2016 ACUA
ANNUAL CONFERENCE
Life’s a Beach with ACUA!
September 11-15, 2016
InterContinental Miami
Miami, FL
ACUA 2016: Life’s a Beach with ACUA!
| 1
Welcome
Life’s a Beach at the 2016 ACUA Annual Conference! Join fellow college and university
audit professionals in sunny Miami September 11–15, 2016. The Annual Conference offers
opportunities for attendees to learn innovative ideas, share best practices, and take home
new ideas to handle challenges.
Mr. Richard Chambers, President and Chief Executive Officer for The Institute of Internal
Auditors, is our general session speaker on Monday. He will explain how to maneuver
the politics of internal auditing to make positive changes. Mr. Chambers will describe
how internal audit can effectively balance transparency and politics, strategies for
maintaining credibility, respect, and trust, as well as the importance of providing value and
remembering that clients are people too.
On Wednesday, Mr. Terry Hartle, Senior Vice President for the American Council on
Education (ACE), will share what we can expect for the future in higher education.
He will help us learn about ACE’s important work and the issues being discussed with
policymakers. In addition to sharing what the future may hold for educational institutions,
Mr. Hartle will also describe how internal audit can assist institutions in the conversation.
New this year! Our last general session has been moved to Thursday so that we can all
gather one last time before we depart. Thursday’s general session speaker is Ms. Loretta
Love Huff, the Dream Leader for Business at Emerald Harvest Consulting, LLC. She
will reveal how to use trust and integrity to create stability and consistency within an
organization. Ms. Huff will help us understand the importance of personal mastery in the
pursuit of major accomplishments, illustrate the keys to effective leadership, and describe
the importance of knowing ‘the business.’
The incredible team of track coordinators has worked very hard and has provided us with
amazing sessions. With seven (7) tracks and 56 concurrent sessions, attendees have plenty
of exciting options from which to select to meet their continuing professional education
needs. Tracks include healthcare and research, audit trends and issues, risk management/
GRC and QARs, compliance, professional development and leadership, information
technology/security, and fraud and ethics. There is something for everyone!
There are plenty of opportunities during the Annual Conference to meet, greet, and
network with your colleagues in higher education. The first is the opening reception on
Sunday evening, and then join us Monday after the educational day ends for trivia at the
reception graciously being hosted by our wonderful vendors and speakers. Wednesday
night will be the off-site dinner event.
Tuesday afternoon offers several options to meet every member’s needs. Bonus sessions
are available for additional CPE credit if you wish to take advantage of the BOGO (buy
one, get one) feature. So register for one session and get a second session at no extra
cost! We have a featured speaker, Ms. Raven Catlin, who will present an initial session
on common errors in risk assessments and how to fix them, and a second session on
advanced critical thinking.
The bonus sessions from which to choose are:
RR Welcome to Higher Ed: An Overview of Higher Education Audit & Compliance
Issues – Kate Head
RR Risk Assessments: Four Common Errors and How to Fix Them – Raven Catlin
RR Advanced Critical Thinking – Raven Catlin
RR Certified Internal Auditor Exam Preparation Course – Vicki McIntyre
RR Winning Ways with Data Analytics – Don Sparks
RR Cloud Working Group – Jason Ackerman and Mike Cullen
Alternatively, the fantastic Miami Host Committee has three different activities planned
for Tuesday afternoon. Or venture out with a group to see the exciting sites, restaurants,
shops, and activities that Miami has to offer.
On behalf of ACUA’s Board of Directors, the Professional Education Committee, the track
coordinators, and the Miami Host Committee, I invite you to help make your “Life a Beach”
by registering today. Register by July 25, 2016, to take advantage of the early registration
discount for ACUA members.
Jana M. Briley, Chair
Professional Education Committee
2 |
REGISTRATION BROCHURE
The
Association
University
an
of
Auditors
international
College
and
(ACUA)
is
professional
organization serving institutions of
higher education around the globe.
Since
its
establishment
in
1958,
ACUA has provided its members a
collegial forum for exchanging and
sharing knowledge and generating
new ideas. ACUA is committed to
increasing members’ knowledge of
auditing, regulatory compliance and
risk management in higher education.
Annual Conferences allow members
to network and socialize at the
same
time.
The
combination
of
camaraderie and a focus on issues
which relate to internal auditing in
higher education continue to serve as
the foundation for all ACUA activities.
ACUA CONTINUING
EDUCATION CREDITS
Conference participants
are eligible to receive
a maximum of 26.5
CPE
credit
hours.
The Asso-ciation of
College and University
Auditors (ACUA) is registered with
the National Association of State
Boards of Accountancy (NASBA) as
a sponsor of continuing professional
education on the National Registry
of CPE sponsors. State boards of
Accountancy have final authority
on the acceptance of individual
courses for CPE credit. Complaints
regarding registered sponsors may
be addressed to the National Registry
of CPE Sponsors through its website:
www.learningmarket.org.
Thank You to Our Strategic Partners
Conference Events
FIRST-TIME ATTENDEES
RECEPTION (invitation only)
Sunday, September 11, 2016
5:00 p.m. – 6:00 p.m.
First-time attendees and new members
are invited to meet and greet the Board
of Directors, past presidents, committee
chairs and other ACUA leaders and learn
what to expect and how to benefit from the
activities and educational opportunities
provided by ACUA.
OPENING RECEPTION
Sunday, September 11, 2016
6:00 p.m. – 7:30 p.m.
Come enjoy the opening of the Exhibit
Hall where you can get reacquainted with
longtime ACUA friends and make many
new ones before visiting area restaurants
for dinner on your own. Come for hors
d’oeuvres and beverages while you visit
with vendors to learn about their products
and services and thank them for helping
support this conference through their
participation and funding. Show your
school pride by wearing your university/
college-emblazoned attire!
MONDAY NIGHT TRIVIA
RECEPTION
Monday, September 12, 2016
5:30 p.m. - 7:30 p.m.
Back by popular demand, this exciting event
will include live trivia, heavy appetizers
and drinks, and most importantly,
networking! All exhibitors, sponsors and
guest speakers have been invited to host
a table and can invite attendees to join
them at their table. Form a team with your
colleagues, make new friends by sitting at
a random table or join an exhibitor’s team.
Will your table be crowned the 2016
Trivia Champions?
BUSINESS MEETING
Tuesday, September 13, 2016
10:10 a.m. – 12:00 p.m.
Join the ACUA Board of Directors Tuesday
morning for the Annual Business Meeting.
You’ll get to hear the Board’s accomplishments and plans for the coming year. A
prize drawing will be held at the start of the
meeting. You must be present to win!
OPTIONAL NETWORKING
ACTIVITIES
Tuesday, September 13, 2016
12:30 p.m. – 5:00 p.m.
There are plenty of sights to see during your
time in Miami! With the hotel’s inter-coastal
waterfront location, you will not want to
miss out on experiencing all that you can
while you visit! Visit Miami’s activity page
to begin your planning. This summer visit
the Optional Networking Activities page to
see some of the best sights as suggested by
ACUA’s Miami Host Committee.
GOLF ANYONE?
How about a game of golf? Doug Horr is
organizing one game on Tuesday afternoon.
If there is enough interest, a pre-conference
Sunday round will be added as well. Please
email Doug at [email protected] or call
305-284-4657 by August 30 if you are
interested in playing.
LUNCH TABLE TOPICS
NEW IN 2016!
FOOD DONATION
The Miami Host Committee welcomes you to
Miami and is asking for your help on behalf
of ACUA. Please pack one or more canned
or boxed non-perishable food item in your
luggage. The Miami Host Committee is
collecting non-perishable food items for The
Camillus House. A collection box will be set
up near the registration desk. The Camillus
House provides men and women who are
homeless in Miami with showers and clean
clothing, and will serve more than 545,000
meals this year. Visit www.camillus.org for
more information.
This a first-ever effort for ACUA. The donation will be made on behalf of ACUA and all
of the impressive institutions represented at
the 2016 annual conference.
OFF-SITE DINNER EVENT
Wednesday, September 14, 2016
6:00 p.m. – 10:00 p.m.
Wednesday, September 14, 2016
12:10 p.m. – 1:10 p.m.
ACUA is hosting roundtable discussions
during Wednesday’s lunch. Don’t miss
this chance to share and discover new
information with your colleagues.
NEW! ACUA INTRODUCES
REVIVE AND ALIVE!
Join your ACUA colleagues for 15 minute
stretch sessions with personal trainer Jodi
Bailey.
The 15 minute stretch sessions will take
place during breaks.
EXHIBIT HALL
Monday 10:05 a.m.
Wednesday 10:05 a.m.
Wednesday 2:55 p.m.
Sunday through Tuesday visit our vendors
in the Exhibit Hall to learn how their
products and services can assist you and
your institution.
Check the ACUA website and the final
program schedule for more information.
CONFERENCE ATTIRE
Business casual attire is appropriate for
educational sessions. Be sure to pack a
sweater or light jacket as meeting room
temperatures tend to be cool.
WEATHER
Miami has an average high temperature
in mid-September of 87 degrees with an
average low of 78 degrees.
ACUA 2016: Life’s a Beach with ACUA!
| 3
Program-At-A-Glance
SUNDAY, SEPT. 11, 2016
TUESDAY, SEPT. 13, 2016
WEDNESDAY, SEPT. 14, 2016
5:00 p.m.-6:00 p.m.
First Time & New Member Reception
7:00 a.m. – 8:00 a.m.
Continental Breakfast
7:00 a.m. – 8:00 a.m.
Continental Breakfast
8:00 a.m. – 9:40 a.m.
Track Session 4
8:00 a.m. – 8:20 a.m.
Welcome & Announcements
9:40 a.m. – 10:10 a.m.
Refreshment Break in Exhibit Hall
8:20 a.m. – 10:00 a.m.
General Session
10:10 a.m. – 12:00 p.m.
Business Meeting/Prize Drawing
10:00 a.m. – 10:30 a.m.
Refreshment Break
12:30 p.m. – 2:45 p.m.
Optional Networking Activities
10:30 a.m. – 12:10 p.m.
Track Session 5
3:00 p.m. – 5:00 p.m.
Second Set of Networking Activities
12:10 p.m. – 1:10 p.m.
Luncheon
Bonus Sessions
1:10 p.m. – 2:50 p.m.
Track Session 6
6:00 p.m.-7:30 p.m.
Opening Reception in the
Exhibit Hall
MONDAY, SEPT. 12, 2016
7:00 a.m. – 8:00 a.m.
Continental Breakfast
8:00 a.m. – 8:20 a.m.
Welcome & Announcements
8:20 a.m. – 10:00 a.m.
General Session
10:00 a.m. – 10:30 a.m.
Refreshment Break in Exhibit Hall
10:30 a.m. – 12:10 p.m.
Track Session 1
12:10 p.m. – 1:10 p.m.
Luncheon in Exhibit Hall
1:10 p.m. – 2:50 p.m.
Track Session 2
2:50 p.m. – 3:20 p.m.
Refreshment Break in Exhibit Hall
3:20 p.m. – 5:00 p.m.
Track Session 3
5:30 p.m. – 7:30 p.m.
Monday Night Trivia Reception
1:10 p.m. - 2:50 p.m.
Risk Assessments: 4 Common Errors
and How to Fix Them
2:50 p.m. – 3:20 p.m.
Refreshment Break
3:10 p.m. - 4:50 p.m.
Advanced Critical Thinking
3:20 p.m. – 5:00 p.m.
Track Session 7
1:10 p.m. – 2:50 p.m.
Cloud Working Group
6:00 p.m. – 10:00 p.m.
