed to educate participants on the essential components of an effective

risk culture and the methods of auditing risk culture. The presentation also explores what is

driving the focus on auditing risk culture and how an organization’s culture can impact risk

decisions and reputational risks.

In this session, participants will:

Hear how a toxic culture can impact an entire organization.

Discuss the similarities and differences in the tone at the top and tone in the middle.

Clarify roles, responsibilities, and accountabilities.

Explore performance management and incentives as an element of auditing risk

culture and using a risk culture model as a framework.

Learn about the variety of risk culture surveys and their pros and cons.

Review quantitative and qualitative techniques to assess risk culture and how to

embed this into the audit plan.

Christopher Paulison is the national leader of the Financial Services Center of Excellence (COE)

for internal audit at Grant Thornton and has more than 25 years of audit, compliance, and risk

management experience in financial services. Paulison served as partner in a Big 4 firm where

he led its internal audit/risk practice for the Midwest region in financial services, and also

served as chief audit executive for a Fortune 20 company.

Compliance Risk Management – Internal Audit Perspectives Rich Reynolds, CIA, CPA, CRCM Partner, Internal Audit Services PricewaterhouseCoopers The complexity of bank laws and regulations and the regulatory expectations for compliance have never been greater. In response, the first and second lines of defense have improved their compliance monitoring, testing, and quality assurance programs. In addition, regulatory expectations for auditing compliance have also increased and audit functions have struggled to keep pace. As monitoring and testing activities continue to evolve and mature across the three lines, what is the appropriate future state?

In this session, participants will

Gain knowledge of the vast, complex world of regulatory compliance.

Obtain a better understanding of bank laws and regulations and regulatory expectations.

Develop ideas on how to implement compliance auditing.

Rich Reynolds is the national leader for PwC's internal audit and compliance testing services practice for the financial services industry. He has more than 26 years of experience working with financial institutions and is a trusted adviser to senior executives on solving complex risk management, compliance, and control related issues. Reynolds specializes in providing internal audit services ranging from strategic performance reviews to directing a broad range of internal audit activities including outsourcing, co-sourcing, and policy development, and implementation. He has significant experience designing and executing programs for testing compliance controls across a variety of banking and securities laws and regulations. Reynolds

has managed risk management consulting and auditing engagements for a broad range of financial institutions including commercial banks, investment banks, asset managers, insurance companies, and treasury operations of large corporations. Field of Study: Auditing Learning Level: Intermediate

Tuesday September 27, 2016 8:00 – 9:15 AM GS 4 Changing by Doing: A New Way to Change Dr. Jerry Jellison USC Professor Emeritus and Current Chairman USC Credit Union Change, change, change is the mantra of our time. Workers feel overwhelmed with implementing change. The problem isn’t too much change; the problem is that the tools we use to adapt to change are outmoded and ineffective. We are told to change our thinking to change our actions. What if we reverse that process? The tools offered in this session will enable you to experience the benefits of change even before you are persuaded it will be a good thing. Your positive experience will trigger a change in your thoughts and feelings. In this session, participants will:

Learn to use a new action-based approach to change.

Recognize the limitations of the power of positive thinking.

Discuss separating fear of change from the reality of change.

Take part in experiential learning to accelerate personal growth.

Explore the Power of Positive Doing.

Dr. Jerry Jellison has been a full professor of social psychology at the University of Southern California in Los Angeles for over 30 years. He held previous appointments at Duke University, the University of Missouri, and the University of Texas, Austin, and has received multiple teaching excellence awards. Dr. Jellison served as president and chairman of the board of the 30,000 member USC Credit Union for 23 years and helped create a 100-fold increase in assets from $2 million to over $300 million. He has been teaching his practical techniques for implementing change to business professionals throughout the world for the past 25 years. He has extensive experience consulting with all levels of management. A popular keynote speaker, Dr. Jellison has addressed audiences around the world for over 25 years. He has extensive experience connecting with all levels of management from CEOs to front line supervisors and employees. His book, Overcoming Resistance, was a Fortune Book Club selection and named a

top business book. Dr. Jellison also wrote Managing the Dynamics of Change and Life After Grad School. Press. Field of Study: Auditing Learning Level: Intermediate

