Published 2015 2016 CATALOGUE · 2015 CATALOGUE OFEVENTS INTERNAL AUDIT & RISK MANAGEMENT INFORMATION SECURITY FRAUD / IT AUDIT ... MISTI is an accredited member of CPD UK – specialising

2016 Published

September 2015

CATALOGUE OFEVENTS

INTERNAL AUDIT & RISK MANAGEMENTINFORMATION SECURITY

FRAUD / IT AUDIT

The Global Leader in Audit and Information Security Training

WWW.MISTI.COM +44 (0)20 3819 0800

1

TAKE CONTROL OF YOUR CAREER

Study with industry-leading trainers and experienced audit, risk, fraud and security experts

Achieve an immediate return from your training experience by developing new skills

Boost your knowledge by using case studies, real life examples and role-play scenarios

Share experiences through interactive discussion with peers and deepen your industry knowledge

Advance your career with CPE and CPD accredited courses to gain the points you need

[email protected] @mistieurope

2

CONTENTS

We are delighted to introduce the newest feature of our website – the MISTI “blog”. Here you will gain an insight into not just MISTI – but also, compelling, valuable resources and information for Internal Auditing, Risk Management, Fraud and Corruption and Information Security.

We are thrilled to have the ability to share our knowledge and experience through this portal. If you have any suggestions on topics and subject matter, or questions for our trainers or speakers, then we want you to let us know. Get in touch, either by twitter, linkedin or email – [email protected]

Visit misti.com to find out more about our blog and latest developments from MISTI!

For more information on our courses, contact us on: Web www.misti.com Tel +44 (0) 20 3819 0800 Email [email protected] Twitter @mistieurope

06

9

49

59

73

77

83

92

Training Weeks

Internal Audit and Risk Management

Fraud

IT Audit

Information Security

Conferences and Bespoke Events

Our Course Directors

Index of all Courses


2

How to Register

You can find out more information about all of our events and register online.

Please visit www.misti.com to find out more information about all our events.

i

WWW.MISTI.COM +44 (0)20 3819 0800

3

Our Experience & Reputation

Having trained over 200,000 professionals worldwide, we are the global leader in Audit, Risk, Fraud and Security Training.

With over 35 years’ experience, we are the choice for companies who want their employees to gain skills to really help improve their organisation and deliver a real Return of Investment from training.

We have worked with some of the most prestigious companies in the world including:

• European Central Bank• Euroclear• Kuwait Petroleum• Maersk Group• Riyad Bank• NATO• DVB Bank• BP• Gulf International Bank• Ghana Civil Aviation• Saudi Aramco• BDO

• Barclays Bank• NYSE Euronext• International Criminal

Court• BAE Systems• Central Bank of

Nigeria• KCB Bank Group• NMBS Holding • AXA International • Deutsche Bundesbank• GlaxoSmithKline

Our Courses

MIS Training Institute have over 80 training courses to choose from. This means that you can find a course to suit your needs and interests whatever level you’re at within your career.

All our courses have a very practical focus and contain real life case studies, exercises and knowledge based learning. This enables you to implement your new skills as you return to your office.

All courses are updated regularly to meet the latest legislative and market challenges. You will leave all of our training courses with both current and emerging best practice guidance.

Upon completion of the training course you will be awarded with your Continual Professional Education (CPE) points and Continuing Professional Development (CPD) Certification. You will also be given an MIS Training Institute Certificate which will have the details of the course that you attended.

In-house Training We also offer in-house training for companies that are looking to train multiple members of staff and avoid the costs of travel and accommodation. We can offer tailored training courses and can focus on specific issues within your organisation with expert guidance from our course directors. We have an extensive catalogue of in-house training options that goes beyond even our public schedule, so even if you don’t see the course that you desire then please don’t hesitate to call customer services to discuss your training requirements –

[email protected] / +44 (0) 20 3819 0800

WHY CHOOSE MIS TRAINING INSTITUTE?

“The course is really good for beginners as well as those that are more experienced as it is very comprehensive. The course director made the course very interesting and interactive. I would recommend this course to a colleague” Audit & Security of SAP Training Week: Senior IT Auditor, Landis+Gyr


4

Our Conferences MISTI typically delivers 6-10 international conferences a year specialising in the areas of information security, corporate security; fraud and anti-corruption; internal audit and technology audit - reaching to the wider spheres of risk, assurance, governance compliance, integrity and protection. The well-established MISTI conference portfolio includes new events that are added annually to complement its flagship events across Europe, Africa, the Middle East and Asia-Pacific. All Conferences are CPE accredited.

[email protected] / +44 (0) 20 3819 0809

Our Facilities All our courses take place in 4 or 5 star hotels in the centre of major cities across Europe, the Middle East, Africa and Asia, which means you will enjoy your course in complete comfort. A complimentary three course lunch and refreshments will be provided throughout each day of training.

Our Faculty of Course Directors All our course directors have at least 15 years of practical business experience. Having reached the top of their profession as Heads of Departments for some of the biggest companies in the world, they combine academic knowledge with years of business and industry experience. Many are published authors and sit on boards of associations such as the IIA and ISACA. You are guaranteed personal face-to-face time with your course director as we always limit the amount of people attending a course.

MISTI is an accredited member of CPD UK – specialising in helping Internal Auditors build new skills, enhance existing knowledge and develop careers. CPD accredited courses will enable you to learn from the best trainers, gain access to industry expertise and share ideas with other professionals. Find out more at: www.cpduk.co.uk

MISTI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors, State boards of Accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org

“My reasons for attending this course were to gain more knowledge in IT Audit. The course gave me the global view I was looking for and I will now be able to communicate with all IT Auditors. The course director was excellent! He was enthusiastic, and was able to keep my attention. He used some great slides and delivered everything in a clear voice”

IT Audit School (IT Auditing for Non IT Auditors): Manager of Operational Audit, NV Nederlandse Gasunie

WWW.MISTI.COM +44 (0)20 3819 0800

5

INHOUSE TRAINING

SAVE UP TO 50% WITH IN-HOUSE TRAINING

Choose from over 150 existing training courses to meet the needs and challenges of your individual organization or if you prefer we can create a new agenda. You will have complete control over the course content

Save by paying per day, not per delegate. This means that you can train six or sixteen people for the same price

Maximise your return on investment from training and minimise the costs of travel and accommodation

Focus on potentially confidential issues with expert guidance from the course director

Minimise disruption and arrange the course dates and locations to fit in with your team’s schedule


6

What are Training Week Programmes? Our training week programmes are intensive courses that take place over five days. Each Training Week programme features two course parts that have been especially designed to complement each other.

They are ideal for those wanting to get the most out of their learning development by reinforcing existing knowledge and learning practical new skills. You will leave a programme having mastered two areas of your profession and will be able to make a real difference to your organisation and progress your career.

Why attend a Training Week Programme? Five days of comprehensive and intensive training Each programme has been designed to ensure you leave with both current and emerging best practice, mastering two disciplines in just one week. You will also be given an MIS Training Institute Certificate which will have the details of the course that you attended.

Cost savings Rather than attending these courses individually at different times of the year, attend a training week programme and save 10% on the course fees. You will also be saving on travel and accommodation costs. Save on time out of the office Each programme is five days so you only need to take one trip out of the office. CPE pointsYou will earn 39 CPE points in five days.

TRAINING WEEKS TW

i Training week courses are marked inside the catalogue with this symbol

TW

+Book Part 1

Book Part 2

SAVE 10%


6

WWW.MISTI.COM +44 (0)20 3819 0800

7

01 INTERNAL AUDIT TRAINING WEEKS

The Fundamentals of Internal Audit Training Week

Part 1: Fundamentals of Internal Auditing

Part 2: Audit Report Writing

Integrating Continuous Auditing and Data Analytics

Part 1: Continuous Auditing

Part 2: Successful Data Analytics for Internal Auditors

Raising the Bar of Internal Audit Training Week

Part 1: Internal Audit Quality Assurance

Part 2: Consultancy Skills for Auditors

Risk-based Internal Auditing Training Week

Part 1: Risk Based Internal Auditing

Part 2: Developing the Annual Audit Plan

The Audit Directors’ and Managers’ Masterclass

Part 1: Auditing, Governance, Strategy and Risk Management

Part 2: Auditing Ethics, Culture, Conduct and Reputational Risk

The Risk Management Masterclass

Part 1: Enterprise Risk Management

Part 2: Managing Strategic and Reputational Risk

Lean Six Sigma for Internal Audit Efficiency and Effectiveness

Part 1: Six Sigma Skills for Internal Auditors

Part 2: Audit Efficiency and Effectiveness

Lin Bartlett 14-18 March, Amsterdam 9-13 October, Dubai 5-9 December, London

Liz Sandwith & James Paterson25-29 July, London 5-9 December, Amsterdam

Lin Bartlett27 June - 1 July, London 12-16, December, London

Andy Robertson & Jim Tarantino14-18 November, London

Jenny Rayner4-8 April, London 17-21 October, London 31 November - 4 December, Cape Town

Jenny Rayner18-22 April, London 15-19 August, London 26-30 September, Singapore 12-16 December, Paris

Hernan Murdock & James Paterson31 October - 4 November, London


8

02 FRAUD TRAINING WEEKS

Fraud Testing and Integration Training Week

Part 1: Fraud Testing: Integrating Fraud Detection into your Audit Programme

Part 2: Fraud Data Mining

Fraud Investigations Masterclass

Part 1: Fraud Testing: Integrating Fraud Detection into your Audit Programme

Part 2: Conducting an Internal Fraud Investigation

Len Vona 9-13 May, London

Len Vona19-23 September, London

03 IT AUDIT TRAINING WEEKS

Auditing and Securing Oracle Training Week

Part 1: Auditing and Controlling Oracle Databases

Part 2: Audit and Security of Oracle E-business Suite

Auditing and Securing SAP Training Week

Part 1: Auditing and Securing SAP ERP Central Component (ECC) and SAP R/3

Part 2: Advanced Technical SAP Audit

Steve Rimell 4-8 April, London 21-25 November, London

Steve Biskie8-12 May, Dubai 10-14 September, London

01Does your organisation have all the tools to drive

productivity and value-add in Internal Audit operations? Can you discover techniques to better develop and manage audit

frameworks? Are you focusing your audit efforts on the most significant business risks? How can you

become a truly effective Audit Leader?

I N T E R N A L A U D I T & R I S K M A N A G E M E N T

10

WWW.MISTI.COM +44 (0)20 3819 0800

11

INTERNAL AUDIT & RISK MANAGEMENT EFFECTIVE INTERNAL AUDIT TW 24CPE

Free book with this course: ‘International Professional Practices Framework (IPPF)’

COURSE FOCUS

Perfect for new internal auditors, this course introduces you to the role and responsibilities of the audit department. The role of the department is discussed within the wider assurance context and the profession’s current challenges.

This course teaches the basic tools and techniques to carry out audit assignments and allows attendees to practice specifically designed exercises and case studies.

WHY ATTEND THIS COURSE

• Understand the role of the internal audit department

• Learn the standards required for the professional practice of Internal Audit

• Improve your interpersonal skills and interview strategies

• Explore risk assessment strategies and risk based internal auditing

• Develop the tools and techniques required to perform a successful audit programme

DATES 14-16 March, Amsterdam 9-11 September, Dubai 5-7 December, London

DIRECTOR Lin Bartlett Senior Internal Audit Professional and former integrated Audit Manager with Shell, as part of a vast career spanning over 30 years.

FUNDAMENTALS OF INTERNAL AUDITING The tools and techniques needed to become today’s modern internal auditor

AGENDA AT A GLANCE

Day One: Introducing internal auditing

• The role of the internal audit department and characteristics of an effective department

• The internal audit governance framework

• Understanding the role of the internal auditor

• The audit model – performance of audit work

Day Two: Developing the audit programme and evaluating internal controls

• An introduction to the COSO Control model

• Audit communications and interview strategies

• Evaluating and documenting internal controls

• Reviewing audit programmes and testing: case study

Day Three: Exploring audit finding and developing the audit report

• Fieldwork techniques and applications

• The five attributes of an audit finding

• The Audit Report: Understanding your audience and user friendly report structures

• Issuing timely reports and closing the audit assignment


12



AGENDA AT A GLANCE

Day One: Thinking about the Report from Day One

• Setting the scene

• Discussing challenges of report writing

• Understanding the background and agreeing KPIs

• Influencing your client to take action

• Keeping focus on key issues and risks

Day One: Structuring and Writing the Report

• Key strategies for successful reporting

• Making your report User-Friendly

• Structuring Audit findings to aid consistency

• Improving your writing skills

• Top tips for effective Audit Report Writing

COURSE FOCUS

Satisfying the differing needs of various readers of an audit report can prove to be a challenge. Report writing is a key skill for auditors and is often one which doesn’t come naturally to them. Auditors often collect and analyse detailed information and are more comfortable at a detailed level, rather than that required to deliver the key message to senior managers.

This two day course will review and improve your audit reports to meet the needs of stakeholders and get results. The exercise-filled agenda will help you highlight the most significant issues and concentrate on what needs to be completed.


• Gain expertise and confidence in developing well-structured reports with clear information

• Learn to deliver the key messages that focus on risk and get results

• Discuss and understand the differing needs and expectations of audit report readers

• Practice each step of the report writing process, including thinking about your audience, organising your ideas to meet their needs, choosing the appropriate format and tone and crafting your writing

• Bring your own reports to work on and review in the context of the course

DATES 17-18 March, Amsterdam 12-13 October, Dubai 8-9 December, London


AUDIT REPORT WRITING A guide to writing effective audit reports which meet the needs of the readers and inspire action

TW 15CPE

WWW.MISTI.COM +44 (0)20 3819 0800

13


COURSE FOCUS

This five-day course provides practical guidance on operational auditing of core business processes, the internal auditors’ role in compliance activities and risk based internal auditing.

Participants will learn to identify and prioritise risk and practice new skills with practical exercises and develop their communication skills.


• Learn tools and techniques and put them into practice with practical exercises• Appreciate the benefits of risk based auditing to audit different

business functions• Explore why communication sometimes seems difficult and discover

improvements you can make to your communication with clients• Identifying internal audit’s role in detecting fraud• Discuss current best practice audit techniques and gain confidence in

undertaking risk based audits

DATES 16-20 May, London 15-19 August, London 7-11 November, Cape Town


INTERNAL AUDIT SCHOOL Understand the fundamentals of operational auditing and how to evaluate operational performance

Day Four: Auditing different business functions

• Why sales and marketing is often hard to audit

• Reviewing risks in the sales to receivables process

• Auditing the human resources (HR) function

• Case Study: develop audit terms of reference for a risk based audit of recruitment

Day Five: Corporate Culture and preventing fraud

• Understanding the importance of the corporate culture

• Identifying ethics and governance and key risks

• Techniques for preventing fraud• Using the computer to detect fraud

AGENDA AT A GLANCE

Day One: Where is internal audit positioned in your company?

• Internal auditing today: leading trends

• Understanding the overall assurance framework

• What is risk based auditing?• The 6 E’s of auditing

Day Two: Communicating with your stakeholders

• Understanding the key stakeholder needs and expectations

• Developing listening skills• Conducting effective interviews• The importance of both verbal and

non-verbal communication

Day Three: Auditing Procurement and Major Contracts

• Identifying core purchasing activities and control objectives

• Assessing governance, policies and procedures

• Understanding the contracts and audits required

• Reviewing contract management risks

39CPE


14


COURSE FOCUS

This three day seminar focusses on challenges facing the lead auditor. It sets out what is expected from the lead auditor and enables those who have recently moved into the role or are soon to do so. You will learn all the necessary tools and techniques to conduct an audit and valuable insight into the wider context of auditing and assurance.

You will learn how to manage an audit from initial planning through to audit closure using case studies and practical exercises. Add even further value to your organisation with the key project management skills to deliver assignments on time and within budget.


• Understand the role of corporate scandals and governance legislation on Internal Audit

• Explore IIA guidance and best practice auditing techniques with a Senior Internal Audit Professional

• Learn how to successfully manage an audit from start to finish

• Appreciate the value of persuasive evidence and how to effectively influence successful outcomes

• Master applying project management tools and techniques to internal audit

DATES 4-6 April, London 5-7 September, London 20-22 November, Dubai


AUDITING TECHNIQUES FOR LEAD AUDITORS Develop your skills in leading an audit with tested techniques for planning and developing audit programmes and managing fieldwork

AGENDA AT A GLANCE

Day One: The Lead Auditor’s Role

• Defining the role and responsibilities of the lead auditor

• Selecting and leading the team

• Assuring the quality of the audit

• Discussing the different types of internal audits and their emphasis

• Understanding the differences between diverse assurance providers and managing the relationships

Day Two: Planning, Development and Managing Fieldwork

• Understanding the role of risk in the Internal Audit function

• What is risk-based auditing?

• Areas to consider for a more productive audit

• Managing Fieldwork

• Top Tips for effective report writing

Day Three: Project Management and Internal Audit

• Applying project management to internal audit

• Using project management to plan your audits

• Managing the audit team and client responsibilities

• Do’s and don’ts of effective meeting management and communications

• Identifying internal audit’s role in fraud awareness

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

15


COURSE FOCUS

Six Sigma provides auditors with an invaluable tool to improve processes and measure the effectiveness of internal controls. Initially designed as a set of practices to improve manufacturing process, Six Sigma focuses on consistency, quality and constant improvement. This ties perfectly with the same goals that internal auditors promote during their audits and consulting projects.

Through this three-day course you will learn to improve operational efficiency with this data drive, quality improvement initiative.


• Learn what Six Sigma is about and how to leverage the principles for better internal controls

• Identify critical operational issues, develop better recommendations and improve efficiency

• Understand the phases of Six Sigma, project scope and goals

• Master the application of metrics to determine effectiveness and efficiency

• Discover how Six Sigma can enhance your ERM and GRC processes, while reducing costs and wasted time

DATES 31 Oct - 2 Nov, London

DIRECTOR Hernan Murdoch Dr Murdock is a Senior Consultant for MIS Training Institute and has led audit and consulting projects for clients in the manufacturing, transportation, high tech, education, insurance and power generation industries.

