Level 17a Level 17b
8:45 – 9:00 am Opening Remarks
9:00 – 10:00 am
Opening Keynote - Save Yourself the Cost of a Privacy Breach and Damage to Your Reputation: Embed Privacy by Design
Opening Keynote - Save Yourself the Cost of a Privacy Breach and Damage to Your Reputation: Embed Privacy by Design
Privacy infractions and data breaches are abounding, not to mention daily cybersecurity attacks. If you don’t embed privacy and security proactively, by design, into your operations, you’ll pay the price. Class-action lawsuits abound, but the cost to your brand – and to your reputation – may be irreparable. Get ahead of the problems and prevent the privacy harms from arising.

Dr. Ann Cavoukian

10:05 – 10:25 am AM Break AM Break
10:30 – 11:20 am
Auditing in the World of Robotics and Artificial Intelligence
Auditing in the World of Robotics and Artificial Intelligence
Until 1950s the term “auditing” consisted primarily of auditing numbers.  All that changed in the 1960s when computers were adopted by leading edge corporations. Auditors quickly responded and the profession of Information Technology auditing was born.  However, the young profession primarily dealt with auditing numbers as well as  accounting systems and assessing their security and controls. The profession kept pace with technology changes and evolved to include risk management, governance, and more sophisticated controls. Now the profession is facing additional challenges; robotics, artificial intelligence, big data and data analytics are just a few of the areas in which the IT auditor can, and must provide additional services. This session explores the emerging need for expanded audit services and need for new audit, operational and performance standards.

Robert Parker

Digital Transformation, Risk Management and Governance
Digital Transformation, Risk Management and Governance
Going digital is no longer an option for organizations today. Customer expectations and demands have grown and newer choices are constantly emerging.  Aligning with the market while safely transitioning to the target state (products or customer experience or internal capabilities) is a challenge for CXOs. Making Sensible choices to drive revenues up and costs down are key. Given the imperative for success, organizations need to realign their strategy and undertake a safe and risk intelligent Digital Transformation.  While, Business wants to roll out products / services to drive better customer experience & expand sales channels, Risk & Control groups in the org. are thinking about how they evolve to support the business while also pondering about how risk management and compliance functions themselves should embrace digital to modernize.  Audit / Assurance groups are challenged with the need to modify their engagement model and audit approach to providing advisory services to the program and assurance to stakeholders on these transformative programs. As IT Risk, Governance and Audit Professionals, it is really key for us to understand what Digital Transformation (DT) really is, what are the net new risks introduced by DT, how conventional risks could increase in their significance or likelihood and the sources of such risks. Successful organizations are those that embrace DT in a Risk Intelligent manner. Being risk intelligent involves gaining a deep appreciation of both the risk landscape and governance requirements and in undertaking carefully planned and calibrated activities across all three lines of defense. This is the core of what we will let participants take away from this session.

Baskaran Rajamani

11:25 – 12:15 pm
A Casual Mapping Tool for Auditors: Process and Results
A Casual Mapping Tool for Auditors: Process and Results
The information available to auditors is growing exponentially.  Semi-structured or unstructured big data contains a wealth of information that allows auditors to better explore the status of the auditee’s programs, services, and operations.  Deep Learning, a specialized form of artificial intelligence, provides opportunities for auditors to tackle this challenge. It is an efficient way to identify patterns without intensive human intervention while using more streamlined preprocessing steps than the ones used by more traditional data mining approaches.  It doesn’t create “new” audit evidence, as much as enrich existing evidence, by identifying related concepts or topics, linking them together, extracting underlying patterns out of a large volume of unstructured documents. The team will present how it applied this innovative technology, through a collaborative effort between auditors and machine learning specialists.

Yves Genest, David Long, Matt Lemay

Data Analytics - Using AI and Machine Learning to Enhance Audit Efficiency and Assurance
Data Analytics - Using AI and Machine Learning to Enhance Audit Efficiency and Assurance
This presentation will demonstrate through case studies how using data analytics, specifically AI and Machine Learning, can enhance audit efficiency and assurance by detecting anomolies in a population of data. We will provide the following in our session:  * information on how data analyics can be used in the audit process; * how AI and machine learning can be used to detect anomolies; * how this can increase the efficieny and assurance obtained in the audit process; * examples through case studies to demonstrate how this can be executed and the technologies used to do so.

