1
The Radisson Hotel 205 Wolf Rd
Albany, NY 12205 (518) 458-7250
We have planned an outstanding
conference program that will
give you the chance to:
Customize your registration to fit your
schedule and interests. Choose one, two,
or three days
Earn up to 21 CPE hours at outstanding
educational sessions
Discover innovative solutions and gain
the tools you need to be more effective
Learn leadership secrets from national-
ly recognized industry leaders
Network with colleagues from across
the region
Explore the latest technological
advances in financial management
Stay up to date on issues that affect
your career
Improve your knowledge, skills and
abilities, and increase your promotional
potential.
The Conference That Counts 2018
Conference Overview
The New York Capital Chapter of the Association of Government Account-
ants, The Albany Chapter of The Institute of Internal Auditors, and the
Hudson Valley Chapter of ISACA are proud to host The Conference That
Counts (TCTC) 2018 with a special theme—”Mission: Possible”.
Please join us for an outstanding three-day continuing education event
offering challenging, informative, and exciting sessions designed to help
participants keep pace with changes in information technology, auditing,
fraud, and leadership skills. TCTC 2018 promises to be an excellent learning
and networking opportunity for both new and experienced financial manag-
ers, auditors, and accountability professionals. The program has been devel-
oped to ensure that TCTC 2018 delivers up to the minute, quality education-
al content that meets your high standards and professional needs. Up to 21
CPE hours can be earned by attending all three days.
This is the 23rd TCTC and it has become so popular over the years that you
must register early to ensure you get in. Also, keep in mind that registering
early can mean big savings for your agency or company’s training budget.
See the registration page for details. Business casual attire is appropriate for
this event. Since the conference rooms at the Radisson Hotel can vary in
temperature, we recommend that you dress in layers.
Don’t miss out! Early Bird registration ends 02/16/2018!
AGA IIA ISACA
The TCTC is being held on March 19 – 21, 2018
Radisson Hotel Albany (formerly known as the Holiday Inn)
205 Wolf Rd
Albany, NY 12205
The Continuing Professional Education
(CPE) seminars are being offered by a sponsor
approved by the New York State Board of
Public Accountancy to provide the
mandatory continuing education for
licensed CPAs working in New York.
Check to ensure that the CPE credits
offered meet the requirements of your
certifying organization.
NYS License No. 000329
Conference Dates and Location
Register online at:
http://www.eiseverywhere.com/tctc2018
Registration
Many TCTC presenters are making their presentation material available to
attendees online. They will not be printed for distribution at the conference.
You will find the PowerPoint slides online at
http://www.eiseverywhere.com/tctc2018 about two weeks before the
conference. Please remember to download these presentations and bring
them with you to TCTC 2018.
Get Your Conference Handouts Early
3
AGA IIA ISACA
TCTC 2018 SESSIONS
Monday
March 19, 2018
Session Description
Track General Networking Breaks:
10:00 — 10:30 am & 2:30 — 3:00 pm
Track I (IT) M101: The Small IT Audit Shop: Challenges & Opportunities
8:30 am—10:00 am
Small IT audit shops face many unique challenges among which are limited staff and resources. This could be discouraging,
especially when compared to their much larger counterparts. However challenging small audit life may seem, there is tremen-
dous opportunity to use and implement a manageable number of practical action items that can improve capability and make
the auditor’s professional life more satisfying. Be assured that you can establish, successfully run, and survive in a very small
IT audit function. While the small shop is distinctly different from their bigger brothers, there are also many aspects that
make them similar. In this session, you will learn how to:
• effectively enhance the positive characteristics of a small audit shop
• deliver lasting value
• turn challenges (things that can go wrong) into successes
• determine and achieve your/management's priorities
• focus on material, high-risk issues
• effectively use external providers to fill knowledge gaps
• standardize to support consistency
Speaker: Ross Wescott
Track II (Fraud) M201: Auditing for Internal Fraud
8:30 am—12:00 pm
Most frauds are committed by employees within an organization. This presentation discusses the more common schemes,
legal elements, detection techniques and methods of preventing occupational fraud.
Speaker: Dennis Dycus
Track III (Audit/
Leadership)
M301: Embracing and Evaluating Lines of Defense/Offense 8:30 am— 12:00 pm
Internal audit is commonly referred to as the third line of defense, at least among internal auditors. By understanding risk
management models such as the IIA’s Three Lines of Defense in Effective Risk Management and Control and the linkage to
control frameworks such as COSO’s Internal Control - Integrated Framework, internal auditors will be better prepared to
provide the Board and management a snapshot of the governance of an organization.
During this thought provoking session, gain insight on a model designed to articulate how risk management duties are spread
across the organizations while ensuring accountability and ownership does not get lost in the shuffle.