Off-Site Dinner Event
3:10 p.m. – 4:50 p.m.
Welcome to Higher Ed – An
Overview of Higher Education Audit
and Compliance Issues
1:10 p.m. – 4:50 p.m.
Winning Ways with Data Analytics
1:10 p.m. – 4:50 p.m.
CIA Exam Preparation Course
THURSDAY, SEPT. 15, 2016
7:00 a.m. – 8:00 a.m.
Continental Breakfast
8:00 a.m. – 9:40 a.m.
Track Session 8
9:40 a.m. – 10:05 a.m.
Refreshment Break
10:05 a.m. – 11:45 a.m.
General Session
4 |
REGISTRATION BROCHURE
Annual Conference Information
IMPORTANT DATES
EARLY REGISTRATION DEADLINE: LATE REGISTRATION & HOTEL RESERVATION DEADLINE: ON-SITE REGISTRATION: July 25, 2016
Aug. 19, 2016
AFTER Aug. 19, 2016
Registrations processed on-site may cause a delay at the time you check in at the registration desk. If you need to
register after Aug. 19, 2016, please bring your completed registration form and payment directly to the conference.
WHO SHOULD ATTEND
REGISTRATION CONFIRMATION
Internal Auditors, Risk Managers, IT Security Professionals,
Chief Business Officers, Controllers, Ethics and Compliance
Auditors, Governmental Auditors and IT Auditors
For those registrations received prior to July 25, 2016,
ACUA will send a confirmation letter by email or U.S. mail.
When you receive your confirmation letter, please check
the spelling of your name, address and the events for
which you have registered to ensure that they are correct.
If there is an error, please contact the ACUA Executive
Office at 913-895-4620 on or before June 16, or 913222-8663 on or after June 20. The information on your
confirmation letter will be the information used for your
name badge. If you do not receive a confirmation letter
within three weeks of registering, please contact our
office to confirm receipt of your registration.
FULL REGISTRATION FEES INCLUDE:
• Instructional materials and handouts
• Sunday Opening Reception
• Daily Continental Breakfasts
• Daily Refreshment Breaks
• Monday Evening Event
• Monday and Wednesday Lunches
• Wednesday Off-Site Dinner Event
SINGLE DAY REGISTRATION FEES
INCLUDE:
Monday or Wednesday:
• Instructional materials and handouts
• Continental breakfast, refreshment breaks, luncheon
and evening events
Tuesday or Thursday:
• Instructional material and handouts
• Continental breakfast and refreshment breaks
GUEST REGISTRATION FEES INCLUDE:
REGISTRATION CANCELLATION POLICY
Written notice of cancellations received on or before July
25, 2016, will be fully refunded. Cancellations received
from Jul. 26 to Aug. 19, 2016 will be refunded less a $100
processing fee. On or after August 20, 2016, cancellation
refund requests will be considered on a case-by-case
basis. Substitution of registrants is allowed.
QUESTIONS?
For more information about our cancellation policy,
complaints or questions about registering, please contact
the ACUA Executive Office at 913-895-4620 (effective
until June 17, 2016. 913-222-8663 on or after June 20,
2016) or via email [email protected].
• Sunday Opening Reception
• Monday Night Trivia
• Wednesday Evening Event
ACUA 2016: Life’s a Beach with ACUA!
| 5
Bonus Session Information
FEATURED BONUS SESSION
SPEAKER
TUESDAY, SEPTEMBER 13, 2016
1:10 P.M. – 4:50 P.M.
Raven Catlin is an internationally
recognized expert and speaker in
internal auditing. Leveraging her
18 years of auditing, consulting,
and training experience, Raven
provides virtual and live in-house
and on-site training and conference
presentations. Training participants
gain valuable skills and motivation
to achieve success. Raven is a
Virginia Commonwealth University
graduate. Before starting Raven
Global Training, Raven was a consultant at Experis and
a senior manager at Protiviti. She held internal audit
positions with Freddie Mac, Bank of America, and Philip
Morris. Raven is an active member of The Institute of
Internal Auditors (The IIA) and a contributing author to The
IIA’s CIA Learning System. Go to www.ravenglobaltraining.
com/about_us for more information.
Vicki McIntyre, President, FirstPlus Resolutions, Inc.
Raven Catlin, CEO, Raven Global Training
TUESDAY, SEPTEMBER 13, 2016
1:10 P.M. – 2:50 P.M.
Risk Assessments: 4 Common Errors
and How to Fix Them
Raven Catlin, CEO, Raven Global Training
During this interactive session, you will identify common
errors made in completing risk assessments. Evaluation of
the common errors will help you understand why and how
we make them and, more importantly, how to fix these
common errors. Using lecture, facilitated discussion, and
workshop exercises, you will walk away more confident
in your risk assessments which contributes to meeting
company objectives and adding value to your clients.
Furthermore, you will be able to adapt quickly to the
changing needs of your college or university.
After this session, participants will be able to:
RR Identify and correct errors in risk assessment
methodology.
RR Demonstrate effective level risk assessments.
RR Assess and prioritize risk.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
CIA Exam Preparation Course**
Additional fees apply
This CIA exam preparation course will
include a high level introduction and
overview of the topics covered on the
new three-part CIA exam. The course
will reinforce your CIA knowledge,
clarify exam topics, and build examday confidence. Taught by a CIAcertified instructor, each attendee will have the opportunity to
work through practice exam questions, learn test taking tips, and
will receive Version 5.0 (most current) of The Institute of Internal
Auditors (The IIA) CIA Learning System™ self-study print and
online materials for Parts 1-3. Additional self-study time outside
of the classroom will be necessary to prepare for the exam.
Course topics will include:
RR Part 1 — Internal Audit Basics
RR Part 2 — Internal Audit Practice
RR Part 3 — Internal Audit Knowledge Elements
**On-site registration is not allowed for this session. This session
will allow for an additional four (4) CPEs.
Knowledge Level: Basic
Advanced Preparation: Pre-test before the class
Field of Study: Auditing
Prerequisites: None
TUESDAY, SEPTEMBER 13, 2016
3:10 P.M. – 4:50 P.M.
Advanced Critical Thinking
Raven Catlin, CEO, Raven Global Training
The obvious answer isn’t always the right answer. The surface is
often just the tip of the iceberg. Sometimes, we miss little hints that
could be the key to making process improvements.
Do you want to learn to look past the obvious answers? Do you
want to attain a higher level of thinking? Do you want your brain
to work more efficiently to solve problems? Do you want to be
more creative and innovative? Do you want to recognize more
opportunities, avoid mistakes and make decisions faster?
If you answered yes to any of these questions, this session is for you.
By applying critical thinking methods to analyze information,
looking at data, and evaluating objectives, risks, and findings, you
will be able to provide creative, innovative and timely results.
After this session, participants will be able to:
RR Explain the relationships between creative and critical thinking.
RR Differentiate between automatic and critical thinking.
RR Apply the critical thinking methods used by experts.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Personal Development
Prerequisites: None
6 |
REGISTRATION BROCHURE
Bonus Session Information
TUESDAY, SEPTEMBER 13, 2016
1:10 P.M. – 4:50 P.M.
TUESDAY, SEPTEMBER 13, 2016
3:10 P.M. – 4:50 P.M.
Winning Ways with Data Analytics
Welcome to Higher Ed-An Overview of
Higher Education Audit & Compliance
Issues
Don Sparks, Vice President of Industry Relations,
Audimation Services, Inc.
Data analytics has been a part of auditing since the 1970’s, initially to
primarily organize and streamline “store-audits.” Today, many auditing
functions struggle to make the dream a reality. Participants will explore
real strategies for defining, implementing and maintaining a data
analytics program. In this facilitated workshop format, a fully functioning
demo version of the IDEA Data Analytics software will be provided
to attendees who wish to follow along for hands on learning. We will
cover all aspects of data analysis from importing data files, conducting
interrogation and analysis, reporting format options and automating
the process to make the routine repeatable and continuous. Attendees
do not need to be an “IT Auditor” or an IDEA user!
After this session, participants will be able to:
RR List how to acquire and import data files, conduct
interrogation and analysis, and select appropriate reporting
format options.
RR Describe how to automate the process (scripting) to make the
routine repeatable and continuous.
RR Identify how a short and longer-term analytics vision can
improve staff resourcing and retention.
Knowledge Level: Intermediate
Advanced Preparation: Registrants must download full evaluation copy after payment
Field of Study: Specialized Knowledge & Applications
Prerequisites: Getting Started with IDEA Videos & V10 Tutorial Series
TUESDAY, SEPTEMBER 13, 2016
1:10 P.M. – 2:50 P.M.
Cloud Working Group
Jason Ackerman, Principal, Caldera Consulting Services
Mike Cullen, Senior Manager, Baker Tilly
Internal auditors are often relied on to help navigate cloud technology
implementations for human resources, financial, grants management,
and student management systems. The session provides peer-topeer, practical experience, and insight into leading practices for
selecting the appropriate cloud technology, completing a successful
implementation, and how internal auditors can utilize capabilities in
the new system for robust oversight.
Kate M. Head, Associate Director, University
of South Florida
“Welcome to Higher Education Auditing” is perfect
for new auditors as well as those who have been
auditing for a long time but are new to higher
education. Attend this session to learn the lingo
of higher ed and network with your new industry
peers. This session will be an overview of higher ed
specific risk and compliance issues. While many of
these risks come from federal requirements, some
are driven by higher ed unique activities such as
NCAA Compliance. Examples of other areas covered
include: Family Educational Rights & Privacy Act
(FERPA), Title IV of the Higher Education Act of
1965 (Financial Aid), The Higher Education Equal
Opportunity Act (Title IX), Violence Against Women
Act, the Cleary Act (Campus Security), Export
Controls, and myriad research related regulations
governing both the financial components of
research and human subject research, animal care,
lab safety, etc. This session will also address what
people resources and tools are available to assist
new ACUA members with making the transition to
higher ed including a compliance summary of key
federal laws and regulations governing colleges and
universities.
After this session, participants will be able to:
RR Recognize the relevant standards governing
higher education institutions.
RR Identify ACUA resources to assist your
transition into higher ed auditing
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
After this session, participants will be able to:
RR Summarize how to successfully leverage cloud solutions to
enhance institutional performance through direct peer to peer
exchanges and workday client experiences.
RR Demonstrate how internal auditors can influence cloud
technology due diligence to successfully advise management
on technology acquisition suitable to your institution.
RR Use leading practices for quality assurance during
implementation and effective internal audit and operational
oversight after go-live.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
ACUA 2016: Life’s a Beach with ACUA!
| 7
Keynote Speakers
MONDAY, SEPTEMBER 12, 2016
8:20 AM – 10:00 AM
Maneuvering the Politics of Internal
Auditing to Make Positive Change
Richard Chambers, President and CEO, The Institute
of Internal Auditors (IIA)
Universities can be and very
often are political, whether they
are public or private, for-profit or
not-for-profit. They’re comprised
of faculty, staff, students and
board members which may have
conflicting goals and objectives,
motivations or even values. These
conflicting pressures, combined
with the potential for audit
results to reflect badly on some
individuals, create a challenging
environment for internal audit
to perform its work. Balancing
transparency and political pressures is not easy, but is
essential for the internal audit function to be relevant and
successful in adding value.
After attending this session, participants will be able to:
RR Discuss how internal audit can effectively balance
transparency and politics.
RR Create strategies for maintaining credibility, respect
and trust.
RR Understand the importance of providing value and
always remembering our clients are people too.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience in a leadership or supervisory position
Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is
president and CEO of The Institute of Internal Auditors (IIA).