SIX SIGMA SKILLS FOR INTERNAL AUDITORS Acquiring the essential Six Sigma Skills for process improvement

AGENDA AT A GLANCE

Day One: Terminology, Key Concepts and Phases

• The “Define” Phase: Defining the problem

• The “Measure” Phase: Identifying, collecting information and mapping the data

• The “Analyse” Phase: Employing data and metrics to determine the root cause of defects

• The “Improve” Phase:

Day Two: Six Sigma Soft Skills and Training

• The “Control” Phase: Verifying process performance

• Implementing team building and techniques for conflict management

• Outlining types of statistical analysis and variables

• Identifying training needs and the effectiveness of training

Day Three: The 14 Principles of the Toyota Way

• Understanding Operational Auditing and Consulting

• The importance of Collaboration in the development of solutions

• Applying the 14 Principles to your organisation

• Leveraging the Principles to develop the human capital


16


COURSE FOCUS

In this interactive masterclass you will practice the first steps in developing efficiency and learn how to establish an effective and efficient audit process. Departments in all organisations are being expected to do “more with less”. For internal auditors, this is even harder as the increasing number of assurance scandals demonstrates.

This course is designed for internal auditors and heads of internal audit, to assist you in working efficiently, maintaining a high-level of departmental performance and increasing the effectiveness of your audit team.


• Benchmark your audit function in terms of efficiency and effectiveness

• Gain fresh insights into tackling challenges without excessive bureaucracy

• Develop an audit plan with new tools and techniques

• Establish a culture of efficiency and effectiveness inside your organisation’s audit team

• Utilise data analytics and key sources of information to drive efficiency

DATES 3 Nov - 4 Nov, London

DIRECTOR James Paterson Over 20 years experience across a range of finance and audit roles and a former Chief Internal Auditor at AstraZeneca.

AUDIT EFFICIENCY AND EFFECTIVENESS Key tools to drive productivity and value-add in Internal Audit operations

AGENDA AT A GLANCE

Day One: Developing the first steps to efficiency

• Key Terminology: What do we mean by efficiency? What do we mean by effectiveness?

• Balancing between IIA requirements and the needs of stakeholders

• Developing an audit plan efficiently to maximise audit value add

• Tools that can drive efficiency in audit assignments

Day Two: Establishing an efficient audit process

• Deep dive into key efficiency pitfalls

• Searching for opportunities with practical

• How to develop a culture of efficiency

• Driving efficiency and effectiveness with key sources of intelligence

15CPE

WWW.MISTI.COM +44 (0)20 3819 0800

17


COURSE FOCUS

An audit is simply a project. Yet few auditors take advantage of the techniques used by project managers to bring their projects in on time and within budget. In three intensive days, attendees will learn techniques to significantly improve productivity in planning and managing all audit projects.


• Learn the basics of project management

• Achieve improved cost-control and resource utilisation techniques

• Discover tools for project-planning, scheduling, control and decision support

• Improve productivity in the audit process

• Take-away techniques to immediately implement in your organisation

DATES 5-7 September, London

DIRECTOR Kathleen Crawford Experienced Internal Auditor with Bank of New England, Eastern Bank, State Street Bank and Vinfen Corporation, a private, non-profit human services organisation. Kathleen is a Past-President of the Greater Boston Chapter of the IIA.

PROJECT MANAGEMENT FOR INTERNAL AUDITORS Improving Audit productivity with project management

AGENDA AT A GLANCE

Day One: Defining and Exploring Project Audits

• Defining project management and the project management process

• Exploring project management’s relevance to audit

• Expanding audit project leaders’ core competencies

• Outlining 9 knowledge areas of project management

• Identifying problems early in the process

Day Two: Techniques to improve the outcome of a project

• Outlining successful audit / project management key factors

• Using project management to plan audits

• Improving time management

• Developing early warning systems

• Minimising your investment in fieldwork

Day Three: Understanding the scope and requirements

• Defining project scope and requirements

• Producing a project plan

• Conducting meetings and interviews

• Focusing on communication motivation and problem-solving

• Meeting today’s audit challenges with project management techniques

24CPE


18

INTERNAL AUDIT & RISK MANAGEMENT TOOLS AND TECHNIQUES TW 24CPE

COURSE FOCUS

This course will focus auditors on the critical ‘soft’ skills that, if not mastered, can undermine the success of an audit. Through presentation, discussion, practical exercises and coaching, this course ensures you develop communication and negotiation skills to conduct more effective audits. Practice interviews for gaining information, status meetings for reviewing audit findings and discussing the final audit outcome. Following the course guidance, you will develop a Personal Action Plan for dealing with challenging audit clients.


• Identify your own style of communication using DiSC® and proactively adapt to your audit client’s style

• Develop the ability to obtain more information in interviews with your audit clients

• Learn to “sell” your audit findings even when faced with resistant management

• Practice diffusing conflicts and tense situations in audit status and closing meetings

• Influence change through improved acceptance of audit results


DIRECTOR Kelly Hogan Internal Auditor, Manager, Consultant and Trainer with over 20years of experience in identifying and communicating key messages and audit results.

COMMUNICATION AND INFLUENCING SKILLS FOR INTERNAL AUDITORS Practical techniques to gain more information during audit interviews and to improve acceptance of audit results

AGENDA AT A GLANCE

Day One: Communication Styles and Introducing Interview and Meeting Techniques

• Using DiSC®, identify your own communication style, how it affects your approach and identifying others’ communication styles

• The impact of physical and visual characteristics on your message

• Essential steps for preparing for and running meetings and interviews

• Preparation: Background work and outline, anticipated deviations, auditor participant roles

• Execution: Stage-setting and rapport, Hearing versus Listening, questioning techniques, restatements and wrap-up

Day Two: Interview and Meeting Techniques (continued) and Managing Conflicts

• Follow-up: Information confirmation, action items

• Practicalities: Note-taking, logistical considerations

• Checklists for before and after meetings, example meeting outlines, list of suggested interview questions

• Establishing a baseline – what parts of your audit finding are factual, what parts are not

• Reason(s) for objection to the audit finding: Facts, tone, responsibility

Day Three: Influencing Outcomes – Communicating about the audit report

• Positions – Identification of your audit client’s and establishment of your own

• Setting (and resetting) the tone

• Agreeing on an outcome for the audit report

• Managing your audience – Dealing with different styles of communication at the same time

• Exercises and Personal Action Plan development

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

19


COURSE FOCUS

Internal audit provides a prime source of assurance for organisations to consider the effectiveness of risk management frameworks, processes, and controls. Discover how audit functions can implement a risk-based approach that is truly business oriented.

This course will enable you to gain an understanding of what is necessary to make your audit function totally risk-based. You will learn tools, techniques and methodology to produce bullet proof audit plans and boost auditor productivity.


• Examine how your organisation can adopt a risk-based approach to internal auditing

• Explore your company’s risk profile and how risk management arrangements can keep up-to-date with changes to the profile

• Review the readiness of your organisation to adopt a risk-based approach

• Develop a plan to implement risk-based auditing within your organisation

• Learn how to write top quality risk-based audit reports

DATES 13-15 March, Dubai 25-27 July, London 5-7 December, Amsterdam

DIRECTOR Liz Sandwith Experienced professional and trainer with over 30 years of internal audit and risk management in central and local government, housing associations, regional development agencies and broadcasting with Channel 5.

RISK-BASED INTERNAL AUDITING Transform the way Internal Audit operates within your organisation

AGENDA AT A GLANCE

Day One: Introducing Risk-Based Internal Auditing

• Understanding risk based internal auditing

• Risk management within the business

• Corporate Governance

• Exercise: Creating a corporate risk register for an organisation

Day Two: Creating a Risk-Based Internal Audit plan for your organisation

• Developing a risk-based audit plan

• “How to” guide – terms of reference, documentation, testing, and evidence

• Case study in creating a risk-based internal audit plan

• Consider evidence and challenges for internal audit related to evidence

Day Three: Delivering the Risk-Based Internal Audit Report

• Reporting and internal control

• Delivering a risk-based internal audit report

• Considering the format of a risk-based audit report

• Is your organisation ready for risk-based internal auditing?

24CPE


20


COURSE FOCUS

In this highly intensive, interactive two-day seminar we will review best practices in internal audit planning. Developing a business-focussed, objective-based audit plan will concentrate on key issues and maximise audit resources.

Throughout the course best practice will be shared alongside useful tools and techniques to help ensure the IA plan is focused on the right areas. This course will enable you to focus on adding real value to the organisation by creating a concrete annual audit plan which is totally business-focused.


• Learn who should be consulted and whether you are consulting too widely

• Discover best practice ways of linking IA plan to key risk areas, while delivering core assurance areas

• Discuss how to factor in value and value-add into the planning process

• Identify ways to use the planning process to deepen the relationship between audit and senior stakeholders

• Uncover best practices around longer term planning horizons, the annual plan and ad hoc audit work

DATES 28-29 July, London 8-9 December, Amsterdam


DEVELOPING THE ANNUAL AUDIT PLAN Best practice, tools and techniques to position Internal Audit as a value-added business partner

AGENDA AT A GLANCE

Day One: Outlining the purpose of planning and its added value

• How to use value add principles in the planning process

• Who should be engaged and what are best practice questions that should be asked?

• How to balance multiple sources of information that could inform a plan

• Killer questions to ensure you don’t get weak audits on the plan

Day Two: Overcoming potential tension and challenges

• How to address differences between Senior management and the Audit Committee

• Recognising the opportunity presented by planning to understand the needs and concerns of key stakeholders

• How much of the plan should be presented as fixed versus flexible?

• Developing a tailored plan of action to suit your organisation

15CPE

WWW.MISTI.COM +44 (0)20 3819 0800

21


COURSE FOCUS

This intensive two-day training will show how you and your organisation can benefit from the more frequent and timely assurance given by Continuous Auditing. This interactive seminar will take participants with any IT background through the conceptual frameworks and the various areas that need to be assessed when implementing the techniques.


• Develop a Continuous Auditing programme and process

• Secure management buy-in and integrate Continuous Auditing into your organisation’s culture

• Understand the impact on group internal audit functions

• Examine existing examples of Continuous Auditing strategy and best practice

• Review and asses the available IT software options

DATES 14-15 November, London

DIRECTOR Andy Robertson 35 years experience in Auditing and Risk Management, covering Manufacturing, Retail, Financial Services, and the Not-for-Profit sectors.

CONTINUOUS AUDITING - MAKING THE CHANGE A how to guide on implementing continuous auditing in your organisation

AGENDA AT A GLANCE

Day One: Understanding the theory

• Understanding the history and concept of Continuous Auditing

• Analysing recent developments in governance and risk management

• Continuous Auditing vs. Continuous Monitoring – a clarification of confusion causing terms

• Reviewing existing examples of best practices

• Overcoming technical issues and challenges

Day Two: Implementing Continuous Auditing into practice

• Two case studies – a scenario desk top study and a project

• Working through the audit cycle – planning, changes and delivery

• Reviewing the most popular software offerings

• A practical demonstration of the use of IT software

• Workshop sessions followed by course conclusions

15CPE


22


COURSE FOCUS

In this intensive three-day training you will learn everything you need to know about effectively integrating data analytics or CAATs (Computer Assisted Audit Techniques) into your audit processes. Discover how technology can be used to more efficiently and effectively achieve your desired audit results while brainstorming analytics across most major business cycles.


• Effectively integrate data analytics and CAAT’s into your audit processes

• Plan for data access

• Use technology to achieve desired audit results more efficiently and effectively

• Progress from basic analysis into a fully automated mode

• Design effective strategies and programmes to ensure sustainable results


DIRECTOR Jim Tarantino Jim has over 15 years of information technology, analytics, audit and GRC experience with a recognized expertise in developing solutions to enable data-driven auditing, risk assessment and investigations.

SUCCESSFUL DATA ANALYTICS FOR INTERNAL AUDITORS Getting the most out of your CAATS program – including ACL, IDEA, SQL, and SAS

AGENDA AT A GLANCE

Day One: The business case for audit analytics

• Integrating data analytics across the audit process

• Outlining the pro’s and con’s of common data analysis tools

• Understanding the analytic development cycle

• Planning for data access

• Exploring data access options and file types

Day Two: Common analyses in major business processes

• Discovering advanced analytic design techniques

• Verifying standard data

• Leveraging external data sources

• Developing appropriate standards

• Making analytics repetitive

Day Three: Moving towards Continuous Auditing

• Overcoming common implementation hurdles

• Organising your audit team while developing and maintaining skills

• Reporting and interpreting results

• Implementing dashboarding and visual analytics

• Discovering spacial relationships and mapping

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

23


COURSE FOCUS

The three ‘E’s – Economy, Efficiency and Effectiveness – are cornerstones of assessing “Value for Money”. Through Performance Auditing there is a unique opportunity for auditors to conduct work that is relevant, important and adds value to their organisations. The course aims to equip candidates to understand a range of techniques for assessing economy, efficiency and effectiveness of their business areas and functions.

This course will ensure that you leave with knowledge not only of theory, but also how to put the theory into practice. Participants will receive sample documents, diagrams and checklists to support them in applying this new learning into their day jobs.


• Understand the purpose of Value for Money (VFM), performance reviews and the applicability to your business

• Make use of best practice developed in the public sector to drive real benefit for your organisation

• Know how to plan, deliver and report on VFM / performance audits• Learn how to apply VFM auditing techniques to the three ‘E’s • Deliver reports that maximise impact, drive improvement and add real

value to your business

DATES TBC, May, Cape Town

DIRECTOR Jane Needham Specialising in corporate governance, risk management and business process improvement.

VALUE FOR MONEY & PERFORMANCE AUDITING How auditors can add value by assessing value for money

AGENDA AT A GLANCE

Day One: The Background and Basics

• Setting the “VFM” scene

• Context and Definitions

• The three ‘E’s of VFM

• Developing a VFM Audit Programme

Day Two: Audit Planning and Delivery

• VFM Techniques

• Defining the “audit questions”

• Planning the VFM Audit

• Overview of the VFM Process

Day Three: Audit Delivery and Reporting

• The three ‘E’s Case Studies

• Audit Completion

• VFM Audit Reporting

• Exercise: Demonstrating the Value Added

24CPE


24


COURSE FOCUS

This three-day course enables internal auditors to read financial accounting information effectively in order to assess business and control risk within a business. This is an opportunity for internal auditors gain an insight in the accounting process, learn what drives financial statements and understand how to analyse them.


• Use financial statements to understand and assess business performance and identify risk

• Calculate and interpret key financial ratios

• Understand what is meant by creative accounting, how it is carried out and its implication for businesses

• Identify early warning signs within a business using financial statements

• Analyse cash flow forecasts and business plans to assess future strategies and plans and associated risks


DIRECTOR Peter Herbert Specialist in the fields of financial reporting and auditing, with experience at KPMG and FTC (now Kaplan Finance).

FINANCIAL ANALYSIS FOR INTERNAL AUDITORS Understanding accounting statements and their relation to financial audits

AGENDA AT A GLANCE

Day One: Rules, Regulations and Financial Statements

• Outlining rules and regulation

• Analysing accounting statements and understanding terminology

• Discovering how accounting statements fit together – the dual effect

• Applying the dual effect

• Exercise: Identifying accounting entries for different transactions to produce a simple income statement and balance sheet

Day Two: Financial Analysis and Risk

• Uncovering key items in accounts for risk analysis

• Commencing elementary financial analysis

• Conducting ratio and trend analysis

• Analysing the notes to the financial statements

• Exercise: Considering the significance of notes from a business and control risk perspective

Day Three: Cash Flow, Budgets and Forecasts

• Understanding the statement of cash flows

• Exercise: Calculating and analysing operating cash flow and related ratios

• Analysing budgets, forecasts and business plans

• Camouflaging the numbers – how its done and how to spot it

• Pulling it all together – final case study

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

25


DATES 27-29 June, London 12-14 December, London


COURSE FOCUS

The IIA Professional Practices Framework requires that to state that their department’s activities are in conformance with IIA standards, auditors should develop and maintain a Quality Assurance and Improvement Programme.

The course will cover the requirements of the IIA’s QA&IP and practical ways to satisfy these requirements in a cost effective and value-added manner. The sessions will encourage discussion and debate, and be interspersed with relevant exercises and case studies.


• Appreciate the benefits of implementing a cost effective and value adding QA & IP

• Learn to conduct an internal quality assessment as benchmark and as preparation for an External Quality Assessment (EQA)

• Gain the expertise and confidence to commission an EQA and manage the outcome successfully

• Building stakeholder and audit committee involvement

• Develop a road map to conformance for your organisation

INTERNAL AUDIT QUALITY ASSURANCE Assessing the value added by IA and implementing an improvement programme for your audit team

AGENDA AT A GLANCE

Day One: Introducing the standards and principles of Quality Assurance

• The quality assurance and improvement programme

• Exploring the external quality assessment options

• Determining the optimal focus and scope and obtaining senior management buy-in

• Securing the right team

Day Two: The external assessment process and reporting results

• Surveys and questionnaires: Issues and analysing the results

• Understanding the compliance requirements

• Management response and developing an action plan

• Determining audit committee involvement

Day Three: Creating a cost-effective quality assurance and improvement process

• The requirement for periodic internal assessments

• Learning from the outcomes of other external and internal assessments

• Building ongoing improvement

• Reviewing a sample quality assurance and improvement programme

24CPE



26


COURSE FOCUS

There are core skills that are applicable to both an auditor and a consultant such as being good communicators and having good interpersonal skills. Internal Auditors are often expected to provide consultancy services. This provides opportunities for Internal Audit to add value, but can also provide considerable challenges for staff in terms of skills and competencies.

This two-day seminar covers the important skills required to become an effective consultant within your organisation. A focus on live exercises will enable you to practice and gain confidence using these skills.


• Understand how to fulfil consultant responsibilities in line with IIA guidance while retaining independence and objectivity

• Assess your own skill set and consulting capabilities in order to identify where you might specialise

• Discover how to add greater value to your organisation and use core skills in Governance, Risk and Compliance (GRC)

• Learn and practice consultancy tools and techniques to help plan and execute your work and better present ideas

• Refresh and update your communication and interpersonal skills

DATES 30 June - 1 July August, London 15-16 December, London


CONSULTANCY SKILLS FOR AUDITORS Becoming ‘an agent of change’ while discovering proven communication techniques for building and maintaining strong client relationships

AGENDA AT A GLANCE

Day One: The Role of Internal Audit as Consultant

• Marketing the service and building credibility and trust

• Understand client aims and set out objectives and terms of reference for the assignment

• Evaluating fraud awareness and identification of red flags

• Implementing continuous auditing

• Identifying business improvement opportunities

Day Two: Executing a Consultancy Project: Tools & Techniques and Communication & Interpersonal Skills

• The key phases of a consultancy engagement or project

• Using project planning tools to aid the 3 “E”s

• Persuasion and writing skills and effectively communicating your results

• Developing and managing the client relationship

• Recognising and managing the “politics”

15CPE

WWW.MISTI.COM +44 (0)20 3819 0800

27

INTERNAL AUDIT & RISK MANAGEMENT MANAGING AND LEADING THE INTERNAL AUDIT DEPARTMENT TW 24CPE

COURSE FOCUS

In this highly interactive five–day seminar you will be introduced to leading edge practice across a range of Internal Audit activities. Through numerous case studies and practical exercises you will explore the challenges and opportunities facing the internal audit profession today whilst networking with your peers and developing a roadmap for improvement within your business.


