Professional Documents
Culture Documents
September
2015
2016
CATALOGUE
OF EVENTS
INTERNAL AUDIT & RISK MANAGEMENT
INFORMATION SECURITY
FRAUD / IT AUDIT
1 WWW.MISTI.COM
+44 (0)20 3819 0800
CONTENTS
06 Training Weeks
49 Fraud
59 IT Audit
73 Information Security
We are delighted to introduce the newest feature of our website the MISTI blog. Here
you will gain an insight into not just MISTI but also, compelling, valuable resources
and information for Internal Auditing, Risk Management, Fraud and Corruption and
Information Security.
We are thrilled to have the ability to share our knowledge and experience through this
portal. If you have any suggestions on topics and subject matter, or questions for our
trainers or speakers, then we want you to let us know. Get in touch, either by twitter,
linkedin or email misti@misti.com
Visit misti.com to find out more about our blog and latest developments from MISTI!
i How to Register
You can find out more information about
all of our events and register online.
Please visit www.misti.com
to find out more information about all our events.
MISTI@MISTI.COM
@mistieurope 2
WHY CHOOSE MIS TRAINING INSTITUTE?
Our Experience & Reputation Our Courses
Having trained over 200,000 professionals MIS Training Institute have over 80 training
worldwide, we are the global leader in Audit, courses to choose from. This means that
Risk, Fraud and Security Training. you can find a course to suit your needs and
interests whatever level youre at within your
With over 35 years experience, we are career.
the choice for companies who want their
employees to gain skills to really help All our courses have a very practical focus
improve their organisation and deliver a real and contain real life case studies, exercises
Return of Investment from training. and knowledge based learning. This enables
you to implement your new skills as you
We have worked with some of the most return to your office.
prestigious companies in the world
including: All courses are updated regularly to meet the
latest legislative and market challenges. You
European Central Bank Barclays Bank will leave all of our training courses with both
Euroclear NYSE Euronext current and emerging best practice guidance.
Kuwait Petroleum International Criminal
Maersk Group Court Upon completion of the training course
Riyad Bank BAE Systems you will be awarded with your Continual
NATO Central Bank of Professional Education (CPE) points and
DVB Bank Nigeria Continuing Professional Development (CPD)
BP KCB Bank Group Certification. You will also be given an MIS
Gulf International Bank NMBS Holding
Training Institute Certificate which will have
Ghana Civil Aviation AXA International
the details of the course that you attended.
Saudi Aramco Deutsche Bundesbank
BDO GlaxoSmithKline
In-house Training
3 WWW.MISTI.COM
+44 (0)20 3819 0800
Our Conferences Our Faculty of Course Directors
MISTI typically delivers 6-10 international All our course directors have at least 15
conferences a year specialising in the areas years of practical business experience.
of information security, corporate security; Having reached the top of their profession
fraud and anti-corruption; internal audit as Heads of Departments for some of
and technology audit - reaching to the wider the biggest companies in the world, they
spheres of risk, assurance, governance combine academic knowledge with years of
compliance, integrity and protection. The business and industry experience.
well-established MISTI conference portfolio
includes new events that are added annually Many are published authors and sit on
to complement its flagship events across boards of associations such as the IIA and
Europe, Africa, the Middle East and Asia- ISACA. You are guaranteed personal face-
Pacific. All Conferences are CPE accredited. to-face time with your course director as we
always limit the amount of people attending
shook@misti.com / +44 (0) 20 3819 0809
a course.
MISTI@MISTI.COM
@mistieurope 4
INHOUSE TRAINING
5 WWW.MISTI.COM
+44 (0)20 3819 0800
TRAINING WEEKS TW
SAVE 10%
Book + Book
Part 1 Part 2
i Training week
courses are marked
inside the catalogue TW
with this symbol
MISTI@MISTI.COM
@mistieurope 6
01 INTERNAL AUDIT TRAINING WEEKS
The Fundamentals of Internal Audit Training Week
Part 1: Fundamentals of Internal Auditing Lin Bartlett
14-18 March, Amsterdam
Part 2: Audit Report Writing 9-13 October, Dubai
5-9 December, London
7 WWW.MISTI.COM
+44 (0)20 3819 0800
02 FRAUD TRAINING WEEKS
Fraud Testing and Integration Training Week
Part 1: Fraud Testing: Integrating Fraud Detection Len Vona
into your Audit Programme 9-13 May, London
MISTI@MISTI.COM
@mistieurope 8
01
I N T E R N A L A U D I T
& R I S K M A N A G E M E N T
AGENDA AT A GLANCE
Day One: Introducing Day Two: Developing the audit Day Three: Exploring audit finding
internal auditing programme and evaluating and developing the audit report
internal controls
The role of the internal audit Fieldwork techniques and
department and characteristics of An introduction to the COSO applications
an effective department Control model The five attributes of an
The internal audit governance Audit communications and audit finding
framework interview strategies The Audit Report: Understanding
Understanding the role of the Evaluating and documenting your audience and user friendly
internal auditor internal controls report structures
The audit model performance Reviewing audit programmes and Issuing timely reports and closing
of audit work testing: case study the audit assignment
AGENDA AT A GLANCE
MISTI@MISTI.COM
@mistieurope 12
INTERNAL AUDIT & RISK MANAGEMENT
EFFECTIVE INTERNAL AUDIT
TW 24CPE
39CPE
Learn tools and techniques and put them into practice with practical exercises
Appreciate the benefits of risk based auditing to audit different
business functions
Explore why communication sometimes seems difficult and discover
improvements you can make to your communication with clients
Identifying internal audits role in detecting fraud
Discuss current best practice audit techniques and gain confidence in
undertaking risk based audits
AGENDA AT A GLANCE
Day One: Where is internal audit Day Two: Communicating with Day Three: Auditing Procurement
positioned in your company? your stakeholders and Major Contracts
Internal auditing today: Understanding the key stakeholder Identifying core purchasing
leading trends needs and expectations activities and control objectives
Understanding the overall Developing listening skills Assessing governance, policies
assurance framework Conducting effective interviews and procedures
What is risk based auditing? The importance of both verbal and Understanding the contracts and
The 6 Es of auditing non-verbal communication audits required
Reviewing contract management
risks
Day Four: Auditing different Day Five: Corporate Culture and
business functions preventing fraud
Why sales and marketing is often Understanding the importance of
hard to audit the corporate culture
Reviewing risks in the sales to Identifying ethics and governance
receivables process and key risks
Auditing the human resources Techniques for preventing fraud
(HR) function Using the computer to detect fraud
Case Study: develop audit terms of
reference for a risk based audit of
recruitment
13 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
EFFECTIVE INTERNAL AUDIT
TW 24CPE
AGENDA AT A GLANCE
Day One: The Lead Auditors Role Day Two: Planning, Development Day Three: Project Management
and Managing Fieldwork and Internal Audit
Defining the role and
responsibilities of the lead auditor Understanding the role of risk in Applying project management to
Selecting and leading the team the Internal Audit function internal audit
Assuring the quality of the audit What is risk-based auditing? Using project management to plan
your audits
Discussing the different types of Areas to consider for a more
internal audits and their emphasis productive audit Managing the audit team and
client responsibilities
Understanding the differences Managing Fieldwork
between diverse assurance Dos and donts of effective meeting
Top Tips for effective
providers and managing the management and communications
report writing
relationships Identifying internal audits role in
fraud awareness
MISTI@MISTI.COM
@mistieurope 14
INTERNAL AUDIT & RISK MANAGEMENT
EFFECTIVE INTERNAL AUDIT
TW 24CPE
Learn what Six Sigma is about and how to leverage the principles for better
internal controls
Identify critical operational issues, develop better recommendations and
improve efficiency
Understand the phases of Six Sigma, project scope and goals
Master the application of metrics to determine effectiveness and efficiency
Discover how Six Sigma can enhance your ERM and GRC processes, while
reducing costs and wasted time
AGENDA AT A GLANCE
Day One: Terminology, Key Day Two: Six Sigma Soft Skills Day Three: The 14 Principles
Concepts and Phases and Training of the Toyota Way
The Define Phase: The Control Phase: Verifying Understanding Operational
Defining the problem process performance Auditing and Consulting
The Measure Phase: Identifying, Implementing team building The importance of Collaboration
collecting information and and techniques for conflict in the development of solutions
mapping the data management
Applying the 14 Principles to
The Analyse Phase: Employing Outlining types of statistical your organisation
data and metrics to determine the analysis and variables
root cause of defects Leveraging the Principles to
Identifying training needs and develop the human capital
The Improve Phase: the effectiveness of training
15 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
EFFECTIVE INTERNAL AUDIT
TW 24CPE
15CPE
AGENDA AT A GLANCE
MISTI@MISTI.COM
@mistieurope 16
INTERNAL AUDIT & RISK MANAGEMENT
EFFECTIVE INTERNAL AUDIT
TW 24CPE
PROJECT MANAGEMENT
FOR INTERNAL AUDITORS
Improving Audit productivity with project management
AGENDA AT A GLANCE
Day One: Defining and Exploring Day Two: Techniques to improve Day Three: Understanding the
Project Audits the outcome of a project scope and requirements
Defining project management and Outlining successful audit / Defining project scope
the project management process project management key factors and requirements
Exploring project managements Using project management Producing a project plan
relevance to audit to plan audits
Conducting meetings
Expanding audit project Improving time management and interviews
leaders core competencies
Developing early warning systems Focusing on communication
Outlining 9 knowledge areas motivation and problem-solving
of project management Minimising your
investment in fieldwork Meeting todays audit challenges
Identifying problems with project management
early in the process techniques
17 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
Identify your own style of communication using DiSC and proactively adapt
to your audit clients style
Develop the ability to obtain more information in interviews with your
audit clients
Learn to sell your audit findings even when faced with resistant management
Practice diffusing conflicts and tense situations in audit status and
closing meetings
Influence change through improved acceptance of audit results
AGENDA AT A GLANCE
Day One: Communication Styles Day Two: Interview and Meeting Day Three: Influencing
and Introducing Interview and Techniques (continued) and Outcomes Communicating
Meeting Techniques Managing Conflicts about the audit report
Using DiSC, identify your own Follow-up: Information Positions Identification of your
communication style, how it affects confirmation, action items audit clients and establishment of
your approach and identifying your own
others communication styles Practicalities: Note-taking,
logistical considerations Setting (and resetting) the tone
The impact of physical and visual
characteristics on your message Checklists for before and after Agreeing on an outcome for the
meetings, example meeting audit report
Essential steps for preparing outlines, list of suggested
for and running meetings and interview questions Managing your audience
interviews Dealing with different styles of
Establishing a baseline what communication at the same time
Preparation: Background work parts of your audit finding are
and outline, anticipated deviations, factual, what parts are not Exercises and Personal Action
auditor participant roles Plan development
Reason(s) for objection to the audit
Execution: Stage-setting finding: Facts, tone, responsibility
and rapport, Hearing versus
Listening, questioning techniques,
restatements and wrap-up MISTI@MISTI.COM
@mistieurope 18
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
AGENDA AT A GLANCE
Day One: Introducing Risk-Based Day Two: Creating a Risk-Based Day Three: Delivering the
Internal Auditing Internal Audit plan for your Risk-Based Internal Audit Report
organisation
Understanding risk based internal Reporting and internal control
auditing Developing a risk-based audit plan Delivering a risk-based internal
Risk management within the How to guide terms of audit report
business reference, documentation, testing, Considering the format of a risk-
Corporate Governance and evidence based audit report
Exercise: Creating a corporate risk Case study in creating a risk-based Is your organisation ready for
register for an organisation internal audit plan risk-based internal auditing?