Tuesday September 27, 2016 9:45 AM – 10:35 AM CS 4-1 CCAR From an Internal Audit Perspective Rajneesh Sharma Director KPMG Theodore Scallon, CPA Partner KPMG Raymond Clifford Managing Director Goldman Sachs Bradley Rebel, CPA Managing Director SunTrust Bank A major regulatory change, CCAR has driven the banking sectors’ risk and capital management agenda for several years. As the third line of defense, internal audit is a key assurance provider to ensure that the business functions comply with these requirements. The pace of regulatory change has posed challenges in effectively auditing CCAR amidst the business change. The session will cover the importance of CCAR auditing, how internal audits are responding to CCAR requirements, expectations from regulators, and typical audit challenges. In this session, participants will:

Understand heightened expectations placed on internal auditing in conducting CCAR

audits.

Discuss challenges in auditing CCAR and lessons learned from previous CCAR cycles.

Explore leading practices in conducting effective CCAR audits.

Discuss the regulatory examination process and key expectations.

Raj Sharma works in KPMG’s internal audit practice and has more than 15 years of experience. He has been instrumental in leading KPMG’s CCAR audit solutions and has advised CCAR banks including foreign banking organizations (FBOs) in setting up and executing CCAR audit frameworks. Sharma has also conducted CCAR workshops for internal audit functions at large banks. In addition, he has also advised clients in setting up IHC audit framework in response to enhanced prudential standards. TJ Scallon is an advisory partner within KPMG’s Internal Audit, Sarbanes Oxley Assistance Services (IASOAS) practice with more than 21 years of experience providing audit and advisory services to global financial institutions and bank holding companies, investment banks, investment companies, and registered broker dealers. In this role, he works closely with internal audit departments and senior management in areas such as Sarbanes-Oxley 404, internal controls, technical accounting, financial reporting, regulatory compliance, information technology and operational risk management. Prior to joining KPMG’s advisory practice in 2012, Scallon was an audit partner within KPMG’s financial services audit practice serving some of the firm’s largest banking and capital markets clients. He currently serves as the banking and finance lead for IASOAS in New York and KPMG’s New York Office Banking and Capital Markets Industry Leader. Ray Clifford has over 20 years of experience in auditing and product control functions in the financial services industry and also serves as Goldman’s co-head of audit, securities Americas and head of product control audit. In his current role, he covers the firm's finance, trading and sales area and oversees the internal audit regulatory coverage for CCAR revenue projections and aggregation. Clifford is also responsible for the internal audit coverage of the securities’ division Volcker compliance program. Bradley Rebel has 25 years of audit experience in the financial service industry specializing in internal audit, SEC reporting, internal controls, enterprise and operational risk management, business process enhancement, commercial and consumer credit delivery, and the rebuilding of teams to maximize individual performance and team results. In addition to audit responsibilities for CCAR and Resolution Planning, Rebel and his teams provide audit coverage for investment banking, corporate treasury, compliance, and AML/BSA. Field of Study: Auditing

Learning Level: Intermediate

CS 4-2 Panel Discussion: Key Insights on Internal Audit from the Bank CAE Moderator: Julie Scammahorn, CIA, CRMA Chief Auditor Citibank, N.A. and North Citi

Panelists: Mark Carawan, Ph.D., CA Chief Auditor Citi David Julian Executive Vice President, Chief Auditor Wells Fargo Paulette Mullings-Bradnock Chief Audit Executive BNY Mellon The banking industry has had to navigate through many changes on multiple fronts. Whether it is changes in regulations or innovation in technology, there are no signs of slowing down. Demands on internal audit continue to impact the profession. Our CAE panel will share their insights on how their audit functions are adapting to the speed of risk, and how internal auditing is evolving in the banking industry. In this session, participants will:

Hear how multiple changes have affected various aspects of the financial and

banking industry.

Get individual insights on how each has maintained sanity and stability in the face of

ever-present change.

Learn tips on auditing at the speed of risk.

Glimpse into the future and what may be coming down the pike as seen by panelists.

