September 14 15, 2015 Grand Hyatt, Washington DC Documents/2015-FSE-Abs-and-Bio.pdf · September 14‐15, 2015 | Grand Hyatt, Washington DC AY Magazine as its “Most Powerful Man”

September 14‐15, 2015 | Grand Hyatt, Washington DC

Monday Sept. 14, 2015 9:00–10:30 AM

GS 1 A Conversation with Representative Hill – A Financial Services Perspective The Honorable French Hill Congressman, Arkansas’s Second Congressional District U.S. House of Representatives In this session, participants will:

Get an overview of how the current regulatory framework is impacting the financial services industry.

Receive an update of proposals now pending in Congress that would impact the current regulatory framework in the financial services industry.

Understand the impact these regulations and proposed changes could have on the internal audit profession.

U.S. Rep. French Hill began his first congressional term in 2015 and serves on the U.S. House Committee on Financial Services. Prior to his congressional service, Rep. Hill was actively engaged in the Arkansas business community for more than 20 years as a commercial banker and investment manager. He was founder, chairman, and CEO of Delta Trust & Banking Corp., which recently merged with Arkansas-based Simmons First National Corp. Earlier in his career, he served as a senior official in the administration of President George H.W. Bush. From 1989 until 1991, Hill served as deputy assistant secretary of the Treasury for Corporate Finance. He also led the design of U.S. technical assistance to the emerging economies of eastern and central Europe in the areas of banking and securities after the fall of the Berlin Wall. Rep. Hill was appointed as executive secretary to President Bush’s Economic Policy Council (EPC), and for his leadership and service at the Treasury and the White House, he was awarded the Distinguished Service Award in 1993. Prior to his Executive Branch service, Rep. Hill served on the staff of then-U.S. Senator John Tower (R-TX) as well as on the staff of the U.S. Senate Committee on Banking, Housing, & Urban Affairs. Throughout his career, Rep. Hill has been active in local civic affairs, having received the Hanlon Award by the City of Little Rock for Outstanding Business Leader for the arts and humanities in 2002, and the Arkansas Heritage Award from Gov. Mike Beebe at the Annual Governor’s Conference on Tourism in 2007. In 2010, he was selected by


AY Magazine as its “Most Powerful Man” in business in Arkansas, and in 2013, he was named the Top Manager of the Year by the Sales and Marketing Executive International. Rep. Hill has been a contributor to CNBC, CNN, FOX, and NPR on political and economic policy matters. Learning Level: Intermediate Learning Field: Auditing

Monday Sept. 14, 2015 11:00 AM–12:00 PM

CS 1-1 Demonstrating Dynamic Risk Assessment and Audit Planning Agility Stephanie Withers Managing Director Sun Trust Bank In this session, participants will:

Explore continuous monitoring to proactively identify emerging and changing risks.

Discuss top-down and bottom-up risk assessment, including horizontal risk assessment.

Review guidance, criteria, and tools to assess risk. Consider audit plan analysis and reporting, such as universe completeness

and capacity. Stephanie Withers has 24 years of experience in risk management, data analytics, audit, finance, accounting, as well as managing multibillion dollar debt and investment portfolios. She has been with SunTrust Bank for 10 years, the latter half in internal audit as managing director responsible for risk assessment/annual planning, data analytics, and auditing risk management; serving the first half heading finance/corporate treasury operational risk management and reporting/analytics. Withers worked for 11 years for Coca-Cola Enterprises in corporate treasury, finance, and audit. She started in accounting with Guardian Industries. Learning Level: Beginner


Learning Field: Auditing

Monday Sept. 14, 2015 11:00 AM–12:00 PM CS 1-2 Navigating the Regulatory Landscape Impacting Insurance Holding Companies Wayne Cimons Counsel State Farm In this session, participants will:

Learn how the Federal Reserve Board achieved supervisory power to set capital standards for certain types of insurance companies.

Understand how oversight of insurance in Washington and within international standard-setting bodies can influence the supervision of your company.

Gain insights into emerging federal laws and rules that can influence the audit function, from hiring practices to risk management.