• Find solutions to the challenges and exploit the opportunities facing internal audit

• Become an inspiring leader – not just a manager

• Develop an internal audit vision to meet changing stakeholder expectations, business and regulatory needs

• Learn how to manage those crucial internal and external relationships on which your future success depends

• Market your internal audit department and communicate how you add value

DATES 7-11 March 2016, Cape Town 2-6 May 2016, Hong Kong 1-5 August 2016, London 20–24 November, Dubai

DIRECTOR Jenny Rayner A former chief internal auditor and audit committee chair with 20 years’ experience of internal audit and risk management as part of a wide-ranging 35-year business career.

CHIEF INTERNAL AUDITORS’ SYMPOSIUM Advanced benchmarking and networking for Audit Directors and Senior Managers

AGENDA AT A GLANCE

Day One: Internal Audit in evolution - Exploring the challenges

• The changing role and status of internal audit

• What makes an effective Head of Internal Audit?

• The drivers for change

• Lessons from recent business disasters

Day Two: Managing audit’s role, remit and skill base - Achieving the right balance through your future vision

• Developing a compelling strategic vision

• Benchmarking against current good practice: where do you stand?

• Building audit team capability: co-sourcing, recruitment and retention

Day Three: Managing key relationships - Making them work for you, not against you

• Engaging with the board and audit committee

• Working with external audit: resolving issues

• Getting it right with management: achieving ‘buy in’

• Leveraging the contribution of other assurance providers: assurance mapping and integrated assurance

39CPE

Day Four: Managing risk - Optimising audit’s contribution

• Internal audit’s role in enterprise risk management: establishing the boundaries

• Defining and communicating risk appetite

• Embedding risk management and developing KRIs

Day Five: Improving audit effectiveness, productivity and communication

• Demonstrating added value: Internal Audit Key Performance Indicators (KPIs)

• Benchmarking against best practice: Over 200 strategies for maximizing value

• Developing a marketing strategy for internal audit

Networking Opportunities:

London – Networking Dinner at the exclusive Institute of Directors (IoD)

Dubai – An evening on a Dhow cruise Dhow cruise and networking dinner?

South Africa – A networking dinner on the Waterfront


28


COURSE FOCUS

The MISTI Audit Leadership School focuses exclusively on the needs of audit executives. This means we have eliminated everything but the topics critical to helping you improve and sustain your performance as a leader and that of the audit department. This interactive four-day training course is designed exclusively for audit leaders and comprises case studies, team exercises and peer brainstorming. Attendees will be able to discuss strategies, concerns, technical trends, and other important issues.


• Discover how changing times demand changing roles of today’s audit leaders

• Gain insights into your leadership style and determine whether it is helping or hurting your efforts

• Ensure that your department is able to add real value and address key issues effectively

• Learn negotiation, communication and influencing techniques that will enhance your impact and working with senior management and within your audit team

• Examine the role of the audit leader in proactively making and taking difficult decisions

DATES 9-12 May, London 8-11 August, Amsterdam 30 Nov - 2 Dec, Dubai


AUDIT LEADERSHIP SCHOOL Become a truly effective audit leader

AGENDA AT A GLANCE

Day One: Leading a world-class audit department

• The evolving role and status of the audit department

• The theory of effective GRC, ERM, etc. – but is it realistic?

• What are the best organisations doing to manage risk and ensure compliance?

• The Chief Audit Executive role, position and managing stakeholder relationships

Day Two: Core competencies of internal audit leadership

• Examining the different roles of audit leaders

• Considering your leadership style

• Paying Attention to the formal and the informal dimensions

• Considering the Audit Committee and the Executive Team

30CPE

Day Three: Removing obstacles to high performance

• Improving Outputs from the Audit Function to enhance IA Credibility and Impact

• Exploring key performance indicators that really work

• How lean auditing techniques can help maximise the value add and effectiveness of IA

• Preparing for an External Quality Review (EQA) / QAR

Day Four: Final best practice review

• Understanding lean audit techniques to supplement your learning

• Leveraging the work of other assurance providers

• Implementing IA Metrics and Milestones to ensure future support

• Creating a practical and realistic final action plan

WWW.MISTI.COM +44 (0)20 3819 0800

29


COURSE FOCUS

Strategy, governance, risk management and other boardroom processes have historically been ‘no go’ areas for internal audit. Today, this is no longer the case and objective, independent assurance on governance is now seen as crucial. The latest IIA Standards are explicit in making these areas integral to the scope of Internal Audit.


• Learn how to provide assurance on risks and controls to strategic objectives

• Establish which governance areas to audit – and how to do it

• Develop the business case for internal audit involvement

• Become a catalyst for improvement – without compromising your independence

• Take away practical checklists and sample audit programmes

DATES 4 -6 April, London 17-19 October, London 31 Oct - 2 November, Cape Town


AUDITING GOVERNANCE, STRATEGY AND RISK MANAGEMENT A practical guide to auditing critical boardroom processes to comply with the latest IIA standards

AGENDA AT A GLANCE

Day One: Risk Assurance

• Learn how to provide assurance on risks and controls to strategic objectives

• Establish which governance areas to audit – and how to do it

• Develop the business case for internal audit involvement

• Become a catalyst for improvement – without compromising your independence

• Take away practical checklists and sample audit programmes

Day Two: Internal Audit’s role in strategy

• Auditing governance processes: delegations, reporting and disclosure

• IT and project governance: some considerations

• Performance management and the links to strategy

• Auditing strategy: possible approaches

• Internal audit’s potential role at each stage of the strategy development and execution process

• Internal audit’s focus: the 3Ps

Day Three: Understanding Risk Management

• Assessing risk management maturity

• Auditing risk management processes and key risks

• Assurance mapping and integrated assurance

• Gaining buy-in from the board and audit/risk committee

• Managing risks to internal audit


30

INTERNAL AUDIT & RISK MANAGEMENT RISK MANAGEMENT, GOVERNANCE AND COMPLIANCE TW 24CPE

COURSE FOCUS

Recent corporate disasters have highlighted the importance of establishing and maintaining a strong ethical culture. In the wake of the financial crisis, banks and other businesses are now focussing specifically on conduct and reputational risks. The Board’s oversight role increasingly extends to organisational culture and ethics - and internal audit faces the challenge of providing assurance in these ‘hard to audit’ areas.


• Understand the core components of corporate culture and an effective ethical framework

• Identify the key sources of conduct and reputational risks for your organisation

• Learn how to provide assurance to satisfy your Board

• Explore how internal audit can act as a catalyst for improvement

• Discover how to present your findings to achieve ‘buy-in’ and action

DATES 7-8 April, London 20-21 October, London 3-4 November, Cape Town


AUDITING ETHICS, CULTURE, CONDUCT AND REPUTATIONAL RISK The essential guide to auditing these challenging ‘hot topic’ areas

AGENDA AT A GLANCE

Day Two: Ethical Frameworks

• Defining ethics and organisational culture

• Effective frameworks

• Ethical dilemmas

• Supply chain challenges

• Practical audit options: combining forces

Day Three: Understanding Risk

• Defining conduct and reputational risk

• Exploring key risk sources

• Providing assurance on major risks

• Reporting findings and outcomes: maturity models

15CPENEW

“Jenny delivers courses in a way which makes it easily understandable!” SIDF

WWW.MISTI.COM +44 (0)20 3819 0800

31


COURSE FOCUS

This highly interactive three-day course explores how Directors, Managers,Internal Auditors, Risk Managers and others can act as a catalyst for good risk management. Whether you have been charged with establishing an ERM framework, want to increase the effectiveness of your current risk management arrangement or to benchmark them, this course will help you address these challenges.


• Assess your organisation’s risk management capability and maturity

• Stimulate improvement at each stage of the risk management process

• Explore ‘risk appetite’ and how to determine and communicate it

• Raise risk awareness and embed risk management thinking and practice

• Gain insights into best practice on managing and reporting risks

DATES 18-20 April, London 15-17 August, London 26-28 September, Singapore 12-14 December, Paris


ENTERPRISE RISK MANAGEMENT Implementing, embedding and enhancing Enterprise Risk Management: A practical guide to optimising the role of Directors, Internal Auditors and Risk Managers

AGENDA AT A GLANCE

Day One: Building a solid foundation

• Defining ERM and the core components of an ERM framework

• Establishing and communicating risk appetite

• Roles and responsibilities: the board’s critical role

• Clarifying internal audit’s and risk management’s respective responsibilities

• Assessing risk maturity and developing your ERM strategy

Day Two: Promoting and enhancing enterprise risk management

• Identifying business risks

• Assessing, prioritising and responding to risks:

• Black swans, risk resilience and reverse stress testing

• Monitoring and delivering assurance

• Reporting risk internally and to external stakeholders (disclosure statement examples)

• Hints and hazards

Day Three: Maintaining momentum and embedding ERM

• Dealing with new and emerging risk challenges including cyber and extended enterprise risks

• Winning hearts and minds: Making the business case for ERM

• Embedding risk management: CRSA and KRIs

• Adapting your approach as risk management evolves

• Getting started: Targeting quick wins

24CPE

“Well versed with tons of knowledge and experience. Someone you always

want to have on speed-dial!” DBSA


32


COURSE FOCUS

This intensive and interactive two-day seminar provides a practical approach to identifying, assessing, managing, monitoring and reporting strategic and reputational risks. Using case studies and practical examples, attendees will learn how to manage the strategic and reputational risks facing their organisation.


• Learning from crises caused by unmanaged strategic and reputational risks

• Identifying and mitigating risks in the development, communication, implementation, monitoring and reporting of strategy

• Integrating strategic and reputational risks into the ERM framework

• Examining the impact of leadership style and organisational culture

• Exploring the influence of social media

DATES 21-22 April, London 18-19 August, London 29-30 September, Singapore 15-16 December, Paris


MANAGING STRATEGIC AND REPUTATIONAL RISK The essential guide for Directors, Internal Auditors and Risk Managers

AGENDA AT A GLANCE

Day One: Managing Strategic Risk

• Demystifying strategic risk

• Developing and executing strategy

• Environmental scanning options and selecting strategic direction

• Communicating and implementing strategy and monitoring execution

• Assessing, responding to and providing assurance on strategic risks

• External reporting of strategic risks (sample disclosure statements)

Day Two: Managing Reputational Risk

• Unravelling reputational risk

• Stakeholder mapping and identifying reputational hotspots

• Exploring strategies for managing risks to reputation

• Monitoring and providing assurance: KRIs and the reputation risk barometer

• Communicating to stakeholders: reputation risk reporting

• Towards a sustainable reputation

15CPE

“Excellent Communication skills. Good time management, well conversant with the topic and very good trainer” Kenya Power

WWW.MISTI.COM +44 (0)20 3819 0800

33


COURSE FOCUS

This course is designed to bring you up to date with the 2013 revision of COSO 2013 and enable you to practice evaluating COSO’s 17 principles.

In this course you will learn what’s new in COSO 2013 from a recognised COSO expert. It will give you a clear understanding of the Framework and how to apply it within your organisation as a whole and for compliance with financial reporting regulations.


• Develop a clear understanding of the framework; what is essential and where there have been changes

• Improve your knowledge of scoping compliance with SOX and financial reporting regulations

• Practice applying the new framework to a case study company

• Assess your own organisation and put learnings into practice with case study examples

• Examine how to apply the new framework to your organisation

DATES 11-13 April, London 3-5 October, London

DIRECTOR Jim Roth One of the world’s leading experts on internal audit best practices, implementing COSO and evaluating soft controls, Jim wrote all the IIA’s initial COSO implementation materials.

COSO: HOW TO IMPLEMENT THE REVISED INTERNAL CONTROL FRAMEWORK Understanding the framework, implementation and applying it across your organisation

AGENDA AT A GLANCE

Day One: Understanding the revised framework

• What’s new, what’s changed and what has stayed the same: summary of the framework

• Discussing the 17 principles and related points of focus

• Applying the framework in practice

• Probing the principles of control environment

Day Two: Risk assessments and controls

• Applying SOX and similar financial reporting regulations

• Risk Assessment: analysis of risk assessment principles

• Identifying risk assessment strengths and deficiencies: Case Study

• Control Activity: Analysis and discussion of principles and focus points

Day Three: Evaluation and communication skills

• Communicating the principles and changes across your organisation

• Evaluation Techniques: For audit projects and entity-wide

• Reporting Cultural Issues

• Summary of key points and game plan for applying the framework to your organisation

24CPE

“Very well organised, easy to follow and understand”

WIPO


34

INTERNAL AUDIT & RISK MANAGEMENT FUNCTIONAL AND PROCESS AUDITING TW 24CPE

COURSE FOCUS

Human Resources continually finds itself in areas of potential risk; employment law issues, compensation, benefits, and record keeping, as well as fraud issues. Internal Auditors need to be aware of emerging issues, key business risks and control best practice.

The course is built around a case study for an organisation with a HR function that has a number of challenges. In this course you will learn to provide assurance on the key HR processes- recruitment, salaries & bonuses, payroll, training, performance appraisals and more!


• Ensure that your HR Function complies with legislation, procedures and policies

• Discover techniques to identify, mitigate and manage risks associated with HR

• Assist HR in supporting corporate governance frameworks with regard to key sub-committees of the board

• Overcome the various challenges facing organisations and their people such as downsizing and rapid growth

• Learn how to spot fictitious employees on the payroll or past employees still being paid

DATES 1-3 May, Dubai

DIRECTOR Liz Sandwith Internal Audit and Risk Management expert with over 25 years of experience in social care, central and local government, housing associations, regional development agencies and a UK broadcaster – Channel 5.

AUDITING HUMAN RESOURCES Providing assurance on key HR processes – recruitment, salaries & bonuses, payroll, training, performance appraisal and more

AGENDA AT A GLANCE

Day One: Introducing HR and its specific legislation

• Defining Human Resources

• Reviewing theoretical, historical and legislative influences upon HR

• Exploring the lifecycle of an employee

• Examining the key Corporate Governance influences

• Discussing the role of HR in integrity and ethical value

Day Two: Preparing your HR Audit

• Exploring an internal and external risk factors for HR

• Analysing possible fraud risks in HR

• Preparing risk assessments and your audit strategy

• Considering best practice and the significance of benchmarking

• Defining the scope for an audit, including payrolls, recruitment, performance appraisal and training and development

Day Three: Undertaking your HR Audit

• Focus on payroll audit- terms of reference, fieldwork, testing and emerging findings

• Reporting for an HR Audit

• Global challenges for HR Audit

• Understanding and discussing the challenges facing the internal audit team while undertaking the HR audit

• Implementation of course learnings back in your office

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

35


COURSE FOCUS

Purchasing is the second largest spend for the majority of organisations, and with purchasing processes and methods becoming increasingly complex, and sometimes risky – it is vital that audit focuses on this vital area. This highly practical course will give auditors working in all types of organisation the necessary understanding of procurement while providing robust assurance on these processes.


• Deepen your knowledge of purchasing strategy, objectives and management

• Understand best practice and expected controls

• Approach auditing procurement from a risk-based perspective

• Examine developments in purchasing processes and technology and the risks these embody

• Develop skills in auditing performance (“Value for Money”) of procurement processes

DATES TBC April, Cape Town TBC September, Dubai

DIRECTOR Jane Needham Specialising in corporate governance, risk management and business process improvement.

AUDITING AND PREVENTING FRAUD IN PROCUREMENT Equipping Internal Auditors to review all aspects of the procurement process and its governance

AGENDA AT A GLANCE

Day One: Introducing the purchasing function and the role of Internal Audit

• Understanding the objectives of purchasing

• Outlining the role and scope of internal audit in relation to purchasing activity

• Discovering different audit approaches

• Applying the risk-based audit approach to the purchasing process

• Adding value by expanding the purchasing audit coverage into value for money considerations

Day Two: Using the COSO Internal Control model as a basis for considering the different aspects of assurance

• Providing assurance over the purchasing process

• Assessing the control environment

• Auditing the identification, assessment and management of purchasing risks

• Identifying standard controls, policies and procedures for the components of purchasing

• Auditing monitoring and oversight mechanisms to support robust purchasing controls

Day Three: Putting course learnings into practice

• Conducting a financial audit of purchasing

• Testing compliance with internal control processes

• Conducting audit exercises on standard purchase areas and controls

• Assessing the extent to which purchasing is achieving economy, efficiency, effectiveness, ethics, equity and ecology

• Providing consultancy for the purchasing process

24CPE


36


COURSE FOCUS

This practical training course is a “how-to guide” – taking you step by step through the best practice of auditing all aspects of third parties and supply chains for your organisation. An intensive 3-days of training, you will cover all the skills you need for auditing throughout the supply chain, start-ups, contracts and service level agreements.


• Understand the supply chain and the relationships with your suppliers

• Build best-practice processes for planning your supply chain audit from start to finish

• Manage all forms of supply chain risk – political, legal, environment, financial and reputational

• Tackle minor, growing, global and more complex supply chains

• Audit anywhere in the supply chain cycle – set up, due diligence, the tendering process and service level agreements

DATES TBC March, London TBC September, London

DIRECTOR Sarah Blackburn An experienced Audit Committee Chairman and Non-Executive Director with over 25 years of practical internal audit experience.

