September 19-23, 2021

Loews Miami Beach
Miami Beach, FL


Program

ConferCPERegistry_logo.jpgence participants are eligible to receive a maximum of 21.8 CPE credit hours. The Association of College and University Auditors (ACUA) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE sponsors. State boards of Accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the  National Registry of CPE Sponsors through its website: www.learningmarket.org.
 

All times listed below are in EST. 

Sunday, Sept. 19

Monday, Sept. 20

Tuesday, Sept. 21

Wednesday, Sept. 22

Thursday, Sept. 23

6:00 PM ET - 7:30 PM ET
Opening Reception
8:00 AM - 8:10 AM
Welcome and Opening Comments
8:10 AM - 9:25 AM
Keynote: Dealing with the Organizational Wart: Change
Presenter(s): Dr. Dale Henry 
For most of us, dealing with change is like having a wart.  If it’s somewhere we can’t look at it everyday, we try to forget about it. And if it is somewhere we can see it, we want to get rid of it as soon as possible!  Change is the one thing you can count on being constant in a world that never stops spinning.  Change drives our everyday life and is the number one cause of stress and anxiety. So, if it is so predictable, what can we do to harness it?   This amusing session is designed to reboot and reset you master computer – the brain – and to enable you to work and play smarter in an ever-changing environment.

After this session, participants will be able to: 
  • Recognize why change makes us uncomfortable.
  • Discuss ways change can be positive. 
  • Identify ways to use change to your benefit.
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Personal Development
Prerequisites: None

 
9:25 AM - 9:55 AM
Break
9:55 AM - 10:55 AM
A1: Doubling Down on the Fundamentals
Presenter(s): Laura Soileau, Postlethwaite & Netterville
The COVID-19 pandemic changed the way our organizations operated overnight, which required internal auditors to pivot to continue meeting the needs of our organizations in a new environment. As we continue to operate in this environment with an eye towards what the next normal will be (which could include a mix of more people working remotely permanently, hybrid work arrangements and a full return to in-person), certain attributes will continue to be important for internal auditors to add value to our organizations, as listed below.  This presentation will discuss the importance of these attributes for internal audit and explore how we can double down on these attributes regardless of the work environment to continue to position internal audit as a valued partner in our organizations.
  • Relationship Building
  • Communication
  • Teamwork
  • Critical Thinking
  • Quality
After this session, participants will be able to:
  • Identify attributes for internal auditors to add organizational value today and in the future
  • Demonstrate the importance of these attributes for internal auditors
  • Discuss how we can double down on these attributes regardless of the work environment to position internal audit as a valued ‎partner in our organizations

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Personal Development
Prerequisites: None
9:55 AM - 10:55 AM
B1: HIPAA Risks in Higher Ed: Can Your Risk Assessment Stand On Its Own
Presenter(s): Jeff Krull, Baker Tilly & ACUA Institutional Rep, TBA
This presentation will be given remotely. 

This session will provide an overview of HIPAA, the requirements of the HIPAA security rule, recent regulatory actions by the Office for Civil Rights related to HIPAA, and provide a walkthrough of the key components of an effective HIPAA risk assessment and analysis to help identify and respond to potential threats and vulnerabilities to ePHI within an environment in alignment with the HIPAA Security Rule. 

After this session, participants will be able to: 

  • Discuss recent Health Insurance Portability and Accountability Act (HIPAA) news and recent Office for Civil Rights (OCR) actions in higher education and academic medical centers. 
  • Analyze the critical areas of the risk assessment and what the OCR might look for. 
  • Identify and respond to potential threats and vulnerabilities to ePHI within an environment in alignment with the HIPAA Security Rule.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: None
9:55 AM - 10:55 AM
C1: CAE Track - Hot Topics in Higher Education for Audit Leadership ( In-Person Only)
Presenter(s): Ashley Deihr, Baker Tilly; Kim Ginn, Baker Tilly; Adrienne Larmett, Baker Tilly
10:55 AM - 11:15 AM
Break
11:15 AM - 12:30 PM
A2: SOC Reports: Purpose and Use
Presenter(s): Jude Viator, Postlethwaite & Netterville
With continued and expanding reliance on third party providers, the relative value of SOC reports has continued to grow ‎since they were introduced.  The secret to unlocking the value of collected SOC reports is understanding the purpose of the ‎reports and how best to consider the various parts of the reports. Using SOC 1 and SOC 2 reports, the session will be ‎presented to consider the ins and outs of the SOC reports that should resonate with all users of the reports.‎