At the end of this program, attendees will be able to:
• Explain the roles and responsibilities of risk management
• Determine how the lines of defense are, or not, implemented in your organization
• Identify potential areas of blurred responsibilities and independence
• Seek opportunities for collaboration and coordination with others within your organization
Speaker: Gina Eubanks
4
AGA IIA ISACA
Monday
March 19, 2018
Session Description
Track General Monday—Lunch
12:00 pm—1:10 pm
Track I (IT) M102: Taking the Mystery out of IT Audit 10:30 am— 12:00 pm
Speaker: Ross Wescott
Track I (IT) M103: SOX and the IT Auditor
1:10 pm— 2:30 pm
Speaker: Ross Wescott
Track II (Fraud) M201: Auditing for Internal Fraud (Continued)
1:10 pm—2:30 pm
Most frauds are committed by employees within an organization. This presentation discusses the more common schemes,
legal elements, detection techniques and methods of preventing occupational fraud.
Speaker: Dennis Dycus
Track III (Audit/
Leadership)
M302: Strategically Aligning Recommendations
1:10 pm—2:30 pm
Internal audit must constantly work to earn and sustain the status of respected advisor with the board and executive manage-
ment. One way to achieve this status is by linking all internal audit activities to the strategies of the organization, function or
process. The board relies on internal audit to offer recommendations that link to the success of the organization.
At the end of this program, attendees will be able to:
• Link internal audit activities to strategy
• Collaborate with clients
• Develop relevant recommendations management will be excited to implement
Speaker: Gina Eubanks
Track I (IT) M104: Using Cobit5 as an Audit Tool
3:00 pm—4:30 pm
Speaker: Ross Wescott
5
AGA IIA ISACA
Monday
March 19, 2018
Session Description
Track II (Fraud)
M202: Business Ethics 3:00 pm—4:30 pm
In every organization ethics begin with top management. An action may be legal, but is it the right thing to do? This presen-tation addresses how your business ethics guide you in determining your actions as well as the actions of individuals you su-
pervise.
Please note: This session qualifies for required ethics CPEs for AGA, ACFE, IIA, and other certifications, but does not qualify for New York State CPAs.
Speaker: Dennis Dycus
Track III (Audit/
Leadership)
M303: Assessing Organizational Culture 3:00 pm—4:30 pm Internal Audit is in a unique position to provide independent observations about the organization’s culture. A value-added
service internal audit can provide is sharing insights on the organization’s culture to management and stakeholders. This can
range from conducting a specific audit project to including elements in internal audit activities.
At the end of this program, attendees will be able to:
• Explain elements included in the evaluation of culture
• Identify and explore signs of good and bad culture
• Incorporate culture into internal audit activities
Speaker: Gina Eubanks
Track General TCTC Social Event— Location: 205 on Wolf Lounge
4:30 pm—6:30 pm
Join us for a complimentary drink and appetizers to end our first day of TCTC.
AGA IIA ISACA
6
AGA IIA ISACA
Tuesday
March 20, 2018
Session Description
Track General Networking Breaks:
10:00 — 10:30 am & 2:30 — 3:00 pm
Track I (IT)
T101: NIST Cybersecurity Framework Module 1 8:30 am—10:00 am
In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which
called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable,
performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large or-
ganizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of
Standards and Technology (NIST).
In this day-long session we will discover how the framework works, how to implement it and what the proposed changes are
as this framework moves to version 1.1. This session will be an overview of what the framework is, who needs to follow it, why
your company may decide this framework is a good solution to use. We will also demo a free tool to help you understand
where your current weakness is and how you can improve your compliance.
Speaker: Jayson Ferron
Track II (Fraud) T201: GAO's Fraud Risk Framework 8:30 am—10:00 am
In this session, I will provide an overview of GAO’s Fraud Risk Framework including:
• How and why GAO developed the Framework
• The focus on fraud risk (as opposed to fraud)
• How the Framework can be used
• The role of the Fraud Reduction and Data Analytics Act (FRDAA) applying the Framework
• Overview of the 4 components in the framework:
1. Commit 2. Assess 3. Design and implement 4. Evaluate and adapt
• How others can use the Framework (e.g., for audit criteria)
Speaker: Rebecca Shea
Track III (Audit/
Leadership)
T301: The Five Tiers of Audit Competency - How Do You Measure Up 8:30 am—10:00 am
This session will describe the five tiers of auditor competency and how they impact auditor performance and succession plan-ning. She will correlate each of the tiers to specific auditor roles and job functions and discuss approaches you can use to build competency in yourself and others.
By participating in this session, you will be able to:
• Explain the connections between competency development, high impact and value-added auditing, and succession planning
• Acquire insights concerning your own professional competency development
• Develop a plan to leverage and expand your existing competency
• Evaluate your Department’s approach to competency development
• Walk away with tactics you can use to develop audit competency in yourself and others
TARGET AUDIENCE
This session is intended for auditors at all levels who want to hone their own and others’ key performance skills and abilities.
Speaker: Ann M. Butera
7
AGA IIA ISACA
Tuesday
March 20, 2018
Session Description
Track I (IT) T102: NIST Cybersecurity Framework Module 2 10:30 am—12:00 pm
In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which
called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable,
performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large or-
ganizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of
Standards and Technology (NIST).
