Annual Information Technology (IT) Conference
Friday, March 13, 2015 – Melville Marriott
8:30 am – 5:00 pm
(8 CPE/CPD Credits)
Event Summary
Technology developments dramatically change the way we all do business. Tremendous
opportunities exist – but need to be managed. Daily, we continue to read and hear about the
difficulties faced by both businesses and individuals in confronting these challenges. Every
business decision today has an IT component and the management of technology risk is core to
every initiative. Join us at our annual IT Conference as we discuss, analyze and assess strategies
that Internal Auditors can use in counseling their stakeholders in navigating these challenges.
This year’s conference will enable attendees to hear about the latest practices observed by both
industry players and expert consultants. This will enable attendees not only to gain the
perspective of what they should be doing but also learn what is actually working and happening at
metro area New York Internal Audit Departments.
Additionally, as a first for the IT Conference, attendees can submit their IT audit-related questions
prior to the Conference. These questions will be answered throughout the day by the Conference
speakers or chair.
“Insider Threat: Assessing & Managing ‘People’ Related Risks to Technology”
Governments, as well as commercial organizations, invest billions of dollars each year to manage risks
related to cyber security. However, the effectiveness of these investments are in many cases reduced
by a lack of attention to human factors. This presentation will provide an overview of insider threats
that leverage information technology and also provide an IT auditor’s view on implementing effective
internal controls.
Fred Drum, CRISC, PCI-SSC QSA, PCI-SSC, PCI-P
Senior Information Systems Consultant
Coalfire
Fred Dunn is an information security and risk professional with over 14 years of experience in all
aspects of IT. He has extensive experience in the technical elements of networking, data center,
virtual infrastructures, and business process reengineering, and has worked in computing security of
government naval bases, financial institutions, service providers and retail services.
Fred has extensive experience in information security policies and procedures, endpoint security
and unified threat management solutions. With his deep understanding of compliance and technical
experience, he has helped government, financial services, retail and healthcare organizations build
their security programs around the compliance requirements in their respective industries.
“Social Media and the Internal Auditor”
In this fast paced session, two practicing internal auditors will share their experiences and
perspectives for auditing a significant 21st century risk facing organizations of all sizes. The
presentation will include discussions on What is Social Media; Pro and Cons of Social Media;
Social Media Risk; Regulatory Requirements and Tools and Tips for Auditing Social Media.
Sumukh Shah, CISA
Audit Director, AIG
Sumukh Shah is an Audit Director within AIG’s Internal Audit group responsible for audit coverage
for North America (U.S. and Canada) Claims and Operations which is part of the AIG Global
Claims & Operations (GC&O) organization. AIG GC&O is a service organization offering a broad
range of claims and support services to AIG insured and business partners in support of the
commercial and consumer business functions. Prior to this, Sumukh Shah spent more than 12 years
in various Operation and IT audit roles for AIG, JPMorgan Chase and PwC. Sumukh has also
instructed courses for Mainframe and AS/400 systems focusing on the identification of process risks
and controls as they relate to General IT Controls and business processes they support (e.g., trading
systems).
Sumukh is a Certified Information Systems Auditor (CISA). He is a graduate of Mumbai
University with a B.S. in IT and also received a M.S. in Computer Science from New York Institute
of Technology. Sumukh is also an adjunct lecturer at CUNY Baruch teaching a Technology Audit
course.
Chris Daly, CISA
IT Audit Senior Manager, AIG
Christopher Daly is an IT Audit Senior Manager within AIG’s Internal Audit group responsible for
audit coverage of the AIG Business Partners group. AIG Business Partners is a global department
providing finance, asset and risk solutions, as well as support services to AIG's Investments, Global
Finance and Enterprise Risk Management organizations. Prior to working at AIG, Christopher
spent approximately six years working as part of the IT Risk and Advisory team at Ernst & Young
with a portfolio including clients in the telecommunications, media & entertainment and publishing
industries.
Chris graduated from Lehigh University with both a B.S. in Computer Science & Business and a
B.S. in Accounting. Chris is a CISA and a member of the Information Systems Audit and Control
Association (ISACA).
“Continuous Monitoring and Data Analytics”
In this data-centric universe, data analytics has emerged as one of the more significant information
technology developments over the past decade. The role of Internal Audit has evolved from a
purely compliance centric role to that of a business partner adding value to the organization. The
use of advanced analytics has helped Internal Audit design more advanced tests, reports and
visualization graphs. Many audit shops started the transition several years ago from traditional
audit shops to organizations of auditors with enhanced analytic skills and savvy audit management
and visualization tools.