Consider evidence and
challenges for internal audit
related to evidence
19 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
15CPE
Learn who should be consulted and whether you are consulting too widely
Discover best practice ways of linking IA plan to key risk areas, while delivering
core assurance areas
Discuss how to factor in value and value-add into the planning process
Identify ways to use the planning process to deepen the relationship between
audit and senior stakeholders
Uncover best practices around longer term planning horizons, the annual plan
and ad hoc audit work
AGENDA AT A GLANCE
MISTI@MISTI.COM
@mistieurope 20
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
15CPE
CONTINUOUS AUDITING -
MAKING THE CHANGE
A how to guide on implementing continuous auditing in your organisation
AGENDA AT A GLANCE
21 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
Effectively integrate data analytics and CAATs into your audit processes
Plan for data access
Use technology to achieve desired audit results more efficiently and effectively
Progress from basic analysis into a fully automated mode
Design effective strategies and programmes to ensure sustainable results
AGENDA AT A GLANCE
Day One: The business case for Day Two: Common analyses in Day Three: Moving towards
audit analytics major business processes Continuous Auditing
Integrating data analytics across Discovering advanced analytic Overcoming common
the audit process design techniques implementation hurdles
Outlining the pros and cons of Verifying standard data Organising your audit team while
common data analysis tools developing and maintaining skills
Leveraging external data sources
Understanding the analytic Reporting and interpreting results
development cycle Developing appropriate standards
Implementing dashboarding and
Planning for data access Making analytics repetitive
visual analytics
Exploring data access options Discovering spacial relationships
and file types and mapping
MISTI@MISTI.COM
@mistieurope 22
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
This course will ensure that you leave with knowledge not only of theory,
but also how to put the theory into practice. Participants will receive sample
documents, diagrams and checklists to support them in applying this new
learning into their day jobs.
AGENDA AT A GLANCE
Day One: The Background Day Two: Audit Planning Day Three: Audit Delivery
and Basics and Delivery and Reporting
Setting the VFM scene VFM Techniques The three Es Case Studies
Context and Definitions Defining the audit questions Audit Completion
The three Es of VFM Planning the VFM Audit VFM Audit Reporting
Developing a VFM Audit Overview of the VFM Process Exercise: Demonstrating the
Programme Value Added
23 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
FINANCIAL ANALYSIS
FOR INTERNAL AUDITORS
Understanding accounting statements and their relation to financial audits
AGENDA AT A GLANCE
Day One: Rules, Regulations and Day Two: Financial Analysis Day Three: Cash Flow, Budgets and
Financial Statements and Risk Forecasts
Outlining rules and regulation Uncovering key items in accounts Understanding the statement of
for risk analysis cash flows
Analysing accounting statements
and understanding terminology Commencing elementary financial Exercise: Calculating and analysing
analysis operating cash flow and related
Discovering how accounting
ratios
statements fit together the dual Conducting ratio and
effect trend analysis Analysing budgets, forecasts and
business plans
Applying the dual effect Analysing the notes to the financial
statements Camouflaging the numbers
Exercise: Identifying accounting
how its done and how to spot it
entries for different transactions Exercise: Considering the
to produce a simple income significance of notes from Pulling it all together final
statement and balance sheet a business and control risk case study
perspective
MISTI@MISTI.COM
@mistieurope 24
INTERNAL AUDIT & RISK MANAGEMENT
TOOLS AND TECHNIQUES
TW 24CPE
AGENDA AT A GLANCE
Day One: Introducing the standards Day Two: The external assessment Day Three: Creating a cost-
and principles of Quality Assurance process and reporting results effective quality assurance and
improvement process
The quality assurance and Surveys and questionnaires: Issues
improvement programme and analysing the results The requirement for periodic
Exploring the external quality Understanding the compliance internal assessments
assessment options requirements Learning from the outcomes
Determining the optimal focus Management response and of other external and internal
and scope and obtaining senior developing an action plan assessments
management buy-in Building ongoing improvement
Determining audit committee
Securing the right team involvement Reviewing a sample quality
assurance and improvement
programme
AGENDA AT A GLANCE
Understand client aims and set out The key phases of a consultancy
objectives and terms of reference engagement or project
for the assignment Using project planning tools to aid
Evaluating fraud awareness and the 3 Es
identification of red flags Persuasion and writing skills and
Implementing continuous auditing effectively communicating your
results
Identifying business improvement
opportunities Developing and managing the
client relationship
Recognising and managing the
politics
MISTI@MISTI.COM
@mistieurope 26
INTERNAL AUDIT & RISK MANAGEMENT
MANAGING AND LEADING THE INTERNAL AUDIT DEPARTMENT
TW 24CPE
39CPE
AGENDA AT A GLANCE
Day One: Internal Audit in evolution - Day Two: Managing audits role, Day Three: Managing key
Exploring the challenges remit and skill base - Achieving relationships - Making them work
the right balance through your for you, not against you
The changing role and status of
internal audit future vision
Engaging with the board and audit
What makes an effective Head of Developing a compelling strategic committee
Internal Audit? vision Working with external audit:
The drivers for change Benchmarking against current good resolving issues
practice: where do you stand? Getting it right with management:
Lessons from recent business
disasters Building audit team capability: co- achieving buy in
sourcing, recruitment and retention Leveraging the contribution of other
assurance providers: assurance
mapping and integrated assurance
Day Four: Managing risk - Day Five: Improving audit
Optimising audits contribution effectiveness, productivity and
communication
Internal audits role in enterprise Networking Opportunities:
risk management: establishing the Demonstrating added value:
boundaries Internal Audit Key Performance London Networking Dinner at the
Defining and communicating risk Indicators (KPIs) exclusive Institute of Directors (IoD)
appetite Benchmarking against best Dubai An evening on a Dhow cruise
Embedding risk management and practice: Over 200 strategies for
Dhow cruise and networking dinner?
developing KRIs maximizing value
Developing a marketing strategy South Africa A networking dinner
for internal audit on the Waterfront
27 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
MANAGING AND LEADING THE INTERNAL AUDIT DEPARTMENT
TW 24CPE
30CPE
Discover how changing times demand changing roles of todays audit leaders
Gain insights into your leadership style and determine whether it is helping
or hurting your efforts
Ensure that your department is able to add real value and address key
issues effectively
Learn negotiation, communication and influencing techniques that will enhance
your impact and working with senior management and within your audit team
Examine the role of the audit leader in proactively making and taking
difficult decisions
AGENDA AT A GLANCE
Day One: Leading a world-class audit department Day Two: Core competencies of internal
audit leadership
The evolving role and status of the audit department
The theory of effective GRC, ERM, etc. but is Examining the different roles of audit leaders
it realistic? Considering your leadership style
What are the best organisations doing to manage risk Paying Attention to the formal and the
and ensure compliance? informal dimensions
The Chief Audit Executive role, position and managing Considering the Audit Committee and the
stakeholder relationships Executive Team
Day Three: Removing obstacles to high performance Day Four: Final best practice review
Improving Outputs from the Audit Function to enhance Understanding lean audit techniques to supplement
IA Credibility and Impact your learning
Exploring key performance indicators that really work Leveraging the work of other assurance providers
How lean auditing techniques can help maximise the Implementing IA Metrics and Milestones to
value add and effectiveness of IA ensure future support
Preparing for an External Quality Review (EQA) / QAR Creating a practical and realistic final action plan
MISTI@MISTI.COM
@mistieurope 28
INTERNAL AUDIT & RISK MANAGEMENT
MANAGING AND LEADING THE INTERNAL AUDIT DEPARTMENT
TW 24CPE
AUDITING GOVERNANCE,
STRATEGY AND RISK MANAGEMENT
A practical guide to auditing critical boardroom processes to comply with the latest IIA standards
AGENDA AT A GLANCE
Day One: Risk Assurance Day Two: Internal Audits Day Three: Understanding Risk
role in strategy Management
Learn how to provide assurance
on risks and controls to strategic Auditing governance processes: Assessing risk management
objectives delegations, reporting and maturity
Establish which governance areas disclosure
Auditing risk management
to audit and how to do it IT and project governance: some processes and key risks
Develop the business case for considerations
Assurance mapping and integrated
internal audit involvement Performance management and the assurance
Become a catalyst for improvement links to strategy
Gaining buy-in from the board
without compromising your Auditing strategy: possible and audit/risk committee
independence approaches
Managing risks to internal audit
Take away practical checklists and Internal audits potential role
sample audit programmes at each stage of the strategy
development and execution
process
Internal audits focus: the 3Ps
29 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
RISK MANAGEMENT, GOVERNANCE AND COMPLIANCE NEW TW 24CPE
15CPE
AGENDA AT A GLANCE
AGENDA AT A GLANCE
Day One: Building a Day Two: Promoting and Day Three: Maintaining
solid foundation enhancing enterprise risk momentum and embedding ERM
management
Defining ERM and the core Dealing with new and emerging
components of an ERM framework Identifying business risks risk challenges including cyber and
extended enterprise risks
Establishing and communicating Assessing, prioritising and
risk appetite responding to risks: Winning hearts and minds:
Making the business case for ERM
Roles and responsibilities: the Black swans, risk resilience and
boards critical role reverse stress testing Embedding risk management:
CRSA and KRIs
Clarifying internal audits and Monitoring and delivering
risk managements respective assurance Adapting your approach as risk
responsibilities management evolves
Reporting risk internally and to
Assessing risk maturity and external stakeholders (disclosure Getting started: Targeting quick
developing your ERM strategy statement examples) wins
Hints and hazards
MANAGING STRATEGIC
AND REPUTATIONAL RISK
The essential guide for Directors, Internal Auditors and Risk Managers