In this daylong session we will discover how the framework works, how to implement it and what the proposed changes are
as this framework moves to version 1.1. This session will be an overview of what the framework is, who needs to follow it, why
your company may decide this framework is a good solution to use. We will also demo a free tool to help you understand
where your current weakness is and how you can improve your compliance.
Speaker: Jayson Ferron
Track III (Audit/
Leadership)
T202: Applying the Fraud Risk Framework 10:30 am—12:00 pm In this session, I will provide a deeper dive into how we have used the GAO Framework to examine fraud risks in various pro-grams including:
• Highlights from GAO’s review of Social-Security Disability Benefits (initial application of the Framework) and CMS Med-
icaid and Medicare antifraud activities
• Data Analytics in GAO’s review of Medicare Provider Enrollment
• Undercover testing in GAO’s review of ACA Enrollment Controls
• Other reviews using the Framework
Speaker: Rebecca Shea
Track III (Audit/
Leadership)
T302: 3 Ways to Deliver Quality 10:30 am—12:00 pm This interactive working session will expand on the third tier of auditor competency: project management. She will explain
how your values affect your priorities and time management. She will describe several ways you can enhance your planning
and scheduling competencies to manage audits efficiently and effectively and deliver results on schedule.
By participating in this session, you will be able to:
• Acquire insights concerning your attitudes on time management practices and find out if your outlook is helping or hurt-
ing you as you manage audit projects
• Manage time and other resources effectively and efficiently throughout an audit
• Handle and adapt to unforeseen incidents during audits
• Use project management tools to deliver effective and timely results at each stage of the audit or project
TARGET AUDIENCE
This session is intended for auditors who need to achieve useful audit project results on time and within budget.
Speaker: Ann M. Butera
Track General Tuesday—Lunch
12:00 pm—1:10 pm
8
Tuesday
March 20, 2018
Session Description
Track General Networking Breaks:
10:00 — 10:30 am & 2:30 — 3:00 pm
Track I (IT)
T103: NIST Cybersecurity Framework Module 3 1:10 pm—2:30 pm In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which
called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable,
performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large or-
ganizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of
Standards and Technology (NIST).
In this daylong session we will discover how the framework works, how to implement it and what the proposed changes as
this framework moves to version 1.1. This session will be an overview of what the framework is, who needs to follow it, why
your company may decide this framework is a good solution to use. We will also demo a free tool to help you understand
where your current weakness is and how you can improve your compliance.
Speaker: Jayson Ferron
Track II (Fraud) T203: Breaking the Code of Fraud 1:10 pm—2:30 pm Finding fraud scenarios hiding within core business systems requires skillful adjustments in your approach and technique.
Mr. Vona has spent more than 30 years perfecting the science and art of using data analytics to search for fraud scenarios,
which differs from finding data anomalies. He will share his systematic approach to identifying fraud scenarios and their rela-
tionship to data, including planning, pattern recognition and practical applications of analytics.
Learning Objectives:
• Identify fraud scenarios within core business systems by applying data mining techniques
• How fraud concealment and strategy impact your plan, and what adjustments you may need to make to ensure your suc-
cess
• Recognize patterns within the data that may indicate the presence of a fraud scenario
• Use the five critical data elements to effectively identify fraud scenarios
• Determine the frequency of analysis to prevent unnecessary losses across the organization
Speaker: Leonard W. Vona
Track III (Audit/
Leadership)
T303: The Actionable Audit Report 1:10 pm—2:30 pm Do your audit reports produce the desired results? Do your readers feel compelled to act? If you answered no to either of
these questions, then it’s time to sharpen your “report-thinking” and “report-writing” skills to convey credibility and get re-
sults! In this highly-interactive discussion, participants will learn how to:
• Think things through when formulating the audit observation.
• Use and answer the 25 Questions to Report Writing Excellence.
• Develop reports that provide clients with clear, concise information and the impetus to act.
Speaker: Margie Bastolla
AGA IIA ISACA
9
AGA IIA ISACA
Tuesday
March 20, 2018
Session Description
Track General Networking Breaks:
10:00 — 10:30 am & 2:30 — 3:00 pm
Track I (IT) T104: NIST Cybersecurity Framework Module 4 3:00 pm—4:30 pm
In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which
called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable,
performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large or-
ganizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of
Standards and Technology (NIST).
In this daylong session we will discover how the framework works, how to implement it and what the proposed changes are
as this framework moves to version 1.1. This session will be an overview of what the framework is, who needs to follow it, why
your company may decide this framework is a good solution to use. We will also demo a free tool to help you understand
where your current weakness is and how you can improve your compliance.