AUDITING THE SUPPLY CHAIN, SUPPLIERS AND OUTSOURCED FUNCTIONS Gaining all the tools and techniques you need to audit all forms of third parties throughout your organisation

AGENDA AT A GLANCE

Day One: Auditing the Supply Chain Part One

• Reviewing the big picture – overview of a supply chain, third parties and outsourcing

• Discovering the varieties and types of supply chain configurations you will encounter

• Understanding the core concepts of the nature, objectives and benefits of supply chain management

• Including Supply Chain audits in the Internal Audit strategy and annual plans

• Planning the audit assignment: as assurance and as a project to be managed

Day Two: Auditing the Supply Chain Part Two

• Implementing data collection, controls evaluation and testing

• Reporting for improvement: gaining management buy-in to findings and commitment to action

• Understanding complexities in the Supply Chain and relationships with suppliers

• Discovering how supply chains grow and become more complex

• Practicing successful processes for crisis, contingency and disaster recovery planning in the supply chain

Day Three: Auditing Start-ups, Contracts and Service Level Agreements

• The ‘start-up’ phase of a supply chain project – initiation, process design, invitations to tender, evaluation process and contract negotiations

• The ‘implementation’ phase of a supply chain project – getting things working, ensuring adequate monitoring and management information

• Working with regulators and managing the media

• Auditing the hard issues in supply chain management

• Consolidating different learnings and providing assurance on effectiveness

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

37


COURSE FOCUS

For auditors major projects and change programmes present some special challenges; many high profile project disasters turn out to have had risk management and governance procedures in place that typify accepted practice. This course looks at why those controls sometimes fail, including in depth coverage of the human behaviour that is so often the cause of our difficulties. It goes on to examine the early clues that should alert auditors to problems ahead and gives suggestions on how to test objectively things that often seem to be matters of conflicting opinion.


• Ensure the audit function compliments project management and risk management

• Identify, mitigate and control project risks effectively

• Sell the benefits of proactive risk based audit of key projects

• Use techniques to make sure projects meet their agreed objectives, including earned value analysis (EVA)

• Learn lessons from major projects such as Heathrow Terminal 5, Wembley Stadium, Copenhagen Metro and transportation for the Olympics

DATES 6-9 June, Amsterdam 7-10 November, London

DIRECTOR David Hancock Dr David Hancock leads the Government Construction Team for the Cabinet Office and the Major Projects Authority. Prior to that he was Head of Risk for Transport for London with responsibility for the risk and project services across their £15 billion capital portfolio).

AUDITING MAJOR PROJECTS AND CHANGE PROGRAMMES Adding value through the Internal Audit and Risk Management of Project Management, Review and Change Programmes

AGENDA AT A GLANCE

Day One: The “Three Lines of Defence” model

• Understanding the fundamentals of risk management

• What do we mean by risk and uncertainty and how do we measure it?

• Explaining the difference between opportunity (as the counter to risk) and value and how they are important for audit

• Reviewing the key reasons for failure in Major Projects

• Outlining the difference between projects, programmes and portfolios

Day Two: Moving on to more advanced techniques

• Introducing Tame, Messy and Wicked problems

• Investigating the limitations of quantative techniques: Net Present Value, Sensitivity Analysis and Monte Carlo simulation for Major Projects

• Understanding behavioural and cognitive biases

• Utilising ratio and trend analysis

• Undertaking scenario planning

Day Three: Learning lessons from the successes and failures of other projects

• Communicating the level of project risk and mitigation to stakeholders

• Overcoming the challenges of controls development

• Analysing the risk behind supply chains and procurement

• Outlining an audit vision of the future

• Reviewing the course learnings

24CPE


38


COURSE FOCUS

ORCA™ - Outcome Risk Centric Auditing - is a new approach created and implemented by the course trainers and developed into a training course exclusively for MISTI. Attend this course to learn tools and techniques to make your engagements effective, productive and really add value.

This course will show you how to identify, assess risk and rank critical business processes to dramatically shorten the audit time commitment. You will also be introduced to a highly effective reporting format that minimises time spent, whilst maximises impact with Board and Senior Management.


• Discover ORCA™ - a business audit approach set to revolutionise the auditing landscape

• Understand the basics of business structure analysis

• Learn to apply process auditing to the key operational areas of your organisation

• Effectively identify, assess risk and rank critical business processes

• Develop an integrated approach for operational auditing and IT Auditing

DATES 25-28 April, London 24-27 October, London

DIRECTOR Greg Duckert Internationally recognised expert in ERM and specialises in risk assessment models, operational analysis and audit process methodologies

BUSINESS PROCESS AUDITING Gain new tools and techniques for operational risk analysis

Day Three: Applying Process Auditing to operational areas

• Brainstorming key risk indicators to identify business risks

• Determining audit objectives and real process owners

• Asking critical questions to process owners to evaluate effectiveness of risk oversight

Day Four: A Comprehensive Process Audit Case Study

• Developing an entire risk assessment and process analysis in line with course learnings

• Consider the exposure that business risks bought to your organisation and the root causes of each risk

• Complete a visual based audit report of the audit event

AGENDA AT A GLANCE

Day One: Introducing a new way of business process auditing - ORCA™

• Understanding the basics of business structure analysis

• Identifying emerging risks- ERM, internal and external risks

• Assessing critical processes for your organisation by performing a core structure analysis using COSO ERM principles

Day Two: Tools and techniques for Risk Analysis

• Identifying key risks to achievement of business objectives

• Applying traditional tools and techniques to process-based auditing

• Analysing processes and examples and identifying key outcomes, risks and control risks

30CPE

WWW.MISTI.COM +44 (0)20 3819 0800

39


COURSE FOCUS

Discover how cyber and online reputational risks can harm your organisation at this intensive and highly interactive five day course. Learn to assess cyber security controls and practical techniques for auditing online vulnerabilities.

This course provides the opportunity to learn more about how the internet is changing risk, through hands-on investigative and online audit tasks. The course culminates in a full practical online audit exercise, ensuring that delegates take away the key skills to add value to their organisation


• Learn to recognise the key categories of cyber attack

• Gain skills to investigate and detect modern cybercrimes

• Understand the risk and controls framework

• Discover key strategies to mitigate social media risks in your organisation

• Develop the expertise to assess the cyber-security posture

DATES 1-5 August, London 12-16 December, London

DIRECTOR Mark Johnson An expert on data analytics for high-tech crime intelligence and emerging cybercrime.

AUDITING EMERGING CYBER THREATS Tackling the full-range of threats arising from the Internet domain

Day Four: Assessments

• Vulnerability, Threat and Risk assessments

• Business impact assessments (BIA)

• Understanding your online footprint

Day Five: Controls and Audit

• Cyber security controls and audit check points

• Online reputational risks audit methodology

• Final online audit exercise

AGENDA AT A GLANCE

Day One: Emerging Risks

• Web 2.0 & Social Media risks

• The impact of emerging risks on the audit process

• Online searching (Part 1)

Day Two: Understanding Cybercrime (Part 1)

• The cybercrime landscape

• Threat actors & their motives

• From hacking to malware – cybercrime techniques explained (Part 1)

Day Three: Understanding Cybercrime (Part 2)

• From DDoS to Stuxnet – cybercrime techniques explained (Part 2)

• Online searching (Part 2)

• Social media searches and anonymity

39CPE


40


AGENDA AT A GLANCE

Day One: Potential Audit Review Areas

• Key areas that yield maximum benefit to the company and the audit department

• Maximizing Audit Returns: Proven Tools and Methodologies

• Auditing Production Planning and Control

• Auditing Materials Management and Control

Day Two: Auditing Key Aspects of the Manufacturing Process

• Auditing Labour and Overhead Application

• Auditing Inventory Valuation/Control and Product Costing

• Auditing Order Fulfilment, Shipping, and Warehousing

Day Three: Regulatory Issues and Auditing R&D

• Auditing Fixed Assets/Equipment and Technological Change

• Auditing Regulatory Issues of Significance

• Auditing R&D

COURSE FOCUS

In this intensive three-day seminar, attendees will explore the critical audit areas of the core manufacturing processes, targeting such risk-intensive activities as materials control, labour-hour capture, bills of material, routing, inventory valuation and variance analysis. You will learn how to identify key manufacturing data to help you objectively perform a risk assessment of all phases of the shop floor.

You will discover how to identify the key aspects of every audit engagement by focusing on the most critical business factors, which in turn will maximize audit value in all areas of the conversion cycle. The modular seminar materials you receive and the know-how you gain in this high-impact seminar will prepare you to conduct value-added shop floor audits.


• Learn to identify key manufacturing data to objectively perform a risk assessment of all phases of the shop floor

• Maximise Audit Returns using proven tools and methodologies

• Discuss Case Studies and gain the know-how to conduct shop floor audits

• Consider regulatory issues that could be significant

• Identify key manufacturing data to perform a risk assessment of all shop-floor phases


DIRECTOR Greg Duckert Internationally recognised expert in ERM and specialises in risk assessment models, operational analysis and audit process methodologies

AUDITING THE MANUFACTURING PROCESS Explore audit areas of the manufacturing process and focus on critical business factors

24CPENEW

WWW.MISTI.COM +44 (0)20 3819 0800

41

INTERNAL AUDIT & RISK MANAGEMENT FINANCIAL INSTITUTION INTERNAL AUDITING TW 24CPE

COURSE FOCUS

This course is designed to provide internal auditors with the key skills that they need to commence internal audit assignments within financial service institutions.

The course considers the internal audit approaches that would be appropriate and assists delegates in designing suitable internal audit programmes for such assignments.


• Gain a general appreciation of the banking industry

• Understand the different audit approaches that are suitable

• Consider the different approaches that could be used within retail, corporate and private banking

• Prepare an audit planning memorandum

• Discuss the fraud and money laundering deterrence responsibilities

DATES 23-May, London 6-9 November, Dubai

DIRECTOR John Porter Chartered accountant, bankerand financial services consultant specialising in internal audit with more than 20 years’ practical experience.

INTRODUCTION TO BANK INTERNAL AUDIT SCHOOL Providing the key skills for internal auditors to commence assignments within financial service institutions

30CPE

AGENDA AT A GLANCE

Day One: How to Audit a Bank

• Fraud and money laundering deterrence

• Introduction to Basel Accord

• Deposits and Deposit Taking

Day Two: Bank, Private and Investment Banking

• Credit scoring

• Develop an audit programme for personal lending

• Reporting corporate lending

Day Three: Financial Instruments

• Reviewing branch records

• Key risks in personal banking

• Develop an audit programme for investment banking

Day Four: Financial Instruments

• Foreign Exchange and Forward Contracts

• Futures and the Futures Market

• Options and the Options Market


42


COURSE FOCUS

The financial services industry represents a challenge to internal auditors. Banks have created risk functions with ever increasing responsibilities

This course looks at the risk function and considers the approach that internal auditors should adopt when auditing this function.


• Appreciate the key issues relating to control within the risk function and understand its role with the business

• Develop an audit programme for the audit of the governance of risk management

• Understand techniques and key approaches to this developing subject

• Learn key approaches and lessons to be applied within your own organisation

• Develop audit programmes for the audit of internal loss data, control and risk assessment and key risk indicators

DATES 6-10 June, London 5-9 December, London

DIRECTOR Jonathan Ledwidge International investment banking audit and risk specialist. Jonathan has worked for a number of major institutions including Manufacturers Hanover Trust, Continental Bank, CIBC and ABN AMRO.

BANK RISK MANAGEMENT AUDIT SCHOOL Understanding banking, the associated risks and how to control them

AGENDA AT A GLANCE

Day One: Auditing Enterprise Risk Management and the Risk Department

• Enterprise Risk Management

• Corporate Governance

• Stress testing and scenario modelling

• Key Risk Management Tools

Day Two: Auditing Operational Risk

• What is Operational Risk?

• Operational risk, money laundering deterrence and financial fraud

• The Building Blocks of Operational Risk

• Reporting and monitoring of operational risk

Day Three: Auditing Credit Risk and Credit Models

• Credit Risk

• Credit Modelling

• Credit Risk Management

• Developing an audit programme for credit modelling: case study

39CPE

Day Four: Auditing Liquidity Risk, the IIA and Contingency Funding

• Liquidity Risk

• The ILAA

• Contingency Funding

• Basel 3 and Liquidity Risk

Day Five: Auditing Market Risk, the ICAAP and the Recovery and Resolution Plan

• Market Risk

• Market Risk Models

• Market Risk Management Issues

• Develop audit programmes for market risk models

NEW

WWW.MISTI.COM +44 (0)20 3819 0800

43


COURSE FOCUS

This intensive training course is designed to offer treasury auditors, whether in corporations or financial institutions, a thorough coverage of the techniques available of the modern treasury management and its audit. The complexity of cash management in modern financial markets has placed much more emphasis on the treasury function.

This not only involves keeping control over increasingly complex interest rate and currency exposures, but also keeping abreast of the latest techniques for managing those risks whilst effectively managing the funds of the institution.


• Understand the role and structure of treasury in the corporation/bank

• Learn the audit approach for sophisticated instruments

• Consider auditing the measurement of interest rate and currency exposure

• Discuss the audit and analysing different kinds of risk

• Understanding and auditing different risk management instruments

DATES 8-11 August, London

DIRECTOR Jonathan Ledwidge International investment banking audit and risk specialist. Jonathan has worked for a number of major institutions including Manufacturers Hanover Trust, Continental Bank, CIBC and ABN AMRO.

AUDITING THE TREASURY AND ALCO Consider techniques for managing risk while effectively managing funds

Day Three: Auditing Interest Rate Risk Management and the Money Market

• The risk and controls in modelling interest rate risk

• Auditing the use of Money Market and Other Asset Classes

• Auditing the use of Derivatives and Forwar Transactions

Day Four: Rules, Regulations and Stress

• Auditing the use of Swaps and Associated Products

• Sensitivity analysis, stress testing and scenario modelling

• What can go wrong in practice

AGENDA AT A GLANCE

Day One: Auditing the Treasury Department

• Types of risk within a treasury area

• What should be in the audit planning memorandum for the treasury audit?

• Auditing Asset and Liability Management

Day Two: Auditing the Dealing Room and Back Office

• Develop an audit programme to address controls in a dealing room environment

• Auditing the Middle and Back Office

• Auditing Foreign Exchange and Foreign Exchange Risk Management

30CPENEW


44


COURSE FOCUS

This four-day course presents a clear exposition of the critical risk areas in banks and focuses on the risk management and governance requirements under Basel rules, the latest modifications and how they may be audited.


• Discover how the 2008/09 financial crisis continues to impact your auditing role

• Understand the roles of key risk management functions and how they relate to internal audit

• Learn the fundamentals of credit, market and operational risk models

• Combine key elements of a Basel regulatory and risk management audit programme

• Adopt a more strategic, board’s eye view audit approach

DATES TBC August, London TBC December, London

DIRECTOR David Bobker Head of Risk at the Asian Institute of Finance in Kuala Lumpur and ex Group Head of Internal Audit for two FTSE100 financial institutions – Alliance and Leicester and Norwich Union.

AUDITING RISK MANAGEMENT AND BASEL II AND III Understanding the key banking risks, the management and governance requirements under Basel III and how they might be audited

AGENDA AT A GLANCE

Day One: Understanding Basel II and III

• Introducing the context of the financial crisis

• Reviewing the Basel II and Basel III changes

• Understanding the main banking risks and their management

• Exploring the basics of finance

• Investigating a case study of Barclays Bank

Day Two: Considering Risk Management

• Discovering the fundamentals of quantitative analysis

• Analysing credit risk and credit risk management

• Investigating operational risk management (I)

• Auditing liquidity risk management

• Understanding structural interest rate risk

30CPE

Day Three: Market and Trading Risk

• Discovering the fundamentals of market risk

• Analysing different types of market – OTC, “pit”, electronic

• Trading and hedging

• Understanding the difference between pricing models and risk management models

• Auditing market risk management

Day Four: Capital Risk Management

• Commencing a capital assessment process

• Understanding Basel II principles for capital assessment

• Discovering the principles of corporate governance

• Outlining the role of internal audit

• Discussing the roles of risk management and internal audit

WWW.MISTI.COM +44 (0)20 3819 0800

45


COURSE FOCUS

This course looks systemically at the application of control to risks within asset management and considers the approach that internal auditors should adopt when conducting assignments in this area.

This practical training programme will enable delegates to learn and understand the risks and management techniques that are used within asset management and how to audit them.


• Understand the key issues related to risk, control and the internal audit of asset management

• Discuss risks within the asset management industry and the nature of the controls that are applied in practice

• Develop practical internal audit approached to the management of the business

• Design a series of internal audit programmes to meet the demands of this complex audit area

• Learn how to audit outsourced and third party service providers

DATES 22-25 August, London

DIRECTOR John Porter Chartered accountant, bankerand financial services consultant specialising in internal audit with more than 20 years’ practical experience.

ASSET MANAGEMENT INTERNAL AUDIT SCHOOL Learn and understand the risks and management techniques that are used within asset management

Day Three: The Money Market and Alternative Investment

• Money Market Funds and role in asset management

• The use of derivatives in asset management

• Develop an audit programme for the audit of alternative investments

Day Four: Asset Allocation and Portfolio Management

• Asset allocation strategies and risk management

• Service level agreements and third party contracts

• Key risk areas and common deficiencies/audit findings in the world of asset management

AGENDA AT A GLANCE

Day One: The Asset Management Control Environment

• Introduction to asset allocation, portfolio selection and performance evaluation

• Risk appetite and its calculation

• The risk control environment and key audit focus areas

Day Two: Equity and Fixed Income Investments

• Risks associated with international equity markets

• Risks of acquiring, managing and disposing of fixed income securities

• Develop an audit programme for audit of fixed income investment

30CPE


46


COURSE FOCUS

This foundation level three-day course will provide participants with a detailed insight into the conduct of financial audits. Participants will gain crucial skills that will ensure they can conduct an end-to-end financial audit of a set of IFRS financial statements to a competent standard with minimum fuss.


• Conduct financial test efficiently, effectively and in accordance with International Standards on Auditing (ISAs)

• Carry out effective risk assessments when planning financial audits

• Document audit fieldwork clearly, concisely and as required by auditing standards

• Understand the important attributes of financial accounting and internal control systems and how they might be assessed and used when performing a financial audit

• Perform appropriate completion procedures when carrying out financial audits and communicate effectively with those charged with governance


DIRECTOR Peter Herbert Specialist in the fields of financial reporting and auditing, with experience at KPMG and FTC (now Kaplan Finance).

FINANCIAL AUDITING USING IFRS Conducting an effective and efficient audit of IFRS-compliant financial statements

AGENDA AT A GLANCE

Day One: Understanding IFRS

• Recapping IFRS financial statements

• Understanding the principles of financial auditing

• Planning an audit of IFRS accounts – the risk-based approach

• Outlining other considerations for planning the audit

• Exercise: Calculating materiality and performance materiality thresholds

Day Two: Auditing IFRS Accounting

• Auditing the IFRS balance sheets – assets

• Auditing the IFRS balance sheets – liabilities

• Auditing IFRS accounting estimates (ISA 540)

• Auditing IFRS accounts – related party transactions (ISA 550)

• Exercise: Considering accounting estimates, identifying appropriate accounting treatment and suggesting relevant audit procedures

Day Three: Auditing and Internal Control

• Auditing the IFRS income statement

• Understanding transaction cycles and internal controls

• Analysing internal control – the link to fraud

• Gaining reporting best practice

• Exercise: Analysing audit errors and assessing their potential impact

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

47


COURSE FOCUS

Credit Departments within banks have become increasingly complex driven by the demands of regulation and the business. Since the internal audit function needs to address all areas of a financial institution, including the credit department, this provides auditors with additional challenges.

