February 2005

Inside:  President's Letter - Seminar Info - Speaking & Writing Report - CIA Exam Results - Job Listings

President’s Letter

February 14, 2005

I hope this letter finds everyone in the chapter well and into their business plans for the new calendar year. After coming off a season of four hurricanes one global disaster as well as changes in both the political and business environments it is a testimony that the Internal Audit chapter and profession overall continues to grow and thrive. There is an exciting one and one half day district conference scheduled in just two short weeks that is bound to make an impact on your company, agency and practice. It is an opportunity to network with your peers and I strongly encourage you to attend as there are a few seats left. It is at the Clearwater Hilton Hotel on February 29-March 1 and you won't want to miss it.

There have been many changes within the chapter leadership as we embrace for the impact of Sarbanes and other risk initiatives. Where some have had to move on due to work priorities others have stepped up and filled in. Your leadership has been resilient. Change requires leadership that is flexible yet persistent and willing to stay the course.

As we move into our third quarter we see there is room for others to step up and take the mantle of leadership for the chapter. It has been an exciting 8 months but there is still more work to be done. Do not hesitate to get involved and support your profession. If you have a yearning to lead then make a call to one of your leaders and ask to get involved. Many of you have already. It may be to serve on a committee. You may only have time to volunteer for one event. Every little bit helps.

Thanks for all you have done and I look forward to seeing you in Clearwater.

Regards,

Ken Gentile
2004-2005 Chapter President

District Conference

Held at the Clearwater Hilton, 400 Mandalay Avenue, Clearwater Beach, FL 33767

Day 1 - February 28, 2005

Continental Breakfast

Morning Session
8:30 AM

FBI Special Agent A.J. Gilman - InfraGard & Internet Security

A.J. Gilman has served as a Special Agent of the Federal Bureau of Investigation since 1999. Mr. Gilman is assigned to a Cyber Crime Squad as a computer crime investigator. He is the Tampa Division's InfraGard Program Coordinator for the Tampa and Orlando InfraGard Chapters. Mr. Gilman has a B.Sc. in Computer Information Systems and worked for eight years as a computer programmer and systems analyst, in both consultant and IT department positions, prior to joining the FBI.

Lunch

Concurrent Afternoon Sessions
1:30

Afternoon A -

Troy Harris, RSM McGladrey: Auditing The BCP: Assessing What Really Matters

Seminar Description:

From regulatory requirements to industry best practices to audit checklists, there are many standards to use when evaluating a Business Continuity Plan (BCP). But, even with these auditing tools, how can you be sure your organization is truly prepared to respond to unforeseen events in a way that will allow critical operations to continue with little or no interruption? This session, taught from the perspective of a recovery planner, examines the entire Business Continuity Planning process to identify critical aspects of a recovery plan that directly impact its effectiveness. The recovery planning concepts reviewed during the class will allow you to differentiate between a recovery plan that will merely satisfy a checklist from one that will truly allow your organization to survive a disaster. Upon completion of this session, participants will understand the entire Business Continuity Planning process in order to more accurately evaluate the effectiveness of their organization’s Business Continuity Planning Program – and identify enhancements that should be implemented BEFORE a disaster strikes.

Course Outline:

1. Introduction and Agenda Review
2. Business Continuity Planning Overview
   1. Why Do You Need A Business Continuity Plan (BCP)?
   2. Business Continuity Planning Objectives
   3. BCP Components
   4. A 5-Phase Business Continuity Planning Process
   5. The BCP Repository
3. Project Initiation
   1. The Cultural Foundation of a Business Continuity Planning Program
   2. Management Commitment
   3. Policies, Procedures, and Guidelines
   4. Roles and Responsibilities
   5. Awareness
   6. BCP Scope
4. Business Impact Analysis (BIA) and Risk Assessment
   1. Risk Assessment Methodology
   2. Risk Assessment Findings
   3. Risk Mitigation Efforts
   4. BIA Methodology
   5. BIA Findings & Conclusions
   6. Correlating the BIA to the BCP
5. Recovery Strategies
   1. Understanding the Recovery Strategy Requirements
   2. Evaluating the Recovery Strategy Selection Process
   3. Confirming the Effectiveness of the Selected Recovery Strategies
6. Plan Development
   1. The BCP Organization Structure
   2. The Layout of the BCP Manual
   3. Key Recovery Processes
   4. The Plan Scope, Assumptions, and Objectives
   5. Recovery Priorities, RTOs, and RPOs
   6. Team Task Lists
   7. Resource Requirements
   8. Reference Information
7. Testing & Maintenance
   1. The Testing Scope
   2. Test Validity
   3. Testing Participation
   4. “Non-core” Tests & Exercises
   5. Test Follow-up
   6. Scheduled Maintenance
   7. Event-based Maintenance
   8. Review & Sign-off
   9. Plan Distribution & Disposition
   10. Awareness Program
   11. Integration with Complementary Initiatives
   12. Management Reporting

Afternoon B -

Using Automation To Help Detect and Prevent Fraud,
presented Ed Weiss, Protiviti

Ed Weiss is a Managing Director with Protiviti specializing in Internal Audit Services. Prior to joining the Company, Ed served as Executive Vice President and General Auditor for Summit Bancorp (formerly UJB Financial) before the company was acquired by Fleet Boston Financial. At Summit, his responsibilities included financial, information systems, fraud, compliance and credit (loan review) audit and management consulting.

Ed has served in a number of leadership positions within a variety of industry associations. He is a past Director and past President of the National Association of Financial Services Auditors (now part of IIA). As a member of the New Jersey State Society of Certified Public Accountants, he has served as a Trustee, Vice President and Chairman of the Members in Industry Committee. Additionally, he founded the MAX Auditor’s Group; a national group of 20 financial services General Auditors. He is currently the Treasurer and a member of the Board of Governors for the North Jersey Chapter of IIA.

Ed earned a Bachelor of Science degree in Accounting from Lehigh University in Bethlehem, Pennsylvania. He is a Certified Public Accountant (“CPA”), a Certified Financial Services Auditor (“CFSA”), Certified Fraud Examiner (“CFE”) and a Certified Bank Auditor (“CBA”).

Professional Experience

• Under Ed’s leadership, the Audit Services Division of Summit Bancorp became a “World Class” internal audit function. Ed revamped the traditional annual audit philosophy to a fully automated, risk based, value added internal audit approach. This approach stressed understanding a customer’s business and partnering with them to identify and control risks.
• Ed was the forensic accountant on the WorldCom engagement charged with reviewing WorldCom’s internal audit and audit committee duties, responsibilities and practices.
• Ed is accredited by the IIA as a Quality Assessment Validator allowing him to assist organizations who choose to follow either the “self-assessment with independent validation or external quality assessment” approaches to meet the IIA’s external quality assessment standard.

Day 2 - March 1, 2005

Continental Breakfast

Morning Concurrent Sessions
8:30 AM

Morning A -

The Role of the Information Security Assessment in a SAS 99 Audit,
Presented by Dr. Stan Stahl

Summary

• Vulnerabilities in the use of information technology resources expose a business to error and fraud
• The auditor cannot obtain reasonable assurance without an information security risk and vulnerability assessment
• Citadel’s 3-pronged information security risk and vulnerability assessment fully supports the objectives of SAS 99
• Citadel’s information security risk and vulnerability assessment process integrates with SAS 99 directives on conducting the audit

Detailed Outline in PDF Format

Biography of Dr. Stahl in PDF Format

Morning B -

Auditing Contracts, presented by Charley Wertheimer

Contracts establish the basis for many the third party transactions for an organization, defining terms and conditions for both revenue and cost agreements. Lack of effective controls and breakdowns in execution of contracts can result in not only financial loss, but also exposure to negative publicity. The media has been laden with reports of lawsuits, criminal investigations and management changes resulting from organizational malfeasance and fraud. Executives, directors, managers and auditors need to be able to protect their organizations from losses due to ineffective contract management ranging from third party selection to contract terms and compliance.