Speaker: Jayson Ferron
Track I (IT) T204: Payment Diversion Schemes & Public Sector Transparency Risk 3:00 pm—4:30 pm
Speaker: Michael Dudley
Track II (Fraud)
T304: Interactions for Positive Change: Saying It Right When the Stakes are High 3:00 pm—4:30 pm
Interactions for positive change are important for the growth and success of leaders, managers, and teams. When we under-
stand the foundation of great interactions and then put those foundational skills into practice, we feel more confident and
others see us as more credible. Crucial interactions ̶ those which involve opposing opinions, strong emotions, and high
stakes ̶ often determine success in both our professional and personal lives. When faced with a crucial interaction, we have
three choices: avoid it; face, but deliver poorly; or face and handle well. During this session, we will:
• Discuss three skills that underpin interactions for positive change.
• Analyze underlying fears that often delay crucial interactions.
• Reduce misunderstandings with colleagues and audit clients by inviting them into the conversations you desire.
Speaker: Margie Bastolla
10
Wednesday
March 21, 2018
Session Description
Track General Networking Breaks:
10:00 — 10:30 am & 2:30 — 3:00 pm
Track I (IT)
W101: Conducting an IT Risk Assessment 8:30 am—10:00 am
Many IT organizations do not have a formal program of IT risk and fraud assessments. However, most do have components
that constitute approaches to risk assessment that incorporate fraud prevention and detection. Assessments, if done at all,
sometimes miss vital components that leave IT executives with a false sense of security. In this session, you will learn how to:
• Establish a conceptual model for risk assessment
• Assemble measurable and unique risk characteristics
• Implement a practical risk assessment from the model and characteristics
• Understand and communicate assessment results
• Use IT risk assessment critical success factors to achieve risk assessment victory
Speaker: Ross Wescott
Track II (Fraud) W201: Fraud Schemes – How They Were Committed, Found and Investigated 8:30 am—12:00 pm
This class will start with general information regarding fraudulent behavior and how to get started with a fraud investigation
and then move to various types of fraud schemes. The objective of this class is to expose the participants to several types of
fraud schemes; how they were committed, how they were discovered and how they were investigated.
This will be done by using examples of real frauds that were investigated by the instructor. In addition, for each type of fraud
scheme the participants will discuss how the fraud could have been prevented or discovered timely.
Speaker: Allen Brown
Track III (Audit/
Leadership)
W301: Analyzing Processes: Tools for Operational Auditing 8:30 am—12:00 pm
Internal auditors continue to expand the application of operational auditing, reaping the benefits provided by this value-
adding approach to audit work. Based on the top-selling book Business Process Mapping: Improving Customer Satisfaction,
this session discusses how tools such as process mapping, customer mapping, and RACI matrices can be used by internal audi-
tors for more effective operational audits, while showing how they can be used in any situation where auditors are being called
on to identify opportunities for increased efficiency and effectiveness.
Speaker: Michael Jacka
Track I (IT) W102: Bringing Home Big Brother: Personal Data Privacy in the Surveillance Age 10:30 am—12:00 pm Have you ever purchased something online, then saw an ad for a related item in your social media feed? Do you ever wonder
who, or what, is listening to your conversations when your intelligent assistant is waiting for your commands? You give away
a significant amount of indirect information about yourself every day, whether you are online or offline. The online services
you use often have the freedom to decrypt and view your emails, photos, contacts, and documents. Something as innocuous
as what you buy, or who you follow on social media, can be used by organizations and individuals to determine key facts
about who you are and your personal habits. Continued > > >
AGA IIA ISACA
11
AGA IIA ISACA
Wednesday
March 21, 2018
Session Description
Track General Networking Breaks:
10:00 — 10:30 am & 2:30 — 3:00 pm
Track I (IT)
W102: Bringing Home Big Brother: Personal Data Privacy in the Surveillance Age (Continued) 10:30 am—12:00 pm You don't even have to provide the information yourself--your family, friends, and colleagues are inadvertently sharing your
information for you.
This presentation will help you to understand how companies find and share information about you. You'll learn how privacy
policies affect you, and you will be able to make better choices about what information you share online and how you use
electronic assistants. You'll also understand the technological and business reasons for companies to use your data. And
finally, you'll learn basic strategies and tactics for protecting your online identity and data.
Speakers: Todd Brasel & Michelle Warner
Track General Wednesday—Lunch
12:00 pm—1:10 pm
Track I (IT) W103: Cyber Security Jeopardy 1:10 pm—2:30 pm Please join us for Cyber Security Jeopardy, an informal panel-type session in a familiar game-show format, similar to that
famous televised quiz competition, created by Merv Griffin and hosted by Alex Trebek. The event is a security awareness
lesson presented as a game, where panelists compete by providing questions to security-related answers that are offered by
our host, from categories, across several industries. It is sure to be an informative and engaging experience that you won’t
want to miss!
Speakers: Todd Brasel & Michelle Warner
Track II (Fraud) W203: Fraud Schemes - How Were They Found and Investigated (Continued) 1:10 pm—4:30 pm
Speaker: Allen Brown
Track III (Audit/
Leadership)
W302: Using Your Brain: Aspects of Critical Thinking for Internal Auditors
1:10 pm—4:30 pm Critical thinking continues to be recognized as a primary skill for internal auditors at all levels. However, there is not a great
deal of agreement on what is meant by "critical thinking", let alone how best to develop this skill.