This course looks at the credit function and considers the approach that internal auditors should adopt when conducting an audit. This course will enable attendees to appreciate the key issues relating to control within the credit function.


• Understand the key issues relating to control within the credit function and its role in the business

• Develop practical approaches and planning materials to auditing credit risk that can be directly applied within your institution

• Appreciate best practice techniques for the management of credit risk

• Ensure you understand the main techniques currently employed and key approaches to this developing subject

• Develop a comprehensive audit programme for the credit risk management function

DATES 10-12 October, London

DIRECTOR Dennis Cox Experienced Financial Internal Auditor and former Director of Risk Management at HSBC & Prudential Portfolio Managers.

BANK CREDIT INTERNAL AUDIT SCHOOL Understand the key issues related to auditing the credit function

AGENDA AT A GLANCE

Day One: Lending and Credit Analysis

• Understanding the risks of lending decisions

• Difference in approach between personal and corporate lending

• Planning the audit of corporate credit

• Develop an audit plan to address corporate credit

Day Two: Regulatory Requirements and Audit Techniques

• Develop an audit plan to address personal credit

• Latest tools and techniques to measure, manage and monitor credit risk

• Auditing credit risk sensitivity and stress testing

• The implications of the Basel Accord for credit audit

Day Three: Analytical Review and Model Risk

• Key challenges for credit risk and the Board

• How should the credit function consider complex transactions?

• Auditing credit risk calculations

• Develop an audit approach for risk modelling and complex transactions

24CPENEW


48

02How can your organisation uncover serious fraud

and corruption? And what should you do at the time of discovery? How can auditors respond to the risk of fraud and how can you build prevention and

detection measures into your audit plan?

F R A U D

50

WWW.MISTI.COM +44 (0)20 3819 0800

51

INTERNAL AUDIT & RISK MANAGEMENT FRAUD TW 24CPE

COURSE FOCUS

This course is designed to provide you with a thorough understanding of types of fraud taking place and demonstrate a clear audit methodology for uncovering fraud.

You will develop your skills through practical exercises, group discussions and case studies to prepare you for fieldwork. These intensive four days will teach you to implement ideas and methodologies to respond to the risk of fraud.


• Prepare for a business process fraud risk assessment for audit programs

• Learn to incorporate fraud risk assessments into the audit programme

• Evaluate your organisation’s anti-fraud controls

• Ensure that interviewing for fraud is a part of your audit process

• Develop an effective fraud awareness program

DATES 25-28 January, London

DIRECTOR Len Vona Senior Financial Investigator with over 30 years auditing & forensics experience, who has conducted over 100 financial investigations for some of the largest high profile corporations in the USA.

FRAUD AUDIT SCHOOL A Comprehensive Audit Guide to responding to the risk of fraud

AGENDA AT A GLANCE

Day One: Understanding how fraud occurs

• Identifying what constitutes fraud in your organisation

• Comparing approaches: internal audit, fraud audit and forensic investigation

• Preparing a Business Process Fraud Risk Assessment for Audit Programs

• Establishing a score for mitigation of fraud risk by internal controls

Day Two: Incorporating Fraud Risk Assessment and Fraud Testing into your audit programme

• Techniques to assess the risk of fraud

• How to build the fraud data profile: the step approach for data mining

• Testing and evaluating the design of your anti-fraud controls

• Interviewing for Fraud in the Audit Process

30CPE

Day Three: Internal Controls and Professional Standards

• Fraud control: prevention, detection, deterrence, prosecution and approval

• Developing fraud awareness programs

• Misappropriation of Assets

• Financial Statement Fraud

Day Four: Fraud Investigations and Interviewing

• Types of Interview and the correct approach

• Appropriate collection and analysis of documentation

• Initial steps to securing the admission

• Understanding the legal considerations


52


COURSE FOCUS

In this three-day course you will learn to integrate fraud detection into your audit programme and identify key red flags of fraud scenarios. You will learn to implement and develop audit procedures to increase the likelihood of discovering fraud.

Case studies and class exercises will illustrate how to integrate fraud detection and reinforce fraud detection methodologies.


• Learn to prepare a fraud risk assessment and integrate fraud audit procedures into your audit programme

• Become an expert in uncovering fraud in contracts, payroll, travel, and core business systems

• Identify steps that can be taken to prevent money laundering

• Develop best practice plan to respond to whistle-blowers

• Provide assurances to your board of directors that controls are in place to prevent fraud

DATES 9-11 May, London 19-21 September, London


FRAUD TESTING: INTEGRATING FRAUD DETECTION INTO YOUR AUDIT PROGRAMME Asset Misappropriate: Locating and Recognising Fraud Scenarios

AGENDA AT A GLANCE

Day One: Understanding Fraud and Fraud Risk Assessments

• Understanding what constitutes fraud and how it can be concealed

• How to assess fraud likelihood and exposure analysis

• Linking the audit programme to the risk assessment

• Building and integrating Fraud Audit Procedures

Day Two: Fraud Testing in different business units

• Fraud Testing in disbursement, procurement and payroll

• Travel fraud audit procedures

• Corruption in the contract function

• Considering the audit implications of the false claims act

Day Three: Equipment, Asset Fraud and Money Laundering

• Identify specific audit areas and procedures

• Understand how fraud occurs at asset purchase and retirement

• Identify steps to be taken against money laundering

• Fraud controls in Core Business Systems

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

53


COURSE FOCUS

The best audit program in the world will not detect fraud unless the auditor selects the appropriate transaction for examination. Data mining is the critical tool in locating and recognising fraudulent activity in today’s core business systems.

This course will teach attendees to build data mining plans to uncover fraud and develop solutions for perplexing real life data mining issues. This course will enable you to build search routines to uncover fraud.


• Learn techniques that have located fraud that was hidden in company databases

• Focus on proven methodologies that will provide a framework to build your fraud data mining

• Combine fraud risk assessments and data analytics to respond to the risk of fraud

• Locate data red flags within your organisation• Build data interrogation search routines into your fraud risk

assessment to uncover fraud

DATES 12-13 May, London


FRAUD DATA MINING How to Accurately and Strategically Locate Fraudulent Activity

AGENDA AT A GLANCE

Day One: Data Mining: Introduction, Plan, Strategies and Data Analytics

• Common Data Mining Mistakes

• How to Build a Data Mining Plan

• Use of technology to create reports and work papers

• Data Mining for Shell Companies

Day Two: Data Mining for Fraud in Various Business Functions

• Data Mining for Corruption – hidden bribe payments, suspicious payments and locating conflict of interests

• Data Mining Company Credit Cards and Payroll Fraud

• Finding Ghost or Front Customer Schemes

• Data Mining within the Financial Statements

15CPE


54


COURSE FOCUS

This two-day course will provide the tools necessary to conduct an internal investigation and create a report to support future legal action. You will learn how to perform a fraud investigation; through planning the investigation, examining documents, interviewing witnesses and preparing for trial.

Each section of this seminar will include a case study and reviewing sample reports. Participants will respond to a whistle-blower case, prepare an investigation plan and conduct practice interviews.


• Understand the fraud risk structure of your organisation

• Learn to perform the critical elements of a fraud investigation

• Discuss how to respond to a whistle-blower allegation

• Examine documentation, finding red flags of document alteration and connecting evidence to fraud schemes

• Discover how to write the investigation report, while avoiding the pitfalls of legal language



CONDUCTING AN INTERNAL FRAUD INVESTIGATION A Comprehensive Guide for Internal Auditors

AGENDA AT A GLANCE

Day One: Planning and Conducting Fraud Investigations

• Fraud Risk: Primer for the Fraud Investigators

• Responding to Whistle-blower allegations

• How to evaluate allegations of fraud

• The investigation plan for financial crimes

Day Two: Interviewing, Document Collection and Writing the Report

• Investigating and Prosecuting Corruption and Embezzlement

• How to conduct fraud interviews

• Writing the Investigation Report: Guidelines

• Preparing your report for the Courtroom

15CPE

WWW.MISTI.COM +44 (0)20 3819 0800

55


COURSE FOCUS

Introducing Michael Dalton; a fraudster who created one of the most complex webs of fraud and money-laundering, with ownership of over 70 different bank accounts worldwide. Would you have been able to catch him if he was a member of your organisation?


• Understand why fraud occurs and what makes fraudsters ‘tick’

• Investigate social engineering and other common fraud strategies

• Develop your own investigation and interviewing skills

• Discover the latest strategies in uncovering fraud for auditors

• Test your new skills through interactive case studies

DATES 21-23 March, London 13-15 November, Dubai

DIRECTOR Allan McDonagh Managing Director of Hibis, dedicated to helping organisations improve their resistance to fraud, Allan has 15 years experience as a member of the Investigations Branch of HM Customs and Excise – specialising in narcotics and organised crime investigations.

INTERNAL AUDITOR’S ROLE IN PREVENTING FRAUD Understanding the key techniques to preventing and uncovering fraud in your organisation

AGENDA AT A GLANCE

Day One: Introducing fraud and thinking like a fraudster

• Introducing fraud and how fraud occurs

• Investigating how fraudsters use social engineering

• Analysing male and female fraudsters

• “How to think like a fraudster”: Workshop

• Introducing Michael Dalton – The Senior Executive who is also a fraudster

Day Two Prevention, the Whistleblower and the investigation commences

• Interviewing the whistleblower – Is he telling the truth about Michael Dalton?

• Outlining the investigation skills available to the auditor

• Managing the investigation

• Reviewing the strategies for preventing fraud

• Analysing the role of policies in preventing fraud

Day Three: Fraud profiling and the end of the investigation

• Conducting research and gathering the evidence

• “Fraud risks for the auditor” Workshop

• The Interview of Michael Dalton

• Interviewing and analysing body language

• Course debrief and overview of lessons learned

24CPE

“Very well prepared. Significant Knowledge. Valuable Experience”

SIGAR


56


COURSE FOCUS

Unethical business behaviour directly or indirectly accounts for major losses – between 2% and 5% turnover, and severely damages the reputation and morale of companies. However, despite being one of largest unmanaged risks in companies today, many managers still receive virtually no formal training in how to identify red flags, deal with them, and most importantly, how to become more resistant to all forms of fraud.


• Use fraud auditing as a tool for fraud prevention

• Go beyond traditional internal control assessment to really pinpoint where fraud occurs

• Find elusive frauds that others miss

• Secure, analyse and present t he evidence

• Make your organisation resistant to all forms of unethical business

DATES 11-13 April, London 18-20 July, Amsterdam 24-26 October, London

DIRECTOR Nigel Iyer An innovative fraud detection and investigation practitioner and expert in the integrity health check approach.

Richard Minogue A financial management, internal audit and investigation expert with over 35 years experience.

Allan McDonagh Managing Director of Hibis, dedicated to helping organisations improve their resistance to fraud

Veronica Morino An anti-fraud and corruption investigator and expert in organisational effectiveness

FORENSIC AUDITING A dynamic approach and methodology to find those elusive frauds that others miss... and follow them through

AGENDA AT A GLANCE

Day One: Fraud and Corruption within your organisation

• Investigating who, what, where, when and why?

• Evaluating different strategies for dealing with anonymous reports and whistleblowers

• Making the decision to investigate (Investigation strategy part I)

• Undertaking desktop research – the first step in addressing red flags

• “Playing Poirot” – case exercise

Day Two: The Fraud and Corruption Health Check

• Finding frauds before they find YOU – the “heart” of forensic auditing

• Dealing with the red flags

• Managing a complex investigation (Investigation strategy part II)

• Forensic accounting and the relationship to fraud detection

• Visualising the results of the investigation

Day Three: Fraud Identification and Investigation

• Identifying where fraud takes place by learning to think like a thief

• Developing a risk ranked fraud and corruption profile

• Uncovering specialist (forensic) investigation techniques

• Discovering investigation strategy part III

• Outlining and practising proven interview techniques

24CPE

Free book with this course: ‘A Short Guide to Fraud Risk’

WWW.MISTI.COM +44 (0)20 3819 0800

57


COURSE FOCUS

Gain an introduction to fraud and corruption, how and why it takes place and the tools, techniques and legal framework which form part of an investigation. This course will cover how to manage a major investigation into fraud and corruption including new interview techniques through role-play exercises.


• Gain the practical tools needed to identify, investigate and remediate fraud & corruption from the workplace

• Receive practical advice on how to pursue the perpetrators identified as a result of your investigation

• Focus on the importance of careful planning and research

• Adapt your thinking to that of a top-class fraud investigator

• Understand how to develop a fraud strategy to prevent fraud from occurring and to recognise the red flags of fraud and corruption in your company

DATES 25-29 July, London 7-11 November, Cape Town


Nigel Iyer An innovative fraud detection and investigation practitioner and expert in the integrity health check approach with over 20 years experience.


THE MIS FRAUD AND CORRUPTION SUMMER SCHOOL PART 1 The Flagship MIS Fraud Course - Investigating serious fraud and corruption... how to cope at the time of discovery and how to learn from the experience

AGENDA AT A GLANCE

Day One: Action following discovery

• The fraud whisperer and social engineering

• Resourcing the investigation

• Gathering the evidence

• Managing the investigation - phase 1

Day Two: Your Fraud Profile

• The investigation - phase 2

• Dealing with regulatory bodies, the press, investors and police

• Taking the practical approach

• The right to audit

• The interview

39CPE


58


COURSE FOCUS

Using Case Studies, realistic film scenarios, fraud detection exercises and group brainstorming this course will ensure attendees pinpoint where fraud and corruption occurs and be highly tuned to spotting red flags.


• Recognise where fraud and corruption strikes at the heart of your organisation

• Implement countermeasures such as anti-fruad and corruption programmes

• Learn practical tools and techniques for identifying the earky warning signs (or red flags) of fraud and corruption

• Develop and roll out an effective fraud and corruption Health Check program in your organisation

• Increase management engagement, the effectiveness of anti-fraud and corruption training and delivering value back into your business

DATES 25-29 July, London 7-11 November, Cape Town


Nigel Iyer An innovative fraud detection and investigation practitioner and expert in the integrity health check approach with over 20 years experience.


THE MIS FRAUD AND CORRUPTION SUMMER SCHOOL PART 2

AGENDA AT A GLANCE

Day One: Action Following Discovery

• What to do after the wheels fall off?

• We’ve just had a big fraud – what do we do now?

• Analysing the most obvious types of fraud and corruption

• Assessing impact on profits, reputation, culture etc...

• How does your fraud and corruption profile link in with the overall risk assessment?

Day Two: Your Fraud Profile

• Developing YOUR fraud and corruption profile

• Using you fraud and corruption profile

• Detecting red flags

• Case exercise: Find the Frauds!

• Developing your own fraud and corruption health check

Day Three: Anti-fraud and Corruption Initiatives

• Ensuring integrity: Helping management “walk the talk”

• Developing and delivering an effective ethics and compliance program, with anti-fraud and corruption as a cornerstone

• Case study: “ A tale of FOUR companies

• Measuring the effectiveness of your anti-fraud and corruption initiatives

• Dealing with management expectations

39CPE

03How can your organisation better audit

information technologies and business systems? Can you protect your information assets?

Would your organisation benefit from tools and techniques to audit databases, networks and

virtualised environments?

I T A U D I T

60

WWW.MISTI.COM +44 (0)20 3819 0800

61

INTERNAL AUDIT & RISK MANAGEMENT IT AUDIT TW 24CPE

COURSE FOCUS

This five-day course is designed for financial, operational and business auditors who need to update their technical and operational knowledge to audit information technologies and automated business systems.


• Identify the business risks in automated environments and how to mitigate them

• Develop knowledge of infrastructure essentials including hardware and operating systems

• Explore security, operational, management, application and systems software controls

• Learn about databases, distributed systems, networks, the internet and e-commerce

• Discover auditing standards including Sarbanes-Oxley and PCAOB

DATES 25-29 April, London 11-15 July, Amsterdam 22-26 August, London 3-7 October, Cape Town 13-17 November, Dubai

DIRECTOR Charles Pask Leading IT Auditor and Security professional with over 25 years experience and former Information Security Manager at Alliance & Leicester plc.

IT AUDIT SCHOOL The essential skills you need to perform an IT audit and become an integrated auditor

39CPE

Day Four: Auditing more complex applications

• Defining a transaction

• General flow of an audit application

• Components of a business application

Day Five: Planning the Audit

• Data input and processing models

• Application controls

• Beginning the audit

AGENDA AT A GLANCE

Day One: Fundamentals of IT Auditing

• Outlining the fundamentals of IT Auditing

• Reviewing auditing standards

• Discovering infrastructure essentials

Day Two: Auditing Systems

• Databases

• Distributed systems

• Networks

Day Three: Auditing Applications

• Internet and e-commerce

• General controls

• Business systems applications

“He is a perfect instructor and he always makes every single

lesson interesting” Qatar Petroleum


62


COURSE FOCUS

In this practical four-day seminar you will immerse yourself in a risk-based approach to IT auditing that will ensure the confidentiality, integrity, and availability of your information assets throughout the enterprise.


• Plan your IT Audit using risk-based approach, COBIT and COSO control framework

• Determine risk in critical areas of your IT environment, including operating systems, database management systems, business continuity and application controls

• Develop a pro-active audit approach to provide a value-added service to your organisation

• Audit outsourced IT operations

• Implement audit system development projects

DATES 13-16 March, Dubai 17-20 October, London


RISK BASED IT AUDITING Using control best practices to ensure the confidentiality, integrity and availability of your information assets

Day Four: Executing an IT Audit

• Disaster recovery and business continuity

• Auditing outsourced IT operations

• Auditing system development projects

• Executing IT audits

• Course overview and round-up

AGENDA AT A GLANCE

Day One: Planning the IT Audit

• Planning the IT Audit

• Conducting risk assessment

• Complying with international regulations

• Using COBIT

• Applying the ISO-27002 security standard

Day Two: Guidelines and Governance

• Defining IT governance

• Reviewing IIA and ISACA governance audit guidelines

• System software

• Logical access controls

• Change management

Day Three: Network and Application Controls

• Physical and environmental controls

• Network perimeter security

• Application controls

• Exploring relationship between general controls and application controls

• Application system audit strategy

30CPE

WWW.MISTI.COM +44 (0)20 3819 0800

63


Day Three: Auditing Application Servers and Software Development

• Common security vulnerabilities and attacks on Web application software

• Defining key sources of application server security

• Tools and techniques for auditing and securing application servers

Day Four: Databases, Web Services and Mobile Applications

• Data access controls, authorization and audit

• Web services audit and security tools

• Checklist for securing mobile and wireless application best practices

COURSE FOCUS

In this information-packed four-day seminar, you will cover key building blocks of IT audit and security, including identity & access management, access control models, web-based e-commerce application threats and vulnerabilities, as well as standards associated with privacy issues and intellectual property concerns.