AGENDA AT A GLANCE
Day One: Managing Strategic Risk Day Two: Managing Reputational Risk
Demystifying strategic risk Unravelling reputational risk
Developing and executing strategy Stakeholder mapping and identifying reputational
hotspots
Environmental scanning options and selecting strategic
direction Exploring strategies for managing risks to reputation
Communicating and implementing strategy and Monitoring and providing assurance: KRIs and the
monitoring execution reputation risk barometer
Assessing, responding to and providing assurance on Communicating to stakeholders: reputation risk
strategic risks reporting
External reporting of strategic risks (sample Towards a sustainable reputation
disclosure statements)
AGENDA AT A GLANCE
Day One: Understanding the Day Two: Risk assessments Day Three: Evaluation and
revised framework and controls communication skills
Whats new, whats changed Applying SOX and similar Communicating the principles and
and what has stayed the same: financial reporting regulations changes across your organisation
summary of the framework
Risk Assessment: analysis of risk Evaluation Techniques: For audit
Discussing the 17 principles and assessment principles projects and entity-wide
related points of focus
Identifying risk assessment Reporting Cultural Issues
Applying the framework in strengths and deficiencies: Case
practice Study Summary of key points and game
plan for applying the framework
Probing the principles of Control Activity: Analysis and to your organisation
control environment discussion of principles and
focus points
E
nsure that your HR Function complies with legislation, procedures
and policies
Discover techniques to identify, mitigate and manage risks associated with HR
Assist HR in supporting corporate governance frameworks with regard
to key sub-committees of the board
Overcome the various challenges facing organisations and their people
such as downsizing and rapid growth
Learn how to spot fictitious employees on the payroll or past employees
still being paid
AGENDA AT A GLANCE
Day One: Introducing HR and its Day Two: Preparing your HR Audit Day Three: Undertaking your
specific legislation HR Audit
Exploring an internal and external
Defining Human Resources risk factors for HR Focus on payroll audit- terms of
Analysing possible fraud risks reference, fieldwork, testing and
Reviewing theoretical, historical
in HR emerging findings
and legislative influences upon HR
Preparing risk assessments and Reporting for an HR Audit
Exploring the lifecycle of an
employee your audit strategy Global challenges for HR Audit
Examining the key Corporate Considering best practice and the Understanding and discussing
Governance influences significance of benchmarking the challenges facing the internal
Defining the scope for an audit, audit team while undertaking the
Discussing the role of HR in
including payrolls, recruitment, HR audit
integrity and ethical value
performance appraisal and training Implementation of course
and development learnings back in your office
MISTI@MISTI.COM
@mistieurope 34
INTERNAL AUDIT & RISK MANAGEMENT
FUNCTIONAL AND PROCESS AUDITING
TW 24CPE
AGENDA AT A GLANCE
Day One: Introducing the Day Two: Using the COSO Internal Day Three: Putting course
purchasing function and the Control model as a basis for learnings into practice
role of Internal Audit considering the different aspects
Conducting a financial audit of
of assurance purchasing
Understanding the objectives of
purchasing Providing assurance over the Testing compliance with internal
Outlining the role and scope purchasing process control processes
of internal audit in relation to Assessing the control environment Conducting audit exercises on
purchasing activity standard purchase areas and
Auditing the identification,
Discovering different audit assessment and management of controls
approaches purchasing risks Assessing the extent to which
Applying the risk-based audit Identifying standard controls, purchasing is achieving economy,
approach to the purchasing process policies and procedures for the efficiency, effectiveness, ethics,
components of purchasing equity and ecology
Adding value by expanding the
purchasing audit coverage into Auditing monitoring and oversight Providing consultancy for the
value for money considerations mechanisms to support robust purchasing process
purchasing controls
35 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FUNCTIONAL AND PROCESS AUDITING
TW 24CPE
Understand the supply chain and the relationships with your suppliers
Build best-practice processes for planning your supply chain audit from
start to finish
Manage all forms of supply chain risk political, legal, environment,
financial and reputational
Tackle minor, growing, global and more complex supply chains
Audit anywhere in the supply chain cycle set up, due diligence, the
tendering process and service level agreements
AGENDA AT A GLANCE
Day One: Auditing the Supply Day Two: Auditing the Supply Day Three: Auditing Start-ups,
Chain Part One Chain Part Two Contracts and Service Level
Agreements
Reviewing the big picture Implementing data collection,
overview of a supply chain, third controls evaluation and testing The start-up phase of a supply
parties and outsourcing chain project initiation, process
Reporting for improvement:
Discovering the varieties and types gaining management buy-in to design, invitations to tender,
of supply chain configurations you findings and commitment to evaluation process and contract
will encounter action negotiations
Understanding the core concepts Understanding complexities in the The implementation phase of
of the nature, objectives Supply Chain and relationships a supply chain project getting
and benefits of supply chain with suppliers things working, ensuring adequate
management monitoring and management
Discovering how supply chains information
Including Supply Chain audits in grow and become more complex
the Internal Audit strategy and Working with regulators and
annual plans Practicing successful processes managing the media
for crisis, contingency and
Planning the audit assignment: disaster recovery planning in Auditing the hard issues in supply
as assurance and as a project to the supply chain chain management
be managed Consolidating different learnings
and providing assurance on
effectiveness
MISTI@MISTI.COM
@mistieurope 36
INTERNAL AUDIT & RISK MANAGEMENT
FUNCTIONAL AND PROCESS AUDITING
TW 24CPE
AGENDA AT A GLANCE
Day One: The Three Lines of Day Two: Moving on to more Day Three: Learning lessons
Defence model advanced techniques from the successes and failures
of other projects
Understanding the fundamentals Introducing Tame, Messy and
of risk management Wicked problems Communicating the level of
What do we mean by risk and Investigating the limitations project risk and mitigation to
uncertainty and how do we of quantative techniques: stakeholders
measure it? Net Present Value, Sensitivity Overcoming the challenges of
Analysis and Monte Carlo controls development
Explaining the difference between
simulation for Major Projects
opportunity (as the counter to Analysing the risk behind supply
risk) and value and how they are Understanding behavioural and chains and procurement
important for audit cognitive biases
Outlining an audit vision of
Reviewing the key reasons for Utilising ratio and trend analysis the future
failure in Major Projects
Undertaking scenario planning Reviewing the course learnings
Outlining the difference between
projects, programmes and
portfolios
37 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FUNCTIONAL AND PROCESS AUDITING
TW 24CPE
30CPE
AGENDA AT A GLANCE
Day One: Introducing a new way of business Day Two: Tools and techniques for Risk Analysis
process auditing - ORCA
Identifying key risks to achievement of business
Understanding the basics of business structure analysis objectives
Identifying emerging risks- ERM, internal and Applying traditional tools and techniques to process-
external risks based auditing
Assessing critical processes for your organisation by Analysing processes and examples and identifying key
performing a core structure analysis using COSO ERM outcomes, risks and control risks
principles
Day Three: Applying Process Auditing to Day Four: A Comprehensive Process Audit Case Study
operational areas
Developing an entire risk assessment and process
Brainstorming key risk indicators to identify business analysis in line with course learnings
risks Consider the exposure that business risks bought to
Determining audit objectives and real process owners your organisation and the root causes of each risk
Asking critical questions to process owners to evaluate Complete a visual based audit report of the audit event
effectiveness of risk oversight
MISTI@MISTI.COM
@mistieurope 38
INTERNAL AUDIT & RISK MANAGEMENT
FUNCTIONAL AND PROCESS AUDITING
TW 24CPE
39CPE
AGENDA AT A GLANCE
Day One: Emerging Risks Day Two: Understanding Day Three: Understanding
Cybercrime (Part 1) Cybercrime (Part 2)
Web 2.0 & Social Media risks
The impact of emerging risks on The cybercrime landscape From DDoS to Stuxnet
the audit process cybercrime techniques
Threat actors & their motives
explained (Part 2)
Online searching (Part 1) From hacking to malware
Online searching (Part 2)
cybercrime techniques
explained (Part 1) Social media searches
and anonymity
39 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FUNCTIONAL AND PROCESS AUDITING NEW TW 24CPE
You will discover how to identify the key aspects of every audit engagement
by focusing on the most critical business factors, which in turn will maximize
audit value in all areas of the conversion cycle. The modular seminar
materials you receive and the know-how you gain in this high-impact
seminar will prepare you to conduct value-added shop floor audits.
AGENDA AT A GLANCE
Day One: Potential Audit Day Two: Auditing Key Aspects of Day Three: Regulatory Issues
Review Areas the Manufacturing Process and Auditing R&D
Key areas that yield maximum Auditing Labour and Overhead Auditing Fixed Assets/Equipment
benefit to the company and the Application and Technological Change
audit department
Auditing Inventory Valuation/ Auditing Regulatory Issues of
Maximizing Audit Returns: Proven Control and Product Costing Significance
Tools and Methodologies
Auditing Order Fulfilment, Auditing R&D
Auditing Production Planning and Shipping, and Warehousing
Control
Auditing Materials Management
and Control
MISTI@MISTI.COM
@mistieurope 40
INTERNAL AUDIT & RISK MANAGEMENT
FINANCIAL INSTITUTION INTERNAL AUDITING
TW 24CPE
30CPE
INTRODUCTION TO BANK
INTERNAL AUDIT SCHOOL
Providing the key skills for internal auditors to commence
assignments within financial service institutions
AGENDA AT A GLANCE
Day One: How to Audit a Bank Day Two: Bank, Private and Investment Banking
Fraud and money laundering deterrence Credit scoring
Introduction to Basel Accord Develop an audit programme for personal lending
Deposits and Deposit Taking Reporting corporate lending
41 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FINANCIAL INSTITUTION INTERNAL AUDITING NEW TW 24CPE
39CPE
AGENDA AT A GLANCE
Day One: Auditing Enterprise Day Two: Auditing Operational Risk Day Three: Auditing Credit Risk and
Risk Management and the Credit Models
What is Operational Risk?