This session will share approaches and practices that can be used to help enhance critical thinking. Participants will have a
better understanding of what critical thinking means and how critical thinking should be applied and developed throughout
the audit process.
Speaker: Michael Jacka
Track I (IT) W104: The Cyber Threat Landscape 3:00 pm—4:30 pm Learn about how the FBI goes about identifying and investigating cyber threats in conjunction with their law enforcement partners and the private sector. This presentation will provide a summary of current cyber threat categories, the cyber actors
responsible for these threats, and some case summaries related to successful cyber investigations.
Speaker: Eric Lurie
12
AGA IIA ISACA
SPEAKER BIOS Margie Bastolla CIA, CRMA
Margie Bastolla Facilitations, LLC
Margie Bastolla, CIA, CRMA is Principal of Margie Bastolla Facilitations, LLC. She helps
internal audit departments streamline report-writing processes and produce clear,
impactful audit reports. An internal auditing leader and educator for over 25 years, Margie
facilitates seminars on topics ranging from audit report writing and leadership skills to risk
management and internal control.
A professional speaker, facilitator, and educator, she has consulted and trained thousands
of internal auditors and hundreds of organizations in over 40 countries. Her clients
include the United Nations, the U.S. military, Fortune 500 companies, and private and public-sector organizations around the
world.
Previously an executive for The Institutes of Internal Auditors, Inc. in Altamonte Springs, Florida, Margie served as Vice
President of the Research Foundation, Global Director of Advocacy, and Director of Onsite Training Programs. Prior to The
IIA, she was an internal auditor with Worthen Banking Corporation and a public accountant with Deloitte in Little Rock,
Arkansas.
Margie and her husband, Anthony, live in Orlando, Florida.
Todd Brasel NYSTEC
Todd is a Principal Consultant with NYSTEC's Information Security practice, where he
manages complex security projects and helps clients to understand their security profile
and to plan secure systems. Todd has over 15 years of experience in software development.
He is an ISC-2 Systems Security Certified Practitioner and is pursuing an MBA in IT
Management and a CGS in Information Security from SUNY Albany.
Allen Brown, CPA, CFE Allen is the former Assistant Legislative Auditor for Local Government Services for the state of Louisiana Legislative Auditor’s Office. In this position he oversaw local government audits and directed the Investigative Audit group. During his tenure with the Louisiana Legislative Auditor he participated in hundreds of fraud investigations including one that resulted in the closing of a state agency. Allen retired from the Louisiana Legislative Auditor’s Office in January of 2014. Allen is a graduate of the University of Louisiana at Monroe and, in addition to being a Certified Fraud Examiner, is a licensed Certified Public Accountant. He began his career in financial audit, had experience with federal programs and helped establish an investigative audit division at the Legislative Auditor’s Office. He has testified before legislative committees, grand juries and during trial. Allen also served over eight years as director of internal audit for the Louisiana Community and Technical College System. The system has 49 campuses throughout the state.
Continued on next page > > >
13
AGA IIA ISACA
SPEAKER BIOS
Allen Brown, CPA, CFE (Continued) Prior to joining the community college system, Allen was Practice Leader for Forensic and Investigative Services for the firm of Deloitte & Touche. While with Deloitte & Touche he directed projects in the continental United States, Hawaii, Mexico, Bermuda, Morocco and England. Allen also worked with one of the major US law firms in three law suites involving the tobacco industry. Allen is a member of the American Institute of Certified Public Accountants, the Louisiana Association of Certified Public Accountants, the Association of Certified Fraud Examiners and is past president of the Louisiana Association of College and University Auditors. Allen began teaching for ACFE in the 1990s and has taught fraud investigative courses throughout the United States, Canada, Asia, Australia, and the Caribbean.
Ann M. Butera, CRP
The Whole Person Project
Ann M. Butera, CRP is President of The Whole Person Project, Inc., an organizational development consulting firm. She is a frequent speaker at internal audit conferences and has worked with audit departments of all sizes to provide auditors with the tools and techniques needed to improve risk management practices within their organizations.
Ann is a frequent columnist and webinar leader for Protiviti’s Knowledge Leader. She is regularly cited in Who’s Who and has been honored by Women On The Job with the Business Achievement Award. She is a member of the IIA, the American Society for Training and Development, the Association of Government Accountants, and the National Association of Corporate Directors. She served as Audit Committee Chair for a financial services firm.
She is the author of Mastering the Five Tiers of Audit Competency: The Essence of Effective Auditing. In it, she shares best practices for every stage of the audit and explains how and why the most effective auditors master five essential compe-tencies. New and seasoned auditors will benefit from her insight culled from over 30 years’ experience training thousands of their peers. Ann Butera received her Masters of Business Administration in Organizational Development from Adelphi University. She holds a CRP (Certified Risk Professional) designation from BAI, and is a Summa Cum Laude graduate of Long Island University/C.W. Post College.