He has more than four decades of internal audit and related
experience. Richard was national practice leader in Internal
Audit Advisory Services at PricewaterhouseCoopers;
inspector general of the Tennessee Valley Authority; deputy
inspector general of the U.S. Postal Service; and director
of the U.S. Army Worldwide Internal Review Organization
at the Pentagon. He currently serves on the Committee of
Sponsoring Organizations of the Treadway Commission
(COSO) Board of Directors; the International Integrated
Reporting Council (IIRC); and The IIA Board of Directors.
8 |
REGISTRATION BROCHURE
WEDNESDAY, SEPTEMBER 14, 2016
8:20 AM – 10:00 AM
Looking into the Crystal Ball – What Can We
Expect for the Future in Higher Education?
Terry W. Hartle, Senior Vice President, American
Council on Education (ACE), Division of Government
and Public Affairs
The landscape of higher education
is changing more rapidly than ever.
With this being an election year,
what are the most significant issues
being discussed in the election
that may impact the “business”
of
higher
education?
Higher
education advocates, institutions,
and leadership play a key role in
educating and engaging federal
policymakers
who
ultimately
determine
policy
positions
impacting the higher education
landscape.
After attending this session, participants will be able to:
RR Discuss the work of the American Council on
Education.
RR Explain what the future may hold for higher education
institutions.
RR Describe how internal audit can assist institutions in
the conversation.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Business Management & Organization
Prerequisites: None
Terry W. Hartle is one of America’s most effective and
experienced advocates for higher education. At ACE, where he
has served for more than 20 years, he directs comprehensive
efforts to engage federal policymakers on a broad range of
issues including student aid, government regulation, scientific
research and tax policy. His work involves representation before
the U.S. Congress, administrative agencies and the federal
courts. As an expert voice on behalf of colleges and universities,
he is quoted widely in the national and international media on
higher education issues. Given ACE’s historic role in coordinating
the government relations efforts of some 60 associations in the
Washington-based higher education community, Terry plays a
central part in developing public policy positions that impact
all colleges and universities, and also oversees the Council’s
external relations functions.
Keynote Speakers
THURSDAY, SEPTEMBER 15, 2016
10:05 AM – 11:45 AM
Courageous Leadership - Building Trust
through Integrity
Loretta Love Huff, The Dream Leader for
BusinessTM, Emerald Harvest Consulting, LLC
Trust and integrity create
stability
and
consistency
within an organization. Trust
provides the foundation for
credibility,
and
authentic,
effective communication is the
driver of trust. When trust is
broken, conflict resolution skills
are crucial for reaching across
generations,
unifying
split
factions and mending fences so
that productivity is maintained.
In this session, attendees will learn the four simple steps
to connect with your audience (clients, bosses, colleagues)
and create a sustainable future.
After attending this session, participants will be able to:
RR Explain the importance of personal mastery in the
pursuit of major accomplishments.
RR Illustrate the keys to effective leadership.
RR Describe the importance of knowing “the business”.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Behavioral Ethics
Prerequisites: None
Loretta Love Huff’s vision is that all people express their
unique gifts as they deliver on their highest purpose and
organizations honor those gifts in pursuit of compelling
business goals. She has been featured on the Phoenix
Fox10 Morning News show, radio shows across the
country and in numerous publications such as The New
York Times, Wall Street Journal, Black Enterprise, and the
Phoenix Business Journal. Loretta is also the author of
two books: Leadership without Limits: Inspiring the Best
in Yourself, Your People and Your Organization and 6
Keys for Dissolving Disputes: When ‘Off with their Heads!’
Won’t Work. Her third book, The Bamboo Approach to
Courageous Leadership and Outrageous Growth: Creating
Expansive Impact and Massive Income, will be out later this
year. Loretta is a Phoenix Business Journal ‘Top Women in
Business’ honoree and National Council of Negro Women
(NCNW) Metropolitan Sun Section ‘Women of Excellence’
honoree. Her firm is a two-time recipient of the Class I
Minority Business Enterprise (MBE) Supplier of the Year and
a Maricopa County McBiz ‘Top Hat Award’ winner. Prior to
starting her consulting company, Loretta worked at Fortune
500 companies such as Apple Computer, Sega of America,
Bank of America, Sears and Kraft Foods. She has a BS in
Psychology from Howard University and an MBA in Finance
from the University of Chicago.
ACUA 2016: Life’s a Beach with ACUA!
| 9
Track Matrix
Tracks
Track
Coordinators
Track A
Track B
Track C
Audit Trends and Issues
Risk Management (RM) /GRC
and QARs
Compliance
Kathleen Carroll and
Andre Millan
Allen Amyotte and
Lisa Gaetano
Colleen O'Neill and
Donald Temple
MONDAY, SEPTEMBER 12
General Session
8:20-10:00
Maneuvering the Politics of Internal Auditing to Make Positive Change
Richard Chambers
Academic Integrity & Student
Athletes: A Case Study
Joe Oringel and
Stacie Tronto
Adding Value by Proactively
Managing Departmental Risks
Jereme Allison and
Candis Dickson
Distance Education: Narrowing
the Distance
Cynthia Nickerson and Stefanie
Powell
Session 2
1:10-2:50
Accounting and Reporting News
for Colleges & Universities
Sue Menditto and
Belva White
Enhancing Your Institutional
Process through
Chibuike Uk Azuoru
Demystifying Cybersecurity:
What You Need to Know
Jared Hamilton
Session 3
3:20-5:00
The Power of Partnership:
Collaboration on Steroids
Kathy Davanzo
Related Parties & IRS Intermediate
Sanctions - Connected? You Bet!
Mike Conover and
Tom Gorman
Compliance: What’s HOT!
Doug Horr
Session 1
10:30-12:10
TUESDAY, SEPTEMBER 13 (See page 11 for Bonus Session Matrix)
Session 4
8:00-9:40
Integrating the Compliance and
Internal Audit Functions
Robert N. Clark
Annual Business
Meeting
10:10-12:00
"Generally Conforms" on Your QAR is
Closer Than You Think!
Julia Hann and
Monica Moyer
Doing Right by your Donors:
Auditing Gift Management
Chris Garrity and
Bob Hoster
Business Meeting/Prize Drawing
WEDNESDAY, SEPTEMBER 14
General Session
8:20-10:00
Looking into the Crystal Ball – What Can We Expect for the Future in Higher Education?
Terry Hartle
Rejuvenate Your Audit Committee
Toni Stephens and
Mark Salamasick
Internal Audit Performance Metrics
Moshmee Kalamkar, Dyan Hudson and
Paige Buechley
Conceiving and Developing an Effective
University-Wide Compliance Function
Eric Groen and Susan Alexander
Session 6
1:10-2:50
Title IX: X Topics, XI Grievance
Procedures
Brian Billington and
Danielle Carlson
Cyber Insurance Due Diligence –
Essential Preparation and Advisory
Adam Cottini and Chauncey Fagler
Capital Projects Audit
Denise Cicchella
Session 7
3:20-5:00
Audit2020: A Critical Look at the
Audit Process
Danny Goldberg
Continuous Auditing and GRC
Applications: A Journey
Allen Amyotte and Aris de Peuter
Conducting Compliance Risk
Assessments: Understanding Risk
Sonal Shah
The Flood is Coming: Getting the
Masses on Board with RM
Cheryl Lyn Granto
Rising to the Challenge:
Navigating IT Accessibility
Vicki Duggan
Session 5
10:30-12:10
THURSDAY, SEPTEMBER 15
Session 8
8:00-9:40
Auditing Minors on Campus:
A Case Study
Marion Candrea and Erin Egan
General Session
10:05-11:45
10 |
REGISTRATION BROCHURE
Courageous Leadership-Building Trust through Integrity
Loretta Love Huff
Track Matrix
Track D
Track E
Track F
Track G
Professional Development
and Leadership
Information Technology /
Information Security
Fraud & Ethics
Healthcare and
Research
Dan Bevil and
Rachel Snell
Tim Marley and
Amy Wilegus
Hilaire Nachtrab and
Calvin Wendelboe
Jana Clark and
Aparna Yellapantula
MONDAY, SEPTEMBER 12
Maneuvering the Politics of Internal Auditing to Make Positive Change
Richard Chambers
Life on the Inside: Lessons
from Auditor Turned Faculty
Sonya von Heyking
Cybersecurity: What is Internal
Audit Doing About IT?
Mark Bednarz
Fraud from the Other Side: A
Former Criminal Describes...
Tom Hughes
More Than Compliance: Review
Campus Lab Safety Programs
John Curran and Cate Neeley
Why Good People Do Bad
Things: Workplace Deviance
Don Levonius
Understanding and Interpreting
SOC Reports
Kevin Sear and Keith Galante
How to Make your Attorney
General Happy
Craig Anderson and
Melissa Hall
Internal Audit & Billing Compliance
can Build Relationships
Glen Mueller
Keep Internal Audit Off Of
The Endangered Species List
Of The Future
Liz Meyers
Have You Seen My Data?
Auditing Data Governance
Nicole Schultz
Improving Fraud Sampling Hit
Rates with Analytics
Rich Lanza
Uniform Guidance and Internal
Controls: A Case Study
Kim Ginn and Richard Moyer
Enhancing Network Security
Ashish Jain
Red Flags: Now What?
Andrew Cartwright and
Mohammad Shehab
Harnessing the Power of
Continuous Audit
Robert Mainardi
TUESDAY, SEPTEMBER 13
When Called to Lead
Betsy Bowers
Business Meeting/Prize Drawing
WEDNESDAY, SEPTEMBER 14
Looking into the Crystal Ball – What Can We Expect for the Future in Higher Education?
Terry Hartle
How to Get Your School to
Hear You (and Get on Board)
Joanne Dennison
Anatomy of a Major University
Data Breach
Dan Sarazen
Analyzing a Potpourri of Fraud
in Higher Education
Calvin Wendelboe
Internal Audit's Role in
Decentralized Research Compliance
Mike Bowers and Elvie Mahoney
Managing the Millennial
Auditor
Toby DeRoache
Using Data Analytics to Detect,
Sponsored Research Fraud
Paul Coleman
Fraud in the Student
Investment Fund
Sam McCall and Janice Foley
How Proactive Compliance
Reviews Benefit Research Program
Tina Tyson
Don’t Let Conflicts of Interest
Corrupt Your Environment
Robert Berry
The Four “A’s” of Access
Ken Heskett
Do You Run the Internal
Investigation or Does It Run You?
Ranson McClung
Performing HIPAA Security
Reviews
Mike Cullen
A High-Level Review of
Information Technology
David Shissler
Conducting Fraud Investigations
in Small and Mid-Size Shops
Controlled Substance
Accountability
Kimberly New
THURSDAY, SEPTEMBER 15
Learning How to Read Body
Language
Jerry Balistreri
Christian Kemmerer and
Trisha Silvasy
Courageous Leadership-Building Trust through Integrity
Loretta Love Huff
Tuesday Bonus Sessions
Bonus 1
Bonus 2
Bonus Session A
1:10-2:50
Risk Assessments: 4 Common
Errors and How to Fix Them
Raven Catlin
Cloud Working Group
Jason Ackerman and
Mike Cullen
Bonus Session B
3:10-4:50
Advanced Critical Thinking
Raven Catlin
Welcome to Higher Ed – An Overview
Kate Head
Bonus 3
Bonus 4
Winning Ways With
Data Analytics
Don Sparks
CIA Exam
Preparation Course
Vicki McIntyre
ACUA 2016: Life’s a Beach with ACUA!
| 11
Track Sessions
Session 1
MONDAY, 9/12/2016
10:30 AM – 12:10 PM
A.1 Academic Integrity & Student Athletes:
A Case Study Using Data Analytics and
Visual Reporting — Audit Trends and Issues
Joe Oringel, Managing Director, Visual Risk Q
Stacie Tronto, Chief Audit Officer, East Carolina University
Measure academic integrity using a clear set of data-driven
objectives.