Risk Department
Operational risk, money Credit Risk
Enterprise Risk Management laundering deterrence and Credit Modelling
Corporate Governance financial fraud
Credit Risk Management
Stress testing and scenario The Building Blocks of Operational
Risk Developing an audit programme
modelling for credit modelling: case study
Key Risk Management Tools Reporting and monitoring of
operational risk
Day Four: Auditing Liquidity Risk, Day Five: Auditing Market Risk,
the IIA and Contingency Funding the ICAAP and the Recovery and
Resolution Plan
Liquidity Risk
The ILAA Market Risk
AGENDA AT A GLANCE
Day One: Auditing the Treasury Department Day Two: Auditing the Dealing Room and Back Office
Types of risk within a treasury area Develop an audit programme to address controls in a
dealing room environment
What should be in the audit planning memorandum for
the treasury audit? Auditing the Middle and Back Office
Auditing Asset and Liability Management Auditing Foreign Exchange and Foreign Exchange
Risk Management
Day Three: Auditing Interest Rate Risk Management Day Four: Rules, Regulations and Stress
and the Money Market
Auditing the use of Swaps and Associated Products
The risk and controls in modelling interest rate risk Sensitivity analysis, stress testing and scenario
Auditing the use of Money Market and Other Asset modelling
Classes What can go wrong in practice
Auditing the use of Derivatives and Forwar Transactions
43 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FINANCIAL INSTITUTION INTERNAL AUDITING
TW 24CPE
30CPE
AGENDA AT A GLANCE
Day One: Understanding Basel II and III Day Two: Considering Risk Management
Introducing the context of the financial crisis Discovering the fundamentals of quantitative analysis
Reviewing the Basel II and Basel III changes Analysing credit risk and credit risk management
Understanding the main banking risks and their Investigating operational risk management (I)
management
Auditing liquidity risk management
Exploring the basics of finance
Understanding structural interest rate risk
Investigating a case study of Barclays Bank
Day Three: Market and Trading Risk Day Four: Capital Risk Management
Discovering the fundamentals of market risk Commencing a capital assessment process
Analysing different types of market OTC, pit, Understanding Basel II principles for capital assessment
electronic
Discovering the principles of corporate governance
Trading and hedging
Outlining the role of internal audit
Understanding the difference between pricing models
and risk management models Discussing the roles of risk management and
internal audit
Auditing market risk management
MISTI@MISTI.COM
@mistieurope 44
INTERNAL AUDIT & RISK MANAGEMENT
FINANCIAL INSTITUTION INTERNAL AUDITING
TW 24CPE
30CPE
ASSET MANAGEMENT
INTERNAL AUDIT SCHOOL
Learn and understand the risks and management techniques
that are used within asset management
Understand the key issues related to risk, control and the internal audit
of asset management
Discuss risks within the asset management industry and the nature of
the controls that are applied in practice
Develop practical internal audit approached to the management of
the business
Design a series of internal audit programmes to meet the demands of
this complex audit area
Learn how to audit outsourced and third party service providers
AGENDA AT A GLANCE
Day One: The Asset Management Control Environment Day Two: Equity and Fixed Income Investments
Introduction to asset allocation, portfolio selection and Risks associated with international equity markets
performance evaluation
Risks of acquiring, managing and disposing of fixed
Risk appetite and its calculation income securities
The risk control environment and key audit focus areas Develop an audit programme for audit of fixed income
investment
Day Three: The Money Market and Day Four: Asset Allocation and Portfolio Management
Alternative Investment
Asset allocation strategies and risk management
Money Market Funds and role in asset management Service level agreements and third party contracts
The use of derivatives in asset management Key risk areas and common deficiencies/audit findings
Develop an audit programme for the audit of alternative in the world of asset management
investments
45 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FINANCIAL INSTITUTION INTERNAL AUDITING
TW 24CPE
AGENDA AT A GLANCE
Day One: Understanding IFRS Day Two: Auditing IFRS Accounting Day Three: Auditing and
Internal Control
Recapping IFRS financial Auditing the IFRS balance sheets
statements assets Auditing the IFRS income
Understanding the principles of Auditing the IFRS balance sheets statement
financial auditing liabilities Understanding transaction cycles
Planning an audit of IFRS accounts Auditing IFRS accounting and internal controls
the risk-based approach estimates (ISA 540) Analysing internal control the
Outlining other considerations for Auditing IFRS accounts related link to fraud
planning the audit party transactions (ISA 550) Gaining reporting best practice
Exercise: Calculating materiality Exercise: Considering accounting Exercise: Analysing audit errors
and performance materiality estimates, identifying appropriate and assessing their potential
thresholds accounting treatment and impact
suggesting relevant audit
procedures
MISTI@MISTI.COM
@mistieurope 46
INTERNAL AUDIT & RISK MANAGEMENT
FINANCIAL INSTITUTION INTERNAL AUDITING NEW TW 24CPE
Understand the key issues relating to control within the credit function and
its role in the business
Develop practical approaches and planning materials to auditing credit risk
that can be directly applied within your institution
Appreciate best practice techniques for the management of credit risk
Ensure you understand the main techniques currently employed and key
approaches to this developing subject
Develop a comprehensive audit programme for the credit risk
management function
AGENDA AT A GLANCE
Day One: Lending and Credit Day Two: Regulatory Requirements Day Three: Analytical Review and
Analysis and Audit Techniques Model Risk
Understanding the risks of Develop an audit plan to address Key challenges for credit risk
lending decisions personal credit and the Board
Difference in approach between Latest tools and techniques to How should the credit function
personal and corporate lending measure, manage and monitor consider complex transactions?
credit risk
Planning the audit of corporate Auditing credit risk calculations
credit Auditing credit risk sensitivity and
stress testing Develop an audit approach
Develop an audit plan to address for risk modelling and
corporate credit The implications of the Basel complex transactions
Accord for credit audit
47 WWW.MISTI.COM
+44 (0)20 3819 0800
MISTI@MISTI.COM
@mistieurope 48
02 F R A U D
How can your organisation uncover serious fraud
and corruption? And what should you do at the
time of discovery? How can auditors respond to the
risk of fraud and how can you build prevention and
detection measures into your audit plan?
50
INTERNAL AUDIT & RISK MANAGEMENT
FRAUD
TW 24CPE
30CPE
Prepare for a business process fraud risk assessment for audit programs
Learn to incorporate fraud risk assessments into the audit programme
Evaluate your organisations anti-fraud controls
Ensure that interviewing for fraud is a part of your audit process
Develop an effective fraud awareness program
AGENDA AT A GLANCE
Day One: Understanding how fraud occurs Day Two: Incorporating Fraud Risk Assessment and
Fraud Testing into your audit programme
Identifying what constitutes fraud in your organisation
Comparing approaches: internal audit, fraud audit and Techniques to assess the risk of fraud
forensic investigation How to build the fraud data profile: the step approach
Preparing a Business Process Fraud Risk Assessment for for data mining
Audit Programs Testing and evaluating the design of your anti-fraud
Establishing a score for mitigation of fraud risk by controls
internal controls Interviewing for Fraud in the Audit Process
Day Three: Internal Controls and Professional Standards Day Four: Fraud Investigations and Interviewing
Fraud control: prevention, detection, deterrence, Types of Interview and the correct approach
prosecution and approval
Appropriate collection and analysis of documentation
Developing fraud awareness programs
Initial steps to securing the admission
Misappropriation of Assets
Understanding the legal considerations
Financial Statement Fraud
51 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FRAUD
TW 24CPE
Learn to prepare a fraud risk assessment and integrate fraud audit procedures
into your audit programme
Become an expert in uncovering fraud in contracts, payroll, travel, and core
business systems
Identify steps that can be taken to prevent money laundering
Develop best practice plan to respond to whistle-blowers
Provide assurances to your board of directors that controls are in
place to prevent fraud
AGENDA AT A GLANCE
Day One: Understanding Fraud and Day Two: Fraud Testing in different Day Three: Equipment, Asset Fraud
Fraud Risk Assessments business units and Money Laundering
Understanding what constitutes Fraud Testing in disbursement, Identify specific audit areas
fraud and how it can be concealed procurement and payroll and procedures
How to assess fraud likelihood and Travel fraud audit procedures Understand how fraud occurs
exposure analysis at asset purchase and retirement
Corruption in the contract
Linking the audit programme to function Identify steps to be taken
the risk assessment against money laundering
Considering the audit implications
Building and integrating Fraud of the false claims act Fraud controls in Core
Audit Procedures Business Systems
MISTI@MISTI.COM
@mistieurope 52
INTERNAL AUDIT & RISK MANAGEMENT
FRAUD
TW 24CPE
15CPE
AGENDA AT A GLANCE
Day One: Data Mining: Introduction, Day Two: Data Mining for Fraud in
Plan, Strategies and Data Analytics Various Business Functions
Common Data Mining Mistakes Data Mining for Corruption
hidden bribe payments, suspicious
How to Build a Data Mining Plan
payments and locating conflict of
Use of technology to create reports interests
and work papers
Data Mining Company Credit
Data Mining for Shell Companies Cards and Payroll Fraud
Finding Ghost or Front Customer
Schemes
Data Mining within the Financial
Statements
53 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FRAUD
TW 24CPE
15CPE
CONDUCTING AN INTERNAL
FRAUD INVESTIGATION
A Comprehensive Guide for Internal Auditors
AGENDA AT A GLANCE
MISTI@MISTI.COM
@mistieurope 54
INTERNAL AUDIT & RISK MANAGEMENT
FRAUD
TW 24CPE
INTERNAL AUDITORS
ROLE IN PREVENTING FRAUD
Understanding the key techniques to preventing and uncovering fraud in your organisation
AGENDA AT A GLANCE
Day One: Introducing fraud and Day Two Prevention, the Day Three: Fraud profiling and the
thinking like a fraudster Whistleblower and the end of the investigation
investigation commences
Introducing fraud and how fraud Conducting research and gathering
occurs Interviewing the whistleblower the evidence
Investigating how fraudsters use Is he telling the truth about Fraud risks for the auditor
social engineering Michael Dalton? Workshop
Analysing male and female Outlining the investigation skills The Interview of Michael Dalton
fraudsters available to the auditor
Interviewing and analysing body
How to think like a fraudster: Managing the investigation language
Workshop Reviewing the strategies for Course debrief and overview of
Introducing Michael Dalton preventing fraud lessons learned
The Senior Executive who is Analysing the role of policies
also a fraudster in preventing fraud
FORENSIC AUDITING
A dynamic approach and methodology to find those elusive
frauds that others miss... and follow them through
Richard Minogue
WHY ATTEND THIS COURSE A financial management, internal
audit and investigation expert with
over 35 years experience.