Julie Scammahorn is responsible for the on-going assessment of businesses’ risk and control environment through evaluation of financial, operational and administrative controls, governance, and risk management practices as well as adherence to laws, regulations and Citigroup and Citibank, N.A. policies. She also is the regional chief auditor for North America, overseeing the program assurance provided over Citi’s businesses across the region. Prior to joining Citi in 2014, Scammahorn was the general auditor and senior vice president of American Express Company, and also served as general auditor at Bank of America Corporation (legacy Countrywide Financial Corporation). Scammahorn started her career in banking with NationsBank (Bank of America) and was the senior vice president and audit responsible for the global audits of Banc of America Securities. Mark Carawan joined Citigroup in 2011 as Citigroup chief auditor and managing director responsible for the internal audit department. He is now responsible for internal audit’s delivery of assurance on governance, risk management, and control across Citigroup globally to executive management and the board. Prior to joining Citi, Carawan served as chief internal auditor for Barclays Group where he led a major transformation of their internal audit function. Previously, he served as managing partner responsible for enterprisewide assurance to wholesale financial services institutions at Deloitte (UK). Prior to joining Deloitte, Carawan was managing partner for Andersen’s global Privatisation and Emerging Markets practice. He serves as president of the Chartered Institute of Internal Auditors (IIA‒United Kingdom and Ireland). David Julian assumed his role in 2012, having previously served as director of market and institutional risk and head of corporate credit services for Wells Fargo. Prior to joining Wells Fargo, Julian served as Wachovia’s chief auditor, having risen to that role after serving as chief operating officer for finance, corporate controller and principal accounting officer, and director of corporate accounting and reporting. Julian also served as senior vice president of finance for Forum Corporation, a management leadership company, and worked at Price Waterhouse. He is active in several industry groups and previously served on the Standing Advisory Group (SAG) to the Public Company Accounting Oversight Board (PCAOB). He is also a former member of the ABA Accounting Committee. Field of Study: Auditing Learning Level: Intermediate

CS 4-3 Cybersecurity and the role of Internal Audit Moderator: Dan Costa Principal EY Panelists: Rich Rossignol, CISA, CRISC Managing Director, Head of Technology & Operations MUFG Chad Levant Managing Director Goldman Sachs Chris Kyriakakis, CIA Managing Vice President Audit Capital One Cybersecurity risks and threats have recently grown in scope and sophistication, prompting regulatory action to ensure that firms are properly equipped to handle new threats. Attacks from random unsophisticated cybercriminals have evolved into state-sponsored cyber warfare. Evolving cyberattacks and security reforms demand the utmost attention. In this session, participants will:

Learn new ideas about handling cybersecurity issues and how they relate to internal

auditing.

Experience the evolution of how a cyberattack works and how firms have

traditionally responded.

Share insights on current industry leading practices, regulatory views, and internal

audit’s role in mitigating the key risks associated with cybersecurity.

Hear about insights from the panel’s recent Information Security Survey on how

firms manage their cybersecurity today.

Dan Costa is with EY’s Information Technology Risk & Assurance Services practice. His primary responsibility is delivering services to the IT internal audit functions within the banking and capital markets industry segment. Costa has led several teams within large global clients focused on information security, identity and access management, cyber risk management and infrastructure service needs. In addition, he has overseen internal audit engagements focused on cybersecurity with the focus on identification of risk and the development of an overall internal audit cybersecurity methodology framework to support ongoing monitoring and audit execution efforts. Costa is a popular speaker at industry events including The IIA, SIFMA, GAMS, and ISACA. Rich Rossignol is responsible for developing and executing a comprehensive risk-based audit program across technology and operations. He also serves on the audit committee of The Clearing House Payment Company. Rossignol has more than 26 years of experience in the financial services industry, 16 of which have been focused on technology audit. Before joining MUFG, he was with Bank of America where he was responsible for the development and coordination of the global technology audit plan. Prior to joining Bank of America, Rossignol served in positions of increasing responsibility in JP Morgan Chase's internal audit department. During his eight years with JPMorgan Chase, he focused primarily on investment banking technology and corporate functions technology globally. Prior to joining JPMorgan Chase, Rossignol held various positions at PricewaterhouseCoopers, and began his career with Travelers Insurance. Chad Levant is responsible for all audit related activities for the technology risk, corporate, investment management, GS bank, investment banking, merchant banking, global investment research, and infrastructure technology organizations. Additionally, Levant has responsibility for the internal audit data analytics function, as well as the Strategic Initiatives Group. He is a member of the internal audit executive leadership team, co-head of technology audit for the Americas, and serves as an observer on several firmwide technology risk committees. Chris Kyriakakis joined Capital One's internal audit department in 2012 and currently oversees technology and enterprise services audit, leading audit services that address technology risk across the company, engaging in mergers and acquisition activity, and providing thought leadership on emerging technologies. Prior to joining Capital One, Kyriakakis was a partner at

