November 6-8, 2018
Planet Hollywood
Las Vegas, Nevada


Thursday, November 16 12:30 PM – 5:00 PM

W1 Root Cause Analysis Techniques for Today’s Internal Auditor (5 CPEs)
Dr. Hernan Murdock, Vice President, Audit Division, MISTI

Internal auditors are expected to go beyond merely listing issues and symptoms noticed during their reviews, and through research identify the source of the problems. The misplaced focus on symptoms lead to the issuance of vague and ineffective recommendations that come short of truly helping our clients because problems persist or recur. Root Cause Analysis (RCA) is a problem-solving technique to identify the source of defects and help programs and processes achieve their objectives.

Participants attending this workshop will learn how to apply RCA by systematically examining situations, identifying contributing causes, selecting the best corrective action(s) and presenting the results convincingly during internal audits and consulting projects. The workshop will cover:

• Tools and techniques to identify the source of business problems
• How to link events, consequences, and corrective actions
• Defining the problem and articulating the reason it needs fixing
• Persuasiveness: Collecting, analyzing, and interpreting data
• Balancing patience and urgency: Examining alternatives to select the best option
• How to help management build a mechanism to bring problems to the surface
• Essential change management principles for successful problem resolution
• How to become a change agent without compromising your independence or objectivity


W2 Internal Audit Professional Practices Group Roundtable Discussion (5 CPEs)
Facilitator: Rachel Tullos, Director Internal Audit, Crawford & Co

For Internal Audit departments with more than 20 auditors, communicating internal audit methodology and standards, managing resources, training future business leaders, and providing the tools to carry-out these responsibilities is a job in and of itself.

Participants joining our Professional Practices Group roundtable discussion will join their peers with similar strategic and administrative responsibilities to share best practices on:
• Helping set and communicate internal audit operations strategies through the internal audit department
• How to develop, standardize, and streamline internal audit’s methodology
• Assigning in-house and co-source resources to carry-out the audit plan
• Add value in the risk assessment, issue tracking, and audit committee reporting processes
• Managing and overseeing the department’s quality assurance program and reviews
• Providing guidance, tools, and training to internal audit staff
• Enhance opportunities to retain top talent
• How to implement and manage the use of a GRC tool
• Creating and overseeing different internal audit centers of excellence

Friday, November 17 9:00 AM – 5:00 PM

W3 Cyber Security for Audit Leaders – What Every CAE Should Know (8 CPEs)
Shawna Flanders, Senior Instructor, MISTI

This workshop is designed to heighten the audit leaders knowledge of many of the more significant Cybersecurity related threats and corresponding controls. Throughout our day we will discuss some current and pending Cyber regulations and explore some of the known cyber related vulnerabilities, threats and risks facing today's enterprise or agency and some of the more common controls used to defend against a cyber-attack. By days-end, attendees will gain a broad base understanding of Cybersecurity and how to incorporate Cybersecurity components into their teams audit engagements. We will include several group discussion activities to allow collaboration amongst your peers.

The workshop will cover:

  • Cybersecurity basics including its connection with Information Security and Data Privacy – Preparing the audit leader in cyber related boardroom discussionsNIST Cybersecurity Framework and several related
  • NIST 800 Series Guidelines
  • Cybersecurity Regulations - Current and Pending
  • Common cyber related vulnerabilities, threats and possible risks facing enterprises who use the Internet to:
    • Interact with Consumers, Customers, Suppliers and other Third Parties through computers and mobile devices
    • Process, Transmit or Store Cardholder or other Personally Identifiable Data
    • Use Social Media
    • Use email, chat and Voice Over IP
  • Basic Control Suite to defend against Cyber Attacks
  • Auditing Cybersecurity Components - Steps to add to every engagement to assure effectiveness against possible cyber attacks (Financial, Operational, IT and Third Party Assessments)


W4 Internal Audit Report Writing Bootcamp (8 CPEs)
Sarah Swanson, Senior Instructor, MISTI

If there was only one training that any and every internal auditor should continuously take, most CAEs would agree that audit report writing training would be the class. And we agree. The internal audit report is the primary “product” of most internal audit departments, yet so many internal auditors struggle effectively communicate the results of their completed audit, and the value they have added to the organization.

In this one-day workshop, attendees will go through an audit report writing bootcamp involving case studies and exercises describing the fundamentals of internal audit report writing, including issue development, root cause statement, highlighting business risks, and correctly positioning internal audit recommendations. Specific learning topics include:

  • Strategies to develop internal audit report executive summaries
  • Methods to draft issue statements, descriptions, and how to communicate quantitative symptoms
  • Ways to align and highlight business risks associated with identified issues
  • How to position recommendations to improve the chances of being accepted by management
  • How to organize audit data and results to improve audit writing efficiency
  • Getting to the point – removing clutter and non-needed words
  • Fixes to common problems found in audit reports
  • Techniques to improve the effectiveness of editing and proof reading