Use fraud auditing as a tool for fraud prevention
Allan McDonagh
Go beyond traditional internal control assessment to really pinpoint Managing Director of Hibis,
where fraud occurs dedicated to helping organisations
Find elusive frauds that others miss improve their resistance to fraud
AGENDA AT A GLANCE
Day One: Fraud and Corruption Day Two: The Fraud and Day Three: Fraud Identification
within your organisation Corruption Health Check and Investigation
Investigating who, what, where, Finding frauds before they find Identifying where fraud takes place
when and why? YOU the heart of forensic by learning to think like a thief
auditing
Evaluating different strategies for Developing a risk ranked fraud
dealing with anonymous reports Dealing with the red flags and corruption profile
and whistleblowers
Managing a complex investigation Uncovering specialist (forensic)
Making the decision to investigate (Investigation strategy part II) investigation techniques
(Investigation strategy part I)
Forensic accounting and the Discovering investigation strategy
Undertaking desktop research relationship to fraud detection part III
the first step in addressing red flags
Visualising the results of the Outlining and practising proven
Playing Poirot case exercise investigation interview techniques
AGENDA AT A GLANCE
Day One: Action following discovery Day Two: Your Fraud Profile
The fraud whisperer and social The investigation - phase 2
engineering
Dealing with regulatory bodies, the
Resourcing the investigation press, investors and police
Gathering the evidence Taking the practical approach
Managing the investigation - The right to audit
phase 1
The interview
57 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
FRAUD
TW 24CPE
39CPE
AGENDA AT A GLANCE
Day One: Action Following Day Two: Your Fraud Profile Day Three: Anti-fraud and
Discovery Corruption Initiatives
Developing YOUR fraud and
What to do after the corruption profile Ensuring integrity: Helping
wheels fall off? Using you fraud and corruption management walk the talk
Weve just had a big fraud what profile Developing and delivering an
do we do now? Detecting red flags effective ethics and compliance
program, with anti-fraud and
Analysing the most obvious types Case exercise: Find the Frauds! corruption as a cornerstone
of fraud and corruption
Developing your own fraud and Case study: A tale of FOUR
Assessing impact on profits,
corruption health check companies
reputation, culture etc...
Measuring the effectiveness of
How does your fraud and
your anti-fraud and corruption
corruption profile link in with the
initiatives
overall risk assessment?
Dealing with management
expectations
MISTI@MISTI.COM
@mistieurope 58
I T
03 A U D I T
How can your organisation better audit
information technologies and business systems?
Can you protect your information assets?
Would your organisation benefit from tools and
techniques to audit databases, networks and
virtualised environments?
60
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
39CPE
IT AUDIT SCHOOL
The essential skills you need to perform an IT audit and become an integrated auditor
DIRECTOR
Charles Pask
WHY ATTEND THIS COURSE Leading IT Auditor and Security
professional with over 25
Identify the business risks in automated environments and how to mitigate them years experience and former
Information Security Manager
Develop knowledge of infrastructure essentials including hardware and at Alliance & Leicester plc.
operating systems
Explore security, operational, management, application and systems software
controls
Learn about databases, distributed systems, networks, the internet and
e-commerce
Discover auditing standards including Sarbanes-Oxley and PCAOB
AGENDA AT A GLANCE
Day One: Fundamentals of Day Two: Auditing Systems Day Three: Auditing Applications
IT Auditing
Databases Internet and e-commerce
Outlining the fundamentals of IT Distributed systems General controls
Auditing
Networks Business systems applications
Reviewing auditing standards
Discovering infrastructure
essentials
AGENDA AT A GLANCE
Day One: Planning the IT Audit Day Two: Guidelines and Day Three: Network and
Governance Application Controls
Planning the IT Audit
Conducting risk assessment Defining IT governance Physical and
environmental controls
Complying with international Reviewing IIA and ISACA
regulations governance audit guidelines Network perimeter security
Applying the ISO-27002 security Logical access controls Exploring relationship between
standard general controls and application
Change management
controls
Application system audit strategy
Day Four: Executing an IT Audit
Disaster recovery and business
continuity
Auditing outsourced IT operations
Auditing system development
projects
Executing IT audits
Course overview and round-up
MISTI@MISTI.COM
@mistieurope 62
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
30CPE
AGENDA AT A GLANCE
Day One: Identity and Access Controls Day Two: Auditing Web Servers and Applications
Making the business case for information security Web application security strategies
Access control models and architectures Goals for information security safeguards in applications
Relevant laws, directives and regulations Tools, techniques and checklists or testing Web
servers security
Day Three: Auditing Application Servers and Day Four: Databases, Web Services and Mobile
Software Development Applications
Common security vulnerabilities and attacks on Web Data access controls, authorization and audit
application software
Web services audit and security tools
Defining key sources of application server security
Checklist for securing mobile and wireless application
Tools and techniques for auditing and securing best practices
application servers
63 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
COBIT 5: GOVERNANCE OF IT
Implementing and Integrating COBIT 5.0 in your Enterprise
Understand the differences between COBIT 4.1 and COBIT 5.0 and how to
transition your organisation to the new framework
Discuss how IT management issues affect enterprises
Enable your organisation to use COBIT 5.0 as an integrated framework for IT
Risk Management and Information Security
Assess how COBIT 5 can be used to guide the creation of the
five basic principles
Learn to implement effective and efficient governance and management
of enterprise IT to achieve stakeholder objectives
AGENDA AT A GLANCE
Day One: Key Features of COBIT 5.0 Day Two: COBIT 4.1 to COBIT 5.0 Day Three: The COBIT 5.0 Principles
Drivers for the COBIT 5.0 Enabler focus and areas of change Meeting stakeholder needs
new framework
Control objectives to management Covering the enterprise
The evolution of COBIT 5.0 processes end-to-end
Understanding the business From COBIT 4.1 Management Applying a Single Integrated
benefits Guidelines to COBIT 5.0: Enabling Framework Approach
Processes Guidelines
The COBIT 5.0 format Separating Governance from
COBIT 5.0 and Legacy ISACA Management
Frameworks
MISTI@MISTI.COM
@mistieurope 64
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
30CPE
AGENDA AT A GLANCE
65 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
30CPE
AGENDA AT A GLANCE
Day One: Virtualisation Basics Day Two: ESX and VSphere (I)
Discussing the advantages and disadvantages of Outlining different versions of VMware ESX
virtualisation
Managing ESX Security
Specific security issues of virtualisation hypervisor
attacks and other risks Business continuity and disaster recovery options for
virtualised systems
Integrating virtualisation and disaster recovery
Day Three: VSphere (II) and Hyper-V Day Four: Developing an audit program for
VSphere and Hyper-V
Components of VSphere
Securing Hyper-V systems and networks: best practices Defining and assessing the audit risks
MISTI@MISTI.COM
@mistieurope 66
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
Learn Oracles database facilities and terminology along with the commands you
need to know to provide security and controls over Oracle software and to query
Oracle-controlled data
Uncover the risks Oracle introduces and the exposures it reduces - learn about
not only the basic Oracle security mechanism but also about more advanced
security controls - triggers, encryption methods, security policies (functions),
database firewalls and detection mechanisms
Explore Oracle Inc.s approach to the client/server and Web processing
environments and discover the impact Oracle has on your enterprises
organisation, security profiles, and information systems standards
Learn about the extensive list special components and tools available to
supplement standard controls and to help to assess vulnerabilities
AGENDA AT A GLANCE
Day One: Understanding Oracle Day Two: Demonstrating the Day Three: High risk scenarios
Audit of Oracle
Oracle environments High-risk commands and utilities
Understanding the terminology Security features Organisational impact
Oracle objects The audit feature Audit and security approaches
The security mechanism Demonstrating the audit Writing SQL scripts
User identification and Integrity features Summary and discussion
high-risk users Triggers and constraints
67 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
15CPE
AUDIT SECURITY OF
ORACLE E-BUSINESS SUITE
Identifying the high-risk areas in Oracle applications and how to overcome them
AGENDA AT A GLANCE
MISTI@MISTI.COM
@mistieurope 68
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
AGENDA AT A GLANCE
Day One: Key SAP Concepts Day Two: Key security risks Day Three: Rules and GRC
Outlining SAP key concepts Defining ERP roles in the SAP/R/3 Business rule settings for
system maintaining transaction integrity
Discovering SAP audit
fundamentals Defining portal roles in the ERP Change control: Transport
ECC 6.0 environment management systems and content
Finding top audit risks and
management systems
controls for ERP ECC and SAP R/3 Discovering MySAP and GUI
application suites Business warehouse Online
Reviewing basic navigation
Analytical Processing (OLAP)
techniques for auditors Outlining audit and security risks
and controls for business process Governance, risk and control
Finding key users, transactions
reviews (GRC)
and roles
Getting to grips with different Discovering different tools to help
modules including procurement ACL direct, Approva, RiskWatch
to pay: MM, customer integration: and more
CRM and production planning
and management: PP
69 WWW.MISTI.COM
+44 (0)20 3819 0800
INTERNAL AUDIT & RISK MANAGEMENT
IT AUDIT
TW 24CPE
15CPE
AGENDA AT A GLANCE
Discuss cloud computing risks and issues that can turn an outsourcing
operation into an IT disaster
Consider both the business and IT risks associated with deploying a cloud
computing solution
Learn to identify risks, countermeasures and issues in using cloud-based
services, through class exercises and discussion
Ensure due diligence when choosing a provider for your organisation
Examine legal and governance issues when moving towards cloud computing
AGENDA AT A GLANCE
Day One: Risks of Cloud Computing Day Two: Data Security Concerns
Types of cloud services and Control over data and Data
examples Security in Cloud Computing
Advantages and Disadvantages of Common mistakes and errors in
the cloud data encryption
Different risks of cloud computing Security as a Service what does it
and how to address each one provide and how can we assess it?