Frazier & Deeter (F&D) where he established and led the firms risk advisory practice. While there, he functioned as the CAE for several mid-market public companies for which F&D headed their internal audit function. Kyriakakis also spent 11 years at Deloitte & Touche during which time he held a national role related to Sarbanes Oxley services and supported the FS lead partner with the rollout of internal audit services at large financial services and banking targets in the Atlanta/Birmingham marketplace. Kyriakakis is also a former IS inspector with the Public Company Accounting Oversight Board (PCAOB) where he assisted with the development and delivery of Sarbanes-Oxley inspection programs. He is a qualified instructor for the AICPA and for ISACA, delivering multiple training seminars over the years. Field of Study: Auditing Learning Level: Intermediate

Tuesday September 27, 2016 10:45 AM – 11:35 AM CS 5-1 Getting Ahead – Audit’s Approach to Engaging Before Issues Arise Rick Beckman, CPA Deputy Corporate General Auditor Bank of America Patty Clement SVP, Deputy Corporate General Auditor Bank of America Bank of America’s audit function developed a dedicated Field Assessment and Site Testing (FAST) team designed to identify circumstances, situations, and/or practices that may negatively impact the company from a financial, reputational, and compliance perspective. This session will share the advantages and lessons learned from building a team with this mandate and explore how engaging early, when issues are small, had been beneficial for the businesses. In this session, participants will:

Discuss how FAST teams are organized across lines of business to work directly with

audit teams.

Review the outcomes of evaluation of recurring monitoring routines like customer

call listening, recurring thematic analysis, media and news topics, and more.

Learn about the evolution of onsite assessments that are part of audit’s anticipatory

risk program.

Explore the delivery of readiness assessments (pre–and post-implementation

reviews) with a greater degree of substantive testing.

Gain insight into analysis of risks, issues, complaint, and transaction data to

proactively trigger “early identification” of exposure points.

Rick Beckman, who joined Bank of America in 1985, oversees the team responsible for providing independent assessments of internal business controls and processes and for making

recommendations in support of the company’s risk framework and business strategies. Previously roles Beckman held include senior operational risk executive for consumer real estate services and in several audit leadership roles including consumer products group (including credit card, mortgage, debit card, and insurance), IT, e-commerce, customer services and support, services and fulfillment, and audit operations. He is a Six Sigma Black Belt. Patty Clement is responsible for providing an independent assessment of the internal business controls and processes and for making recommendations in support of the company’s risk framework and business strategies. She has more than 25 years of leadership experience in finance and banking and most recently led Global Corporate Services, responsible for the teams focused on delivering quality, low-cost services to employees, managing the company’s real estate footprint, and oversight of the risk-based vendor management program. Her team managed thousands of the company’s vendors and related contracts, as well as nearly 100 million square feet of real estate in 46 countries and territories. Previously, Clement served as the Chief Financial Officer (CFO) for Global Commercial Banking and as the CFO for the Consumer Distribution and Small Business group. Field of Study: Auditing Learning Level: Intermediate CS 5-2 Raising the Bar on Internal Audit in Insurance Moderator: Tracy Sokol, CIA, CRMA, CPCU, CLU Vice President, Internal Audit State Farm Insurance Panelist: Patricia Barbari Senior Vice President and General Auditor New York Life Insurance Co. Lorenzo Cupido Group Vice President, Enterprise Risk, Capital and Liquidity Prudential Financial

Stacey Schabel VP & Head of Internal Audit, Jackson NABU Audit Director Prudential plc Join our distinguished panel of internal audit leaders for a discussion on the risks and challenges facing the insurance sector. How do you stay ahead of a complex regulatory environment, and be a strategic partner in your organization in advancing the control structure within a mature industry? Gain insights from our panelists on the growing role and importance of internal audit within the insurance industry. In this session, participants will:

Learn how regulatory transformations have affected auditors in the insurance

sector.

Peer into the future as panelists describe where they believe regulation of the

industry is headed.