Learn why this is so important today:





Company expectations: Maximizing the use of technology to increase coverage, quality and
business impact while managing a finite audit budget
Value Relationship: Insights open the door for deeper discussion on issues and developing/
strengthening relationships
Talent development and appeal: Effective integration of analytics will strengthen the
business skills of auditors
Audit-Business Partnership: Innovation and resulting methods could be ultimately
transitioned into the business
Regulatory Expectations: Audit need to get stronger assurance and quantifiable results
Rob Zanella
Vice President, Internal Audit - CA
Rob Zanella joined CA Technologies in September 2005 and leads the IT practice within CA’s
Internal Audit Department. He led several practices within GIS prior to joining Internal Audit,
including Service Management, Security, Continual Service Improvement and IT Compliance.
Prior to joining CA, Rob was an Internal Audit Director at the New York Stock Exchange.
Previously, Rob served as both a systems integrator and an IT auditor at Deloitte for seven years as
well as a software developer for Savings Bank Trust Company and Union Savings Bank.
Rob earned a master’s degree in finance from Adelphi University and a bachelor’s degree in
computer science from Hofstra University. He earned ‘book of the year’ honors (2011) for “Cloud
Security and Governance: Who’s on Your Cloud?” He has published several ISACA journal
articles for the Information Systems Audit and Control Association and served on the board of
directors for the Metro New York ISACA Chapter.
Abbasali Tavawala, CISA, CFE
Senior Internal Auditor, CA
Abbasali joined CA Technologies in August 2011 and is currently a Senior Internal Auditor. Prior
to joining CA, Abbasali was a Systems Engineer at TATA Consultancy Services (TCS) Ltd. At
TCS, he was responsible for maintaining and optimizing the online trading system of the National
Stock Exchange of India. He has developed specialized skills in software programming,
information systems management, auditing operational and strategic business processes and audit
analytics.
Abbasali is a CISA and a Certified Fraud Examiner (CFE). He has earned an MBA in Finance and
Information Systems from Stony Brook University and a Bachelor’s in Electronics Engineering
from University of Mumbai. He is a member of Institute of Internal Auditors (IIA), Association of
Certified Fraud Examiners (ACFE) and ISACA.
Vikas Dutta, CISA, CRISC, CIPP/IT, ISO.
Principal Internal Auditor, CA
Vikas is responsible for worldwide operational, compliance and IT risk audits. Prior to CA, Vikas
held senior audit and risk management positions at Pearson, Inc., Protiviti, AIG and Thompson
Financial. He has over 15 years of experience in a variety of industries including software
development, financial services, publishing, insurance, management consulting and dot com
startups. Vikas holds a BBA in Operations Management from Zicklin School of Business at Baruch
College.
“The Evolving Cyber-Threat Landscape & Counter Control Measures: an
Internal IT Audit Perspective”
The cyber-threat landscape is an important concern for every organization. Daily occurrences
demonstrate the risk posed by cyber attackers—from individual, opportunistic hackers to
professional and organized groups with strategies for systematically stealing intellectual property,
personal information and money, as well as for disrupting business and or nation’s critical
infrastructure.
Chances are, your company's computers will come under cyber-attack sometime soon or are already
under attack without your knowledge. An attacker can succeed very easily against most companies
today. Even the best-prepared organizations continue to suffer security breaches. Breaches are
inevitable if you are sufficiently large and valuable as a target but the impact of a breach is not.
Winning in cyber-security against an attacker means identifying attacks before they succeed,
detecting when they do breach your defenses and eliminating them from your systems before they
can cause lasting harm. While you can’t prevent every breach, you can avert the worst
consequences.
Neil Luden
Senior Vice President and Director of IT Audit at New York Community Bancorp, Inc.
Neil brings extensive experience in Audit, Technology, Finance, Compliance, Risk Management,
Information Security and IS Governance. Prior to joining New York Community Bancorp, Inc.,
Neil held several positions, including serving as Director of Electronic Systems Audit, Security &
Control at the Federal Reserve Bank of New York, and Vice President of IT Audit & Information
Systems at Prudential Securities and Prudential Trade Finance Corp. Neil was Founding President
of CompLink Ltd. (NASDAQ), a New York based pioneer in the early electronic messaging,
control and workflow marketplace.
Neil has also served as a management, business development and risk mitigation consultant to
numerous firms, including financial organizations and security, compliance and threat management
product and consulting firms, software transformation and control consulting firms, and the
Department of Defense (’Trusted Architecture’), and has served as a consultant in support of
physical and cyber-anti-terrorism initiatives.