Ensuring due diligence when IT Governance and standards
choosing a cloud services provider in cloud computing what
to look for
71 WWW.MISTI.COM
+44 (0)20 3819 0800
MISTI@MISTI.COM
@mistieurope 72
04
I N F O R M A T I O N S E C U R I T Y
AGENDA AT A GLANCE
Day One: Defining Day Two: Developing policies Day Three: Risk Analysis
Information Security
Reviewing legislation Conducting information risks
Defining the information security and standards analysis
business case Creating a strong foundation Assessing your own
Defining the information security through policy risk processes
department charter Case study and exercise: Conducting business impact
Organising for success: roles and Developing organisational policies analysis
responsibilities
AGENDA AT A GLANCE
Day One: Reaping Success from Day Two: Integrating Cyber and Day Three: Organising Globally for
Corporate Security Information Security Crisis Management
Getting the right person for the job Recruiting a CISO Seeing crisis as an opportunity
Preparation and hitting the ground Security Structure impact on Leveraging value from Networking
running Global Risk Management
Public presentation
Designing a roadmap to success CSO or CISO
MISTI@MISTI.COM
@mistieurope 76
05
C O N F E R E N C E S
Building on MIS Training Institutes longstanding reputation for successful conferences, these events cover all the relevant
updates for audit, compliance, governance, fraud, anti-corruption and investigations professionals while delivering the
insights and guidance from a truly regional-specific as well as international panel of speakers and professionals. All
carefully selected speakers have direct experience from the region where the event is hosted and programmes are guided
by expert Advisory Boards.
MISTI conferences provide attendees with a unique international platform for the private and public sectors to unite and
share best practices on how to achieve strong audit and corporate governance and accountability. Participants build solid
global peer networks and practical strategies to fight against harmful business practices more effectively.
Regular attendees include Political Appointees, Auditor Generals, Board and Committee Members, CEOs and Chief
Risk Officers in addition to senior professionals working in internal audit, investigations, inspection, IT audit, ethics,
compliance, finance and governance.
11th Conference
11th Audit, Risk & Governance Africa Conference
Including:
Africa 6th Fraud, Corruption & Investigations Africa Summit
Pre-Summit Leadership, Accountability & Ethical Investment Tracks
6 Cyber Crime Africa
th
This is the best conference I have ever attended Great networking and a
- very informative, practical and provides wide learning opportunity
opportunity of application and meetings! Head of Fraud Management,
Senior Manager, KPMG Standard Chartered Bank
79 WWW.MISTI.COM
+44 (0)20 3819 0809
UP TO
28
CPE
Connecting C-Level Minds on Cyber Security: The Investor Issue of Today! MISTIs successful global CISO Summits series
is the ultimate C-level meeting of information security and business minds. Chief Information Security Officers, CTOs,
CIOs and cyber risk directors from across the Worlds leading companies and governments unite annually in Europe,
Africa, Middle East and Asia-Pacific to discuss, find solutions and build trusted contacts with like-minded peers on
information security and cyber risk challenges. What will security look like in 3-5 years? How will we get there? How can
we change the game to protect customers, brands and intellectual property in 2016 and beyond?
You will hear keynotes, breakout workshop sessions and breakfast discussions around critical information security
concerns, led by industry pioneers to provide a truly international share of information to reflect the global risk that
information security presents today.
8th Chief Information Security Officer Middle East Summit & Roundtable
Including:
CXO Middle East Forum - Cyber Risk: A Key Part of Enterprise Risk Management
CISO Think Tank: Protecting the Digital Enterprise
1 - 3 March 2016, Habtoor Grand Hotel, Dubai, The UAE
www.auditriskgovernanceafrica.com
www.cybercrimeafricasummit.com
To input new conference topics and interest in speaking or attending please contact:
shook@misti.com / +44 (0) 20 3819 0809
BESPOKE
UP TO
CPE
24
Accredited
CPE
E V E N T S
Conferences, Dinners, Breakfast Briefings and Roundtables
From the beginning, from venue selection and programme development to the final post-conference report, regional account
management and everything in-between, MISTI has the focused expertise, brand, experience and team to manage and
produce tailored high level conferences, think tanks, breakfasts, webinars and other events to fit your tailored requests.
Receptions - Ideal for new product launches! You give the speech, MISTI will
bring a co-host speaker and your selected audience to a top notch private venue.
WHY PARTNER WITH MIS TRAINING INSTITUTE FOR YOUR BESPOKE EVENT?
Access truly global contact bases in EMEA, Asia Pacific at the U.S. across government and business sectors
Convey your message to targeted wish lists via an independent voice and in a non-sales and truly content-driven context
Collaborate with an established market leader in information security, audit, anti-fraud and corporate security
Benefit from industry expertise and hands-on professionals to provide speaking support for your event
Gain International accreditation and recognised Continued Professional Education for your audiences ongoing development
Exclusive sponsorship of a co-branded, highly targeted event with the independent and global voice of MIS Training Institute
Positions your organisation as an equal partner around the table with key decision makers and participate in discussions that
you would not hear in meetings
Create longer term deal-flow opportunities and build new business relationships via a content-focused approach
Fully targeted towards your preferred audience, with a delegate acquisition team to ensure you meet with the right attendees
Working with MIS has helped us achieve our objectives in terms of reaching a broader set of customers in a unique,
think tank type setting. MIS consistently gathers an audience appropriate in both role and seniority to participate,
which makes it worthwhile for both the participants as well as the vendors who sponsor and help co-deliver these
events. Its been a great partnership and we look forward to continue working together for future sessions
VP, Professional Services and Support, HP Enterprise Security Products
82 WWW.MISTI.COM
+44 (0)20 3819 0797
JAMES MILLOY
JMILLOY@MISTI.COM
OUR COURSE DIRECTORS
Allan McDonagh CICA
Allan was commissioned in HM Customs and Excise in 1967, and in 1971 joined the Investigation
Branch where he specialised in narcotics and organised crime investigations. In 1974, he became the
first Customs Investigator to be seconded to the Drugs Intelligence Unit at New Scotland Yard and in
1983 was awarded a Winston Churchill scholarship to study narcotics interdiction in the USA.
Between 1985 and 1997 he was employed at Network Security Management Limited and became
Deputy Managing Director. He created the highly successful Forensic Laboratories which were
eventually acquired by Control Risks Group. Allan has conducted many successful investigations
throughout the world for both commercial and government clients.
Andy Robertson
Andy Robertson is currently with Cass Business School, managing and delivering modules on
audit and risk-related topics to MSc students. He has 35 years experience in auditing and risk
management, covering manufacturing, retail, financial services and the not-for-profit sectors. He
has been head of audit in several blue chip organisations, and head of risk in two organisations,
during which time he has been instrumental in both uncovering and resolving many organisational
problems. Andy delivers lectures and workshops in risk and audit related areas, particularly in fraud
detection and prevention and the establishment of risk management systems.
He has worked as an external auditor and consultant with KPMG and Deloitte specialising in financial
services companies and banks, he was group head of internal audit for two UK FTSE100 financial
institutions (Alliance & Leicester and Norwich Union), and he was a supervisor and policy maker at
the UK Building Societies Commission (now part of the FSA).
83 WWW.MISTI.COM
+44 (0)20 3819 0800
David Burrill OBE
David Burrill has been a professional international Intelligence and Security operator/manager for most
of his professional life. On retiring from the military in 1992, having held the appointment of Deputy
Director Intelligence Corps, and Chief of Staff Intelligence and Security Centre of the UK Armed Forces,
he joined BAT Industries, a major global insurance and tobacco conglomerate, and subsequently on de
merger, British American Tobacco (the worlds second largest quoted tobacco group with presence in
180+ countries), as Head of Security. David, who is a Freeman of the City of London, has had close and
regular contact with the private security sector for over some 26 years.
In 2003, David Burrill became the first coChairman of the UK Foreign and Commonwealth Offices
Security Information Service for Business Overseas (SISBO) a public/private sector partnership
initiative of which he was one of the key architects
Dr David Hancock
Dr David Hancock leads the Government Construction Team for the Cabinet Office and the Major
Projects Authority. Prior to that he was Head of Risk for Transport for London with responsibility
for the risk and project services across their 15 billion capital portfolio). Renowned internationally
as a leading thinker and practitioner in the field of risk, he is the author of the bestselling book
Tame, Messy and Wicked Risk Leadership in which he developed the concept of Risk Leadership.
He has worked with the public, private and voluntary sectors and has been the Director of risk and
assurance for two London Mayors and Executive Director for Halcrow (now CH2MHill). He was
responsible for creating and delivering the risk management system for the successful 4.3bn Terminal
5 Project at Heathrow, which is considered industry leading in project delivery. He champions the
case for rethinking project management as a social interaction rather than delivery solely through the
application of process and policy.
Dennis specialises his advisory services and lectures on the modernisation of internal audit. He also
addresses internal audit as a driver for organisational change in banking. He is a specialist in audit for
credit, treasury, operations and the Basel Accord.
Mr. Duckert was educated at the University of Wisconsin - Madison and obtained an MBA in Accounting
in 1989, a BBA in Accounting in 1978, and a BA in Economics in 1971. Mr. Duckert is also a Sr. Consultant
for MIS Training Institute for whom he conducts seminars on a global basis and is a frequent speaker at
conferences in his areas of expertise.
MISTI@MISTI.COM
@mistieurope 84
Dr Hernan Murdock CIA, CRMA
Hernan Murdock is Vice President, Audit Division for MIS Training Institute. Before joining MIS
Training Institute he was the Director of Training at Control Solutions International, where he oversaw
the companys training and employee development program. Previously he was a Senior Project Manager
leading audit and consulting projects for clients in the manufacturing, transportation, high tech,
education, insurance and power generation industries. Dr. Murdock also worked at Arthur Andersen,
Liberty Mutual and KeyCorp.
James C Paterson
James has over 19 years experience across a range of finance and audit roles and was formerly the Chief
Internal Auditor at AstraZeneca. James consults on a range of topics especially Head of Internal Audit
induction, IA planning and assurance mapping. James is also a regular keynote speaker on audit and risk
issues across the globe; speaking at the Global IIA Conference in Malaysia, the SOPAC conference in
Australia and in Canada, the US, Abu Dhabi and the Far East. He is the author of the book Lean auditing
published by J Wiley & Sons.
Jane Needham
Jane Needham is an independent consultant and trainer specialising in corporate governance, risk
management and business process improvement. Janes career started by training as a Chartered
Accountant with Ernst & Young in Manchester, and then working for a number of years at ICI plc, both
in the Group Internal Audit function and in a finance line-management role. Jane then returned to her
home island of Guernsey in the Channel Islands, where she was appointed Director of Risk & Assurance
for the islands government. As part of this role, Jane was Chief Officer of the States of Guernsey Audit
Commission, a pre-cursor to the recently established island Public Accounts Committee. During her time
with the Audit Commission, a statutory value-for-money review body, Jane carried out and commissioned
a number of VFM / performance reviews into various aspects of public expenditure.