Discuss anticipated challenges, how previous challenges have been conquered, and

what remains to be addressed before moving to the next phase.

Identify ways internal audit can assist the industry as a whole in coping with new

layers of regulation.

Tracy Sokol has had responsibility for State Farm’s internal audit department for the past seven years, which provides assurance services to its automobile insurance division, credit union, and pension lan. She has more than 25 years of experience with State Farm and within the insurance and financial services industry. Sokol began her career with the company in 1992, and has held several leadership positions in financial operations and compliance, where her areas of emphasis included financial and statistical reporting, strategic planning, and incentive compensation. Prior to joining State Farm, Sokol worked at PriceWaterhouse and Growmark. Stacey Schabel oversees the team that examines and evaluates the key activities and processes supporting the North American operations of Prudential. She assists the board, audit, and risk committee members and executive management in protecting the assets, reputation, and sustainability of the organization through assessment and reporting on the overall effectiveness of risk management, control, and governance processes. Schabel joined Jackson in 2005 and

has held progressively responsible leadership roles. Prior to joining Jackson, she worked for Plante & Moran, PLLC. Patricia Barbari has overall responsibility for corporate audit at New York Life and was appointed to the role of general auditor in 2012. She began her career at New York Life as a director of corporate quality and spent four years in internal audit before moving to the company's service operations. Barbari held a series of positions in the service department including head of life and annuity new business before returning to corporate audit in 2010. Lorenzo Cupido oversees enterprise risk, capital, and liquidity audit. He previously served in various risk roles including chief risk officer, U.S. swap dealer, and U.S. head of market risk at HSBC. Cupido has extensive international experience in risk management, capital markets, banking treasury, as well as asset and liability management. He also had significant involvement in the post-crisis regulatory implementations, developing effective relationships with U.S. and European regulators on the path to full compliance with the new rules. Prior to joining HSBC, Cupido held senior positions at several European banks and financial institutions. Field of Study: Auditing Learning Level: Intermediate CS 5-3 Audit Committee and CFO Expectations Today: Using BI to Separate Wheat From the Chaff George Thomas Board Member Traditions Business Applications

Steve Homza, CPA Global Head of Internal Audit Dollar Financial Group

Audit risk assessments take into consideration many factors including business risk assessments. Variability in business risk assessment processes reduces transparency and makes this a time-consuming task for auditors. Is it possible to leverage inconsistent risk processes to generate an integrated top-of-the-house risk view? One supported by drill-down capability to

spot risk hot spot drivers? The session presents an example in which Business Intelligence (BI) is applied to improve the quality and timeliness of risk assessments and continuous monitoring to position internal audit as a business partner driving value while preserving independence. In this session, participants will:

View an example of aggregate risk severity dashboard derived from non-standard

risk assessments.

Learn how to leverage non-standard risk assessment methodologies to drive to

aggregate risk views.

Recognize the value of BI to draw out otherwise hidden risk.

Identify how to leverage commonalities among risk assessments.

Follow a drill-down example to identify root causes.

George Thomas was the former SVP/CAE at First Data and served on the ERM Council. He also held leadership roles at Fifth Third Bank, PNC, and Great Western Bank. A popular speaker at national trade conferences, Thomas serves on The IIA’s Financial Services Auditing Board, chairs the Colorado Financial Executives Networking Group, and served on the Exempla Healthcare audit committee, and international committee of the Association of Chartered Certified Accountants. In addition to his other certifications, Thomas is a certified TG-3 auditor. Steve Homza oversees an internal audit team of 30 professionals located in North America, United Kingdom and Europe. He previously was managing director of internal audit at Legg Mason, Inc. In both roles, his responsibilities include oversight of the internal audit function and development of the annual risk-based audit plan. Prior to joining Legg Mason, Homza served in audit leadership roles at PNC Financial Services Group and Swiss Bank. He previously served a term as a member of the PCAOB Standing Advisory Group. Homza began his career with Arthur Andersen followed by KPMG. He is a member of The IIA’s Financial Services Advisory Board. Field of Study: Business Management & Organization Learning Level: Intermediate

Tuesday September 27, 2016 11:35 AM – 12: 35 PM

GS 5 Relationships and Risk: Insights From Stakeholders in the Financial Services Industry Vernon Stafford EVP/Chief Audit Executive First Horizon National Corporation Michael Thor Managing Director –North America Internal Audit Financial Services Leader Protiviti Internal audit has advanced opinions in performance, positioning, and perception. A new CBOK stakeholder report validates these findings and highlights opportunities for internal audit to push advancement even harder. This presentation focuses on findings specifically from stakeholders in the financial services industry. While there is much to be explored in the survey responses, at a high level, a clear picture emerges regarding the importance of risk and relationships. In this session, participants will:

Learn how internal auditors in the financial services industry are doing on the

fundamentals.