“Cybersecurity: A Risk Management and Audit Perspective”
Since the advent of the information age, investors, entrepreneurs, and their hired managers have
continually sought to gain business advantages and opportunities through the use of IT. As with the
advent of all types of technology throughout the history, those who capitalized on the benefits of
technology developments found cost-effective ways to manage the new risks that came with the
new technology. Yet, judging by today’s headlines, and recommendations provided by various
pundits, it would appear that businesses are confronting the same family of threats and
recommended controls as they did over 40 years ago. Some may believe that concerns over
cybersecurity are exaggerated and as in the past, cost-effective threats can be easily managed – and
that management of the problem can be relegated as in the past to the IT Department.
Others, including professional associations, reputable consultancies, think tanks and the media
believe that this time it is different.

Cybersecurity is a significant business issue that dramatically impacts the organization’s
relationship with its customers, profitability, and reputation.

Because technology is so embedded into the business – from sourcing customers to
receiving and making payment – and to maintaining financial records that no longer have
paper support, management of cybersecurity risks can no longer be delegated to someone
other than the person or group primarily responsible for the business.
Many board members and executives have come to the conclusion that it is a business issue. This
session will discuss how expectations of board members are evolving to address the business risk
that cybersecurity is.
Joel Lanz, CPA, CISA, CISM, CISM, CISSP, CFE
Principal
Joel Lanz, CPA, P.C.
Joel Lanz is the founder and principal of Joel Lanz, CPA, P.C., a niche CPA practice focusing on
technology governance, risk management, IT audit, cyber and information security and computer
facilitated fraud. Prior to starting his practice in 2001, Joel was a Technology Risk Consulting
Partner at Arthur Andersen and was a Manager at Price Waterhouse. His industry experience
includes Vice President and Audit Manager at The Chase Manhattan Bank and senior IT auditor
positions at two insurance companies. Joel was recently appointed as a Reference Member (nonvoting member) of a $1.2 billion non-profit organization’s Audit Committee.
Joel currently chairs the American Institute of Certified Public Accountants (AICPA), and Certified
Information Management and Technology Assurance Executive Committee (IMTAEC). Executive
committees are the standing parent group responsible for Policy-setting in an area of activity at the
AICPA. Joel serves on the Editorial Board of “The CPA Journal” and formerly served on the
Editorial Board of “Bank Accounting and Finance.” Since May of 2012, Joel has instructed the
graduate Internal Controls and IT Auditing courses at NYU’s Stern School of Business. He is also
an Adjunct Professor in the School of Business at The State University of New York – College at
Old Westbury.
Friday, March 13, 2015
Full-Day Program
Check-in and breakfast begin at 8:00 a.m. Program begins at 8:30 a.m.
Lunch will be served at approximately 12:00 p.m. Dress is business casual.
How to Register:
Please use the following on-line registration link: http://www.cvent.com/d/grqlsk/4W
If you are having trouble with the link, notify Jared Greco at jagreco@deloitte.com. Cancellations
must be made at least 24 hours prior to the event by contacting Robert McNair at mcnair@bnl.gov.
For making payments offline:
You should register on-line (see above) and in the payment section, select “check” or "other." If
not registering on-line, please contact us at LongIslandIIA@yahoo.com, or call Robert McNair at
(631) 344-5921 at least 24 hours before to reserve your seat. Then complete and enclose this
registration form along with your check made payable to the IIA Long Island Chapter and mail to:
Institute of Internal Auditors LI, P.O. Box 442, Smithtown, New York 11787 or bring it the day of the
seminar.
Name(s)
Total
IIA Member
$175 Each
Non Member
$225 Each
$
$
No. of Prepaid
Subscriptions
Applied
Student
$30 Each
CPE
Y/N
CPD
Y/N
#
Company Name:
_______________________________________
Address:
________________________________________
Phone Number:
________________________________________
E-Mail Address:
________________________________________
Directions to the Melville Marriott:
From New York City: Take the Long Island Expressway (Route 495) to Exit 49 South. Take the
Ramp (right) onto the South Service Road. Turn left (North) onto Old Walt Whitman Road (Walt
Whitman Road).
From Eastern L.I.: Take the Long Island Expressway (Route 495) to Exit 49 North. Take the
Ramp (right) onto the North Service Road. Turn right (North) onto Old Walt Whitman Road (Walt
Whitman Road).
The Melville Marriott phone number in case of weather emergency: (631) 423-1600