After this session, participants will be able to:
RR Use visual reporting to identify classes and faculty
requiring additional review.
RR Build relationships with other departments on campus
through data-driven results.
RR Interpret how the well-publicized academic integrity
scandal involving student-athletes at UNC Chapel
Hill resulted in a set of required procedures to be
performed at all UNC System schools.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience with data analytics
B.1 Adding Value by Proactively Managing
Departmental Risks — Risk Management/
GRC and QARs
Jereme Allison, Senior Internal Auditor, Kennesaw
State Univeristy
Candis Dickson, Senior Internal Auditor, Kennesaw
State Univeristy
This presentation discusses innovative methods on how an
internal audit department can add value to its organization
by proactively managing departmental risks through the
development of customer services. Risk, internal control
assessments and consultations allow the internal audit team
to partner with department heads to identify department
specific risks, provide internal controls to increase compliance
and limit the opportunities for fraud and other malfeasance.
After this session, participants will be able to:
RR Recognize the value added benefits that customer
services add to the organization.
RR Assess how customer services can identify and
significantly reduce risks.
RR Develop customer services that fit their organization.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Management Advisory Services
Prerequisites: Experience as a manager or supervisor
12 |
REGISTRATION BROCHURE
C.1 Distance Education: Narrowing the
Distance of University Practices and Risk —
Compliance
Cynthia Nickerson, Internal Auditor, University of
North Carolina Wilmington
Stefanie Powell, Chief Audit Executive, University of
North Carolina Wilmington
This course is designed to educate internal auditors on what
constitutes a distance education course or program. We will
discuss the benefits to students and universities offering
distance education and identify the related risks. Specifically,
we will review compliance with state authorizations and the
Americans with Disabilities Act. We will also examine the
complexity of responsibilities and reporting structure as
universities branch into this new product.
After this session, participants will be able to:
RR Identify applicable compliance reporting requirements
relating to state authorizations.
RR Evaluate compliance with the Americans with
Disabilities Act.
RR Analyze appropriateness of reporting lines or
organization structure.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
D.1 Life on the Inside: Lessons from
an Auditor Turned Faculty Member —
Professional Development & Leadership
Sonya von Heyking, Director, CPA Bridging &
Instructor, University of Lethbridge
This session provides an opportunity for auditors to understand
new areas of risks from the perspective of an auditor in the
classroom. Despite internal audit’s understanding of the core
purpose of our post-secondary institutions, it seems we
hesitate to venture into the academic sphere; we are wary
of applying our models to the seemingly subjective and
other-worldly aspects of higher education. But if auditors are
serious about being strategic and relevant we have to find a
way to do just that. Join me for a discussion of what I learned
when I left internal audit and became a faculty member.
After this session, participants will be able to:
RR Identify opportunities for academic audit and
consulting projects.
RR Apply the lessons learned from an internal auditor on
the inside of the classroom.
RR Create relationships with the academic team through
valuable conversations.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
Track Sessions
E.1 Cybersecurity: What is Internal
Audit Doing About IT? — Information
Technology/Information Security
Mark Bednarz, Partner, PKF O’Connor Davies LLP
Colleges and universities have become prime targets for cyberattacks from organized cyber gangs, nation state sponsored
groups or rogue students. Regardless of the threat actor,
institutions have a duty to implement adequate safeguards
to protect student and employee personal information and
any sensitive intellectual property it maintains. Internal audit
departments can add significant value by providing awareness,
refining risk management programs and identifying vulnerabilities
within the organization. This session will cover the following:
• A general overview of cybersecurity
• A drill-down into a leading risk management
framework that IT can use to identify vulnerabilities
and prioritize risks
G.1 More Than Just Compliance: A Review
of Campus Laboratory Safety Programs —
Healthcare & Research
John Curran, University Director of Internal Audit,
University of Kansas
Cate Neeley, Assistant Director & Audit Manager,
University of Kansas
The nature of campus laboratory activities and hazardous
materials used in the course of these activities pose significant
safety and compliance risks on university campuses. This
presentation will focus on the audit approach, including testing
methodology used to evaluate the governance, oversight,
and processes related to the laboratory safety program at
the University of Kansas. This also will include concepts of
conducting a compliance audit and how to apply a compliance
framework to a campus laboratory safety program.
After this session, participants will be able to:
• Implementing effective security controls that combat
most common threats
RR Recognize elements of a compliance framework and
• Cybersecurity liability insurance
RR Reference key risks related to campus laboratory
• Addressing cybersecurity risk related to outsourced
providers
RR Develop an audit approach to assess governance, oversight,
After this session, participants will be able to:
RR Demonstrate whether their existing security audits are
sufficient.
RR Calculate if IT outsourced providers are providing
adequate controls.
RR Create recommendations to strengthen the institution’s
cybersecurity readiness.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
F.1 Fraud from the Other Side: A Former
Criminal Describes the Motivation, Experience,
and Aftermath of Fraud — Fraud & Ethics
Tom Hughes, Financial Crime Speaker
apply those elements in an audit program.
safety programs.
and processes of a campus laboratory safety program.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Session 2
MONDAY, 9/12/2016
1:10 PM-2:50 PM
A.2 Accounting and Reporting News for Colleges
& Universities — Audit Trends and Issues
Sue Menditto, Director, Accounting Policy, NACUBO
Belva White, AVP Finance Systems & Data Analytics,
Emory University
As a convicted felon, I relate my professional and criminal
backgrounds to examine not only the motivation behind
criminal behavior but the thinking that allows victims to
overlook red flags. I use my own story, news accounts of other
crimes, and conversations with fellow prison inmates about
the world of fraud and deceit. I also talk about temptation
and motivation, about offender and victim, about what it
takes to steal and what it takes to prevent the crime.
This overview session will focus on new and proposed guidance
released by both the Financial Accounting Standards Board
(FASB) and Governmental Accounting Standards Board (GASB).
The industry’s advocacy efforts will be touched upon to provide
insight into standard setting efforts and higher education’s
concerns. Finally, institutional impact and preparation efforts will
be addressed so internal auditors may evaluate vulnerabilities
and risk. Interaction with presenters will be encouraged and
polling questions will be used to elicit discussion.
After this session, participants will be able to:
After this session, participants will be able to:
RR Apply an understanding of criminal behavior to work in
supervision, audit or investigations.
RR Summarize personal biases that cloud judgment about
co-workers or subordinates.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
RR Demonstrate high level knowledge of FASB trends.
RR Describe how FASB projects impact higher education.
RR Apply new guidance to internal audit assessment.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Accounting
Prerequisites: None
ACUA 2016: Life’s a Beach with ACUA!
| 13
Track Sessions
B.2 Enhancing Your Institutional Process
through Enterprise Risk Assessment (ERA)
— Risk Management/GRC and QARs
D.2 Why Good People Do Bad Things:
The Psychology of Workplace Deviance —
Professional Development & Leadership
An enterprise risk assessment (ERA) identifies and
prioritizes an entity’s risks by department and is based on
management’s input and objective detailed analysis. The
ERA serves to align business processes, internal audit, and
management focus to the critical issues that may prevent
the institution from achieving its objectives.
Knowing how employees commit fraud isn’t enough. To help
prevent it, auditors must recognize WHY employees steal
from their organizations in the first place. By confronting
and discussing ethical dilemmas, participants examine
the complexity and psychology of workplace deviance,
determine what audit can do to help prevent it, and consider
how management can mitigate its impact.
Chibuike Uk Azuoru, Director, Southeastern
Louisiana University
After this session, participants will be able to:
RR Determine global risks that may affect multiple
departments or cross-functional processes.
RR Identify unknown risk or risk areas not yet
communicated to senior management of the
institution and develop an ERA final report for senior
management.
RR Establish accountability and ownership for mitigating
risks down to the departmental and process levels.
Knowledge Level: Advanced
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Degree in Business and Auditing experience
C.2 Demystifying Cybersecurity: What You
Need To Know — Compliance
Jared Hamilton, Senior Manager, Crowe Horwath LLP
The number of cybersecurity breaches continues to rise,
and the deep impact they leave in their wake threatens
higher education institutions. The operational, financial,
and reputational risks cannot be disregarded as reports of
widespread and advanced attacks are consistently found at
the top of media channels. In this presentation, cybersecurity
expert Jared Hamilton from Crowe Horwath LLP will discuss
the growing risks, provide real-life examples of breaches
and their aftermath as well as provide a practical approach
to engage these risks head-on and deploy a cybersecurity
breach prevention program.
After this session, participants will be able to:
RR Locate blind spots in data protection programs.
RR Use a practical approach for assessing cybersecurity
threats.
RR Prepare a cybersecurity breach prevention program.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Management Advisory Services
Prerequisites: None
Don Levonius, Principal Consultant, Victory
Performance Consulting, LLC
After this session, participants will be able to:
RR Compare contrasting views of behavioral ethics.
RR Differentiate between moral and conditioned honesty.
RR Recognize rationalizations commonly indicative of
moral disengagement.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Behavioral Ethics
Prerequisites: Experience with fraud assessment and indicators
E.2 Understanding and Interpreting
SOC Reports — Information Technology/
Information Security
Keith Galante, President, Paragon Audit & Consulting, Inc.
Kevin Sear, Practice Director, Paragon Audit & Consulting, Inc.
Organizations are increasingly outsourcing systems, business
processes and other activities in an effort to focus on core
competencies. Although an organization transfers the operational
responsibility for these functions to the service provider, they
may not be transferring any of the associated risks. To manage
these risks, it is important for service consumers to have visibility
into the design and effectiveness of the service provider’s internal
controls. One way to do this is for each service consumer to audit
the controls at the service provider. Rather than every consumer
auditing the service provider separately, Service Organization
Control (SOC) Reports – formerly known as SAS70 Reports – are
prepared by an independent auditor at the direction of the service
provider to give assurances to all consumers. These reports can
be used to evaluate the impact of the service providers’ controls
as part of each consumer’s overall governance, risk, compliance
and vendor management programs.
After this session, participants will be able to:
RR Summarize the purpose and key elements of each type
of SOC Report (SOC-1, SOC-2, SOC-3, Type 1, Type 2).
RR Describe how to deal with sub-service providers
(inclusive versus carve-out) and document a review of
a SOC report.
RR Identify and map Complimentary User Entity Controls
to your organization’s internal controls.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
14 |
REGISTRATION BROCHURE
Track Sessions
F.2 How to Make Your Attorney General
Happy — Fraud & Ethics
Craig Anderson, Deputy Director, Virginia
Commonwealth University
Melissa B. Hall, Associate Director, Georgia Institute
of Technology
One of the toughest things for an auditor to get used to is
preparing workpapers and documents for use in testimony and
for prosecution. Auditors, especially those tasked with performing
potential fraud investigations, must prepare meticulous and
unassailable documentation. While auditors are always careful
in their preparation of workpapers, going to trial elevates the
criticality of the quality and accuracy of ALL WORKPAPERS. You
can leave nothing to chance and ALL of your documents have to
be able to withstand scrutiny from defense attorneys that will look
for A SINGLE mistake to discredit you and your work product.
After this session, participants will be able to:
RR Prepare comprehensive workpapers for use in trial and for
testimony and how to defend those workpapers at trial.
RR Identify potential traps and pitfalls that can be
identified in an adversarial process and how to defend
your work product in those circumstances.