Discover what kind of information stakeholders want beyond assurance from

auditors.

Explore stakeholders’ opinions on the auditor’s role and scope of that role in the

area of strategic risks within financial institutions.

Discuss how to prioritize competing demands while addressing stakeholders’

expectations.

Vernon Stafford is responsible for corporate internal audit and credit assurance. Prior to joining First Horizon in 2013, Stafford served a distinguished 33-year career as a national bank examiner for the Office of the Comptroller of the Currency (OCC), having served as an assistant deputy comptroller (ADC) in OCC’s Midsize Bank Supervision since mid-2011. As ADC, Stafford

supervised a staff of midsize bank examiners-in-charge (EIC) and a portfolio of midsize banking companies ranging in assets of $13 billion to $90 billion. After serving in various positions as a field bank examiner and regional analyst, he served as director for OCC’s Core Policy Development division (now Operational Risk & Core Policy) for about five years, with responsibility for developing and implementing supervisory policy for national banks. In 2001, Stafford was appointed director for large bank supervision, a division responsible for the supervision of the largest banking companies in the national banking system. In 2006, he was appointed EIC of supervision for First Tennessee Bank, N.A., responsible for the day-to-day supervisory activities of the banking company, where he served until 2011.

Michael Thor is a regular speaker and contributor to industry publications on topics within the internal audit industry. He has presented at numerous industry events and is a regular presenter on The IIA’s FSAB webinar series. As a leader within the financial services practice of Protiviti, Thor regularly presents on the direction of the internal audit profession to the company’s global teams. Field of Study: Auditing Learning Level: Intermediate

Tuesday September 27, 2016 1:00 PM – 2:15 PM GS 6 The Evolving Role of Internal Audit: Regulatory Expectations Moderator: Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA President and Chief Executive Officer The IIA Panelists: Molly Scherf Deputy Comptroller for Large Banks Office of the Comptroller of the Currency Joanne Wakim Assistant Director and Chief Accountant Board of Governors of the Federal Reserve System, Washington, DC Robert F. Storch Chief Accountant Federal Deposit Insurance Corporation The role of the internal audit function constantly evolving with increasing demands on its resources. IIA President and CEO Richard Chambers shares the stage with senior leaders from the Federal Reserve, OCC, and FDIC to discuss the regulatory landscape, expectations of internal audit, and other emerging issues that impact the industry. In this session, participants will:

Gain up-to-date insights from a diverse panel of experts on internal audit’s influence

within the regulatory environment.

Explore what’s next from a national perspective on potential areas for regulatory

oversight.

Discuss from varying viewpoints how emerging issues are affecting internal audit’s

role in financial sector industries.

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of

Internal Auditors (IIA). He has more than four decades of internal audit and related experience.

Chambers was national practice leader in Internal Audit Advisory Services at

PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy

inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal

Review Organization at the Pentagon. He currently serves on the Committee of Sponsoring

Organizations of the Treadway Commission (COSO) Board of Directors; the International

Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the

U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.;

The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received

the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership

Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting

Today named him one of the Top 100 Most Influential People in Accounting in 2012, 2013,

2014, and 2015, as well as one of 10 tweeters worth following. The National Association of

Corporate Directors (NACD) named him one of the most influential leaders in corporate

governance in 2013, 2014, and 2015. Chambers authored the award-winning book, Lessons

Learned on the Audit Trail, which is available in five languages.

