DISABLED:MASTERCLASSES

Half Day Masterclasses

Wednesday 12 May

The Masterclasses are open to both Conference delegates and non-delegates. The registration costs are as follows: 

Half Day Masterclass ACIIA/SOPAC DELEGATE RATES
Member- $380        Non-Member $550

Half Day Masterclass ACIIA/SOPAC NON-DELEGATE RATES
Member $450        Non-Member $650

To register as a Non-Delegate for one of the masterclasses, complete the following forms:

 MC 1 - Non-Delegate Registration
 MC 2 - Non-Delegate Registration
 MC 3 - Non-Delegate Registration

2.30-5.30pm	MC 1 DELIVERING INTERNAL AUDIT REPORTS WITH CONTEXT
	In today’s complex business environment, internal audit reports must clearly articulate the context in which they are written and provide a solid basis for the findings put forward. This session will look at the essential ingredients of delivering a report with context – with a particular focus on reporting audit observations with an understanding of ‘why’ your findings are the way they are. The importance of using the right language and structure will also be reviewed in this session. Learning outcomes: • Learn how to write audit reports that communicate clear messages • Deliver reports that prompt management action • Understand the typical structure and language of audit reports • Gain a greater awareness of including context in your report writing Key topics covered: • The five components of an audit observation: criteria, conditions, causes, effects, recommendations and action plans • Organising audit observations in a well structured manner • Getting the language, tone, and look of your reports right • How to concisely paint a picture of the context of the report • Keeping neutral in delivering recommendations Scott Webb MIIA(Aust), Assistant Director, Risk Management and Consulting, IAB Services Scott has extensive experience in leading and directing audit and risk management projects in a diverse array of NSW government agencies. Scott is an accomplished operational auditor, management consultant and risk management expert with experience in business process re-engineering, forensic accounting/investigations and the management of complex consultant workloads. Prior to his current role, Scott was a contract internal auditor and trusted advisor to more than 20 government agencies for over 11 years. Prior to this, Scott held several internal audit positions within the NSW public sector, including Audit.
2.30-5.30pm	MC 2 AUDITING YOUR RISK MANAGEMENT PROGRAM
	A great deal of resources can be invested into building a risk management program that looks and feels right – but how do you get assurance that it will work? Unmanaged risk, the inability of organisations to deal with high impact low probability events and missing opportunities can significantly impact on your organisation’s business objectives. As such, your risk management program needs to be audited on a regular basis to ensure it remains relevant in a changing business environment. Learning outcomes: • Understand the new Risk Management – Principles and Guidelines (ISO 31000) and its implications for the risk management audit plan • Establish methodologies to identify and monitor risk management activities • Establish effective red-flag indicators to identify gaps in your risk management plan • Develop useful KPIs to monitor the performance of your risk management framework Key topics covered: • Building an effective monitoring and review process to encompass all aspects of risk management • How to detect changes in the external and internal context, such as risk criteria and emerging risks which will require modifications to the risk management framework • Overview of the new Risk Management – Principles and Guidelines (ISO 31000)and it is impact on the audit plan • Choosing the right KPIs to monitor the ‘currency ‘of your risk management plan and methodologies to effectively report performance • Case study examples – winners and losers in the risk management stakes Michael Parkinson CIA MIIA(Aust), Executive Committee – IIA Global & Director Government, KPMG
2.30-5.30pm	MC 3 GETTING YOUR INFORMATION SECURITY FRAMEWORK RIGHT
	This multimedia masterclass provides an overview for internal auditors who are tasked with assessing and evaluating information security frameworks and their associated controls. It includes practical ‘from the field’ examples and particularly focuses on the requirements of the ISO 27001 ‘Information Security Management System’ standard. Learning outcomes: • Understand the key aims and components of information security frameworks • Learn about the requirements of the ISO 27001 standard • Learn about the non technical (procedural) information security elements that should be audited • Learn about the technical (IT) security elements that should be audited • Understand how to review and assess information availability and continuity controls Key topics covered: • Understanding the threats and risks: hackers, crackers, phreaks, cybercrooks and internal threats • Defining information security and its key components • Examining some key information security frameworks including the ISO 27001 standard • Non-technical (procedural) controls which help maintain information security (including change management, incident management, personnel security and compliance) • Technical (IT based) controls which help maintain information security (including IT network defences, operating system controls, application layer controls, anti-virus measures and backup procedures) • Information availability through business continuity planning and IT recovery planning • Information privacy considerations including various Australian legislation • Information security breach identification and management  Dr Stephen James, Independent Adviser - Information Security Privacy and Controll

 

© The Institute of Internal Auditors in Australia 2009 | Privacy & Security Policy | webmaster@iia.org.au