You will also cover auditing database management systems within the context of robust but practical enterprise architecture and governance models. You will also go over safeguard concepts and best practices for secure mobile and wireless applications.


• Understand standards associated with privacy issues and intellectual property

• Discover best practice for auditing web servers and application servers

• Learn how mobile applications differ from internal server based application in terms of security and audit

• Develop goals for your organisation in safeguarding applications

• Gain tools to test and web and application server security

DATES TBC August, London

DIRECTOR Marty Green Martin Green is a senior instructor for MIS Training Institute. As a member of theMISTI faculty for more than 20 years, his areas of expertise include computer technology, networking, and security.

ADVANCED IT AUDIT SCHOOL A comprehensive deep-dive of IT Audit and Information Security Assessments

AGENDA AT A GLANCE

Day One: Identity and Access Controls

• Making the business case for information security

• Access control models and architectures

• Relevant laws, directives and regulations

Day Two: Auditing Web Servers and Applications

• Web application security strategies

• Goals for information security safeguards in applications

• Tools, techniques and checklists or testing Web servers security

30CPE


64


COURSE FOCUS

In this 3-day seminar you will review the new COBIT 5.0 Framework and focus on how you can implement this globally-recognised framework to improve effectiveness and efficiency in the internal control system.

Case studies, group discussions and exercises will be used to emphasise the key learning points. The course is practical, rather than highly theoretical! You will explore using COBIT 5.0 to plan and execute the implementation of an efficient ‘Governance for IT’ programme.


• Understand the differences between COBIT 4.1 and COBIT 5.0 and how to transition your organisation to the new framework

• Discuss how IT management issues affect enterprises

• Enable your organisation to use COBIT 5.0 as an integrated framework for ‘IT Risk Management’ and ‘Information Security’

• Assess how COBIT 5 can be used to guide the creation of the five basic principles

• Learn to implement effective and efficient governance and management of enterprise IT to achieve stakeholder objectives

DATES 17-19 October, London

DIRECTOR Mark Edmead Managing Director at MTE Advisors and Senior Instructor for MIS Training Institute. Mr Edmead has over 30 years experience of computer systems architecture, information security and project management.

COBIT 5: GOVERNANCE OF IT Implementing and Integrating COBIT 5.0 in your Enterprise

AGENDA AT A GLANCE

Day One: Key Features of COBIT 5.0

• Drivers for the COBIT 5.0 new framework

• The evolution of COBIT 5.0

• Understanding the business benefits

• The COBIT 5.0 format

Day Two: COBIT 4.1 to COBIT 5.0

• Enabler focus and areas of change

• Control objectives to management processes

• From COBIT 4.1 Management Guidelines to COBIT 5.0: Enabling Processes Guidelines

• COBIT 5.0 and Legacy ISACA Frameworks

Day Three: The COBIT 5.0 Principles

• Meeting stakeholder needs

• Covering the enterprise end-to-end

• Applying a Single Integrated Framework Approach

• Separating Governance from Management

24CPE

WWW.MISTI.COM +44 (0)20 3819 0800

65


COURSE FOCUS

In this workshop, you will learn, the principles of auditing communication networks, how to audit operating systems and system software, how to audit database and client/server systems. The more technical areas of IT audit such as networks and databases have always been a problem area for auditors.

Using hands-on practical exercises based on the most common technology in use today, we will discuss where the main risks are, how to plan the audit approach and how to ask the right questions when the audit takes place.


• Learn the principles of networking and data communications

• Discover practical methods for exploring and auditing networks

• Gain an understanding of computer operating systems, and the most important areas of audit interest

• Explore database systems and find out how to use their built-in features to assist your audit

• Learn how client/server systems operate, where the controls are, and how to audit them

DATES 10-13 May, Amsterdam 8-11 November, London

DIRECTOR Steve Rimell An enviable reputation as the most respected authority in the UK with over 20 years’ practical experience in information systems auditing.

AUDIT AND SECURITY OF NETWORKS, OPERATING SYSTEMS AND DATABASES A hands-on workshop for auditors to extend their knowledge of new techniques

AGENDA AT A GLANCE

Day One: Networks

• Network risks and countermeasures

• Principles of encryption

• Voice over IP (VoIP) networks and how to audit them

Day Two: Operating Systems

• Why audit the operating system?

• Tools for the auditor – operating systems utilities and vulnerability scanners

• Change management and how to audit it

30CPE

Day Three: Database Systems

• Risks of database development

• What controls to look for in a database audit

• Extracting audit data from database systems

Day Four: Client/server computing

• Audit issues in client/server developments

• Components and reusable software

• Building and evaluating a client/server application


66


COURSE FOCUS

You will learn how to evaluate the security of virtualized data centers and how to ensure that suitable business continuity processes are transferred from the physical to the virtual environment. You will see how to extract security and control information from the virtualized environment to support your audit findings.

You will also receive an audit program for use in planning and conducting your own virtualization reviews. The course will concentrate mainly on VMware, but the essential features of Microsoft’s Hyper-V will also be covered.


• Measure the business benefits of server virtualisation

• Overcome the challenges in moving physical systems into virtual data centres

• Understand the specific networking requirements of virtual data centres

• Analyse the specific security and control features of VMware ESX, VSphere and Hyper-V

• Extract audit data from the virtualised environment to support your audit recommendations

DATES 14-17 March, London


AUDITING AND SECURING VIRTUALIZED ENVIRONMENTS Practical and cost-effective techniques for auditing and securing VMware and Hyper-V environments

AGENDA AT A GLANCE

Day One: Virtualisation Basics

• Discussing the advantages and disadvantages of virtualisation

• Specific security issues of virtualisation – hypervisor attacks and other risks

• Integrating virtualisation and disaster recovery

Day Two: ESX and VSphere (I)

• Outlining different versions of VMware ESX

• Managing ESX Security

• Business continuity and disaster recovery options for virtualised systems

Day Three: VSphere (II) and Hyper-V

• Components of VSphere

• Securing Hyper-V systems and networks: best practices

• Analysing VSphere security considerations

Day Four: Developing an audit program for VSphere and Hyper-V

• Defining and assessing the audit risks

• Scanning servers for security vulnerabilities

• Reviewing Microsoft Hyper-V security

30CPE

WWW.MISTI.COM +44 (0)20 3819 0800

67


COURSE FOCUS

In this intensive three-day seminar you will learn Oracle’s database facilities and terminology along with the commands you need to know to provide security and controls over Oracle software and to query Oracle-controlled data.


• Learn Oracle’s database facilities and terminology along with the commands you need to know to provide security and controls over Oracle software and to query Oracle-controlled data

• Uncover the risks Oracle introduces and the exposures it reduces - learn about not only the basic Oracle security mechanism but also about more advanced security controls - triggers, encryption methods, security policies (functions), database firewalls and detection mechanisms

• Explore Oracle Inc.’s approach to the client/server and Web processing environments and discover the impact Oracle has on your enterprise’s organisation, security profiles, and information systems standards

• Learn about the extensive list special components and tools available to supplement standard controls and to help to assess vulnerabilities

DATES 4-6 April, London 21-23 November, London


AUDITING AND CONTROLLING ORACLE DATABASES Using the security and integrity features in Oracle to perform control and security assessments

AGENDA AT A GLANCE

Day One: Understanding Oracle

• Oracle environments

• Understanding the terminology

• Oracle objects

• The security mechanism

• User identification and high-risk users

Day Two: Demonstrating the Audit of Oracle

• Security features

• The audit feature

• Demonstrating the audit

• Integrity features

• Triggers and constraints

Day Three: High risk scenarios

• High-risk commands and utilities

• Organisational impact

• Audit and security approaches

• Writing SQL scripts

• Summary and discussion

24CPE


68


COURSE FOCUS

In this fast-paced, two-day seminar you will get a guided tour of the Oracle® applications Families: Oracle Financials and Oracle Public Sector Financials, Oracle Manufacturing, Oracle Distribution, Oracle Human Resource Management Systems, and Oracle Projects.


• Discover how these products interface and examine their shared control points

• Identify the high-risk areas in these systems, as well as, in any application developed with Oracle’s Application Object Library

• Gain an understanding of Applications’ terminology and facilities, identify the components of application sign-on security, interpret user responsibilities, and investigate customised menus

• Assess the access controls provided by responsibility and role definitions including report security groups, data groups, and flexfields

• Explore application audit trail features and learn how to assess their use

DATES 7-8 April, London 24-25 November, London


AUDIT SECURITY OF ORACLE E-BUSINESS SUITE Identifying the high-risk areas in Oracle applications and how to overcome them

AGENDA AT A GLANCE

Day One: Components to audit

• An Oracle applications primer

• Database tools

• Application integration

• User management

• Collecting evidence

Day Two: Security rules and mechanisms

• Security mechanisms

• Flexfield security rules

• The execution environment

• Audit approaches

• Putting it all together

15CPE

WWW.MISTI.COM +44 (0)20 3819 0800

69


COURSE FOCUS

This three-day seminar is for financial, operational and technical auditors who have to audit key modules of the SAPTM ERP ECC solution set and/or all the SAP R/3 control sets. You will cover the major risk areas for the latest SAP release, which are based on a continuation of effective R/3 control sets, as well as governance, risk, and controls, including S-OX, HIPAA, and FFIEC guidelines.


• Investigate the risks inherent in the SAP application

• Delve into auditing techniques supported by tools within the standard SAP application

• Examine the security and basis configuration settings necessary to support a strong control environment

• Drill down to core business processes – financial close cycle, order-to-cash cycle and purchase-to-pay cycle

• Discover techniques often used to ‘hide’ poor configuration and how to uncover them quickly

DATES 8-10 May, Dubai 10-12 September, London

DIRECTOR Steve Biskie A leader in the audit and compliance space for more than 20 years, Steve Biskie has become most well-known for his work helping Fortune Global 500 organizations understand and manage the risks within complex ERP systems such as SAP and Oracle.

AUDITING AND SECURING SAP ERP CENTRAL COMPONENT (ECC) AND SAP R/3 Implementing and Operating SAP ERP Total Solution and R/3 control sets for Internal Audit

AGENDA AT A GLANCE

Day One: Key SAP Concepts

• Outlining SAP key concepts

• Discovering SAP audit fundamentals

• Finding top audit risks and controls for ERP ECC and SAP R/3

• Reviewing basic navigation techniques for auditors

• Finding key users, transactions and roles

Day Two: Key security risks

• Defining ERP roles in the SAP/R/3 system

• Defining portal roles in the ERP ECC 6.0 environment

• Discovering MySAP and GUI application suites

• Outlining audit and security risks and controls for business process reviews

• Getting to grips with different modules including procurement to pay: MM, customer integration: CRM and production planning and management: PP

Day Three: Rules and GRC

• Business rule settings for maintaining transaction integrity

• Change control: Transport management systems and content management systems

• Business warehouse – Online Analytical Processing (OLAP)

• Governance, risk and control (GRC)

• Discovering different tools to help – ACL direct, Approva, RiskWatch and more

24CPE


70


COURSE FOCUS

Take your SAP technical auditing skills to the next level by learning advanced risks and control opportunities that should be considered in a thorough audit of the SAP basis system and security.


• Practice techniques discussed on a sandbox SAP system, and perform an end-to-end security assessment

• Review additional security risks posed by the SAP Netweaver components

• Explore various table types within SAP, and practice some basic data interrogation techniques using SAP Query tools

• Review the “system hardening” guidelines provided by SAP

• Gain a first-hand look at some largely unpublished risks within SAP

DATES 11-12 May, Dubai 13-14 September, London

DIRECTOR Steve Biskie A leader in the audit and compliance space for more than 20 years, Steve Biskie has become most well-known for his work helping Fortune Global 500 organizations understand and manage the risks within complex ERP systems such as SAP and Oracle.

ADVANCED TECHNICAL SAP AUDIT Audit and control techniques for SAP R/3 & SAP ECC Technical Auditors

AGENDA AT A GLANCE

Day One: SAP System Settings

• Reviewing the basics

• Outlining SAP system settings

• Discovering advanced SAP basis security

• Controlling Non-Dialog user types

• Understanding special considerations

Day Two: SAP Authentication and Security

• Overcoming SAP authentication issues

• Enhancing Netweaver security

• Gaining techniques for advanced auditing of SAP customizations

• Tackling advanced SAP Change & Transport Systems (CTS)

15CPE

“Steve Biskie is a great trainer and I hope to attend many more courses with him” Saudi Airlines

WWW.MISTI.COM +44 (0)20 3819 0800

71


COURSE FOCUS

Cloud-based services are changing the way businesses look at their IT service capabilities. Cloud providers can deliver services to provide scalable, on-demand IT services. However, cloud computing is not without risks.

In this two-day seminar, we will look at the development of cloud computing, security and control issues and consider Security as a Service. We will examine common risks associated with cloud computing and consider solutions to mitigate them.


• Discuss cloud computing risks and issues that can turn an outsourcing operation into an IT disaster

• Consider both the business and IT risks associated with deploying a cloud computing solution

• Learn to identify risks, countermeasures and issues in using cloud-based services, through class exercises and discussion

• Ensure due diligence when choosing a provider for your organisation

• Examine legal and governance issues when moving towards cloud computing

DATES 27-28 June, London


AUDIT AND SECURITY OF CLOUD COMPUTING Consider the risks of cloud computing and ways to mitigate them

AGENDA AT A GLANCE

Day One: Risks of Cloud Computing

• Types of cloud services and examples

• Advantages and Disadvantages of the cloud

• Different risks of cloud computing and how to address each one

• Ensuring due diligence when choosing a cloud services provider

Day Two: Data Security Concerns

• Control over data and Data Security in Cloud Computing

• Common mistakes and errors in data encryption

• Security as a Service – what does it provide and how can we assess it?

• IT Governance and standards in cloud computing – what to look for

15CPENEW


72

04Does your organisation have a Risk Analysis to understand threats, vulnerabilities and countermeasures? Can your organisation build upon the essential security skills to protect assets and business

reputation? Do you have the tools and techniques to establish and manage an information security programme that works?

I N F O R M A T I O N S E C U R I T Y

74

WWW.MISTI.COM +44 (0)20 3819 0800

75

INTERNAL AUDIT & RISK MANAGEMENT SECURITY TW 24CPE

COURSE FOCUS

If you have inherited a program that needs to be improved/benchmarked or if you are new to information security and need a crash course, this course will be your step-by-step guide to establishing and managing a workable information security program


• Explore the various aspects of InfoSec management in a changing ICT environment

• Get your organisation more involved in information security

• Understand the various internal and external threats to success

• Understand employees privacy issues, and other legal and regulatory aspects

• Work with an InfoSec professional who has “walked the walk”



IT SECURITY MANAGERS’ ACADEMY A step-by-step guide to establishing and managing an information security programme that works

39CPE

Day Four: Implementing controls

• Understanding physical, hardware and media security

• Implementing environmental controls in the distributed environment

• Discovering tools that can help create awareness

Day Five: The future of Information Security

• Defining the BCP management process

• Using the business impact analysis

• Looking to the future of information security in the oganisation

AGENDA AT A GLANCE

Day One: Defining Information Security

• Defining the information security business case

• Defining the information security department charter

• Organising for success: roles and responsibilities

Day Two: Developing policies

• Reviewing legislation and standards

• Creating a strong foundation through policy

• Case study and exercise: Developing organisational policies

Day Three: Risk Analysis

• Conducting information risks analysis

• Assessing your own risk processes

• Conducting business impact analysis

“He is a very excellent instructor and he gave a great description to explain the topics”

Indonesian Financial Service Authority


76

INTERNAL AUDIT & RISK MANAGEMENT SECURITY TW 24CPE

COURSE FOCUS

This course raises the bar for training in corporate security and resilience, including information and cyber security. The course will give you essential skills and ideas to implement in your organisation straight away.

Based upon extensive experience our course facilitators will enhance learnings through hands-on practical experience, case studies and exercises. These five-days represent the highest level course of its kind available anywhere in the world.


• Gain necessary know-how to develop a world-class corporate security strategy for your organisation

• Add value to the company and demonstrate this success to key stakeholders

• Implement staff awareness training to create a pro-active security culture throughout your workforce

• Create and develop your own “security brand”

• Learn to present your ideas logically an convincingly at Board level

DATES 7-11 December, London

DIRECTOR David Burrill OBE Awarded an OBE (Office of theOrder of the British Empire) for services to international security, he is the world’s leading

John Hedley Leading Corporate Security professional and for Head of Group Security at Nestle, where he designed and developed Corporate Security.

THE CORPORATE AND CYBER SECURITY MASTERCLASS Achieving excellence through security

Day Four: Organisations as patterns of people

• Leaks and legalities

• Is the Board on-board?

• Takeover template

Day Five: Professional and Corporate Development

• Management review

• Cutting costs

• “Breaking up is hard to do…”

AGENDA AT A GLANCE

Day One: Reaping Success from Corporate Security

• Getting the right person for the job

• Preparation and hitting the ground running

• Designing a roadmap to success

Day Two: Integrating Cyber and Information Security

• Recruiting a CISO

• Security Structure impact on Global Risk Management

• CSO or CISO

Day Three: Organising Globally for Crisis Management

• Seeing crisis as an opportunity

• Leveraging value from Networking

• Public presentation

39CPE

05How can your organisation more effectively

deal with the issues of today and identify the potential obstacles facing you tomorrow? Where can you learn from international

experts on audit, fraud, information security and cyber risk challenges? How could you

benefit from networking and building trusted relationships with like-minded peers?

C O N F E R E N C E S

78

WWW.MISTI.COM +44 (0)20 3819 0809

79

AUDIT / FRAUD / GOVERNANCE / ANTI-CORRUPTION

Building on MIS Training Institute’s longstanding reputation for successful conferences, these events cover all the relevant updates for audit, compliance, governance, fraud, anti-corruption and investigations professionals while delivering the insights and guidance from a truly regional-specific as well as international panel of speakers and professionals. All carefully selected speakers have direct experience from the region where the event is hosted and programmes are guided by expert Advisory Boards.