RR Use best practices for conducting and documenting
investigation-related workpapers.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
G.2 How Internal Audit and Billing Compliance/
Privacy Functions Can Build a Synergistic
Working Relationship — Healthcare & Research
Glen Mueller, Chief Audit Executive, Cornell University
This session will explore billing and healthcare privacy, examine the
interrelated activities conducted by Internal Audit and Compliance/
Privacy functions and discuss the advantages of coordinated
efforts in specific areas. The need for better understanding of
data mining and data analytics requirements for internal audit and
compliance/privacy groups and developing annual work plans
which are integrated and complementary for risk coverage will be
emphasized. The session concludes with insights into the mission
and key activities of internal audit and compliance/privacy functions
for better understanding the nature of each of these functions.
After this session, participants will be able to:
RR Develop continuous assurance software and
leverage technologies in a more effective manner
by understanding the needs of internal audit and
compliance/privacy.
RR Describe how to develop annual work plans that
are integrated and complementary in terms of risk
coverage.
RR Restate insights into the mission and key activities of
internal audit and compliance/privacy.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Session 3
MONDAY, 9/12/2016
3:20 PM - 5:00 PM
A.3 The Power of Parternship: Collaboration
on Steroids — Audit Trends and Issues
Kathryn Davanzo, Principal Partner, CODA Partners, Inc.
Define behaviors and other factors that characterize
collaborative partnerships. Explore the behaviors and other
factors that make a partnership powerful. Discuss ways that
the partners themselves, individually and collectively, elevate
their thinking, widen their influence and achieve greater results.
After this session, participants will be able to:
RR Analyze ways to strengthen your partnership with those you
serve.
RR Learn steps to take to achieve the full power of partnerships
(aka collaboration).
RR Understand how to achieve greater results through the description
of a real world working partnership that evolved and strengthened
over time, we will delve into the power of partnerships.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Personal Development
Prerequisites: Leadership and managerial experience
B.3 Related Parties & IRS Intermediate
Sanctions-Connected? You Bet! — Risk
Management/GRC and QARs
Mike Conover, Compensation & Benefits Senior
Director, BDO USA, LLP
Tom Gorman, Northeast Education & Non-Profit
Practice Assurance Director, BDO USA, LLP
Outside board members, particularly those serving on audit
committees of higher-education institutions, are becoming increasingly aware of the importance of the potential significance
of financial transactions and relationships with related parties. In
particular, large transactions with related parties and compensation arrangements for the institution’s leadership positions represent potential risks that may not be discovered until problems
arise. By establishing a comprehensive review process, you will
minimize risks and satisfy board member requirements.
After this session, participants will be able to:
RR Recognize important issues associated with IRS
Intermediate Sanctions compliance (e.g., Intermediate
Sanctions, independent contractor vs. employee, taxable
income, etc.).
RR Identify the steps required to discover and minimize risk.
RR Discuss the strategies to develop effective audit
programs to address the risks associated with
compensation arrangements.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
ACUA 2016: Life’s a Beach with ACUA!
| 15
Track Sessions
C.3 Compliance: What’s HOT! —
Compliance
Doug Horr, Executive Director-University
Compliance Services, University of Miami
The regulatory environment of our college and university
campuses is as dynamic as ever and there are new
challenges facing management, audit, and compliance
professionals on a daily basis. Whether it’s Title IX, the
Uniform Guidance, export controls, or PCI, this session will
look at what’s hot in the compliance field right now and
the best methods colleges and universities are using to deal
with these challenges. Registered attendees will be polled
for specific discussion topics prior to the conference.
After this session, participants will be able to:
RR Recognize the prevalent compliance issues in higher
education.
RR Apply methods for approaching/reviewing these
issues on campus.
RR Compare/contrast best practices for dealing with their
own compliance challenges.
E.3 Have You Seen My Data? Auditing Data
Governance — Information Technology/
Information Security
Nicole Schultz, Audit Lead, University of Calgary
Data may likely be the largest and most overlooked
organizational asset. Its management requires appropriate
people, process, technology and oversight. Without proper
oversight and balanced controls, data can be used out
of context and accessed inappropriately. The session
will explore audit’s role in data governance (DG) and
the organizational value achieved through auditing data
governance. We will interactively review best practices
and key pitfalls by exploring common data governance
questions and leave with an expanded audit toolkit.
After attending this session, participants will be able to:
RR Plan for data governance audits.
RR Create a sample approach to data governance
auditing.
RR Develop key messages for audit committees and
executives.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
D.3 Keep Internal Audit Off of the
Endangered Species List of the Future —
Professional Development & Leadership
F.3 Improving Fraud Sampling Hit Rates
with Analytics — Fraud & Ethics
A study conducted by Oxford University predicts 50% of all
jobs will be replaced by robots over the next 20 years. The
prediction for auditors is particularly grim, having a 93.5%
chance of being automated. In this presentation, we will
review the three predictors of future robotizing of internal
audit as well as options we can take to save ourselves from
the future endangered species list. In this presentation, we
will cover the reasons why this Oxford study predicted the
future automation of auditors’ roles and offensive measures
we can take to foil this prediction.
Auditors have an inherent need to select samples of a
population. Rather than explaining the common sampling
techniques, this session will explain statistical and other
methods to test 100% of the data as a way of narrowing a
population to only those key deviations. This session will also
explore transaction and subset scoring – most popularized
by credit card companies – as a means to obtaining the best
fraud sample selections possible.
Liz Meyers, CEO, Focus on Risk Enterprises, LLC
After this session, participants will be able to:
Rich Lanza, Chief Executive Officer, Cash Recovery
Partners, LLC
After this session, participants will be able to:
RR Describe best practices of selecting a fraud-specific
RR Identify practices that could be robotized.
sample based on the highest mathematical likelihood
and statistically significant sample units.
RR Execute an approach to minimize stagnant
RR Rate records based on various audit reports to improve
RR Revise their perception within their organization.
RR Appraise sample results in a variety of graphs and
approaches.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
16 |
REGISTRATION BROCHURE
effectiveness and reduce false positives in samples.
charts which allow sample selection with pictures.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Track Sessions
G.3 Uniform Guidance and Internal Controls: B.4 “Generally Conforms” on Your
A Case Study — Healthcare & Research
QAR is Closer Than You Think! — Risk
Kim Ginn, Principal, Baker Tilly
Management/GRC and QARs
Richard Moyer, Associate VP for Audit, Compliance
& Privacy, Stanford University
There has been much discussion in the higher education
community around Section 200.303: Internal Controls of
the Uniform Administrative Requirements, Cost Principles,
and Audit Requirements for Federal Awards (Uniform
Guidance). Universities have adopted disparate approaches
to the challenge of documenting its internal controls per the
guidance. Join us for a candid discussion of the approach at
Stanford University, and come prepared to share comments
and alternate approaches as a group.
After this session, participants will be able to:
RR Translate university expectations and approaches to
complying with the internal controls provisions of the
Uniform Guidance.
RR Describe a case study of your institution’s approach to
Uniform Guidance compliance, including roles, timeline,
and challenges.
RR Identify best practices in addressing Uniform Guidance
internal controls requirements.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Session 4
TUESDAY, 9/13/2016
8:00 AM-9:40 AM
A.4 Integrating the Compliance and Internal
Audit Functions — Audit Trends and Issues
Robert N. Clark, Chief Compliance Officer, Clark
Atlanta University (CAU)
Learn effective practices of integrating compliance and
internal audit. Integrating compliance into internal audit
engagements has proven highly successful and garnered
notable returns on investment. With Mandatory Compliance
Training for all faculty and staff, and a Compliance Committee
comprised of executive leadership that meets every two
weeks (mandatory attendance), learn some of the strategies
and approaches that have made this a model program.
After this session, participants will be able to:
RR Execute effective Mandatory Compliance Training for
all faculty and staff.
RR Practice compliance into internal audit engagements
and ERM.
RR Describe why Compliance and Internal Audit function
at CAU has been featured in Compliance Week
magazine as a best practice in higher education.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience with higher education compliance
Julia Hann, Director of Internal Audit, Georgia
College and State University
Monica Moyer, Director of Internal Audit & Advisory
Services, Saint Leo University
Have you been uncertain about The IIA’s QAR (Quality
Assurance Review) requirements? Does “generally conforms”
seem unattainable? Worried that a small or mid-sized
department cannot survive meeting conformance? It’s closer
than you think! This session will help put your mind at ease
to prepare for your self-assessment QAR with independent
validation. Departments of all sizes and experiences are
encouraged to attend, as the basis of the presentation will
be to review The IIA’s International Professional Practices
Framework (Standards), collaborate and give you tips
to obtain a successful “generally conforms” opinion. The
presentation will go through the self-assessment and provide
an action plan to prepare you for your next QAR.
After this session, participants will be able to:
RR Illustrate The IIA’s QAR process using the International
Professional Practices Framework (Standards) as
a foundation and a QAIP (Quality Assurance and
Improvement Program).
RR Perform a self-assessment.
RR Prepare for an external/independent validation.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience. Knowledge of The IIA’s Professional
Practice Standards
C.4 Doing Right by Your Donors: Auditing
Gift Management — Compliance
Chris Garrity, Director of Internal Audit, Saint
Joseph’s University
Bob Hoster, Director of Internal Audit, Bucknell
University
Many colleges and universities rely on donations and gifts to
support operations and the overall mission of the institution.
There are a variety of risks associated with the processes
for development and gift management. Internal audit can
play an integral role helping the organization optimize these
processes to enhance donor relationships and ensure better
fiscal management. Our speakers will provide their first-hand
knowledge and experiences with helping colleges and universities
gain greater insight and visibility into gift and donor management
processes. They will share their unique experiences and provide
their perspectives on how to add value to an institution through
auditing development and gift management processes.
After this session, participants will be able to:
RR Describe development and gift management
processes, including associated risks and approaches
to conducting audit activities in this area.
continued on page 18
ACUA 2016: Life’s a Beach with ACUA!
| 17
Track Sessions
RR Identify specific challenges in accounting for,
controlling, spending and monitoring gifts in a higher
education environment.
RR Develop targeted internal audit activities to provide
value to their institutions.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
D.4 When Called to Lead — Professional
Development & Leadership
Betsy Bowers, Associate Vice President, Internal
Auditing & Compliance, University of West Florida
You’ve been asked to leave internal audit and serve
temporarily as a vice president. You accept. How does this
affect your risk profile for the institution? What happens
when you return to internal auditing? Does this change the
dynamics of the internal audit function? If you had it to do
over again, would you accept? This session will discuss how
serving as an interim vice president for 10 months changed
an internal audit CAE’s perspective and broadened her
understanding of higher education.
After this session, participants will be able to:
RR Identify the professional standards related to
objectivity and independence.
RR Illustrate how aspects of the professional standards
might be applied.
RR Discuss the pros/cons of serving as a senior leader
then returning to internal audit changed the audit
perspective.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Personal Development
Prerequisites: None
E.4 Enhancing Network Security —
Information Technology/Information
Security
Ashish Jain, Director of Internal Audit, The University
System of New Hampshire
The Internet is made up of tens of thousands of
interconnected network devices. Network security is
essential in today’s environment because an organization’s
data could be accessible from any computer in the world.
Considering today’s cyber security risks, strong network
security practices are essential and critical to secure the
organization’s data and IT infrastructure. There are numerous
network devices used by any organization. Configuration
settings of these devices are very technical, and identifying
security opportunities is an uphill task for auditors and
management alike. Network security is measured based on
the weakest point in the network. A network device with
weak security settings can put the whole organization’s
IT infrastructure at risk. This presentation will give an
overview of top key areas to audit network security, and
will introduce attendees to network security risks, ideas to
18 |
REGISTRATION BROCHURE
benchmark against best practices, and common network
security requirements.