Wayne Cimons serves in State Farm's Federal Affairs office in Washington, D.C, with primary responsibilities including leading a weekly interdepartment group responsible for managing Dodd-Frank implementation matters and developing regulatory and legislative responses to emerging Dodd-Frank matters, such as systemic importance designations and saving and loan holding company capital requirements proposed by the Federal Reserve. Cimons has more than 30 years of legislative and regulatory experience at the state, federal, and local levels. He served as congressional staff in both the House and Senate, and was appointed director and counsel for New York State Office of Federal Affairs by Governor George Pataki. In 2000, Cimons moved to the insurance industry as AIG's associate general counsel for federal affairs and managed areas including privacy, federal insurance modernization, and enactment of the Terrorism Risk Insurance Act. Learning Level: Intermediate Learning Field: Auditing


Monday Sept. 14, 2015 11:00 AM–12:00 PM CS 1-3 Top Risk Dialogue Facilitator: Mark Sparano Chief Audit Executive US Bancorp

In this session, participants will:

Discuss increased audit regulatory demands and complexities. Debate data management approaches and strategies. Explore challenges to attracting, retaining, and developing talent. Our

paradigms are shifting. Engage in a sharing session to discuss “top risks” being faced by colleagues.

Mark Sparano has experience in public accountancy, internal audit and risk management, all in the financial services industry. Over the course of his career, he led professionals at KPMG, Bankers Trust, and Charles Schwab. Currently, he leads more than 250 internal audit professionals at U.S. Bank. Prior to joining U.S. Bank in 2010, he served as chief audit executive for Mellon Financial Corporation [Mellon Bank] as well as chief risk officer for U.S. Trust. Learning Level: Intermediate Learning Field: Auditing

Monday Sept. 14, 2015 1:30–2:30 PM CS 2-1 Talent Management: Create & Keep Your Winning Team Mark Carawan Chief Audit Executive Citigroup



Discuss what makes a “winning” internal audit team.

Explore the importance of an environment or culture that encourages team members to thrive and innovate.

Share tips for stepping up talent acquisition strategies and more importantly, how to keep and challenge the good ones.

Mark Carawan joined Citigroup in 2011 as Citigroup chief auditor and managing director responsible for the internal audit department. He is now responsible for internal audit’s delivery of assurance on governance, risk management, and control across Citigroup globally to executive management and the board. Prior to joining Citi, Carawan served as chief internal auditor for Barclays Group where he led a major transformation of their internal audit function. Previously, he served as managing partner responsible for enterprisewide assurance to wholesale financial services institutions at Deloitte (UK). Prior to joining Deloitte, Carawan was managing partner for Andersen’s global Privatisation and Emerging Markets practice. He serves on the board and as deputy president of the Chartered Institute of Internal Auditors, and is chairman of The IIA's Certified Financial Services Auditor qualification committee. Learning Level: Advanced Learning Field: Auditing

Monday Sept. 14, 2015 1:30–2:30 PM CS 2-2 Risk-Assess Change Initiatives and Augment Your Audit Plan Holly Millner Managing Director AIG



Identify criteria used to risk assess organizational/IT changes for inclusion in the audit plan.

Debate the worth of factors such as size and cost and other considerations to weigh in what should be elevated to audit plan status.

Discuss when a major project in the audit plan should include more than "project management" elements.

Talk about how to use or bend the existing “standard frameworks” to assess risks that don’t seem to fit inside the box.

Holly Millner is a Managing Director in the Internal Audit Division of the American International Group (AIG). Prior to this, she was a Partner with Ernst & Young (EY) in Melbourne, Australia, where she led multiple internal audit engagements focused on technology, finance, and operations. Holly is a Certified Information Systems Auditor (CISA), member of Information System Audit and Control Association (ISACA) and former Philadelphia board member, and a member of the Institute of Internal Auditors (IIA). Learning Level: Beginner Learning Field: Auditing

Monday Sept. 14, 2015 1:30–2:30 PM CS 2-3 Emerging Practices for Assessing Risk Management Effectiveness Tom Lawless Partner, Process & Controls Services Leader EY Facilitator: Mark Sparano Chief Audit Executive US Bank SPEAKER ABSTRACT