After this session participants will be able to:
  • Differentiate between SOC 1 and SOC 2 reports, including their purpose and use opportunities.‎
  • Evaluate and expand and/or enhance their current use of SOC reports.
  • Discuss the pieces and parts of SOC reports to increase the efficiency and effectiveness of their reviews.‎

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
11:15 AM - 12:30 PM
B2: Role of Internal Auditor in the Changing World of NCAA Compliance
Presenter(s): Chuck Smrt, The Compliance Group, Inc.
 
This program will focus on examining the evolving role of the internal auditor due to recent changes or trends in NCAA compliance. Specific focus will include: (i) identify trends in NCAA compliance resulting from recent NCAA infractions cases, revisions to legislation, or court decisions; (ii) reviewing the possible changes in the role and responsibilities of the internal auditor; and (iii) obtaining any suggestions about our possible changes to the Division I and II NCAA Audit Guides.‎

After this session participants will be able to:
  • Assess potential impacts of the three most recent significant national changes affecting NCAA compliance on camps.
  • Examine whether the auditor's on-campus role needs to be modified based upon recent changes in NCAA compliance.
  • Identify trends in NCAA compliance
Knowledge Level: Update
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Education in NCAA legislation; Experience in NCAA on-campus auditing
11:15 AM - 12:30 PM
C2: CAE Track - Some Like it Hot! CAE Roundtable, Part 1 ( In-Person Only)
Presenter(s): Kim Turner
Is your audit function lukewarm, or is it a hot spot for new ideas and positive impact? CAEs ‎have unique opportunities to lead their universities toward organizational best practices not ‎only through value-added audit work, but also by making the audit shop an incubator for new ‎approaches to partnership, leadership, and management. This roundtable will provide a ‎moderated and timed environment where CAEs and directors with varying perspectives will ‎discuss, and even challenge, best practices related to internal audit leadership, emerging ‎risks, the post-Covid world, and university governance, risk management, and control ‎practices. The session will be entirely interactive, consisting of robust group discussion and ‎starting with a pre-conference survey of attendees to gather topics of interest.

After this session, participants will be able to:
  • Cross-pollinate best practices for internal audit leadership ‎ 
  • Identify risk “hot spots” and develop related audit strategies 
  • Consider the post-Covid audit function
Knowledge Level: Advanced
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience in an internal audit leadership position
12:30 PM - 2:05 PM
Lunch
2:05 PM - 3:05 PM
A3: Data Analytics Work Group Part 1
Presenter(s): Christine Heise, University System of New Hampshire
Joselyn de la Cruz-Rameau, University of Texas at San Antonio
This session is part one of two.  For the best benefit, please plan to attend both presentations
 
There has been a lot of talk about analytics – what is it, what are some techniques, and what tools are there.  What has been missing in that discussion are real-world examples of how to use analytics in planning and performing an audit.
 
This session discusses how an auditor might choose to use analytics in planning a Procure to Pay audit.   It begins with a consideration of some risks in the process, continues through describing the types of data needed to clarify those risks, and how to use the data to focus the audit.  It considers aspects such as the type of data, where to find the data, and how to present the results.
 
Presenters are not targeting this session at any specific ERP system or technical tool but may discuss specific ERPs and tools as examples.

After this session, participants will be able to:
  • Recognize the utility of analytics in planning an audit
  • Interpret the information provided by analytics to focus audit effort
  • Explain how data can direct their audit efforts
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:05 PM - 3:05 PM
B3: How Internal Audit Can Play at Key Role in Assessing and Improving Diversity, Inclusion, and ‎Equity Initiatives at your Institution
Presenter(s): Kimberly Macedo, Baker Tilly; Deanna Kempinski, Baker Tilly
This presentation will be delivered remotely. 