After this session, participants will be able to:
RR Identify key risk areas for a network security audit.
RR Locate resources for common security practices and/
or device settings.
RR Plan and perform a basic network security audit.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Education: Familiarity with basic IT controls
and concepts is necessary. Awareness of Open Systems
Interconnectivity (OSI) model will be further helpful
F.4 Red Flags, Now What? — Fraud &
Ethics
Andrew Cartwright, University Auditor, American
University of Beirut
Mohammad Shehab, Audit Manager, American
University of Beirut
Most employees do not know what to do when they identify
red flags even when they are seriously correlated with fraud.
Management may jump to conclusions when detecting red
flags and take uncalculated actions that might aggravate
the situation instead of solving the problems encountered.
This session will cover fraud related topics in general
and some specifics within the context of universities and
hospitals. We will touch on education, research, healthcare,
policy, IT systems, privacy vs. integrity, internal security
discussions, analytics and social media.
After this session, participants will be able to:
RR Analyze fraud, red flags and context.
RR Prepare organizations to detect possible fraud.
RR Develop reasonable remedial actions.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience: Experience in an university hospital
setting or professional certification, i.e., CIA, CISA, CA, CPA, CISRM
is preferred
G.4 Harnessing the Power of Continuous
Audit — Healthcare & Research
Robert L. Mainardi, President & Founder, Mainardi &
Company
In this session, the participants will be introduced to the
continuous auditing concept as it is defined and explained.
They are guided through the explanation of what the tool
is designed to accomplish when it is properly incorporated
into an audit methodology. Learn the specific methodology
steps to create custom continuous auditing programs as you
work through the process from start to finish and identify
areas within your own institution to apply this methodology.
After this session, participants will be able to:
RR Explain the continuous auditing process.
Track Sessions
RR Differentiate between continuous auditing and
continuous monitoring.
RR Recognize the foundation, approach, and execution in
the continuous auditing methodology.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Session 5
WEDNESDAY, 9/14/2016
10:30 AM – 12:10 PM
A.5 Rejuvenate Your Audit Committee —
Audit Trends and Issues
Mark Salamasick, Executive Director of Audit,
University of Texas System
Toni Stephens, Institutional Chief Audit Executive,
Univ. of Texas System at University of Texas at Dallas
Do you need fresh ideas for your Audit Committee? Are
members seeing the same thing over and over again? Do
you have few new members, the rest of whom have been
around for years? If any of these are true, your Audit
Committee could probably use a facelift. This presentation
will employ best practices and discussions that will breathe
new life and more energy into your meetings.
After this session, participants will be able to:
RR Describe the roles and responsibilities of the Audit
Committee members, including the CAE, as part of
the governance and assurance system within your
institution.
RR Develop a better rapport with Audit Committee
members and describe the types of members best
suited for your institution, including tips on how best
to work with external members.
RR Explain what your audit committee wants and needs to
know by employing best practices in audit committees,
including reporting, presentation materials, and
educating members.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience in managing an audit department
B.5 Internal Audit Performance Metrics —
Risk Management/GRC and QARs
Paige Buechley, Assistant Diretor, The University of
Texas System Administration
Dyan Hudson, Assistant Director, The University of
Texas System Administration
Moshmee Kalamkar, Audit Manager, The University
of Texas System Administration
This presentation will provide historical background on
internal audit performance metrics and lessons learned
from the challenges faced by The University of Texas
System Audit Office as it began implementing standardized
metrics across all internal audit departments at each of its
institutions. The presentation will also include a discussion
on various options for metrics and how they can be tailored
to measure performance areas that are meaningful to
different stakeholders.
After this session, participants will be able to:
RR Develop internal audit metrics to evaluate their
performance.
RR Apply audit performance metrics and customize them
for best use at their college or university.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Administrative Practice
Prerequisites: None
C.5 Conceiving and Developing an
Effective University-Wide Compliance
Function — Compliance
Susan Alexander, Managing Director, Protiviti, Inc.
Eric Groen, Managing Director, Protiviti, Inc.
Too often in universities the compliance function is buried in
silos across the organization or does not receive adequate
attention or resources until something negative happens.
This lack of a proactive compliance can leave a university
vulnerable to both reputational damage as well as actual
damages in the form of fines and penalties. This session
takes an in-depth look into conceiving and structuring
a university-wide compliance office. We will discuss
leading practices and components of effective compliance
programs, how to best align a university-wide compliance
program within the unique culture of higher education, and
Internal Audit’s role in an effective compliance program.
After this session, participants will be able to:
RR Identify key benefits to having a centralized and
proactive compliance program.
RR Catalogue the key attributes, practices, and
components of an effective compliance program.
RR Apply the key attributes, practices, and components
to develop an internal audit plan to evaluate the
compliance program at their institution.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Business Law
Prerequisites: Experience with university compliance
ACUA 2016: Life’s a Beach with ACUA!
| 19
Track Sessions
D.5 How to Get Your School to Hear
You (and Get on Board) — Professional
Development & Leadership
Joanne Dennison, The Guidance Counselor for
Grown Ups
Do you ever feel like you are banging your head against the
wall trying to get others at your institution to understand
your concerns over finance and business issues? There may
be some empathy in the finance division. You may obtain a
little attention from the president depending on the president’s
background and biggest crisis. Student affairs divisions may
believe that college is all fun and games. And, faculty seems to
have no interest in the day-to-day operations of the institution.
So you throw up your hands, “Fine! Let it close---see if I care!”
Everyone laughs because you are overreacting---or are you?
After this session, participants will be able to:
RR Restate methods to shift your mind and your words to
get your message heard.
RR Demonstrate your expertise and insight to the rest of
the school.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Communications
Prerequisites: None
E.5 Anatomy of a Major University Data
Breach — Information Technology/
Information Security
Dan Sarazen, Senior IT Auditor, The Boston
Consortium for Higher Education
In September 2008, an individual gained unauthorized access
to a University of Massachusetts server containing the social
security numbers of students enrolled between 1982 through
2002. In total, over 250,000 social security numbers were
exposed. Follow along as the IT Auditor who conducted the
review of the breach walks us through the timeline of events.
From the moment the Audit Director read of the breach
in the lead editorial section of The Boston Globe, through
each of the major failures identified in the final audit report.
We’ll also review the detailed and systematic approach the
university pursued to methodically conduct risk assessments
and address its weaknesses to secure their systems and data.
After this session, participants will be able to:
RR Describe the governance, roles, and responsibilities that
are required to reasonably secure institutional systems
and data.
RR Classify the various IT operations and security
frameworks, displaying an understanding of each
purpose as well as the controls they address.
RR Summarize the typical points of IT Security failure
higher educational institutions have dealt with and
summarize the systematic changes the University of
Massachusetts enacted in response to their data breach.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
20 |
REGISTRATION BROCHURE
F.5 Analyzing a Potpourri of Fraud in
Higher Education — Fraud & Ethics
Calvin Wendelboe, Audit Manager, Brigham Young
University
This session will include several real-life fraud schemes from
various audit shops. The fraud schemes will be presented
and dissected to determine what elements contributed to
each fraud. Discussion will center on what internal controls
were lacking, and what effective controls could have
prevented the fraud or discovered it much sooner. Strategies
will be discussed to help participants incorporate better
internal controls in their own organizations which align
themselves with best business practices and the 2013 COSO
(Committee of Sponsoring Organizations of the Treadway
Commission) Framework. This presentation is designed to
inspire both novice and experienced auditors to enhance
their effectiveness in fraud detection and prevention.
After this session, participants will be able to:
RR Identify internal control weaknesses that contribute to
certain fraud schemes.
RR Perform certain control procedures that help prevent
fraud and align with best business practices and the
2013 COSO Framework.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
G.5 Internal Audits’ Role in Research
Compliance Within Decentralized
Environment — Healthcare & Research
Mike Bowers, Associate Audit Director, MIT
Elvie Mahoney, Audit Services Manager, MIT
This presentation will cover how compliance monitoring
has evolved within MIT in the last five years, the impact of
changes from Uniform Guidance, how data analytics are
used to identify potential non-compliance and training
needs and how MIT senior management are involved in
compliance efforts.
After this session, participants will be able to:
RR Understand the MIT Audit Division’s Research
Administration and Compliance Program.
RR Describe how traditional audits differ from the
compliance program.
RR Explain methods to assist departments in managing
their compliance responsibilities.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Track Sessions
Session 6
C.6 Capital Projects Audit — Compliance
WEDNESDAY, 9/14/2016
1:10 PM-2:50 PM
Funding sources vary and funding can be easily removed if
projects are not well controlled. However without knowing
some key risks and controls, this task may be insurmountable.
This session will provide attendees that “jump start” focus
to know what can go wrong, what must go right, and
how can it be controlled. It goes beyond just reliance on a
“project manager”. Capital projects auditing will explain the
risks and controls around capital projects, a major portion
of university spending. Attendees will learn how they can
begin to audit on-going projects at their campuses.
A.6 Title IX, X Topics, XI Grievance
Procedures — Audit Trends and Issues
Brian Billington, Internal Audit Manager, Texas A&M
University System
Danielle Carlson, Senior Internal Auditor, Texas A&M
University System
Texas A&M University System Internal Audit department
committed to proactively perform a system-wide audit of
processes and procedures related to Title IX sexual violence at
all 15 university campuses. Audit work included surveys, visits
to each campus, interviews with over 100 people involved with
Title IX sexual violence processes, and discussions with the
Texas A&M University System Compliance Office and General
Counsel. The presentation will include the scope of work
performed, results, and valuable lessons learned from the audit.
After this session, participants will be able to:
RR Describe strategies in developing the scope for a
system-wide Title IX audit.
RR Identify best practices for conducting a system-wide
audit of Title IX related to sexual violence.
RR Summarize why internal audit should conduct an audit
of Title IX related to sexual violence.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
B.6 Cyber Insurance Due DiligenceEssential Preparation & Advisory — Risk
Management/GRC and QARs
Adam Cottini, Managing Director, Cyber Liability
Practice, Arthur J. Gallagher & Co.
Chauncey Fagler, Executive Director, Florida College
System Risk Management Consortium
Taking steps to manage cyber risk can be an onerous process.
However, it is important to set priorities to isolate cyber risk issues
and create a baseline understanding of your cyber risk profile. To do
this, you must bring together every functional area of an organization
that has the responsibility of managing cyber risk. This course will
encourage organizational communication, establish clear direction,
and highlight priorities to better understand your cyber risk profile.
After this session, participants will be able to:
RR Describe how to protect private/confidential information.
RR Demonstrate regulatory and business practices
Denise Cicchella, CEO, Auspicium
After this session, participants will be able to:
RR Reference the risks associated with capital projects.
RR Define the keys to a successful project.
RR Identify well known projects and be able to see where
the project succeeded or failed.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience with capital or construction projects
D.6 Managing the Millennial Auditor —
Professional Development & Leadership
Toby DeRoche, Senior Market Development
Consultant, TeamMate
The millennial generation is now firmly embedded in the
workplace, including in internal audit and compliance
departments. A recent Deloitte survey predicts that
millennials will make up 75% of the global workforce in
the next 10 years, which includes our audit staff. From a
management perspective, we need to blend the realities of
the work we do with the sociable, optimistic, collaborative,
tech savvy, and achievement oriented millennial staff. This
presentation will highlight the challenges faced by audit
management when incorporating millennials into their
existing staff, and focus on approaches we can take to
ensure their successful integration into our multigenerational
teams.
After this session, participants will be able to:
RR Identify challenges inherent to managing
multigenerational teams.