Molly Scherf oversees the large bank lead expert, shared national credit, data analytics, and systems teams. She also works with other OCC divisions and regulatory peers to develop supervisory guidance and regulation. Scherf has 26 years of bank supervision experience, and previously served as the OCC’s large bank lead expert for governance and enterprise risk management. In this role, she led the OCC working group that developed the Heightened Standards for Governance and Risk Management. As a commissioned national bank examiner, she has reviewed all aspects of bank risk management and specialized in information technology and retail credit. Joanne Wakim has responsibility over advising the Federal Reserve governors and senior board staff on the implications of key accounting, auditing, and reporting issues facing the banking industry. She is the senior Federal Reserve Board official responsible for the development of policy positions on domestic and international accounting, auditing, reporting, disclosure, and related internal control issues affecting the banking industry. In addition to her responsibilities

as chief accountant, Wakim oversees the Federal Reserve Board’s policy implementation effectiveness function. She also represents the Federal Reserve Board on various subgroups of the Basel Committee on Banking Supervision. Prior to joining the Federal Reserve Board, Wakim worked at the Office of Thrift Supervision. Her previous experience includes participating in the accounting standard-setting process while working at the Financial Accounting Standards Board (FASB) and working as an auditor at Ernst & Young.

Robert Storch has principal responsibility for the development of accounting policies and reporting requirements for banks and the review of depository institutions’ accounting for specific transactions. He represents the FDIC on the Basel Committee on Banking Supervision’s Accounting Experts Group, and chairs the Federal Financial Institutions Examination Council’s Task Force on Reports. Storch’s other duties involve participation in the development of the FDIC’s regulations and supervisory policies pertaining to auditing programs and oversight over the FDIC’s securities registration and disclosure function under the federal securities laws. He joined the FDIC in 1973 as an examiner trainee and served in progressively responsible leadership roles before being appointed to his current post in 2003.

Field of Study: Auditing Learning Level: Intermediate

Tuesday September 27, 2016 2:45 PM – 4:00 PM GS 7 CAE Panel Discussion: Where Do We Go From Here? Moderator: Steve Jameson, CIA, CCSA, CFSA, CRMA Executive Vice President Chief Internal Audit and Risk Officer Community Trust Bancorp, Inc. Panelists: Christine Katziff Corporate General Auditor Bank of America Tracy Sokol Vice President, Internal Audit State Farm Insurance Kelvin Vi Luan Tran Senior Vice President and Chief Auditor TD Bank Group What have we learned? What are the emerging issues facing the industry? The diverse panel of distinguished CAEs cap off the Exchange reviewing key takeaways and lessons learned from the past two days and discussing what lies ahead for the banking, insurance, and asset management segments. In this session, participants will:

Hear from a diverse panel of industry leaders about their thoughts on the financial

services industry and what might be on the regulatory horizon.

Have an opportunity to share highlights from the Exchange’s sessions leading up to

this panel discussion.

Steve Jameson is responsible for the internal audit, ERM, loan review, compliance, and security functions. He has nearly 30 years of experience as an internal audit professional in the financial services industry, three years in public accounting, and more than four years with The IIA as AVP of the Professional Practices Group. Jameson has been involved in starting two internal audit functions, consolidating decentralized internal audit groups, merging audit functions during acquisitions, and reorganizing existing audit functions. He has coordinated outsourced internal audit engagements, external audit services, and regulatory examinations for each of the financial institutions where he was employed. Jameson’s extensive experience also includes serving as liaison to COSO, IFAC, and FFEIC on various projects to develop structural frameworks, guidance, and policies. He served on the Board of Environmental, Health & Safety Auditor Certifications and on The IIA’s Financial Services Advisory Board, CBOK Steering Committee, Professional Issues Committee, and Research Foundation Board of Trustees. He also spent one year with the World Bank’s internal audit department. Christine Katziff leads a global team of audit and credit review professionals responsible for providing an independent assessment of the company’s internal controls and credit standards and for making recommendations in support of the company’s risk framework and business strategies. She is a member of the company’s executive management team. Katziff has over 25 years of experience in the financial services industry, in public accounting and private audit and compliance roles. Kelvin Tran has responsibility for the planning, execution, and reporting of audits, regulatory reviews, and special projects. He is responsible for more than 400 employees operating out of six locations around the world. Tran has been with TD Bank for over 16 years in progressively senior roles, including head of enterprise decision support, treasury and balance sheet management, and chief accountant. Most recently, he served as the CFO of TD Securities. Tran is chair of the Visible Minority Committee and the Finance Diversity Leadership Council of the bank. Field of Study: Auditing Learning Level: Intermediate