Tom Lawless provides clients with internal audit assistance, risk and controls improvement as well as assistance with other process and controls-related initiatives. He is responsible for leading and directing the company’s go-to-market internal audit initiatives as well as managing its national internal audit resources. Lawless has been the lead engagement partner on many internal audit quality assessment reviews and has served as the lead delivery partner on numerous internal audit cosource engagements. He also works closely with general auditors at the nation’s largest institutions advising on internal audit strategy, regulatory considerations, and people development. Lawless also works with regulators on understanding the expectations of implementing new internal audit guidance issued in 2013 by the Board of Governors of the Federal Reserve System in the U.S. and the Chartered Institute of Internal Auditors in the U.K. Mark Sparano has experience in public accountancy, internal audit and risk management, all in the financial services industry. Over the course of his career, he led professionals at KPMG, Bankers Trust, and Charles Schwab. Currently, he leads more than 250 internal audit professionals at U.S. Bank. Prior to joining U.S. Bank in 2010, he served as chief audit executive for Mellon Financial Corporation [Mellon Bank] as well as chief risk officer for U.S. Trust. Learning Level: Advanced Learning Field: Auditing

Monday Sept. 14, 2015 2:45–4:00 PM GS 2 Operational Risk: Current Topics And Their Impact on Internal Audit Bethany Dugan Deputy Comptroller for Operational Risk Office of the Comptroller of the Currency In this session, participants will:

Hear what operational risk issues are ‘top of mind’ with federal banking regulators.

See how these topics are connected and part of a holistic risk picture.


Discuss the impact these issues have on the role of internal audit. Beth Dugan oversees policy and examination procedures development addressing operational risk issues, including bank IT. Her department is the focal point for the OCC's core policy platforms that govern how the OCC supervises national banks. Throughout her career at the OCC, Dugan has held leadership roles in examining midsize and community banks as well as large complex financial institutions. She has served as lead examiner for IT and operational risk on the OCC’s exam team at Wells Fargo Bank and led the supervision of technology, operations, audit, Basel II, and enterprise governance. Dugan served as the OCC Southeastern District’s lead IT expert where she managed the IT examination cadre, led specialized IT and operations training, and participated in the development of technology and operational risk policies and guidance. She joined the OCC in 1987 supervising all aspects of community and mid-size national banks throughout the southeastern and mid-Atlantic region. Prior to the OCC, Dugan served as examiner-in-charge of Citizens Bank, NA, where she managed a team of examiners covering all disciplines, products, and aspects of the bank. Learning Level: Intermediate Learning Field: Auditing

Monday Sept. 14, 2015 4:30–5:30 PM GS 3 Sound Bites: Hot Topics in Financial Services Internal Audit Facilitator: Timothy Burniston Executive Vice President, Risk & Compliance Wolters Kluwer Audit In this session, participants will:

Discuss internal audit’s reliance on other lines of defense. Explore strategies and tactics to elevate the audit function. Debate the concept of combined assurance as it relates to an organization’s

Compliance function.


Share strategies on delivering audit value through analytics. Learn keys to identifying root causes.

Timothy Burniston draws from more than 35 years of experience with the Federal Reserve Board (Fed), Federal Deposit Insurance Corporation (FDIC), and Office of Thrift Supervision (OTS) to assist compliance and risk management executives navigate today’s post-Dodd-Frank regulatory environment. Prior to joining Wolters Kluwer, Burniston was a senior associate director with the Federal Reserve Board’s Division of Consumer and Community Affairs. While with the Fed, he was tapped by the U.S. Department of the Treasury to help develop the new Consumer Financial Protection Bureau’s large depository institution examination program. He began his regulatory career as an analyst and consumer compliance examiner with the Federal Reserve Bank of New York in 1977 and joined the Fed’s Division of Consumer and Community Affairs shortly thereafter. Burniston left the Fed in 1988 to establish the compliance examination program at the OTS. In 2000, he joined the FDIC to oversee a major redesign of that agency’s consumer compliance examination program, returning to the Fed in 2005. Presenters: Reliance on Other Lines of Defense Celeste Garcia Associate General Auditor BB&T In this session, participants will:

Understand the definition of an "other assurance providers." Describe the varying levels of reliance on other assurance providers within an

overall reliance framework. Examine the principles of reliance in determining the level of reliance to be

placed on other assurance providers. Gain knowledge related to expectations for documentation, approval, and

communication of reliance activities. Describe ongoing monitoring activities of assurance providers on which reliance

has been placed. Celeste Garcia provides leadership for audit policy, board reporting, quality assurance, talent management, and technology. Since joining BB&T in 2010, she has


also served as the associate general auditor‒strategic initiatives and the financial management audit manager. Prior to joining BB&T, Garcia was a senior manager at EY. Key Considerations for Elevating the Audit Function Anita O'Dell Senior Vice President Deputy Chief Auditor TD Bank In this session, participants will:

Understand attributes that are key to successful audit functions.

Learn methods to gauge the current state of an organization’s audit functions.

Identify areas with the audit function that would benefit from enhancements and improvements.

Explore potential challenges to implementing changes and develop strategies to mitigate or circumvent them.

Anita O'Dell has more than 26 years of internal audit experience with various financial institutions. In her current role, she supports the chief auditor, leads the senior leadership team that influences division objectives and strategies, maintains key stakeholder relationships. And is responsible for design and execution of certain segments of the audit plan that impact overall corporate functions. Combined Assurance With Compliance in a Highly Regulated Company Suzanne Sainato Chief Audit and Compliance Officer Symetra Financial In this session, participants will:

Explore the different ways compliance programs are structured in terms of reporting

relationships and scope. Discuss how the structure and compliance function scope affects internal audit's

assurance activity.


Review assurance roles for compliance and internal audit on regulatory matters and

how that affects board reporting. Identify strategies for compliance program assessments when compliance reports to

the CAE. Suzanne Sainato leads the internal audit and compliance departments, which evaluate operational, regulatory, and financial reporting risks and controls. Her career includes roles as the chief compliance officer for Pan-American Life Insurance Company's Domestic Markets division; an insurance product and litigation attorney at MetLife; and an insurance and securities litigator at Simpson Thacher & Bartlett. She is a member of the board of directors for Symetra Securities Inc. and the Bellevue College Foundation. Delivering Audit Value Through Analytics Akil Bishop Senior Director Advanced Analytics IBC In this session, participants will: In today’s world, audit functions require robust, adaptable strategies to deal with increased demands and expectations. Audit strategy must address:

Discuss the importance of having an agile talent base and strong resource management.

Explore the reasons to shift from historical analysis to predictive analysis. Identify how internal audit’s value can increase through more comprehensive

and frequent reviews. Learn ways to achieve tighter integration across all three lines of defense while

maintaining objectivity and independence Akil Bishop provides leadership to a team of 16 professionals in delivering key services in data analytics, data management, continuous auditing and monitoring, and process engineering. He successfully developed a transformational strategy and road map to mature and improve the internal audit analytics capabilities and championed the shift in internal audit strategies and operations to become more data-driven, deploying enhanced analytical approaches to procedures and processes.


Finding the First Domino: The Key to Identifying Root Cause Robert Mainardi President Mainardi & Company In this session, participants will:

Discuss the importance of defining, identifying, and treating the disease ‒ or root cause ‒ of a problem.

Learn how to avoid the temptation of merely fixing the symptoms. Explore and effective approach to working with customers to identify root

causes and partnering to effect change.

Robert Mainardi started his own consulting company after 21 years of working in the internal audit profession in the financial services industry. His company develops and facilitates custom internal audit training as well as evaluates, creates, and implements formal audit methodologies including continuous auditing programs. Previously, Mainardi was the vice president of internal audit for the Penn Mutual Life Insurance Co and also served in audit leadership roles for The Vanguard Group, Aetna, and Prudential Insurance. He is the author of Harnessing the Power of Continuous Auditing. Mainardi is an active member of The IIA, having served as a distinguished faculty member for more than 20 years as well as a popular speaker at The IIA’s All Star conference and other events. Mainardi has merited the Six Sigma Green Belt certification; earned the Qualification in Control Self-Assessment; and is certified to perform Quality Assessment reviews. Learning Level: Intermediate Learning Field: Auditing

Tuesday Sept. 15, 2015 9:00–10:30 AM GS 4 Lessons Learned From Heightened Standards & SR 13-1 and Key Future Focus Areas Facilitator: Richard Chambers


President & CEO The IIA Panelists: Steve Merriett Chief Accountant Federal Reserve Board Molly Scherf Deputy Comptroller Large Banks Office of the Comptroller of the Currency In this session, participants will:

Gain insights into regulatory expectations for internal auditors and board audit committees.