With increased efforts and the ever-growing importance of establishing, maintaining, and continually evolving and improving diversity, inclusion, and equity programs and practices at institutions, this presentation will focus on how internal audit can assist with evaluating existing programs and practices, as well as considerations for establishing programs. We will also discuss recruiting opportunities related to diversity, inclusion, and equity in a work from home environment. Internal audit can provide an objective review of an institution’s current state to help evaluate whether specific practice areas are adequate, compliant and effective in supporting diversity, inclusion, and equity initiatives and the overall philosophy of the institution related to organizational culture.

After this session, participants will be able to: 
  • Discuss how to assess the current state of DEI across your institution
  • Perform a gap analysis based on foundational understanding of DEI
  • Provide leading practices and recommendations for action plan considerations and for developing a roadmap for enhancing DEI
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Behavioral Ethics
Prerequisites: None

 
2:05 PM - 3:05 PM
C3: CAE Track - Some Like it Hot! CAE Roundtable, Part 2 ( In-Person Only)
Presenter(s): Kim Turner
Is your audit function lukewarm, or is it a hot spot for new ideas and positive impact? CAEs ‎have unique opportunities to lead their universities toward organizational best practices not ‎only through value-added audit work, but also by making the audit shop an incubator for new ‎approaches to partnership, leadership, and management. This roundtable will provide a ‎moderated and timed environment where CAEs and directors with varying perspectives will ‎discuss, and even challenge, best practices related to internal audit leadership, emerging ‎risks, the post-Covid world, and university governance, risk management, and control ‎practices. The session will be entirely interactive, consisting of robust group discussion and ‎starting with a pre-conference survey of attendees to gather topics of interest.

After this session, participants will be able to:
  • Cross-pollinate best practices for internal audit leadership ‎ 
  • Identify risk “hot spots” and develop related audit strategies 
  • Consider the post-Covid audit function
Knowledge Level: Advanced
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience in an internal audit leadership position
3:05 PM - 3:25 PM
Break
3:25 PM - 4:25 PM
A4: Data Analytics Session Part 2
Presenter(s): Christine Heise, University System of New Hampshire
Trevor Hughes, Virginia Tech
This session is part two of two.  For the best benefit, please plan to attend both presentations.
 
There has been a lot of talk about analytics – what is it, what are some techniques, and what tools are there.  What has been missing in that discussion are real-world examples of how to use analytics in planning and performing an audit.
 
This session discusses how an auditor might choose to use analytics in fieldwork and audit reporting for a Procure to Pay audit.  Extending from the planning process in the first session, it will consider 100% testing, identification of trends, outlier identification, statistical methods to focus fieldwork, and responding to new information obtained in fieldwork.  Finally, presenters will show how auditors can use visualizations to enhance reporting and to expand traditional reporting into a more dynamic presentation.
 
Presenters are not targeting this session at any specific ERP system or technical tool but may discuss specific ERPs and tools as examples.
 
After this session, participants will be able to:
  • Experiment with available data to perform global tests
  • Propose relationships between data elements
  • Integrate the information from multiple analytics for root cause analysis
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
3:25 PM - 4:25 PM
B4: Developing a Title IX Audit Plan in a Changing Regulatory World
Presenter(s): Elizabeth Truelove McDermott, Northwestern
Cassandra Walsh, Baker Tilly
This presentation will be delivered remotely. 

On May 6, 2020, the Department of Education released its final Title IX regulations, “Nondiscrimination on the Basis of Sex in Education Programs or Activities Receiving Federal Financial Assistance" (Final Regulations), effective Aug. 14, 2020. However, with an administration change in 2021, there are questions as to what new guidance may be on the horizon. Join us to learn more about how to develop and execute an audit plan of the Title IX program at your institution, even in the midst of changes. Participants will learn key activities to include in the audit plan and how to structure an assessment to provide valuable results to the institution.

After this session, participants will be able to:‎
  • Identify key activities to include in an audit plan
  • Evaluate how to structure recommendations in the face of possible changes in regulations
  • Assess how to assist your institution in monitoring the risk landscape and identify potential changes that may be ‎needed with new regulations
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
3:25 PM - 4:25 PM
C4: CAE Track - Leadership & Advocacy ( In-Person Only)
Presenter(s): Michael Taylor
8:05 AM - 9:20 AM
Keynote Session: The Role of Audit in Achieving Justice, Equity and Inclusion
Presenter(s): Dr. Alvin Schexnider
This presentation will be delivered remotely. 
 