RR Demonstrate the unique needs of millennial audit staff.
RR Describe the techniques we can incorporate into our
management approach to better utilize, manage, and
train the next generation of internal auditors.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
compliance and cyber security readiness.
RR Review pre & post breach preparation, vendor
management and data classification process.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Finance
Prerequisites: None
ACUA 2016: Life’s a Beach with ACUA!
| 21
Track Sessions
E.6 Using Data Analytics to Detect, Deter
and Prevent Sponsored Research Fraud —
Information Technology/Information Security
Paul J. Coleman, Special Review Examiner, Georgia
Institute of Technology
Traditional methods of auditing sponsored research activities
include random sampling and testing a handful of transactions
for compliance. A much more effective approach requires
the use of data analytics to review the entire population,
then sorting the transactions by risk. This approach creates a
more effective audit, allowing us to identify and focus limited
resources on the highest risk transactions and projects. By
reviewing previous fraud cases, we have identified the major
key indicators of fraud in sponsored research and developed
a new approach to sponsored research audits by using data
analytics to target our audit procedures.
After attending this session, participants will be able to:
RR Identify the key indicators of fraud in sponsored research
activities.
RR Measure use of data analytics in sponsored research audits.
RR Classify key procedures of an audit program detecting
sponsored research fraud.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Education & Experience. General understanding of or
experience with Research Accounting and Sponsored Programs Auditing
F.6 Fraud in the Student Investment FundWorking with Management, External Auditors,
and Federal Law Enforcement — Fraud & Ethics
Janice Foley, Director of Audits & Investigations,
Florida State University
Sam M. McCall, Chief Audit Office, Florida State
University
The University Foundation provided $1 million to the College
of Business for finance students to invest in the market.
The student’s faculty adviser placed $650,000 in his own
company. The University Audit Officer called the transaction
likely abuse and/or fraud and management and its outside
auditors repeatedly called the transaction an investment. The
Office’s credibility was repeatedly challenged and concerns
downplayed. The faculty advisor was convicted and the
financial statements restated to disclose the embezzlement.
After this session, participants will be able to:
RR Explain how to document evidence for trial and testify in
federal court.
RR Describe what to do when management and its outside
auditors repeatedly downplay the auditors concerns.
RR Illustrate how to keep high level University Administration
and the University Board of Trustees aware of the issues
and expected attacks on the auditors concerns.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
22 |
REGISTRATION BROCHURE
G.6 Human Subject Research Compliance
and How Proactive Compliance Reviews
Benefit the Human Research Protection
Program — Healthcare & Research
Tina R. Tyson, Chief Ethics and Compliance Officer,
Duke University
This session will highlight how a compliance review can assist
an Institutional Review Board (IRB) and Human Research
Protection Program in preparation for accreditation by
the Association for the Accreditation of Human Research
Protection Programs (AAHRPP). The session will also
address proactive human subject research compliance
reviews of IRM-approved protocols as part of a compliance
work plan.
After this session, participants will be able to:
RR Apply proactive risk-based human subject research
compliance reviews as part of a compliance work plan and
recognize differences in review approach for review of
clinical trials as opposed to social or behavioral studies.
RR Explain areas of focus for a compliance review in
preparation for external accreditation of a Human Research
Protection Program.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
Session 7
WEDNESDAY, 9/14/16
3:20 PM – 5:00 PM
A.7 Audit2020: A Critical Look at the Audit
Process — Audit Trends and Issues
Danny Goldberg, Founder, GoldSRD
The internal audit profession is like any and all professions;
slow to implement change. Change is hard; people don’t
like change. As companies continue to look for efficiencies,
one area that may be improved in many organizations is
controls testing. This session will take attendees through
understanding the unique differences between control
design and effectiveness, how to test each one, and the key
decision points that go with each.
After this session, participants will be able to:
RR Describe criteria to identify key/significant controls and
learn ways to test those controls in the most effective and
efficient manner.
RR Identify the most efficient controls to test.
RR Compare the differences between control design and
effectiveness testing.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Track Sessions
B.7 Continuous Auditing and GRC
Applications: A Journey — Risk
Management/GRC and QARs
Allen Amyotte, Director, Internal Audit, University of
Calgary
Aris de Peuter, Senior Controls Analyst, University of
Calgary
The University of Calgary had intended on developing a
Continuous Assurance program over its basic business
cycles based on the Three Lines of Defense model. Oracle’s
Governance, Risk and Compliance (GRC) application was
purchased in 2012 to provide the required transactional
monitoring of internal controls over process cycles. Difficulties
with the tool and the environment in which it was deployed
made the ongoing use of the Oracle GRC tool impractical. This
realization highlighted the dangers of expecting technology to
provide a complete solution. The role of technology is only a
part of an overall “GRC” or controls monitoring program. This
presentation is designed to explore both the technical and
practical aspects of continuous auditing using automated tools
but also the issues that arise from a governance perspective.
After this session, participants will be able to:
RR Apply the Three lines of Defense model to internal control.
RR Identify potential governance issues associated with IA
performing two of the three lines of defense.
RR Illustrate lessons learned from relying primarily on IT solutions
to address controls monitoring and understand the technical
challenges associated with automated GRC type tools.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience with ERM and/or risk management
C.7 Conducting Compliance Risk
Assessments: Understanding Risk at the
Functional Level — Compliance
Sonal Shah, Sr. Director, Compliance, Ethics & ERM,
Stanford University
The presenter will provide a brief overview of the evolution,
promotion and use of compliance risk assessments in
higher education. Emphasis on the understanding of risk
in functional areas will be visited in detail with reference
to the Seven Elements of an Effective Compliance Program
as outlined in the Federal Sentencing Guidelines. Data
gathering/monitoring tools will be shared.
After this session, participants will be able to:
RR Identify components of a Compliance Risk Assessment
(CRA).
D.7 Don’t Let Conflicts of Interest Corrupt
Your Environment-Auditing Conflicts of
Interest — Professional Development &
Leadership
Robert Berry, Executive Director-Internal Audit,
University of South Alabama
Higher education has a long standing history of being a family
friendly/family like environment. On one hand, this makes the
workplace enjoyable. On the other hand, hiring your spouse
and paying him/her more than others in similar positions can
kill morale. Funneling business to a longtime family friend
or relative could be fatal to your organization’s reputation.
Identifying potential conflicts, monitoring the operating
environment to avoid them and taking action against those who
participate in inappropriate activities should be a top priority
for organizations. By the end of this session, participants will
be able to effectively audit their conflict of interest process.
After this session, participants will be able to:
RR Identify and describe various types of conflicts.
RR Review the operating environment and factors that make it
more susceptible to conflicts.
RR Evaluate oversight process and test conflict monitoring
mechanisms.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Social Environment of Business
Prerequisites: At least one year of audit experience
E.7 The Four “A’s” of Access — Information
Technology/Information Security
Ken Heskett, Senior IT Auditor, University of
Michigan
Effective access management protects electronic sensitive
information from unauthorized disclosure. The process of
granting, modifying, or revoking access can be broken down
into four auditable control points, the four “A’s” of access:
Ask, Authorize, Act, and Audit. During this program we will
learn the definition of sometimes confusing terminology like
“authorization” and “authentication,” why those terms mean
different things, and tie those terms to real life practices
which you may observe in your IT and non-IT audits. We will
discuss resources like NIST 800-53, ITIL, and ISO 27001 that
will help you write more focused audit plans and stronger
recommendations to your clients.
After this session, participants will be able to:
RR Develop risk assessment and audit plans to evaluate the
effectiveness of system or physical access management
processes for IT and non-IT audits.
RR Design a process for gathering information – communication,
RR Compare access-related terminology and controls related
RR Develop a report with recommendations, client buy-in and
RR Use industry and government resources to evaluate
collaboration, coordination and consolidation.
management action plans and perform a follow-up.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
to those terms.
controls and provide strong recommendations.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
ACUA 2016: Life’s a Beach with ACUA!
| 23
Track Sessions
F.7 Internal Investigations-Do You Run the
Investigation or Does it Run You? — Fraud
& Ethics
Ransom McClung, Faculty, Florida State University
Management of internal audit office resources is needed
to successfully complete an internal investigation. Office
resources need to be effectively managed so that a
timely completion of all projects is possible. It only takes
one investigation that spirals out-of-control to consume
office resources to the point that other office projects are
adversely affected. An out-of-control investigation can
also ruin staff careers, damage the office’s reputation, and
ultimately subject the organization to adverse legal action.
This session will offer participants some tested practical
tips on how to successfully manage the office investigative
process. Best practices are identified.
Session 8
THURSDAY, 9/15/2016
8:00 AM-9:40 AM
A.8 Auditing Minors on Campus: A Case
Study — Audit Trends and Issues
Marion Candrea, Audit Manager, Rutgers University
Erin Egan, Senior Auditor, Rutgers University
RR Recognize the key phases of an internal investigation.
Universities and colleges frequently offer camps, educational
programs, or other activities that bring minors onto their campuses.
In light of egregious events that have occurred over the past few
years, institutions have started examining the policies and processes
they have in place for protecting minors that come onto their
campuses and participate in these types of programs. This session
is a case study on how one audit shop at a major state university
successfully audited its Protection of Minors program, and how
YOU can successfully audit YOUR institution’s program as well!
RR Identify basic components for each phase in order to
After this session, participants will be able to:
After this session, participants will be able to:
better manage your internal Investigation.
RR List steps in the process to evaluate the office internal
investigative process.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: None
G.7 Performing HIPAA Security Reviews —
Healthcare & Research
Mike Cullen, Senior Manager, Baker Tilly
The security and compliance requirements of the Health
Insurance Portability and Accountability Act (HIPAA) span
beyond healthcare focused institutions and often apply
to colleges and universities, especially those that conduct
research. This session provides a practical approach to
assessing your institution’s HIPAA security compliance. An
institution where Internal Audit recently completed this
review said: “Thank you for this audit. I believe we now have
a manageable plan that will position us well for the future.”
After this session, participants will be able to:
RR Prepare a manageable audit plan to address HIPAA
compliance issues.
RR Recognize areas beyond healthcare entities in the
university setting where HIPAA applies.
RR Design audits to help your institution cover its compliance
risks in a practical manner.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
RR Develop a framework for auditing a university’s Protection
of Minors program.
RR Identify and appreciate the complexities that may exist
within individual programs that serve minors in and around
the university.
RR Explain the risks involved if a university fails to implement
an enterprise-wide Protection of Minors program.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
B.8 The Flood is Coming: Getting the
Masses on Board with Risk Management —
Risk Management/GRC and QARs
Cheryl Lyn Granto, Information Security Manager,
University of Florida
Those who work with HIPAA are familiar with the requirement for IT
Risk Management. Up until recently, the requirement for formal IT Risk
Management was not as prevalent as other regulations, standards and
frameworks. We are seeing an increasing number of DUA’s, Contracts,
and Grants with requirements for formal IT Risk Management. This
session will demonstrate how we built an IT Risk Management Program
at UF and how we gained the necessary support for success of this
effort from senior leadership to university staff.
After this session, participants will be able to:
RR Explain what it takes to build and maintain IT Risk
Management.
RR Recognize that IT Risk Management is not just a nice thing
to do, it’s the law or a legal obligation.