Learn how peers are addressing common issues, such as demonstrating credible challenges, leveraging third-parties and other assurance groups, and auditing an organization’s culture.

Gain an understanding of the most common regulatory findings related to internal auditing.

Richard Chambers has more than four decades of internal audit and related experience. Previously, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon. Chambers currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; the Audit Board of the City of Orlando, Fla.; The IIA Internal Audit Standards Board; and The IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today named him one of the Top 100 Most Influential People in Accounting as well as one of 10 tweeters worth following. The National Association of Corporate Directors (NACD) named him one of the most influential leaders in corporate governance. Chambers authored the award-winning book, Lessons Learned on the Audit Trail.


Steve Merriett is responsible for advising the Federal Reserve governors and senior board staff on the implications of key accounting, auditing, and reporting issues facing the banking and insurance industries. He is the senior Federal Reserve Board official responsible for the development of policy positions on domestic and international accounting, auditing, reporting, disclosure, and related internal control issues affecting the banking and insurance industries. Molly Scherf oversees the large bank lead expert, shared national credit, data analytics, and systems teams. She also works with other OCC divisions and regulatory peers to develop supervisory guidance and regulation. Scherf has 25 years of bank supervision experience across institutions ranging from $50 million to $2 trillion in assets. She previously served as the OCC’s Large Bank Lead Expert for Governance and ERM. In this role, Scherf led the OCC working group that developed the OCC Heightened Standards for Governance and Risk Management. As an examiner, she has reviewed all aspects of bank risk management and specialized in information technology and retail credit. Learning Level: Intermediate Learning Field: Auditing

Tuesday Sept. 15, 2015 11:00 AM–12:00 PM CS 3-1 Using COSO 2013 to Align Thematic Risk and Control Identification Barb Bergmeier Chief Internal Auditor Mutual of Omaha In this session, participants will:

Learn to classify control issues according to root causes and align them with the principles identified in the COSO 2013 Framework.

Analyze thematic control issues to help formulate an accurate opinion on the entities’ internal control environment.

Discuss measuring and reporting on thematic control issues.


Talk about communicating with audit committees on trends and changes in thematic control issues and the control environment.

Barb Bergmeier has nearly 30 years of auditing experience, primarily in the financial services industry, and served in a CAE role for more than 20 years. Since 2011, Bergmeier has served as the chief internal auditor for the Mutual of Omaha Companies and is responsible for evaluating and providing assurance over the governance, risk management and internal control processes of Mutual of Omaha Insurance Company and its insurance, banking, real estate and broker-dealer subsidiaries. Learning Level: Intermediate Learning Field: Auditing

Tuesday Sept. 15, 2015 11:00 AM–12:00 PM CS 3-2 Connect the Dots: The Three Lines of Defense Chris Paulison Partner Grant Thornton LLP In this session, participants will:

Explore leading practices and application related to maturing the Third Line of Defense.

Use case study examples to learn how to leverage the Second Line of Defense. Identify what is needed to help ensure limited resources are used effectively in

the identification, assessment, and management of key risks. Chris Paulison is the national leader of the Financial Services Center of Excellence (COE) for internal audit at Grant Thornton and has more than 25 years of audit, compliance, and risk management experience in financial services. Paulison served as partner in a Big 4 firm where he led its internal audit/risk practice for the Midwest region in financial services, and also served as chief audit executive for a Fortune 20 company. Learning Level: Intermediate


Learning Field: Auditing

Tuesday Sept. 15, 2015 11:00 AM–12:00 PM CS 3-3 Embedding Risk Culture Considerations Into the Audit Process Stacy Juchno General Auditor PNC Brian Portman Auditor EY Facilitator: Kevin Ryan Chief Risk Review Officer & General Auditor Key Corp In this session, participants will:

Review risk governance practices that are clearly articulated and well understood; roles that are well defined for the board, the chief risk officer, and the risk management function; and frameworks that are independently assessed.