Dennis Dycus, CPA, CFE, CGFM
Having retired from the Office of the Comptroller of the Treasury of the State of Tennes-see in June of 2012, I spent over thirty-nine years overseeing the audits of all forms of local governments in Tennessee. These audits included cities, towns, utility districts, school activity and cafeteria funds, housing authorities, quasi-governmental entities and certain not-for-profit organizations.
As director of the Division of Municipal Audit, I was involved with the division’s staff in conducting over five-hundred investigations related to fraud, waste and abuse in which millions of dollars of public funds were discovered lost due to fraud. Many cases were successfully prosecuted resulting in a substantial recovery of funds.
Michael Dudley
Michael Dudley is the Principal Deputy Director of the United Nations Investigation Division in New York. He has more than 25 years' experience in international legal and investigation matters, serving in the private sector and 4 different United Na-tions agencies. He has particular expertise in public procurement fraud, forensic interviewing and digital forensics. Mr. Dudley holds a B.A. in Business Administration, a J.D. and an LL.M in International Business Legal Studies.
14
AGA IIA ISACA
SPEAKER BIOS
Jayson Ferron, CEHi, CISSP, CHFli, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP
Jay is a multi-certified Information Security Subject-Matter-Expert (SME) and with more
than 30 years of professional experience, which includes Security & Compliance, Integration
and Transformation Initiatives, IS Management Process and Operational Metrics Definition
and Documentation. Customers include Community Health Network of Connecticut, Inc.
(CHNCT), Cigna Insurance, Microsoft, Rogers Communications, GM, AT&T, USMC, US Air
Force, US ARMY and DISA. Other customers include banks, government agencies, health
agencies and providers. Jay is Past President of Greater Hartford Chapter of ISACA.
Gina Eubanks, CIA, CISA, CRMA, CCSA Gina Eubanks, CIA, CISA, CRMA, CCSA, co-authored “Leveraging COSO Across the
Three Lines of Defense”, July 2015, published by COSO. She is a passionate leader and
facilitator with more than 24 years in performing governance, risk management and
internal audit activities for a variety of industries in both private and public-sector.
Currently, Gina is a Principal of Eubanks Risk Consulting LLC with concentration on
training and consulting in the areas of leadership, governance, risk, internal audit and
compliance.
Most recently, Gina was Vice President of Professional Services at the Institute of
Internal Auditors (IIA) where she led quality assessment reviews, chief audit executive
services, and industry knowledge centers. Prior to joining the IIA, Gina was an internal audit director at a mortgage processing
company and at Deloitte for 15 years. At Deloitte, she was part of the global internal audit leadership team.
In addition, Gina is an Audit Committee member for a large credit union and serves on a board for a behavioral health services
organization.
Vince Hannon
NYSTEC
Vince Hannon is a Principal Consultant at NYSTEC with more than 25 years of experience
in IT, including more than 20 years in cyber security. Vince has extensive experience in
both the public and private sectors, including: program management and strategic plan-
ning, network and application security architecture, identity and access management, risk
assessment and data classification, metrics and reporting, data loss prevention, policy and
standards development, regulatory compliance, security training and awareness, incident
response, and others. Vince holds an ISACA Certified Information Security Manager and a
BA in Computer Science and Mathematics from the College of Saint Rose.
15
Erie Lurie
FBI
Mr. Lurie entered on duty with the FBI in February 2003. Following training at the FBI Academy in Quantico, VA, he served a
temporary duty assignment to FBIHQ in the Strategic Information and Operations Center (SIOC). In July 2003, Mr. Lurie reported
to the Washington Field Office (WFO) where he investigated counterintelligence violations for a number of years, before transfer-
ring to a public corruption squad. While at WFO, Mr. Lurie also held the position of certified firearms instructor, and Rapid De-
ployment Team Loadplanner. In June 2011, Mr. Lurie was promoted to Supervisory Special Agent in the Operational Technology
Division, Technical Response Unit (TRU). With TRU, he supervised a team of Electronics Technicians deploying domestically and
internationally to provide communications solutions in support of FBI missions. Additionally, Mr. Lurie managed the network
and satellite connectivity teams within TRU. In April 2013, Mr. Lurie reported to the Albany Division as supervisor of the Cyber
Intrusion and CART programs. He also serves as a firearms instructor and the Albany divisions Crisis Management Coordinator.
SPEAKER BIOS
Rebecca Shea, Ph.D. U.S. GAO
As an audit Director in GAO’s Forensic Audits and Investigative Service (FAIS) team, Ms. Shea is
responsible for leading reviews to identify fraud, waste, and abuse across a diverse array of
government programs administered by IRS, the Department of Homeland Security, and the
Department of Transportation, among others. These reviews frequently employ data analytics to
identify indicators of potential fraud.
In her 19 year tenure with GAO, Ms. Shea has led audits across a wide range of federal issues,
including examinations of road conditions on tribal lands, VA’s real property management, the
reliability of OPM human resource databases, safety culture and inspection issues in biosafety
labs, and EEO issues at DOE labs. Ms. Shea received her Ph.D. in sociology from Vanderbilt
University.