This presentation addresses contract-related challenges faced by organizations and identifies opportunities to reduce costs and increase profitability through contract auditing. It is designed to raise awareness of contract controls risks, change beliefs about contract management and discuss approaches and tools utilized in contract auditing. The discussion of contract administration and auditing work processes, with specific examples and proven techniques, provides a basis for organizational self-assessment and process improvement.

The presentation provides an overview of the total contract process and highlights key elements associated with contract administration and auditing. Topics discussed, include exposures, audit procedures and “best practices”, and will identify “contract auditing fundamentals” for auditors just beginning contract auditing as well as address “program “ considerations for experienced auditors interested in improving controls over contract activities.

Charley Wertheimer is an independent consultant affiliated with Courtenay Thompson & Associates for the purpose of providing professional development training seminars in contract administration and auditing. Mr. Wertheimer’s broad range of professional experiences enable him to bring a unique perspective to the courses which he presents.

Mr. Wertheimer has experience in all phases of contract administration including, contract preparation and negotiations, the development of policy and procedures, and contract auditing. His Internal Controls experience includes the development and management of a global “Profit Recovery” audit program in which he led the development of the contract audit program, contract risk assessment techniques and contract auditing training. Mr. Wertheimer has “third party” audit experience in a wide range of areas including accounts payable, construction, contracting operations, freight, materials purchases, VAT, communications, advertising, legal, health care and general service contracts. His experiences in auditing these areas enable him to provide personal insight on the administration, execution and opportunities associated with contract auditing.

Mr. Wertheimer retired from The Procter & Gamble Company in 2002 after 36 years of service. He began his career in 1966 in P&G’s manufacturing organization and had increasing responsibilities in Operations, Industrial Engineering and Human Resources prior to two Plant Manager assignments in P&G’s pulp manufacturing operations. In 1988, he transferred into P&G’s Finance Accounting organization where he had responsibilities including Finance & Accounting Manager for the Cellulose & Specialties Division, manager of the Paper Division’s North American Product Supply Finance and Accounting organization, and Associate Director - Internal Controls.

In addition to the development of the Profit Recovery program, Mr. Wertheimer’s program management experience includes Strategic Business Planning, Total Quality, and Manufacturing Reliability. His Human Resources experience includes both Industrial Relations and Organization Development.

Mr. Wertheimer graduated from Princeton University where he obtained a Bachelor of Science Degree in Chemical Engineering. He currently resides in Jacksonville, FL, and is a member of the Northeast Florida Chapter of The Institute of Internal Auditors.

RSVP Online

Report your Speaking and Writing

It's time again for the survey to determine which IIA Tampa Bay Chapter members have submitted articles or spoken in January, or earlier if not reported. Each speaking engagement on internal auditing that a Tampa Bay Chapter member completes will earn the Chapter 1 credit per CPD hour. Each full article, Roundtable article, Fraud Finding, etc. submitted that meets basic editorial guidelines will earn 5 credits. For each full article published 20 credits are earned. Each internal audit related article published in any other trade or professional journal that is authored by a chapter member is 5 credits.

To report your writing and speaking go to http://tampabayiia.org/Speaking.htm and complete the provided form by March 1, 2005.

November 2004 CIA Exam Results

Congratulations to the following members who have passed the CIA exam in November and will receive their certificates at an up upcoming meeting:

In addition,  Christopher Price passed the CCSA exam.

Way to go! from Tampa Bay IIA

Questions or Comments? Contact Chapter Communication VP Bob McCall, rmccall@jcpenney.com

If you no longer wish to receive email from the IIA Chapter, go to http://tampabayiia.org/Newsletter.htm and "Unsubscribe."