MISTI conferences provide attendees with a unique international platform for the private and public sectors to unite and share best practices on how to achieve strong audit and corporate governance and accountability. Participants build solid global peer networks and practical strategies to fight against harmful business practices more effectively.

Regular attendees include Political Appointees, Auditor Generals, Board and Committee Members, CEOs and Chief Risk Officers in addition to senior professionals working in internal audit, investigations, inspection, IT audit, ethics, compliance, finance and governance.

“This is the best conference I have ever attended - very informative, practical and provides wide opportunity of application and meetings!” Senior Manager, KPMG

“Great networking and a learning opportunity” Head of Fraud Management, Standard Chartered Bank

Conferences, Summits and Roundtables

30CPE

UP TO

Audit & Risk World 2016 NEWIncluding:• Audit Directors’ Summit• Corporate Investigations Summit• Bank Audit Roundtable19 - 22 April 2016, Amsterdam

11th Audit, Risk & Governance Africa ConferenceIncluding:• 6th Fraud, Corruption & Investigations Africa Summit• Leadership, Accountability & Ethical Investment Tracks • Cyber Crime Africa 1 - 5 August 2016, La Palm Royal Beach Hotel, Accra, Ghana

11th Conference

Africa

4th

4th Fraud, Corruption & Investigations Asia SummitIncluding:• Global Investigations Asia Roundtable• CXO Asia Breakfast 7 - 9 November 2016, Singapore

Pre-Summit 6th

WWW.MISTI.COM +44 (0)20 3819 0809

80


AUSTRALIA

CISO Australia 2016 NEW5 - 7 July 2016, Sydney, Australia

CHIEF INFORMATION SECURITY OFFICER / CYBER RISK / INFORMATION RISK MANAGEMENT

Connecting C-Level Minds on Cyber Security: The Investor Issue of Today! MISTI’s successful global CISO Summits series is the ultimate C-level meeting of information security and business minds. Chief Information Security Officers, CTOs, CIOs and cyber risk directors from across the World’s leading companies and governments unite annually in Europe, Africa, Middle East and Asia-Pacific to discuss, find solutions and build trusted contacts with like-minded peers on information security and cyber risk challenges. What will security look like in 3-5 years? How will we get there? How can we change the game to protect customers, brands and intellectual property in 2016 and beyond?

You will hear keynotes, breakout workshop sessions and breakfast discussions around critical information security concerns, led by industry pioneers to provide a truly international share of information to reflect the global risk that information security presents today.


5th CISO Asia Summit & Roundtable7 - 9 November 2016, Singapore

13th CISO Summit & RoundtableIncluding:• CXO Forum - Cyber Risk: A Key Part of Enterprise Risk Management• CISO Think Tank: Protecting the Digital Enterprise10 - 13 May 2016, Stockholm, Sweden

8th Chief Information Security Officer Middle East Summit & RoundtableIncluding:• CXO Middle East Forum - Cyber Risk: A Key Part of Enterprise Risk Management • CISO Think Tank: Protecting the Digital Enterprise1 - 3 March 2016, Habtoor Grand Hotel, Dubai, The UAE

“Great quality of audience and networking opportunity” Director, IDA Singapore

“Comprehensive and eye opening event for opportunities to promote security as a business empowerment!” Head of Information Security, Abu Dhabi Securities Exchange, UAE

28CPE

UP TO

InfoSec World – Europe NEWIncluding:• 5 Dedicated Tracks • CISO Think Tank • Technical Workshops• Cloud & Data Analytics Security Summit 5 - 9 September 2016, Amsterdam

CONFERENCES 2016

5th CISO Asia Summit & Roundtable7 - 9 November 2016, Singaporewww.ciso-summit.com/ciso-asia

13th CISO Summit & RoundtableIncluding:• CXO Forum - Cyber Risk: A Key Part of Enterprise Risk Management• CISO Think Tank: Protecting the Digital Enterprise10 - 13 May 2016, Stockholm, Swedenwww.ciso-summit.com

8th Chief Information Security Officer Middle East Summit & RoundtableIncluding:• CXO Middle East Forum - Cyber Risk: A Key Part of Enterprise Risk Management• CISO Think Tank: Protecting the Digital Enterprise1 - 3 March 2016, Dubai, The UAEwww.ciso-summit.com/ciso-middle-east

Audit & Risk World 2016 NEWIncluding:• Audit Directors’ Summit• Corporate Investigations Summit• Bank Audit Roundtable19 - 22 April 2016, Amsterdam

AUSTRALIA

CISO Australia 2016 NEW5 - 7 July 2016, Sydney, Australia

InfoSec World – Europe NEWIncluding:• 5 Dedicated Tracks • CISO Think Tank • Technical Workshops• Cloud & Data Analytics Security Summit 5 - 9 September 2016, Amsterdam

4th

4th Fraud, Corruption & Investigations Asia SummitIncluding:• Global Investigations Asia Roundtable• CXO Asia Breakfast 7 - 9 November 2016, Singapore

11th Audit, Risk & Governance Africa ConferenceIncluding:• 6th Fraud, Corruption & Investigations Africa Summit• Leadership, Accountability & Ethical Investment Tracks • Cyber Crime Africa 1 - 5 August 2016, La Palm Royal Beach Hotel, Accra, Ghanawww.auditriskgovernanceafrica.comwww.cybercrimeafricasummit.com

11th Conference

AfricaPre-Summit 6th

To input new conference topics and interest in speaking or attending please contact: [email protected] / +44 (0) 20 3819 0809

WWW.MISTI.COM +44 (0)20 3819 0797

JAMES MILLOY [email protected]

82

THINK TANKS

MIS TRAINING INSTITUTE BESPOKE EVENT SERVICES – EMEA & APAC

From the beginning, from venue selection and programme development to the final post-conference report, regional account management and everything in-between, MISTI has the focused expertise, brand, experience and team to manage and produce tailored high level conferences, think tanks, breakfasts, webinars and other events to fit your tailored requests.

Requested / Bespoke Conferences or Symposia - MISTI will co-host and develop a bespoke event to suit your exact requirements

Private Dinners - Drill down into your preferred topic with selected prospects in your chosen cities

Roundtables / Think Tanks - Co-host a content based, co-facilitated interactive event with MISTI

Breakfast Briefings - Your own keynote speaker plus a MISTI selected speaker – localised, short, sharp networking focus

Receptions - Ideal for new product launches! You give the speech, MISTI will bring a co-host speaker and your selected audience to a top notch private venue.

WHY PARTNER WITH MIS TRAINING INSTITUTE FOR YOUR BESPOKE EVENT?

Access truly global contact bases in EMEA, Asia Pacific at the U.S. across government and business sectors

Convey your message to targeted wish lists via an independent voice and in a non-sales and truly content-driven context

Collaborate with an established market leader in information security, audit, anti-fraud and corporate security

Benefit from industry expertise and hands-on professionals to provide speaking support for your event

Gain International accreditation and recognised Continued Professional Education for your audience’s ongoing development

BENEFITS OF BESPOKE NETWORKING

Exclusive sponsorship of a co-branded, highly targeted event with the independent and global voice of MIS Training Institute

Positions your organisation as an equal partner around the table with key decision makers and participate in discussions that you would not hear in meetings

Create longer term deal-flow opportunities and build new business relationships via a content-focused approach

Fully targeted towards your preferred audience, with a delegate acquisition team to ensure you meet with the right attendees

24CPE

UP TO

Conferences, Dinners, Breakfast Briefings and Roundtables

BESPOKEE V E N T S

“Working with MIS has helped us achieve our objectives in terms of reaching a broader set of customers in a unique, “think tank” type setting. MIS consistently gathers an audience appropriate in both role and seniority to participate, which makes it worthwhile for both the participants as well as the vendors who sponsor and help co-deliver these events. It’s been a great partnership and we look forward to continue working together for future sessions” VP, Professional Services and Support, HP Enterprise Security Products

CPE Accredited

WWW.MISTI.COM +44 (0)20 3819 0800

83

OUR COURSE DIRECTORS

Allan McDonagh CICA

Allan was commissioned in HM Customs and Excise in 1967, and in 1971 joined the Investigation Branch where he specialised in narcotics and organised crime investigations. In 1974, he became the first Customs Investigator to be seconded to the Drugs Intelligence Unit at New Scotland Yard and in 1983 was awarded a Winston Churchill scholarship to study narcotics interdiction in the USA.

Between 1985 and 1997 he was employed at Network Security Management Limited and became Deputy Managing Director. He created the highly successful Forensic Laboratories which were eventually acquired by Control Risks Group. Allan has conducted many successful investigations throughout the world for both commercial and government clients.

Andy Robertson

Andy Robertson is currently with Cass Business School, managing and delivering modules on audit and risk-related topics to MSc students. He has 35 years experience in auditing and risk management, covering manufacturing, retail, financial services and the not-for-profit sectors. He has been head of audit in several blue chip organisations, and head of risk in two organisations, during which time he has been instrumental in both uncovering and resolving many organisational problems. Andy delivers lectures and workshops in risk and audit related areas, particularly in fraud detection and prevention and the establishment of risk management systems.

Charles V. Pask CISSP

Charles Pask is the Managing Director of ITSEC Associates Ltd, responsible for delivering global IT security and IT audit consultancy services, including public training courses, in-house training courses, conferences, symposiums and general Infosec consultancy. Previously, he was a Director with MIS Training, and Director of Information Security Institute (ISI) European and Middle East e-Security Services. Mr. Pask has over 30 years’ experience in IT, IT audit, and IT security, and was the Group Information Security Manager for Alliance & Leicester plc Group including Girobank prior to joining MIS.

Dr David Bobker MA, DPhil, ACA, FRM

David Bobker is Head of Risk at the Asian Institute of Finance in Kuala Lumpur where he carries out research in risk management and designs and delivers training programmes on strategic risk management, risk governance and internal audit. During 2009 and 2010 he was the lead presenter for risk management for Bank Negara Malaysia’s directors’ education programme. This unique programme has required all directors of Malaysian banks and insurers to attend training on governance and risk management.

He has worked as an external auditor and consultant with KPMG and Deloitte specialising in financial services companies and banks, he was group head of internal audit for two UK FTSE100 financial institutions (Alliance & Leicester and Norwich Union), and he was a supervisor and policy maker at the UK Building Societies Commission (now part of the FSA).


84

David Burrill OBE

David Burrill has been a professional international Intelligence and Security operator/manager for most of his professional life. On retiring from the military in 1992, having held the appointment of Deputy Director Intelligence Corps, and Chief of Staff Intelligence and Security Centre of the UK Armed Forces, he joined BAT Industries, a major global insurance and tobacco conglomerate, and subsequently on de–merger, British American Tobacco (the world’s second largest quoted tobacco group – with presence in 180+ countries), as Head of Security. David, who is a Freeman of the City of London, has had close and regular contact with the private security sector for over some 26 years.

In 2003, David Burrill became the first co–Chairman of the UK Foreign and Commonwealth Office’s Security Information Service for Business Overseas (SISBO) – a public/private sector partnership initiative of which he was one of the key architects

Dr David Hancock

Dr David Hancock leads the Government Construction Team for the Cabinet Office and the Major Projects Authority. Prior to that he was Head of Risk for Transport for London with responsibility for the risk and project services across their £15 billion capital portfolio). Renowned internationally as a leading thinker and practitioner in the field of risk, he is the author of the bestselling book “Tame, Messy and Wicked Risk Leadership” in which he developed the concept of Risk Leadership. He has worked with the public, private and voluntary sectors and has been the Director of risk and assurance for two London Mayors and Executive Director for Halcrow (now CH2MHill). He was responsible for creating and delivering the risk management system for the successful £4.3bn Terminal 5 Project at Heathrow, which is considered industry leading in project delivery. He champions the case for rethinking project management as a social interaction rather than delivery solely through the application of process and policy.

Dennis William Cox

Dennis William Cox, BSc FCSI FCA is a leading financial services risk management and internal audit specialist. He has held senior management positions within the banking and accountancy profession as Director, Risk Management at HSBC Insurance Brokers Limited and Director, Risk Management, Prudential Portfolio Managers. Formerly he held a number of roles within the audit profession at HSBC Holdings PLC. He has significant expertise in total risk management, risk-based internal audit, treasury, credit, liquidity, operational and market risk.

Dennis specialises his advisory services and lectures on the modernisation of internal audit. He also addresses internal audit as a driver for organisational change in banking. He is a specialist in audit for credit, treasury, operations and the Basel Accord.

Greg Duckert, CIA, CISA, CMA, CPA

Mr. Duckert is an internationally recognized expert in the field of Enterprise Risk Management. He is the author of the Wiley publication Practical Enterprise Risk Management: A Business Process Approach. He is Certified in Risk Management Assurance, Certified in Risk and Information Systems Control, a Certified Public Accountant, a Certified Information Systems Auditor, is a Certified Internal Auditor and also holds a Certificate in Management Accounting.

Mr. Duckert was educated at the University of Wisconsin - Madison and obtained an MBA in Accounting in 1989, a BBA in Accounting in 1978, and a BA in Economics in 1971. Mr. Duckert is also a Sr. Consultant for MIS Training Institute for whom he conducts seminars on a global basis and is a frequent speaker at conferences in his areas of expertise.

WWW.MISTI.COM +44 (0)20 3819 0800

85

Dr Hernan Murdock CIA, CRMA

Hernan Murdock is Vice President, Audit Division for MIS Training Institute. Before joining MIS Training Institute he was the Director of Training at Control Solutions International, where he oversaw the company’s training and employee development program. Previously he was a Senior Project Manager leading audit and consulting projects for clients in the manufacturing, transportation, high tech, education, insurance and power generation industries. Dr. Murdock also worked at Arthur Andersen, Liberty Mutual and KeyCorp.

James C Paterson

James has over 19 years experience across a range of finance and audit roles and was formerly the Chief Internal Auditor at AstraZeneca. James consults on a range of topics especially Head of Internal Audit induction, IA planning and assurance mapping. James is also a regular keynote speaker on audit and risk issues across the globe; speaking at the Global IIA Conference in Malaysia, the SOPAC conference in Australia and in Canada, the US, Abu Dhabi and the Far East. He is the author of the book “Lean auditing” published by J Wiley & Sons.

Jane Needham

Jane Needham is an independent consultant and trainer specialising in corporate governance, risk management and business process improvement. Jane’s career started by training as a Chartered Accountant with Ernst & Young in Manchester, and then working for a number of years at ICI plc, both in the Group Internal Audit function and in a finance line-management role. Jane then returned to her home island of Guernsey in the Channel Islands, where she was appointed Director of Risk & Assurance for the island’s government. As part of this role, Jane was Chief Officer of the States of Guernsey Audit Commission, a pre-cursor to the recently established island Public Accounts Committee. During her time with the Audit Commission, a statutory value-for-money review body, Jane carried out and commissioned a number of VFM / performance reviews into various aspects of public expenditure.

Jenny Rayner

Jenny Rayner is an independent consultant and trainer specialising in internal audit, risk management and corporate governance. She is an experienced non-executive director, former chief internal auditor and audit committee chair with 35 years’ wide-ranging international business experience. She works with directors, senior managers, internal auditors and risk managers to help them embrace best practice in governance, risk management and assurance. Prior to this, Jenny’s career spanned over 20 years with ICI and Zeneca in a variety of sales, marketing, purchasing, supply chain and general business management roles, latterly as a Chief Internal Auditor with ICI. She is currently Deputy Chair on the board of a UK housing association.

Jim Roth

Jim Roth, PhD, CIA, CCSA, is president of AuditTrends, LLC, a training firm devoted to identifying and communicating the best of current internal audit practice. Jim has three decades of progressive internal audit and teaching experience. His publications include seven books and seven other major works for the IIA, as well as eight AuditTrends seminars and numerous articles.

Evaluating elements of the corporate culture, a.k.a. soft controls, has been at the core of Jim’s 17 years of best practice research, culminating in his 2010 book, Best Practices: Evaluating the Corporate Culture. The IIA recognized his expertise as early as 1998 with the Internal Auditor magazine article, “Soft, Dangerous, Essential: An Interview with Jim Roth.” De Accountant in the Netherlands (2009) and Internrevisoren in Norway (2010) have more recently published interviews with Jim on this topic.


86

Jim Tarantino

Jim Tarantino is the Client Solutions Director for High Water Advisors, a consulting firm specialized in helping organizations improve governance, risk management, compliance (GRC) and audit processes. He has over 15 years of information technology, analytics, audit and GRC experience with a recognized expertise in developing solutions to enable data-driven auditing, risk assessment and investigations. Prior to joining High Water Advisors, Jim was a Solution Lead/Practice Manager for ACL Services, where he led the implementation of data analytic solutions for large public sector clients. He has also held a number of GRC practitioner roles including Senior Auditor at RTI International and various management positions at Nortel Networks implementing a human capital analytics program. As a member of the IIA, ISACA and ACFE, Jim participates in local chapter activities, including serving as an instructor for CISA certification exam preparation seminars.

John Hedley

John served for 26 years in the British Diplomatic Service, including postings to British Embassies in Sweden, South Africa, Spain and Mexico. He has a particular expertise in political analysis and counter–terrorism. He is a fluent French and Spanish speaker. In the private sector, John worked in cargo security with TRI–MEX International, specialising in satellite tracking of high–value, high–risk cargo across Europe. He also built the EUROWATCH network of security companies, providing real–time cross–border response to car and truck theft.

In 2003 he was recruited by Nestlé, to be their first Head of Group Security. John designed and developed the corporate security strategy and built and directed a team of some 40+ security professionals working across the globe on issues such as counterfeit, extortion, theft, fraud, kidnap, crisis management, emergency evacuations, expatriate travel programmes, staff security awareness, pandemic preparation, manned guarding efficiency, workplace violence etc.

John Porter

John Porter, BA ACA is banker and chartered accountant as well as an international financial services consultant specialising in internal audit for more than 20 years. He has held various management positions within the internal audit departments of the global financial institutions HSBC, ABN AMRO, American Express and Bank of Bermuda, having gained his Chartered Accountancy qualification (UK ICAEW) with Ernst & Young. John is an Associate of the Institute of Chartered Accountants in England & Wales (ACA) and holds a BA Honours degree in History from Bristol University. Based in Amsterdam, he speaks fluent English and Dutch and is proficient in French.