RR Describe steps to gain buy-in from your customer, up and
down the ladder.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Administrative Practice
Prerequisites: Experience with control frameworks such as NIST
800.53 r.4 and IT system categorization
24 |
REGISTRATION BROCHURE
Track Sessions
C.8 Rising to the Challenge: Navigating
IT Accessibility, an Emerging Compliance
Risk — Compliance
E.8 A High-Level Review of Information
Technology — Information Technology/
Information Security
Campuses have a long history of complying with the
Americans with Disabilities Act (ADA). Compliance with
ADA is changing due to the challenge of equal access
to electronic materials. IT Accessibility is an emerging
compliance risk area for colleges today. We have
fundamentally changed how we share information, but have
we ensured the information is accessible to those with a
disability? This session will review methods to evaluate the
accessibility levels for your campuses’ electronic materials:
websites, instructional materials, multi-media, and more,
and offer solutions to achieve Section 508 or Web Content
Accessibility Guidelines (WCAG 2.0) standards.
Over a four-year period, the Office of Internal Audit and
Risk Assessment successfully performed an IT General
Control Review at all of the 14 state universities within
the Pennsylvania State System of Higher Education. The
review involved meetings and table top discussions with
management and the completion of an Information Systems
and Technology Questionnaire. This comprehensive exercise
consisted of 470 questions and examined internal control
measures within 15 different IT-related areas. During this
session, we will share our experience, methodology, and
tools we used to perform this review.
Vicki Duggan, Chief Compliance Officer,
Montgomery College
After attending this session, participants will be able to:
RR Describe an overview of IT Accessibility, legal issues and
recent OCR cases.
RR Define the standards for Section 508 and Web Content
Accessibility Guidelines (WCAG 2.0).
RR List best practices in achieving and maintaining
accessibility.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Business Management & Organization
Prerequisites: None
D.8 Learning How to Read Body Language
— Professional Development & Leadership
Jerry Balistreri, Trainer
This powerful session provides you practical techniques,
tools, and strategies for understanding and using non-verbal
communication for the highest impact and effectiveness.
Become a highly respected, highly influential, and highly
successful communicator! Emphasis will be placed on
detecting lying and deception via body language for
auditors.
After this session, participants will be able to:
RR Develop skills in reading non-verbal “tells” both in the
workplace and with friends and family members.
RR Recognize the limbic system and its role in non-verbal
communication.
RR Identify deception in any situation.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Communications
Prerequisites: None
David Shissler, Senior Auditor, Pennsylvania State
System of Higher Education
After this session, participants will be able to:
RR Demonstrate an understanding of the fundamental
security controls, as outlined in ISO 27001 - Information
Security Management System.
RR Practice with management to identify significant risks
and potential control weaknesses within a university’s IT
environment.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience: One year of IT auditing
F.8 There Goes the Audit Plan! Conducting
Fraud Investigations in Small and Mid-Size
Shops — Fraud & Ethics
Christian Kemmerer, Director of Internal Audit,
University of Scranton
Trisha Silvasy, Associate Director of Internal Audit,
University of Delaware
With the ongoing demands placed upon auditors while
running small to mid-sized audit shops, this presentation
will illustrate practical best practices for leading a fraud
investigation, including conducting interviews, preserving
evidence, working with legal counsel, communicating
findings, and using third parties.
After this session, participants will be able to:
RR Summarize a practical approach to conducting a fraud
investigation in a small to medium size shop, including
ways to partner with General Counsel, management, and
third-parties.
RR Conduct effective interviews, efficiently review
email accounts and other evidence, and successfully
communicate findings.
RR Practice “lessons learned” from real-life frauds to help
your university better prevent/detect fraud in the future.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
ACUA 2016: Life’s a Beach with ACUA!
| 25
Track Sessions
G.8 Controlled Substance Accountability:
Drug Diversion Detection — Healthcare &
Research
Kimberly New, Executive Director, International
Health Facility Diversion Association
Diversion occurs in healthcare facilities every day. Access
to narcotics by clinical personnel represents an underappreciated occupational hazard and patient safety risk.
Harm to patients from healthcare personnel who divert may
take many forms, including care delivered by an impaired
provider, untreated pain, and infection stemming from
tampering with injectable drugs. This session will explore
diversion related challenges in the university healthcare
setting. Methods of diversion and regulatory standards will
be detailed.
After this session, participants will be able to:
RR Describe institutional controlled substance regulatory
requirements.
RR Review methods of auditing and ensuring
accountability of controlled substances in the university
healthcare setting.
RR List high risk drugs and methods of diversion.
Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Specialized Knowledge & Applications
Prerequisites: Experience: Basic understanding of controlled
substance handling in the health care environment
SAVE THE DATE!
26 |
2017 MIDYEAR CONFERENCE
2017 ANNUAL CONFERENCE
MARCH 26-29, 2017
OMNI AUSTIN HOTEL DOWNTOWN
AUSTIN, TX
SEPTEMBER 24-28, 2017
HYATT REGENCY PHOENIX
PHOENIX, AZ
REGISTRATION BROCHURE
Registration Form
STEP 1 – NAME BADGE & ROSTER INFORMATION
(List as you would like to appear on your name badge)
Please use a separate form for each registration; a photocopy of
original is acceptable. Please type or print and be sure to include
your email address. To register online, please visit the Annual
Conference Web page of the ACUA website at www.acua.org.
Name__________________________________________________________________________________________________________________________
Preferred First Name for Badge_____________________________________________________________________________________________________
Job Title (limited to 35 characters)___________________________________________________________________________________________________
Institution_______________________________________________________________________________________________________________________
Mailing Address__________________________________________________________________________________________________________________
City, State/Province________________________________________________ Zip Code___________________________ Country_____________________
Phone___________________________________________________________ Email (required)_______________________________________________
Are you a first-time attendee?  Yes  No
Are you interested in being a proctor?  Yes  No
ACUA fully complies with the legal requirements of the ADA and the rules and regulations thereof. Please specify any special needs or dietary needs/
allergies:
 Vegetarian  Vegan  Gluten Allergy  Gluten Free  Diabetic  Kosher  Other:
STEP 2 – LIABILITY WAIVER AND EMERGENCY CONTACT
Please read and sign. I agree and acknowledge that I am undertaking participation in ACUA events and activities as my own free and intentional act
and I am fully aware that possible physical injury might occur to me as a result of my participation in these events. I give this acknowledgement freely
and knowingly and that I am, as a result, able to participate in ACUA events and I do hereby assume responsibility for my own well-being. I am aware
that photographs will be taken during the conference and may be published in the College and University Auditor, on the ACUA website, or on ACUA’s
social media sites.
Signature
Date
Emergency Contact Name/Relationship/Phone
STEP 3 – REGISTRATION FEES
Received by
July 25
ACUA Member – Full Conference
 $990
Non-Member Institution – Full Conference  $1,140
Single-Day registration – Member
Mon. or Wed.
Single-Day registration – Member
Tue. or Thu.
Single-Day registration – Non-Member
Mon. or Wed. Single-Day registration – Non-Member
Tue. or Thu. Received by
August 19
 $1,140
 $1,290
Tuesday Bonus Sessions
1:10 p.m. - 5:00 p.m. CIA Exam Preparation Course
 $595
Other Bonus Sessions - $50 BOGO (Buy one, get one free!)
 $50
 $435
 $435
 1:10 p.m. - 2:50 p.m. Risk Assessments: 4 Common Errors and How to
Fix Them
 $280
 $280
 $485
 $485
 $305
 $305
 1:10 p.m. - 2:50 p.m. Cloud Working Group
 1:10 p.m. - 4:50 p.m. Winning Ways With Data Analytics
 3:10 p.m. - 4:50 p.m. Advanced Critical Thinking
 3:10 p.m. - 4:50 p.m. Welcome to Higher Ed-An Overview of Higher
Single-Day Registrants only. Please indicate which day(s) you plan to attend:
Education Audit & Compliance Issues
 Monday, September 12
 Wednesday, September 14
 Guest Registration (For Guests of Attendees)
 Tuesday, September 13
 Thursday, September 15
I am an ACUA Speaker/Track Coordinator:
Please discount my registration by:
 16.6%  25%  50%  100%
$250
(includes Monday Opening Reception and Wednesday Evening Events)
Guest Name: Registrations received after August 19
will be processed on-site.
ACUA 2016: Life’s a Beach with ACUA!
| 27
STEP 4 – SESSION/EVENT REGISTRATION
SESSION REGISTRATION
Choose only one track per session (see matrix and write in
number/letter code on the corresponding line below).
Session 1 Session 2 Session 3 Session 4 Session 5 Session 6 Session 7 Session 8 PLEASE INDICATE WHICH EVENTS YOU
WILL BE ATTENDING

Sunday Opening Reception

Monday Trivia Night Reception

Wednesday Evening Event
STEP 5 – PAYMENT INFORMATION
TOTAL PAYMENT DUE

Check enclosed (please make checks payable to ACUA in
U.S. currency via a U.S. bank)

Purchase Order (PO) enclosed
 MasterCard  VISA  American Express  Discover
Card No.
Exp. Date
Name as it appears on the card
Signature
Cancellation Policy:
Written notice of cancellations received on or before July 25, 2016, will be fully
refunded. Cancellations received from July 26- August 19, 2016,
will be refunded less a $100 processing fee. On or after August 20, 2016,
cancellation refund requests will be considered on a case-by-case basis.
Substitution of registrants is allowed.
28 |
REGISTRATION BROCHURE
STEP 6 – SEND YOUR REGISTRATION
To register, complete this registration form and return it, along
with the appropriate registration fee to:
 Online Registration

ACUA Executive Office
P.O. Box 14306
Lenexa, KS 66285-4306
 FAX: 913-222-8606
Registrations can be completed and submitted online via the
ACUA website at www.acua.org. A link to the registration
form is located on the Annual Conference page under the CPE
Events menu.
Hotel & Transportation Information
INTERCONTINENTAL MIAMI
100 CHOPIN PLAZA
MIAMI, FL 33131
Soaring 34 stories above gleaming Biscayne Bay, our
bayfront Miami hotel provides luxury accommodations
with panoramic views of this vibrant city. Adjacent to the
waterfront and downtown attractions, you can shop at
nearby fashion boutiques, sample innovative cuisine at one
of the city’s ritzy restaurants or just bask in the warm tropical
sun and cool bay breezes.
TRANSPORTATION
TAXIS
Taxis from the Miami International Airport (MIA) are about $45
each way plus gratuity.
SHUTTLE SERVICE
The InterContinental Miami does not provide complimentary
airport shuttle service. Super Shuttle is offering ACUA attendees
a discount on service to/from the Miami International Airport
and the Fort Lauderdale-Hollywood International Airport.
ACUA attendees receive a 10% discount on one-way service or
20% off of round-trip service.
HOTEL RESERVATIONS
Room Rate: $194 single/double, plus tax
The cut-off date for reservations is Friday, August 19, 2016.
To prevent attendees from having to stay at an overflow
hotel, participants will need to register for the conference to
receive the hotel reservation link, which is provided on the
confirmation page when registering online. If you register
using the PDF form, once your completed form is received
and processed, you will be sent a confirmation email with
the link to make your hotel reservation.
METRORAIL MIA MOVER TRANSPORTATION
For $2.25 per person, guests can ride the rails to and from
the Miami International Airport all the way through to the
InterContinental Miami. Board the MIA Mover in the airport
terminal, transfer to Metrorail and hop on the Metro Mover to
the Bayfront Park Station. Use the Trip Planner at http://www.
miamidade.gov/transit/metrorail.asp or download the MDT
Transit app for maps and schedules.
PARKING
Valet Parking: $39 per day, per vehicle and includes in/out
privileges.
On-Site Self Parking is not available at the InterContinental
Miami. Nearby parking garages are available for overnight
parking at the posted rates.
Please speak with the concierge for more information on
location and costs.
ACUA 2016: Life’s a Beach with ACUA!
| 29