Continued on next page > > >
AGA IIA ISACA
Mike Jacka, CIA Mike Jacka is an award-winning columnist and author known for his work with Internal Auditor
magazine including the blog “From the Mind of Mike Jacka” and the magazine’s lighter side
pieces such as “Alice in Auditland”, “Auditing Songs for the Holidays”, and "Auditors Anony-
mous". Retiring from a 30-year career in internal audit with Farmers Insurance, he is now the
Chief Creative Pilot for Flying Pig Audit, Consulting, and Training Solutions (FPACTS).
He is a top-rated instructor and the co-author of Business Process Mapping: Improving Customer
Satisfaction (now in its second edition), Auditing Social Media: A Governance and Risk Guide, and
the recently published The Marketing Strategy: A Risk and Governance Guide to Building a Brand.
Leonard W. Vona, CPA, CFE
Fraud Auditing, Inc.
Leonard W. Vona is the CEO of Fraud Auditing. He is a forensic accountant with more than 38 years of diversified auditing and forensic accounting experience, including a distinguished 18-year private industry career. His firm advises clients in areas of litigation support, financial investigations, fraud detection and fraud prevention. Mr. Vona is the author of three books published by Wiley, Fraud Risk Assessment: Building a Fraud Audit Program and The Fraud Audit: Responding to the Risk of Fraud in Core Business Systems, Fraud Data Analytics Method-ology: The Fraud Scenario Approach to Uncovering Fraud.
16
AGA IIA ISACA
Ross Wescott Wescott & Associates Ross Wescott is Principal of Wescott and Associates, established in 2016 to provide IT audit, risk, governance, and control consulting to a variety of industries and government. For over 30 years, he worked in corporate internal audit shops performing a full scope of IT and general internal audit work including IT audit program development and implementation using leading standards including Cobit5; internal audit strategy, policy, standards, procedures, and guide-lines development and maintenance; risk identification and assessment; controls identification, design and evaluation; and, data analytics.
Ross Wescott graduated from Portland State University in 1975 with a major in Mathematics/Computer Science and from Marylhurst University in 1986 with a Master in Management. He is a Certified Internal Auditor, Certified Information Systems Auditor, Certified Computer
Professional, and a Credit Union Enterprise Risk Management Expert. He is a current and active member of the Institute of Internal Auditors and the Information Systems Audit and Control Association. He has been published in the major Internal Auditing publications and has been a speaker at conventions and conferences on many Internal Audit topics.
SPEAKER BIOS
Leonard W. Vona, CPA, CFE (Continued)
Mr. Vona has successfully conducted more than 100 financial investigations and fraud auditing engagements for some of the largest high profile corporations in the United States. The net result of his efforts has saved clients millions of dollars through recovery or defense strategies. His financial investigation experience includes embezzlement, business disputes, asset theft, bribery & corruption, malpractice, and disbursement schemes. Mr. Vona’s trial experience is extensive, including appearances in federal and state courts. He is qualified as an expert witness, as a CPA and a CFE, and is cited in West Law for the success-ful use of circumstantial evidence.
Mr. Vona graduated from Siena College with honors, receiving a Bachelor of Business Administration in Accounting. Mr. Vona is a member of the American Institute of Certified Public Accountants, the National Association of Certified Fraud Examiners. He was the 1994 President of the N.Y. Capital Chapter of the Association of Government Accountants and the founding President of the Albany Chapter of Certified Fraud Examiners. Website: www.leonardvona.com
Michele Warner NYSTEC
Michele is a Senior Consultant with NYSTEC's Information Security practice. She currently
assists the NYS DOH Bureau of Information Security and Privacy with defining data sharing
agreements. She is an attorney with more than five years of hands-on experience in document
management, quality assurance, and other areas of information technology. She holds a JD from
Albany Law School.
Rob Zeglen NYSTEC
Rob Zeglen is the Information Security Practice Lead at NYSTEC, with more than 25 years of experience in information technology. Rob has a broad range of experience in cyber security and related technologies that includes leading the development and execution of key risk-mitigating activities, risk assessments, and vulnerability testing projects. These accomplishments are complemented with private sector experience at Netscape, Sun Microsystems, GE Global Research, and Knolls Atomic Power Laboratory. Rob is an accomplished speaker and holds both a Certified Information Security Systems Professional (CISSP) and MS in Computer Science.
17
AGA IIA ISACA
REGISTRATION FORM
1. Fill in the information below
2. Circle your choices (no more than one session per time period please)
3. Registration Fees
Track
Monday—March 19, 2018 Tuesday—March 20, 2018 Wednesday—March 21, 2018
Early A.M.
Late A.M.
Early P.M.
Late P.M.
Early A.M.
Late A.M.
Early P.M.
Late P.M.
Early A.M.
Late A.M.
Early P.M.
Late P.M.