Explore risk appetite as a framework that is board-approved and embedded in business decisions through the organization.

Discuss compensation practices that are aligned with effective risk management.

Stacy Juchno is responsible for all aspects of the internal audit function providing assurance on the effectiveness of PNC’s risk management, control, and governance processes to the audit committee and board of directors. Prior to being named to her current position in 2013, she served as senior vice president and Finance Governance and Oversight director responsible for the oversight of enterprisewide Sarbanes-Oxley section 302 and 404 activities, including the reporting of relevant matters to the


steering committee, disclosure committee, and audit committee. In addition, Juchno led the defense activities to support the Finance Basel, CCAR, and regulatory reporting processes. Her role also included coordinating and monitoring compliance of the enterprise and operational risk programs impacting finance. She was named executive vice president in 2014. Prior to joining PNC in 2009, Juchno was the director of regulatory compliance for a publicly traded telecommunication company in Pittsburgh, where she implemented the Sarbanes-Oxley 302 and 404 requirements and performed the internal audit function. She also worked at Ernst and Young for five years as an audit manager planning and performing external audit services of high-tech, hospitality, food and beverage, retail and manufacturing companies with both domestic and international operations. Brian Portman has nearly 17 years of management experience and 10 years of experience in the financial services industry serving clients in the areas of internal audit, compliance, and risk management. He currently leads several internal audit co-source and outsourcing arrangements and has hands-on experience in the development and implementation of risk assessment and audit execution processes and frameworks. Prior to joining EY, Portman worked as a bank examiner with the Office of the Comptroller of the Currency, where he conducted examinations of national banks to ensure compliance with federal banking regulations. Kevin Ryan is responsible for managing all risk review (internal audit and credit risk review) activities at KeyCorp and serves as a member of the organization’s Executive Council. He is a licensed Securities Registered Representative (Series 7) and Principal (Series 24). He is a former board member of The IIA's Internal Auditing Standards Board and currently serves as a member of The IIA's Financial Services Advisory Board. Learning Level: Intermediate Learning Field: Auditing

Tuesday Sept. 15, 2015 12:00–1:30 PM GS 5: Lunch & Learn: A Closer Look at Common Body of Knowledge (CBOK) Financial Services Unique Characteristics and Challenges Jennifer Burke Partner


Crowe Horwath, LLP Member The IIA's Financial Services Auditor Board Steve Jameson Executive Vice President and Chief Internal Audit & Risk Officer Community Trust Bank In this session, participants will:

Hear about current regulatory challenges in the financial services industry. Learn about how audit and risk committee agendas are expanding to cover

more challenges. Gain insight into how the elevation of internal audit has created new

challenges. Discuss how increased technology risks are impacting internal auditors. Learn how use of the Three Lines of Defense Model is expanding. Identify new twists on internal audit resource challenges.

Jennifer Burke has more than 25 years of experience in financial services auditing both with Crowe and as a CAE at a $3 billion financial institution. She works with financial services organizations of all sizes, from community banks and credit unions to multi-billion dollar institutions. Burke is a nationally recognized speaker and has presented at numerous IIA conferences. As a member of The IIA’s Financial Services Advisory Board, Burke helps plan and deliver products and services to auditors who specialize in the financial services industries. Steve Jameson is responsible for the internal audit, ERM, loan review, compliance, and security functions. He has more than 27 years of experience as an internal audit professional in the financial services industry and three years in public accounting. Jameson has been involved in starting two internal audit functions, consolidating decentralized internal audit groups, merging audit functions during acquisitions, and reorganizing existing audit functions. He has coordinated outsourced internal audit engagements, external audit services, and regulatory examinations for each of the financial institutions where he was employed. Jameson’s extensive experience also includes serving as liaison to COSO, IFAC, and FFEIC on various projects to develop structural frameworks, guidance, and policies. He served on the Board of Environmental, Health & Safety Auditor Certifications and on numerous IIA boards and committees including the Financial Services Advisory Board, CBOK Steering