Jenny Rayner
Jenny Rayner is an independent consultant and trainer specialising in internal audit, risk management
and corporate governance. She is an experienced non-executive director, former chief internal auditor
and audit committee chair with 35 years wide-ranging international business experience. She works with
directors, senior managers, internal auditors and risk managers to help them embrace best practice in
governance, risk management and assurance. Prior to this, Jennys career spanned over 20 years with ICI
and Zeneca in a variety of sales, marketing, purchasing, supply chain and general business management
roles, latterly as a Chief Internal Auditor with ICI. She is currently Deputy Chair on the board of a UK
housing association.
Jim Roth
Jim Roth, PhD, CIA, CCSA, is president of AuditTrends, LLC, a training firm devoted to identifying and
communicating the best of current internal audit practice. Jim has three decades of progressive internal
audit and teaching experience. His publications include seven books and seven other major works for the
IIA, as well as eight AuditTrends seminars and numerous articles.
Evaluating elements of the corporate culture, a.k.a. soft controls, has been at the core of Jims 17 years of
best practice research, culminating in his 2010 book, Best Practices: Evaluating the Corporate Culture. The
IIA recognized his expertise as early as 1998 with the Internal Auditor magazine article, Soft, Dangerous,
Essential: An Interview with Jim Roth. De Accountant in the Netherlands (2009) and Internrevisoren in
Norway (2010) have more recently published interviews with Jim on this topic.
85 WWW.MISTI.COM
+44 (0)20 3819 0800
Jim Tarantino
Jim Tarantino is the Client Solutions Director for High Water Advisors, a consulting firm specialized in
helping organizations improve governance, risk management, compliance (GRC) and audit processes.
He has over 15 years of information technology, analytics, audit and GRC experience with a recognized
expertise in developing solutions to enable data-driven auditing, risk assessment and investigations.
Prior to joining High Water Advisors, Jim was a Solution Lead/Practice Manager for ACL Services,
where he led the implementation of data analytic solutions for large public sector clients. He has also
held a number of GRC practitioner roles including Senior Auditor at RTI International and various
management positions at Nortel Networks implementing a human capital analytics program. As a
member of the IIA, ISACA and ACFE, Jim participates in local chapter activities, including serving as an
instructor for CISA certification exam preparation seminars.
John Hedley
John served for 26 years in the British Diplomatic Service, including postings to British Embassies in
Sweden, South Africa, Spain and Mexico. He has a particular expertise in political analysis and counter
terrorism. He is a fluent French and Spanish speaker. In the private sector, John worked in cargo security
with TRIMEX International, specialising in satellite tracking of highvalue, highrisk cargo across
Europe. He also built the EUROWATCH network of security companies, providing realtime cross
border response to car and truck theft.
In 2003 he was recruited by Nestl, to be their first Head of Group Security. John designed and
developed the corporate security strategy and built and directed a team of some 40+ security
professionals working across the globe on issues such as counterfeit, extortion, theft, fraud, kidnap, crisis
management, emergency evacuations, expatriate travel programmes, staff security awareness, pandemic
preparation, manned guarding efficiency, workplace violence etc.
John Porter
John Porter, BA ACA is banker and chartered accountant as well as an international financial services
consultant specialising in internal audit for more than 20 years. He has held various management
positions within the internal audit departments of the global financial institutions HSBC, ABN AMRO,
American Express and Bank of Bermuda, having gained his Chartered Accountancy qualification
(UK ICAEW) with Ernst & Young. John is an Associate of the Institute of Chartered Accountants in
England & Wales (ACA) and holds a BA Honours degree in History from Bristol University. Based in
Amsterdam, he speaks fluent English and Dutch and is proficient in French.
Kathleen Crawford
Kathleen Crawford is a Senior Consultant for MIS Training Institute and the President of Crawford
Consulting and Communications LLC, a firm specializing in assurance and advisory projects for
small firms without an internal audit function. Previously, she was an Internal Auditor for Vinfen
Corporation, a private, nonprofit human services organization. Kathleens responsibilities include
assisting management in the standardization of operations, developing policies and procedures,
and improving processes. In addition, she conducts operational and financial audits throughout the
company. Kathleen began her career as a bank auditor, first with Bank of New England, then Eastern
Bank, and State Street Bank. A member of the Institute of Internal Auditors, Ms. Crawford is a past
President of the Greater Boston Chapter of the IIA. She is also a member of the Association of Certified
Fraud Examiners and the American Society for Training and Development. Ms. Crawford serves
Treasurer and Trustee for Foxborough Regional Charter School and its foundation, Friends of FRCS.
MISTI@MISTI.COM
@mistieurope 86
Keith Muras
Beginning his career life as a professional economist in industry, after 8 years Keith moved
from the rigours of economic analysis to join the British Diplomatic Service. In a distinguished
career spanning 23 years, Keith worked in South Africa, the former Soviet Union, Jamaica (with
responsibilities extending throughout the Western Caribbean), Zimbabwe, and Uganda. His focus
was on international strategic political security and economic issues. Keith also spent time in the UK,
seconded to the Ministry of Defence, assisting and advising on domestic and international terrorist
threats. Keith then moved to Corporate Security where, over an 11 year period, he established
himself as a leading and accomplished security professional, holding senior positions with major
international corporations, focusing on extractive and related engineering and support industries
Kelly Hogan
Kelly Hogan is an independent consultant whose experience includes over 20 years providing
advice on techniques for risk management, control assessment and improvement, and written and
oral communication. After a short time as a bank examiner, her career as an auditor started with
financial and operational audits at the Federal Reserve Bank in St. Louis, Missouri, USA. She later
moved to MasterCard International where she performed application audits, then managed a team of
operational and IT auditors. After moving to Belgium for MasterCard, Ms. Hogan served as the head
of audit for its European subsidiary for five years. She now focuses on training for internal auditors,
but is also involved in co-sourced internal audits, due diligence projects, control selfassessment
workshops and external quality assurance reviews.
Lin Bartlett
During her career with Shell, Lin held a number of senior management roles in IT, Finance and
Audit. As Shell UKs Integrated Audit manager, she developed and gained board approval for a risk-
based integrated audit planning and management process, establishing integrated audit plans for all
key business areas. She is a trained auditor in financial, IT, health, safety, environment and quality
management and planned and managed major audits in many different parts of Shells business.
In 2003 she successfully helped establish a new company to challenge the sustainability assurance
offering in the marketplace and to raise the standard of assurance & verification of non-financial
reporting available and has subsequently provided assurance & verification services to a number
of blue chip companies. During 2005, Lin was engaged on a global Sarbanes Oxley 404 compliance
implementation project for a FTSE 100 company. Lin was responsible for both the global project
planning and management support and also the management of a team responsible for documenting
risks and controls over financial reporting for their European business. Lin has also been engaged on
External Quality Assessments (EQAs) as required by the Institute of Internal Auditors International
Standards for the Professional Practice of Internal Auditing and Code of Ethics and provides training
and helps companies prepare for an EQA.
87 WWW.MISTI.COM
+44 (0)20 3819 0800
Liz Sandwith
Liz Sandwith has been involved in the internal auditing profession since the late 1980s. She has
worked in the public sector including central and local government and also in the private sector.
In 1995 she set up her own business providing internal audit and risk management to a number of
businesses from central government and local government through housing associations, regional
development agencies and including a UK Broadcaster Channel 5.
Liz has been involved in delivering internal audit training since 1991. In order to keep up to date
with new internal audit tools and techniques and be able to add realism and practicality to her
training course Liz ensures that 75% of her time is spent delivering internal audits. Liz also speaks at
Internal Auditing conferences and was President of the IIA-UK and Ireland 2001-2002. Her training
courses receive high ratings from the delegates in terms of content, delivery and the practical
opportunity to do not simply just listen.
Mark Johnson
Mark Johnson acts as a consultant and trainer on cybercrime and other online risks for a number
of high profile organisations. he specialises in explaining the issues to non-technical audiences at all
levels. His recent clients include the UK Home Office, the City of London Police, the National Police
Chiefs Council (formerly ACPO), MIS Training, the International Compliance Association, the EU
Commission and the United Nations.
Mark holds an ISACA CISM (Certified Information Security Manager) qualification and he is the
author of two books on high tech risk, as well as a number of cyber security awareness training
manuals. Prior to entering the technology world, he served in an operational capacity as a drug
enforcement officer in the Caribbean and Central America.
Marty Green
Martin Green is a senior instructor for MIS Training Institute. As a member of the MISTI faculty for
more than 20 years, his areas of expertise include computer technology, networking, and security.
Mr. Green is the principal of Martin H. Green, P.C. Mr. Green concentrates his practice on the
representation of companies in matters pertaining to computer technology, trade secrets, intellectual
property, and copyright law. He also maintains an active consulting practice to lawyers and other
professional service businesses regarding office automation and related auditing and security
challenges. Mr. Green is a member of the Massachusetts Bar, the Massachusetts Academy of Trial
Attorneys, and the American Trial Lawyers Association.
MISTI@MISTI.COM
@mistieurope 88
Nigel Iyer
Nigel Iyer has worked passionately for over 20 years for the prevention, detection and investigation
of fraud and corruption. In recent years he has specialized in helping international and financial
institutions develop strategies to ensure that Ethics and Integrity are fully integrated into the strategy
from the top down. Together with Martin Samociuk and other colleagues, he has developed a unique
fraud risk assessment methodology and also developed the Integrity Health Check, which detects the
red flags of fraud and corruption and is used by many organizations to ensure ethical policies are on
track. Nigel is the author/ co-author of four books: Fraud Resistance (2003), Fraud and Corruption
Prevention and Detection, A Short Guide to Fraud Risk (2010), published in collaboration with the
Chartered Institute of Management Accountants and the Management Novel The Tightrope (2011).
Peter Herbert
Peter specialises in the development and delivery of practical training programmes and targeted
both at financial professionals and nonfinance managers. These range from lectures to audiences
of 120+ accountants, on new developments in IFRS, to workshops for small groups of 612 business
managers on practical budgeting.
Peter also regularly delivers courses on audit and internal control. He provides training on
external audit methodology for a number of midtier UK accountancy firms, including Beever
& Struthers Accountants and UHY Hacker Young. He has also worked with a number of UK
corporates on internal control implementation, notably Welcome Break Group. Since leaving FTC
in 2003, Peter has specialised in the provision of training and management development
programmes to business professionals.
Richard Minogue
A financial management, internal audit and investigation expert with over 35 years experience.
A former Head of Audit for a major telecommunications company and a forensic auditor who had
led high profile investigations into money laundering, bribery, embezzlement and fraud.