Kathleen Crawford

Kathleen Crawford is a Senior Consultant for MIS Training Institute and the President of Crawford Consulting and Communications LLC, a firm specializing in assurance and advisory projects for small firms without an internal audit function. Previously, she was an Internal Auditor for Vinfen Corporation, a private, nonprofit human services organization. Kathleen’s responsibilities include assisting management in the standardization of operations, developing policies and procedures, and improving processes. In addition, she conducts operational and financial audits throughout the company. Kathleen began her career as a bank auditor, first with Bank of New England, then Eastern Bank, and State Street Bank. A member of the Institute of Internal Auditors, Ms. Crawford is a past President of the Greater Boston Chapter of the IIA. She is also a member of the Association of Certified Fraud Examiners and the American Society for Training and Development. Ms. Crawford serves Treasurer and Trustee for Foxborough Regional Charter School and its foundation, Friends of FRCS.

WWW.MISTI.COM +44 (0)20 3819 0800

87

Keith Muras

Beginning his career life as a professional economist in industry, after 8 years Keith moved from the rigours of economic analysis to join the British Diplomatic Service. In a distinguished career spanning 23 years, Keith worked in South Africa, the former Soviet Union, Jamaica (with responsibilities extending throughout the Western Caribbean), Zimbabwe, and Uganda. His focus was on international strategic political security and economic issues. Keith also spent time in the UK, seconded to the Ministry of Defence, assisting and advising on domestic and international terrorist threats. Keith then moved to Corporate Security where, over an 11 year period, he established himself as a leading and accomplished security professional, holding senior positions with major international corporations, focusing on extractive and related engineering and support industries

Kelly Hogan

Kelly Hogan is an independent consultant whose experience includes over 20 years providing advice on techniques for risk management, control assessment and improvement, and written and oral communication. After a short time as a bank examiner, her career as an auditor started with financial and operational audits at the Federal Reserve Bank in St. Louis, Missouri, USA. She later moved to MasterCard International where she performed application audits, then managed a team of operational and IT auditors. After moving to Belgium for MasterCard, Ms. Hogan served as the head of audit for its European subsidiary for five years. She now focuses on training for internal auditors, but is also involved in co-sourced internal audits, due diligence projects, control self–assessment workshops and external quality assurance reviews.

Leonard W. Vona, CPA, CFE

Leonard W. Vona, CEO of Fraud Auditing, Inc., is a financial investigator with more than 30 years of diversified auditing and forensic accounting experience, including a distinguished 18-year private industry career. His firm advises clients in areas of litigation support, financial investigations, and fraud prevention. Mr. Vona has successfully conducted more than 100 financial investigations for some of the largest high profile corporations in the United States. The net result of his efforts has saved clients millions of dollars through recovery or defense strategies. His financial investigation experience includes embezzlement, economic damage, asset theft, bribery, intellectual property, and disbursement schemes. Leonard’s trial experience is extensive, including appearances in federal and state courts. He is qualified as an expert witness, as a CPA and a CFE, and is cited in West Law for the successful use of circumstantial evidence.

Lin Bartlett

During her career with Shell, Lin held a number of senior management roles in IT, Finance and Audit. As Shell UK’s Integrated Audit manager, she developed and gained board approval for a risk-based integrated audit planning and management process, establishing integrated audit plans for all key business areas. She is a trained auditor in financial, IT, health, safety, environment and quality management and planned and managed major audits in many different parts of Shell’s business.

In 2003 she successfully helped establish a new company to challenge the sustainability assurance offering in the marketplace and to raise the standard of assurance & verification of non-financial reporting available and has subsequently provided assurance & verification services to a number of blue chip companies. During 2005, Lin was engaged on a global Sarbanes Oxley 404 compliance implementation project for a FTSE 100 company. Lin was responsible for both the global project planning and management support and also the management of a team responsible for documenting risks and controls over financial reporting for their European business. Lin has also been engaged on External Quality Assessments (EQAs) as required by the Institute of Internal Auditor’s International Standards for the Professional Practice of Internal Auditing and Code of Ethics and provides training and helps companies prepare for an EQA.


88

Liz Sandwith

Liz Sandwith has been involved in the internal auditing profession since the late 1980’s. She has worked in the public sector including central and local government and also in the private sector. In 1995 she set up her own business providing internal audit and risk management to a number of businesses from central government and local government through housing associations, regional development agencies and including a UK Broadcaster – Channel 5.

Liz has been involved in delivering internal audit training since 1991. In order to keep up to date with new internal audit tools and techniques and be able to add realism and practicality to her training course Liz ensures that 75% of her time is spent delivering internal audits. Liz also speaks at Internal Auditing conferences and was President of the IIA-UK and Ireland 2001-2002. Her training courses receive high ratings from the delegates in terms of content, delivery and the practical opportunity to ‘do’ not simply just listen.

Mark T. Edmead, MBA, CISA, CISSP

Mark Edmead is the Managing Director at MTE Advisors and a Senior Instructor for MIS Training Institute. Mr. Edmead is a 30-year-veteran of computer systems architecture, information security, and project management. Mr. Edmead has extensive knowledge of IT and application audits, IT governance, and SOX compliance auditing. He holds DevOps, Lean IT, CISA, CISSP, and COBIT 5.0 Foundation certifications, and is an Accredited COBIT 5 Trainer and Certified COBIT 5 Assessor. Mr. Edmead’s expertise in the areas of information security and protection includes access controls, cryptography, security management practices, network and Internet security, computer security law and investigations, and physical security. He has consulted with Fortune 500 and Fortune 1000 companies and worked with a number of international firms. Mr. Edmead has authored articles in Compliance Advisor Magazine, IT Compliance Journal, IIA Insights, and The Auditor. In addition, he is an adjunct professor at the Keller Graduate School of Management.

Mark Johnson

Mark Johnson acts as a consultant and trainer on cybercrime and other online risks for a number of high profile organisations. he specialises in explaining the issues to non-technical audiences at all levels. His recent clients include the UK Home Office, the City of London Police, the National Police Chiefs Council (formerly ACPO), MIS Training, the International Compliance Association, the EU Commission and the United Nations.

Mark holds an ISACA CISM (Certified Information Security Manager) qualification and he is the author of two books on high tech risk, as well as a number of cyber security awareness training manuals. Prior to entering the technology world, he served in an operational capacity as a drug enforcement officer in the Caribbean and Central America.

Marty Green

Martin Green is a senior instructor for MIS Training Institute. As a member of the MISTI faculty for more than 20 years, his areas of expertise include computer technology, networking, and security. Mr. Green is the principal of Martin H. Green, P.C. Mr. Green concentrates his practice on the representation of companies in matters pertaining to computer technology, trade secrets, intellectual property, and copyright law. He also maintains an active consulting practice to lawyers and other professional service businesses regarding office automation and related auditing and security challenges. Mr. Green is a member of the Massachusetts Bar, the Massachusetts Academy of Trial Attorneys, and the American Trial Lawyers Association.

WWW.MISTI.COM +44 (0)20 3819 0800

89

Nigel Iyer

Nigel Iyer has worked passionately for over 20 years for the prevention, detection and investigation of fraud and corruption. In recent years he has specialized in helping international and financial institutions develop strategies to ensure that Ethics and Integrity are fully integrated into the strategy from the top down. Together with Martin Samociuk and other colleagues, he has developed a unique fraud risk assessment methodology and also developed the Integrity Health Check, which detects the red flags of fraud and corruption and is used by many organizations to ensure ethical policies are on track. Nigel is the author/ co-author of four books: Fraud Resistance (2003), Fraud and Corruption Prevention and Detection, “A Short Guide to Fraud Risk” (2010), published in collaboration with the Chartered Institute of Management Accountants and the Management Novel “The Tightrope” (2011).

Peter Herbert

Peter specialises in the development and delivery of practical training programmes and targeted both at financial professionals and non–finance managers. These range from lectures to audiences of 120+ accountants, on new developments in IFRS, to workshops for small groups of 6–12 business managers on practical budgeting.

Peter also regularly delivers courses on audit and internal control. He provides training on external audit methodology for a number of mid–tier UK accountancy firms, including Beever & Struthers Accountants and UHY Hacker Young. He has also worked with a number of UK corporates on internal control implementation, notably Welcome Break Group. Since leaving FTC in 2003, Peter has specialised in the provision of training and management development programmes to business professionals.

Richard Minogue

A financial management, internal audit and investigation expert with over 35 years experience. A former Head of Audit for a major telecommunications company and a forensic auditor who had led high profile investigations into money laundering, bribery, embezzlement and fraud.

Dr Sarah Blackburn

Dr Sarah Blackburn is an experienced Non-Executive Director and Audit Committee Chairman with over 25 years of practical internal audit experience. After external audit training at KPMG, Sarah moved into internal audit in retail – holding positions at Sainsbury’s and then Argos (now Home Retail Group) – where she was Head of Group Internal Audit. She was again Head of Group Internal Audit at Kingfisher plc before moving to RAC and then becoming Head of Global Audit and Assurance at Exel plc (now part of DHL).

Sarah is currently a Director at the Wayside Network Limited and was the President of the Chartered Institute of Internal Auditors from 2009-2010. She has written three books about risk management and internal audit and has a doctorate in project management. Currently an independent director of the RICS and a global board director of IIA Inc., she has been a board member and chaired the audit committee in two UK central government bodies and an NHS Foundation Trust.


90

Steve Biskie CGMA, CPA, CITP, CISA

Steve Biskie is co–founder of High Water Advisors, a consultancy that helps organizations improve governance, risk management, compliance (GRC) and audit processes. He specializes in transforming inefficient, outdated, and compartmentalized processes and technologies to optimize GRC and audit performance and generate tangible value. A leader in the audit and compliance space for more than 20 years, Mr. Biskie has become most well–known for his work helping Fortune Global 500 organizations understand and manage the risks within complex ERP systems such as SAP and Oracle. Additionally, he is a thought leader and strategic expert on implementing high–value, sustainable analytics and continuous auditing program.

Steve Rimell

Steve has over 20 year’s practical experience in information systems auditing. He has extensive experience as an Audit Manager, running a commercial IS audit service, with extensive3 knowledge of the security and control of UNIX, Oracle, Windows, and networking environments such as TCP/IP. He is also a founding member of the Institute of Information Security Professionals (IISP).

An enviable reputation as the most respected authority in the UK with over 20 year’s practical experience in information systems auditing. Specialising in the more technical aspects of information systems audit, Steve has extensive knowledge of the security and control of UNIX, Oracle, Windows, and networking environments such as TCP/IP.

Veronica Morino

Veronica Morino has a BA in Sociology of Work and Economics and a Masters Degree in Organizational Science from the University of Rome. She has worked for the last 15 years with organisational effectiveness. In the last 8 years Veronica has helped develop anti-fraud and corruption programs for several international companies. This allowed her to combine the work she had been doing earlier with organisational culture with her experiences as an investigator. Veronica has lead the production of multimedia solutions for integrity awareness programs (including web-based, drama and live trainings), helped with the development of leading indicators to predict and prevent where fraud will strike and also specialised in models to assess corporate resistance and resilience to fraud and corruption.

WWW.MISTI.COM +44 (0)20 3819 0800

91

JANUARY LOCATION PAGE25-28 Jan Fraud Audit School London 51

MARCH LOCATION1-3 Mar 8th Chief Information Security Officer Middle East Summit & Roundtable Dubai 807-11 Mar Chief Internal Auditors’ Symposium Cape Town 2713-15 Mar Risk Based Internal Auditing Abu Dhabi 1913-16 Mar Risk Based IT Auditing Dubai 6214-16 Mar Fundamentals of Internal Auditing Amsterdam 1117-18 Mar Audit Report Writing Amsterdam 12TBC Mar Auditing the Supply Chain, Suppliers and Outsourced Functions London 3621-23 Mar Internal Auditors Role in Preventing Fraud London 5514-17 Mar Auditing and Securing Virtualised Environments London 66

APRIL LOCATION

4-6 Apr Auditing Techniques For Lead Auditors London 146-8 Apr Auditing Governance, Strategy, Ethics and Risk Management London 2911-13 Apr COSO: How to Implement the Revised Internal Control Framework London 3318-20 Apr Enterprise Risk Management London 3121-22 Apr Managing Strategic and Reputational Risk London 32TBC Apr Auditing and Preventing Fraud in Procurement Africa 3525-28 Apr Business Process Auditing London 3811-13 Apr Forensic Auditing London 5625-29 Apr IT Audit School London 614-8 Apr Auditing and Controlling Oracle Databases London 6719-22 Apr Audit & Risk World 2016 Amsterdam 79

MAY LOCATION

16-20 May Internal Audit School London 13TBC May Value for Money and Performance Auditing Africa 232-6 May Chief Internal Auditors’ Symposium Asia 279-12 May Audit Leadership School London 281-3 May Auditing Human Resources Dubai 3423-26 May Introduction to Bank Internal Audit School London 429-11 May Fraud Testing: Integrating Fraud Detection into your Audit Programme London 5212-13 May Fraud Data Mining London 5310-13 May Audit and Security of Networks, Operating Systems and Databases Amsterdam 658-10 May Auditing and Securing SAP ERP Central Component (ECC) and SAP R/3 Dubai 6911-12 May Advanced Technical SAP Audit Dubai 7011-13 May 13th CISO Summit & Roundtable Stockholm 80

INDEX


92

JUNE LOCATION PAGE

6-9 Jun Auditing Major Projects and Change Programmes Amsterdam 3727-29 Jun Internal Audit Quality Assurance London 2530 Jun-1 Jul Consultancy Skills for Auditors London 26

JULY LOCATION

5-7 Jul CISO Australia 2016 Sydney 8025-27 Jul Risk Based Internal Auditing London 1928-29 Jul Developing the Annual Audit Plan London 20TBC Jul Auditing Risk Management and Basel II and III London 4425-29 Jul The MIS Fraud and Corruption Summer School London 5718-20 Jul Forensic Auditing Amsterdam 5611-15 Jul IT Audit School Amsterdam 61

AUGUST LOCATION

1-5 Aug InfoSec World – Europe Amsterdam 8015-19 Aug Internal Audit School London 131-5 Aug Chief Internal Auditors’ Symposium London 271-5 Aug Auditing Emerging Cyber Threats London 398-11 Aug Audit Leadership School Amsterdam 2815-17 Aug Enterprise Risk Management London 3118-19 Aug Managing Strategic and Reputational Risk London 328-11 Aug Auditing the Treasury and ALCO London 4322-25 Aug Asset Management Internal Audit School London 4522-26 Aug IT Audit School London 61TBC Aug Advanced IT Audit School London 63

SEPTEMBER LOCATION5-7 Sep Communication and Influencing Skills for Internal Auditors London 185-7 Sep Project Management for Internal Auditors London 175-7 Sep Financial Analysis for Internal Auditors London 2426-28 Sep Enterprise Risk Management Asia 3129-30 Sep Managing Strategic and Reputational Risk Asia 32TBC Sep Auditing and Preventing Fraud in Procurement Dubai 35TBC Sep Auditing the Supply Chain, Suppliers and Outsourced Functions London 3619-21 Sep Financial Auditing using IFRS London 4619-21 Sep Fraud Testing: Integrating Fraud Detection into your Audit Programme London 5222-23 Sep Conducting an Internal Fraud Investigation London 5410-14 Sep Auditing and Securing SAP ERP Central Component (ECC) and SAP R/3 London 69

OCTOBER LOCATION

3-5 Oct Auditing Techniques for Lead Auditors London 149-11 Oct Fundamentals of Internal Auditing Dubai 1112-13 Oct Audit Report Writing Dubai 1231 Oct- 2 Nov Six Sigma Skills For Internal Auditors London 15

WWW.MISTI.COM +44 (0)20 3819 0800

93

2-4 Oct Audit Efficiency And Effectiveness London 1610-12 Oct Bank Credit Internal Audit School London 473-7 Oct IT Audit School Africa 6117-19 Oct COBIT 5: Governance of IT London 6417-19 Oct Auditing, Governance, Strategy and Risk Management London 2917-20 Oct Risk Based IT Auditing London 6220-21 Oct Auditing Ethics, Culture, Conduct And Reputational Risk London 303-5 Oct COSO: How to Implement the Revised Internal Control Framework London 3324-26 Oct Forensic Auditing London 5624-27 Oct Business Process Auditing London 38

NOVEMBER LOCATION3-4 Nov Auditing Ethics, Culture, Conduct and Reputational Risk Africa 303-5 Nov Auditing Techniques for Lead Auditors Dubai 146-9 Nov Introduction to Bank Internal Audit School Dubai 417-10 Nov Auditing Major Projects and Change Programmes London 377-9 Nov 5th CISO Asia Summit & Roundtable Singapore 807-9 Nov 4th Fraud, Corruption & Investigations Asia Summit Singapore 797-9 Nov Auditing the Manufacturing Process London 407-11 Nov Internal Audit School Africa 137-11 Nov The MIS Fraud and Corruption Summer School Africa 578-11 Nov Audit and Security of Networks, Operating Systems and Databases London 6513-15 Nov Internal Auditor’s Role in Preventing Fraud Dubai 5514-16 Nov Continuous Auditing - Making The Change London 2113-17 Nov IT Audit School Dubai 6117-18 Nov Successful Data Analytics for Internal Auditors London 2220-24 Nov Chief Internal Auditors’ Symposium Dubai 2721-25 Nov Auditing and Controlling Oracle Databases London 6721-25 Nov IT Security Managers’ Academy London 7530 Nov- 2 Dec

Audit Leadership School Dubai 28

31 Nov - 2 Dec

Auditing, Governance, Strategy and Risk Management Africa 29

TBC Nov Auditing Risk Management and Basel II and III London 44

DECEMBER LOCATION5-7 Dec Fundamentals of Internal Auditing London 115-7 Dec Risk Based Internal Auditing Amsterdam 198-9 Dec Audit Report Writing London 128-9 Dec Developing the Annual Audit Plan Amsterdam 2012-16 Dec Auditing Emerging Cyber Threats London 3912-14 Dec Internal Audit Quality Assurance London 2512-14 Dec Enterprise Risk Management Amsterdam 3115-16 Dec Consultancy Skills for Auditors London 2615-16 Dec Managing Strategic and Reputational Risk Amsterdam 325-9 Dec The Corporate and Cyber Security Masterclass London 76


94

Documents

Published 2015 2016 CATALOGUE · 2015 CATALOGUE OFEVENTS INTERNAL AUDIT & RISK MANAGEMENT INFORMATION SECURITY FRAUD / IT AUDIT ... MISTI is an accredited member of CPD UK – specialising