Committee, Professional Issues Committee, Professional Practices Group, and the Research Foundation’s Board of Trustees. He also spent one year with the World Bank’s internal audit department. Learning Level: Intermediate Learning Field: Auditing

Tuesday Sept. 15, 2015 1:30–:30 PM CS 4-1 A Road Map for Success: Quality Assurance Programs James Farmer Managing Director KPMG J. Michael Flynn Vice President and Group Audit Manager Fifth Third Bancorp Julie Gerlach Managing Director KPMG In this session, participants will:

Learn methods to assess the maturation of an organization’s quality assurance program.

Get a rundown of leading practices for other organization’s quality assurance programs.

Receive guidance on regulatory expectations for quality assurance programs.

Jim Farmer serves in KPMG’s Internal Audit Risk & Compliance Services practice, specializing in managing complex internal audit activities, Sarbanes-Oxley 404 assistance, regulatory compliance, risk assessment, process improvement, and "leading practices" identification. His experience includes leading quality assessment reviews (QARs) of the internal audit function at a number of global financial services


institutions. QARs Farmer has participated in included assessments against The IIA’s Standards, industry leading practices, and regulatory expectations (e.g., FRB SR13-1, OCC Heightened Standards for Large Financial Institutions). Mike Flynn leads the internal audit division’s Professional Practices Group, which is responsible for overseeing, facilitating, and continuously improving various departmental administrative and infrastructure activities and initiatives. Prior to joining Fifth Third Bank, Flynn was a senior manager in EY’s internal audit services group. In that role, he was responsible for the business development and service delivery of internal audit services to financial services companies within the firm’s Ohio Valley Area. Flynn began his professional career as a staff auditor with EY and eventually became an audit senior manager, performing financial statement audits as part of the firm’s assurance and advisory business services group. Julie Gerlach has more than 15 years of experience in internal auditing and advisory services. Her areas of experience include establishing and transforming internal audit functions, internal audit cosourcing assistance, Sarbanes-Oxley 404 advisory assistance, and performing strategic reviews of internal audit functions. During her career, Gerlach has provided internal audit cosource and Sarbanes-Oxley assistance services to clients in industries including financial services, manufacturing, and distribution. She has managed cosourced internal audit functions and has lead teams in controls documentation and testing engagements. Learning Level: Intermediate Learning Field: Professional Practice Exchange

Tuesday Sept. 15, 2015 1:30–2:30 PM CS 4-2 CCAR: Lessons Learned in the Banking Industry Walter Smiechewicz Managing Director PwC Bibhu Prasad Mishra Director


PwC Kenneth Evola Managing Director PwC In this session, participants will:

Review lessons learned from 2014 submissions. Discuss potential regulatory themes for 2015. Gain ideas on how to enhance your approach to the internal audit of these

important areas. Walter Smiechewicz has 25 years of experience as a CRO and CAE in the financial services industry. He is responsible for the internal audit; governance, risk, and compliance; and ERM services in the financial services sector. Smiechewicz oversees internal audit services in PwC's Western Region, and leverages his industry expertise to help companies identify and assess risks and devise cost-effective mitigation and governance strategies consistent with their business objectives. Bibhu Mishra is with PwC’s Risk and Compliance Systems Analytics practice, and has more than 20 years of experience in risk, compliance, and data analytics in the financial services industry. He is a subject matter expert in quantitative risk management, Basel III/II, CCAR/DFAST, business process management, MDM, big data, operation strategy, business architecture, IT/business process outsourcing, IT effectiveness, and IT transformation/strategy. Before joining PwC, Mishra worked with Capital One, Wachovia, Accenture, and EY. Ken Evola specializes in providing integrated skills in the areas of governance, risk management, model development, and model risk management. He focuses on advising financial institutions with practical implementation solutions to complex challenges presented by DFAST (Dodd Frank Stress Testing), CCAR (comprehensive capital analysis and review) for financial firms and capital planning and stress testing for federally insured credit unions with assets of $10 billion or more. Learning Level: Intermediate Learning Field: Auditing


Tuesday Sept. 15, 2015 1:30–2:30 PM CS 4-3 Getting the Most From Meeting Heightened Expectations Jim Tietjen Executive Vice President, Chief Auditor Capital One Financial Bill Chippendale Managing Vice President Capital One Financial In this session, participants will:

• See how to interpret the requirements for internal audit and understand what they mean at the individual level.