I M101 M102 M103 M104 T101 T103 T104 W101 W102 W103 W104 T102
II M201 M202 T201 T203 T204 W201 W202 W203 W204 T202
III M302 M303 T301 T303 W301 W302 M301 T302 T304
Registration Fees Postmarked
Fee Schedule
By February 16, 2018 After February 16 2018
Member* Non-Member Member* Non-
Member
One Day $160 $235 $185 $260
Two Days $285 $410 $335 $460
Three Days $360 $535 $460 $635
Name (Mr., Mrs., Ms., Miss) _________________________________________________________________________
(Last) (First) (Middle)
Title/Position Company/Agency
Address
City State/Province Zip/Postal Code Country
Phone Fax Name for Badge ID
e-mail Address
Seating is Limited – Register Early!
Register and Pay by February 16,
2018 to receive an “Early Bird”
Discount!
*AGA member?
*ISACA member?
Yes No
Yes No
*IIA member?
*CPA?
Yes No
Yes No
Group Discounts: The following discounts are available to groups. The rates for members and non-members noted above will still apply.
To obtain these discounts, groups must be registered by February 16, 2018. Early registration is encouraged to ensure availability. A full-time
equivalent (FTE) constitutes three days of training. For example, one FTE can be broken down into one person attending for three days,
three people attending for one day each, or any other combination. Discounts for groups are as follows:
50 or more FTEs, 20%; 20 to 49 FTEs, 15%; 10-19 FTEs, 10%, and 5 to 9 FTEs, 5%.
4. Indicate Method of Payment
18
AGA IIA ISACA
REGISTRATION FORM
Make your completed registration and payment to:
TCTC
c/o Hudson Valley ISACA
PO Box 1458
Albany, NY 12201-1458
Hotel reservations can be made by calling the Radisson Hotel Albany (formerly known as the Holiday Inn) at 1 (800) 333-3333 or (518)
458-7250 (24 hours a day) or going to their website at (www.radisson.com). Please mention that you are with the Association of
Government Accountants (AGA) block to take advantage of the conference group rates:
Single or Double occupancy - $115 per room/day or the prevailing government rate.
Please make your luncheon selections.
Monday Chicken Parmesan - Lightly breaded and topped with marinara, mozzarella, and Parmesan cheese served over Penne Pasta)
Cranberry Quinoa Couscous Salad (Nut, Egg, Soy, Shellfish free, Vegetarian)
Seared Steak Salad (Gluten, Nut, Dairy, Egg free) - Sliced steak served over sturdy greens with caramelized red onions and
dressing
Tuesday Chicken Cordon Bleu (Nut, Soy, Shellfish free) - Lightly breaded and filled with Honey Ham and Gruyere Cheese
Mild Mushroom Ravioli (Nut, Soy, Shellfish free, Vegetarian) - Tossed with Caramelized vegetable medley and brown butter
Open Faced Salmon Salad on Grilled Pita (Gluten, Nut, Egg, Soy, Shellfish free) - Grilled marinated salmon served on a
warm gluten free pita with spring greens, couscous and quinoa blend, Greek yogurt, boursin cheese, and lemon juice
Wednesday
8. Menu Choices
6. Cancellation Policy
Cancellations received up to March 14, 2018, will be fully refundable. Substitutions can be requested at any time up until the time of
the conference. Substitutions of a non-member for a member will result in the additional non-member fees being charged.
Individuals who do not cancel on or before March 14, 2018 are not eligible for a refund.
7. Hotel Reservations
5. Register
9. Social Hour
Check here if you plan to attend the social hour on Monday, March 13, 2017 after the last session.
New England Pot Roast with Vegetables (Gluten, Nut, Dairy, Egg, Soy, Shellfish free) - Stewed eye round of beef, carrots,
potatoes, and onions
Pearl Barley and Tomato Salad with Herbs (Vegetarian, Nut, Dairy, Egg, Soy, Shellfish free) - Garden greens, vine ripened
cherry tomatoes, Persian cucumbers, chopped mint tossed with fresh lemon juice and olive oil vinaigrette
Pan Seared Tilapia (Gluten, Nut, Egg, Soy, Shellfish free) - With Citrus Infused Roasted Vegetable Couscous, lemongrass
beurre blanc and sautéed spinach
Check here if you have special dietary needs.
19
AGA IIA ISACA
TCTC CHARITY - CAPITAL CITY RESCUE MISSION
For additional information, please check out the website:
https://www.capitalcityrescuemission.org/
The 2018 TCTC will be sponsoring the Capital City Mission, “the homeless and poor of the Capital Region are served. Since
the Mission does not require individuals to be registered with the city, state or county, as “payables”, like so many other
agencies; many who come to the Mission are the poorest of the poor.” During the three day conference donations will be
collected. The charity has requested the following items:
• Shampoo/conditioner
• Deodorant
• Soap/body wash
• Shaving cream/razors
• Lotion
• Toothbrush/toothpaste
• Socks/underwear (new, especially the larger size)
• Hats/gloves (men’s especially)
20
TCTC GRID