David Florio, Eric Au

12:15 – 1:15 pm Lunch Lunch
1:20 – 2:10 pm
Building a translation layer between IT, Operations, and the Business
Building a translation layer between IT, Operations, and the Business
Boards around the globe are worried about cyber security, but the reports and information they receive from security teams often get into details that boards aren’t trained to understand — or don’t really need to know. When a single cyber breach can displace a CEO or unseat boards, it’s essential that boards and executives have the ability to make informed, confident and effective decisions. CISOs need to understand where your assets are, who owns them, and who’s responsible for maintaining them. But the business leaders need more than just an understanding of IT governance. They need to know how cyber risk affects their ability to effectively deliver products and services, their financial exposure, what’s being done to control those risks, and know where they need to prioritize security investments to protect the organization. And it’s not about ‘dumbing down’ the security content, but rather putting it into a context that business leaders can understand and evaluate. In this session, you’ll learn how CISOs can effectively communicate cyber security information to business unit leaders, boards, and executives, putting the data into a business context to “speak the language” of the board room. We’ll look at successful GRC (Governance, Risk & Compliance) programs can build a translation layer between technology, business, and operations. For many organizations, when these groups collaborate effectively it can become a ground-breaking advancement in protecting the company in an ever-changing business environment.

Melissa Cohoe, Glenn Gower

Criteria for Evaluating the Integrity of a Set of Data
Criteria for Evaluating the Integrity of a Set of Data
This presentation will cover the criteria and professional standards applicable to services related to the criteria. It will discuss how the criteria and professional standards can contribute to improving data based decision making. Part of the session will be interactive to enable participants to exchange information about current practices used to assure the integrity of data used for decision making and how current practices might be transformed and improved through the application of the data integrity criteria.

Efrim Boritz

2:15 – 3:05 pm
Auditing the Big Picture: Best Practices and Lessons Learned from integrating IT Audits with the Finance, Operations, and others
Auditing the Big Picture: Best Practices and Lessons Learned from integrating IT Audits with the Finance, Operations, and others
A modern IT audit cannot simply be performed as a rote checklist exercise. Inelastically relying upon a “reperform last year’s file” approach may feel comfortable, but it increases the risk of generating a false sense of security where auditors examine what’s easy to assess, rather than focusing on the current area of greatest risk. Strong internal audit functions are continually evolving their approaches, performing dynamic integrated risk assessments on each engagement to identify the areas of greatest risk to the enterprise, including both IT and financial elements among others. After addressing the critical planning and risk assessments steps, we will pivot to reviewing entertaining and intriguing real world examples, sharing best practices and flagging potential pitfalls which may occur when conducting integrated reviews: * Asserting effective IT General Controls to place reliance on automated controls * Identifying when data conversion audits are needed * Leveraging visual analytics to detect outliers and quickly mine complex data sets for insights * Examining the state of user training and readiness prior to go-live of new enterprise systems * Managing the human element of IT audits: effectively managing and motivating engagement teams composed of diverse backgrounds and experiences

Andrew Krupowicz, Mark Samson

Innovation, Culture and RPA - the need to change how we work and the risks getting there
Innovation, Culture and RPA - the need to change how we work and the risks getting there
The growing need for more controls, the added layers of ‘red tape’ or bureaucracy, and the increasing number of regulations has led to innovation and creativity being stifled. Organizations are beginning to realize this is a gap which is hindering their ability to grow and react to the changing marketplace. Trying to re-create an innovative culture where ideas can be explored in a world where risk management can be stifling is not an easy endeavour that comes with varying pitfalls. In this session we will look at why innovation should be a key aspect to the future of any organization, what today’s innovative culture can look like and how RPA, one small component, is adding to that path to an innovative and creative culture.

Caroline Alleslev

3:10 – 3:30 pm PM Break PM Break
3:35 – 4:00 pm CCITAGS Wrap-Up  & Closing Remarks
Post-Conference Workshop