Dr Sarah Blackburn
Dr Sarah Blackburn is an experienced Non-Executive Director and Audit Committee Chairman
with over 25 years of practical internal audit experience. After external audit training at KPMG,
Sarah moved into internal audit in retail holding positions at Sainsburys and then Argos (now
Home Retail Group) where she was Head of Group Internal Audit. She was again Head of Group
Internal Audit at Kingfisher plc before moving to RAC and then becoming Head of Global Audit
and Assurance at Exel plc (now part of DHL).
Sarah is currently a Director at the Wayside Network Limited and was the President of the Chartered
Institute of Internal Auditors from 2009-2010. She has written three books about risk management
and internal audit and has a doctorate in project management. Currently an independent director of
the RICS and a global board director of IIA Inc., she has been a board member and chaired the audit
committee in two UK central government bodies and an NHS Foundation Trust.
89 WWW.MISTI.COM
+44 (0)20 3819 0800
Steve Biskie CGMA, CPA, CITP, CISA
Steve Biskie is cofounder of High Water Advisors, a consultancy that helps organizations improve
governance, risk management, compliance (GRC) and audit processes. He specializes in transforming
inefficient, outdated, and compartmentalized processes and technologies to optimize GRC and audit
performance and generate tangible value. A leader in the audit and compliance space for more than 20
years, Mr. Biskie has become most wellknown for his work helping Fortune Global 500 organizations
understand and manage the risks within complex ERP systems such as SAP and Oracle. Additionally,
he is a thought leader and strategic expert on implementing highvalue, sustainable analytics and
continuous auditing program.
Steve Rimell
Steve has over 20 years practical experience in information systems auditing. He has extensive
experience as an Audit Manager, running a commercial IS audit service, with extensive3 knowledge
of the security and control of UNIX, Oracle, Windows, and networking environments such as TCP/IP.
He is also a founding member of the Institute of Information Security Professionals (IISP).
An enviable reputation as the most respected authority in the UK with over 20 years practical
experience in information systems auditing. Specialising in the more technical aspects of information
systems audit, Steve has extensive knowledge of the security and control of UNIX, Oracle, Windows,
and networking environments such as TCP/IP.
Veronica Morino
Veronica Morino has a BA in Sociology of Work and Economics and a Masters Degree in
Organizational Science from the University of Rome. She has worked for the last 15 years with
organisational effectiveness. In the last 8 years Veronica has helped develop anti-fraud and
corruption programs for several international companies. This allowed her to combine the work she
had been doing earlier with organisational culture with her experiences as an investigator. Veronica
has lead the production of multimedia solutions for integrity awareness programs (including web-
based, drama and live trainings), helped with the development of leading indicators to predict and
prevent where fraud will strike and also specialised in models to assess corporate resistance and
resilience to fraud and corruption.
MISTI@MISTI.COM
@mistieurope 90
INDEX
JANUARY LOCATION PAGE
25-28 Jan Fraud Audit School London 51
MARCH LOCATION
1-3 Mar 8th Chief Information Security Officer Middle East Summit & Roundtable Dubai 80
7-11 Mar Chief Internal Auditors Symposium Cape Town 27
13-15 Mar Risk Based Internal Auditing Abu Dhabi 19
13-16 Mar Risk Based IT Auditing Dubai 62
14-16 Mar Fundamentals of Internal Auditing Amsterdam 11
17-18 Mar Audit Report Writing Amsterdam 12
TBC Mar Auditing the Supply Chain, Suppliers and Outsourced Functions London 36
21-23 Mar Internal Auditors Role in Preventing Fraud London 55
14-17 Mar Auditing and Securing Virtualised Environments London 66
APRIL LOCATION
4-6 Apr Auditing Techniques For Lead Auditors London 14
6-8 Apr Auditing Governance, Strategy, Ethics and Risk Management London 29
11-13 Apr COSO: How to Implement the Revised Internal Control Framework London 33
18-20 Apr Enterprise Risk Management London 31
21-22 Apr Managing Strategic and Reputational Risk London 32
TBC Apr Auditing and Preventing Fraud in Procurement Africa 35
25-28 Apr Business Process Auditing London 38
11-13 Apr Forensic Auditing London 56
25-29 Apr IT Audit School London 61
4-8 Apr Auditing and Controlling Oracle Databases London 67
19-22 Apr Audit & Risk World 2016 Amsterdam 79
MAY LOCATION
16-20 May Internal Audit School London 13
TBC May Value for Money and Performance Auditing Africa 23
2-6 May Chief Internal Auditors Symposium Asia 27
9-12 May Audit Leadership School London 28
1-3 May Auditing Human Resources Dubai 34
23-26 May Introduction to Bank Internal Audit School London 42
9-11 May Fraud Testing: Integrating Fraud Detection into your Audit Programme London 52
12-13 May Fraud Data Mining London 53
10-13 May Audit and Security of Networks, Operating Systems and Databases Amsterdam 65
8-10 May Auditing and Securing SAP ERP Central Component (ECC) and SAP R/3 Dubai 69
11-12 May Advanced Technical SAP Audit Dubai 70
11-13 May 13th CISO Summit & Roundtable Stockholm 80
91 WWW.MISTI.COM
+44 (0)20 3819 0800
JUNE LOCATION PAGE
6-9 Jun Auditing Major Projects and Change Programmes Amsterdam 37
27-29 Jun Internal Audit Quality Assurance London 25
30 Jun-1 Jul Consultancy Skills for Auditors London 26
JULY LOCATION
5-7 Jul CISO Australia 2016 Sydney 80
25-27 Jul Risk Based Internal Auditing London 19
28-29 Jul Developing the Annual Audit Plan London 20
TBC Jul Auditing Risk Management and Basel II and III London 44
25-29 Jul The MIS Fraud and Corruption Summer School London 57
18-20 Jul Forensic Auditing Amsterdam 56
11-15 Jul IT Audit School Amsterdam 61
AUGUST LOCATION
1-5 Aug InfoSec World Europe Amsterdam 80
15-19 Aug Internal Audit School London 13
1-5 Aug Chief Internal Auditors Symposium London 27
1-5 Aug Auditing Emerging Cyber Threats London 39
8-11 Aug Audit Leadership School Amsterdam 28
15-17 Aug Enterprise Risk Management London 31
18-19 Aug Managing Strategic and Reputational Risk London 32
8-11 Aug Auditing the Treasury and ALCO London 43
22-25 Aug Asset Management Internal Audit School London 45
22-26 Aug IT Audit School London 61
TBC Aug Advanced IT Audit School London 63
SEPTEMBER LOCATION
5-7 Sep Communication and Influencing Skills for Internal Auditors London 18
5-7 Sep Project Management for Internal Auditors London 17
5-7 Sep Financial Analysis for Internal Auditors London 24
26-28 Sep Enterprise Risk Management Asia 31
29-30 Sep Managing Strategic and Reputational Risk Asia 32
TBC Sep Auditing and Preventing Fraud in Procurement Dubai 35
TBC Sep Auditing the Supply Chain, Suppliers and Outsourced Functions London 36
19-21 Sep Financial Auditing using IFRS London 46
19-21 Sep Fraud Testing: Integrating Fraud Detection into your Audit Programme London 52
22-23 Sep Conducting an Internal Fraud Investigation London 54
10-14 Sep Auditing and Securing SAP ERP Central Component (ECC) and SAP R/3 London 69
OCTOBER LOCATION
3-5 Oct Auditing Techniques for Lead Auditors London 14
9-11 Oct Fundamentals of Internal Auditing Dubai 11
12-13 Oct Audit Report Writing Dubai 12
31 Oct- 2 Nov Six Sigma Skills For Internal Auditors London 15
MISTI@MISTI.COM
@mistieurope 92
2-4 Oct Audit Efficiency And Effectiveness London 16
10-12 Oct Bank Credit Internal Audit School London 47
3-7 Oct IT Audit School Africa 61
17-19 Oct COBIT 5: Governance of IT London 64
17-19 Oct Auditing, Governance, Strategy and Risk Management London 29
17-20 Oct Risk Based IT Auditing London 62
20-21 Oct Auditing Ethics, Culture, Conduct And Reputational Risk London 30
3-5 Oct COSO: How to Implement the Revised Internal Control Framework London 33
24-26 Oct Forensic Auditing London 56
24-27 Oct Business Process Auditing London 38
NOVEMBER LOCATION
3-4 Nov Auditing Ethics, Culture, Conduct and Reputational Risk Africa 30
3-5 Nov Auditing Techniques for Lead Auditors Dubai 14
6-9 Nov Introduction to Bank Internal Audit School Dubai 41
7-10 Nov Auditing Major Projects and Change Programmes London 37
7-9 Nov 5th CISO Asia Summit & Roundtable Singapore 80
7-9 Nov 4th Fraud, Corruption & Investigations Asia Summit Singapore 79
7-9 Nov Auditing the Manufacturing Process London 40
7-11 Nov Internal Audit School Africa 13
7-11 Nov The MIS Fraud and Corruption Summer School Africa 57
8-11 Nov Audit and Security of Networks, Operating Systems and Databases London 65
13-15 Nov Internal Auditors Role in Preventing Fraud Dubai 55
14-16 Nov Continuous Auditing - Making The Change London 21
13-17 Nov IT Audit School Dubai 61
17-18 Nov Successful Data Analytics for Internal Auditors London 22
20-24 Nov Chief Internal Auditors Symposium Dubai 27
21-25 Nov Auditing and Controlling Oracle Databases London 67
21-25 Nov IT Security Managers Academy London 75
30 Nov- Audit Leadership School Dubai 28
2 Dec
31 Nov - Auditing, Governance, Strategy and Risk Management Africa 29
2 Dec
TBC Nov Auditing Risk Management and Basel II and III London 44
DECEMBER LOCATION
5-7 Dec Fundamentals of Internal Auditing London 11
5-7 Dec Risk Based Internal Auditing Amsterdam 19
8-9 Dec Audit Report Writing London 12
8-9 Dec Developing the Annual Audit Plan Amsterdam 20
12-16 Dec Auditing Emerging Cyber Threats London 39
12-14 Dec Internal Audit Quality Assurance London 25
12-14 Dec Enterprise Risk Management Amsterdam 31
15-16 Dec Consultancy Skills for Auditors London 26
15-16 Dec Managing Strategic and Reputational Risk Amsterdam 32
5-9 Dec The Corporate and Cyber Security Masterclass London 76
93 WWW.MISTI.COM
+44 (0)20 3819 0800
MISTI@MISTI.COM
@mistieurope 94