This session will examine the audit function in fostering social justice in higher education. It will trace the evolution of social justice policies from affirmative action/equal employment opportunity (AA/EEO) to what is currently referred to as diversity. The session will share perspectives from the Association of Governing Boards of Universities and Colleges (AGB) Statement on Justice, Equity and Inclusion specifically, ways that boards can improve their understanding of the impact of inequalities from the standpoint of policies and procedures, values, interpersonal behavior and unconscious bias.

After this session, participants will be able to:
  • Describe how the audit function can help achieve justice, equity and inclusion
  • Evaluate the importance of board engagement, institutional commitment and cultural change as part of the process 
  • Discuss best practices in achieving justice, equity and inclusion at selected universities and colleges.
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Behavioral Ethics
Prerequisites: None
5:30 PM - 6:30 PM
Networking Reception ( In-Person Only)
This networking reception is sponsored by Baker Tilly. 
9:20 AM - 9:50 AM
Break
9:50 AM - 11:30 AM
A5: Developing a Cybersecurity Compliance Program For The Entire Institution
Presenter(s): Carlos Lobato, New Mexico State
Cybersecurity represents critical risk to organizations. It is a worrisome issue to governing bodies and executive management as data breaches, fraud-scams and identity theft are on the rise. However, there are steps that 
organizations can take to improve cybersecurity and reduce the risks of a massive data breach.

After this session, participants will be able to:
  • Benchmark existing information security programs versus best current cybersecurity practices. 
  • ​Assess cybersecurity risk management processes and policies and determine if they are helping to adequately protect their organization's critical information systems and data assets. 
  • Formulate, update and communicate short- and long-term organizational cybersecurity strategies and policies. 
  • Ask the right questions to IT technical staff and be able to determine if sound responses are being provided. 
  • Determine if proper logging is being performed by critical systems to assist in fraud-related, general IT incident handling or data breach investigations. 
  • Gain practical tips for establishing a comprehensive risk-based cybersecurity information security program. 
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Information Technology
Prerequisites: None
9:50 AM - 11:30 PM
B5: Why Audits Fail to Find Fraud
Presenter(s): Allen Brown, Former CAE LA Community & Technical College System
This presentation will address some of the issues that lead to audit failure when it came to identifying fraud. Real examples of audit failures will be used to demonstrate the issues being discussed. 

After this session, participants will be able to:
  • Understand that the auditor can never just accept information due to a time budget  

  • Assess ways to THINK creatively and objectively throughout the audit 

  • Identify what fraud looks like so you can spot it


Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:30 PM - 3:45 PM
C5: CAE Track - Affinity Groups & Other Breakouts ( In-Person Only)
11:40 AM - 12:20 PM
Awards & Officer Transition
12:20 PM - 1:10 PM
Lunch
1:15 PM - 2:15 PM
A6: NCAA & Name, Image & Likeness
Presenter(s): Tim Parker
1:15 PM - 2:15 PM
B6: Getting Started with a Fraud Investigation
Presenter(s): Allen Brown, Former CAE LA Community & Technical College System
This presentation addresses the who, what, where and when of starting an investigation. It will address questions that generally arise when beginning an investigation. Is the information received reliable? Who will I need to interview and how to determine the timing of the interviews? What documents will I need and where are they located? Are there multiple locations that the investigator must take control of during the initial phase of the investigation? What are the rules of engagement? In general, taking the information you have and, based on predication and logic, making decisions related to the use of the investigators tools; interviewing, document examination and observation.

After this session, participants will be able to:
  • Evaluate initial information related to an investigation
  • Make decisions related to what investigative steps are needed and in what order to approach the issue
  • Identify, obtain and secure the relevant documents
  • Discuss the importance of understanding the rules of engagement related to each investigation's environment
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
5:30 PM - 6:30 PM
C6: CAE Track - Affinity Groups & Other Breakouts (In-Person Only)
2:15 PM - 2:35 PM
Break
2:35 PM - 3:50 PM
A7: Student Success - A New Era in Advising
Presenter(s): Matt Walsh, Texas Tech
Jessica Wilson, Texas Tech
 
Traditional advising focused solely on a student’s major and course selection. Student success is a modernized approach that incorporates social issues and financial concerns into a student’s advising experience. Advising is a critical component of student retention, which is often a strategic goal of universities. Student retention data is essential to measuring student success effectiveness and is utilized by administrators to drive decision making. Advising is often decentralized across departments. We will discuss procedures for evaluating governance structures and information technology resources related to the cohesiveness of student success and advising personnel. We will also provide attendees risks and procedures for evaluating overall advising governance, including fee usage. Through these discussions, attendees will be provided a toolkit to ensure the student advising experience is maximized while university risks are minimized.