• Get strategies for developing a plan to implement valuable enhancements. • Understand how to turn the new requirements into something audit

committees and management will see as added value. • Experience real-life examples from Capital One’s approach.

Jim Tietjen has more than 25 years of banking experience. Prior to joining Capital One in 2008, he served as principal at Deloitte & Touche, responsible for U.S. efforts relative to financial services internal audit at several banking organizations nationwide. Tietjen is a member of The IIA’s Professional Practices Committee. Bill Chippendale oversees audit activities of his organization’s credit card, mortgage, and auto finance businesses. He has 20 years of management consulting and audit experience, assisting and leading audit functions for mid-size and large financial services companies, and others. Chippendale came to Capital One in 2009 from JPMorgan Chase, as their first vice president and director of internal audit. Prior to Chase, his career was spent with Ernst & Young, LLP serving companies mainly in the financial services industry, including clients such as Zions Bancorporation, WaMu, SunTrust, Wachovia, and ING North America. Chippendale has a long history of transforming internal audit functions into world class organizations, implementing the future vision of internal auditing, making significant enhancements in associate development, audit methodologies, and the use of advanced data analytics.


Learning Level: Advanced Learning Field: Auditing

Tuesday Sept. 15, 2015 3:00–4:10 PM GS 6 CAE Panel Discussion: Where Do We Go From Here? Facilitator: David Julian Executive Vice President, Chief Auditor Wells Fargo & Company Mark Carawan Chief Audit Executive CITI Karl Erhardt Senior Vice President & General Auditor MetLife Andrew Jackson CAE Officer TCF Financial Corporation SPEAKER ABSTRACT David Julian assumed his role in 2012, having previously served as director of market and institutional risk and head of corporate credit services for Wells Fargo. Prior to joining Wells Fargo, Julian served as Wachovia’s chief auditor, having risen to that role after serving as chief operating officer for finance, corporate controller and principal accounting officer, and director of corporate accounting and reporting. Julian also served as senior vice president of finance for Forum Corporation, a management leadership company, and worked at Price Waterhouse. He is active in several industry groups and previously served on the Standing Advisory Group (SAG) to


the Public Company Accounting Oversight Board (PCAOB). He is also a former member of the ABA Accounting Committee. Mark Carawan joined Citigroup in 2011 as Citigroup chief auditor and managing director responsible for the internal audit department. He is now responsible for internal audit’s delivery of assurance on governance, risk management, and control across Citigroup globally to executive management and the board. Prior to joining Citi, Carawan served as chief internal auditor for Barclays Group where he led a major transformation of their internal audit function. Previously, he served as managing partner responsible for enterprisewide assurance to wholesale financial services institutions at Deloitte (UK). Prior to joining Deloitte, Carawan was managing partner for Andersen’s global Privatisation and Emerging Markets practice. He serves on the board and as deputy president of the Chartered Institute of Internal Auditors, and is chairman of The IIA's Certified Financial Services Auditor qualification committee. Karl Erhardt manages a worldwide team of more than 300 audit professionals who are responsible for providing objective evaluations and advice on MetLife’s system of internal controls. He also has an independent relationship with the audit committee of MetLife’s Board of Directors. Erhardt has more than 25 years of experience in accounting and operations for insurance, asset management, structured finance, capital markets and derivatives. Before joining MetLife in 2002, he was vice president of internal audit for Ambac Financial Group. Andrew Jackson joined TCF in 2012 as CAE. Previously, he served as CAE of First Horizon National Corporation. He is a member of The IIA’s Financial Services Advisory Board and the Financial Services Conference Board. Learning Level: Intermediate Learning Field: Auditing