After this session, participants will be able to:
  • Identify risks associated with student success and advising processes
  • Evaluate the synergy between central and departmental student success functions
  • Apply audit methodologies to the non-tangible elements of advising and student success

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:35 PM - 3:50 PM
B7: Adding Value Through Control Self Assessments
Presenter(s): Tharanee Ravindran, Univ of Alabama System
As the role of internal audit has evolved over the years from assurance provider through problem solver to trusted adviser, audit shops around the world seek innovative ways to add value to their organizations. Control Self-Assessment (CSA) is a valuable tool that auditors can use to assist organizations manage risks effectively. This session will focus on the details of how we successfully incorporated CSA as part of our Audit Plan to add value to our stakeholders. We will share details on the approach that we took for selecting the areas for CSA projects and the techniques that were used to facilitate the projects. Finally, you will hear from two of our clients sharing how CSA has added value to their operations. 

After this session, participants will be able to:
  • Recognize what makes CSA different from traditional audits. 
  • ​Incorporate CSA as part of the annual audit plan 
  • Facilitate a successful CSA project. 
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: None
2:35 PM - 3:50 PM
C7: CAE Track Debrief (In-Person Only)
Presenter(s): Brian Daniels, The University of Tennessee
No CPE will be offered for this session.
4:10 PM - 5:10 PM
General Session: Student Mental Health and Wellness Amidst Change
Presenter(s): Jennifer Romano, Baker Tilly
ACUA Institutional Rep, TBA
This presentation will be delivered remotely. 

Student mental health has been a growing concern for administrators, parents, and students alike. While some mental health disorders such as anxiety and depression are biologically based, external and environmental factors such as the COVID-19 pandemic and resulting shift to remote learning may intensify conditions.  As students transition from primary and secondary education to undergraduate and graduate programs, they are often faced with a variety of additional stressors and need exposure to mental health and wellness services and resources. As such, institutions need to be equipped to provide sufficient and effective resources.   

After this session, participants will be able to:
  • Identify common challenges road blocks associated with mental health 

  • Outline roles and responsibilities between and among offices managing health and wellness activities 

  • Discuss leading practices and resources and it relates to health and wellness 


Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Personal Development
Prerequisites: None
6:30 PM - 9:00 PM
Evening Event/Networking ( In-Peron Only)
Stop by to toast your ACUA colleagues in Miami. Meet us on the American Lawn from 6:30 pm – 9:00 pm for noshes, music, dancing, singing, and laughs. 
8:00 AM - 9:15 AM
A8: A CrossFit Bootcamp for Auditing Physician Clinics, Student Health Centers, Outpatient Pharmacy & Mental Health Centers
Presenter(s): John McDaniel, Univ of Alabama

Healthcare Operations in higher education continue to face tremendous financial, operational, and compliance challenges. Their unique culture, business model, regulations, and operational language is very different from other areas of our universities. This session will provide participants with a tool kit to reduce their ‘Discomfort Gauge’ with clinical operations and the opportunity to: 

  • Understand and assess revenue cycle, supply chain, pharmacy, and payroll risks in healthcare 

  • Develop a basic understand of healthcare language such as ICD-10 codes, CPT Codes, encounter sheets, case mix, payer mix, RVU’s, capitation, fee for service, lag days, and others. 

  • Measure operational and financial performance of clinical areas by utilizing universal benchmarks and performance measures 

  • Provide high value audits related to leaks in the clinical revenue cycle 

  • Develop a foundational understanding of the operational, financial, and compliance risks related to telehealth and telemedicine (and learn the difference between them!)

After this session, participants will be able to:
  • Discuss the basics of healthcare operations in higher education and academic medical centers 

  • Recognize basic risks of Telehealth and Telemedicine Services 

  • Identify the essentials of a corporate compliance program 

Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
8:00 AM - 9:15 PM
B8: Auditing Student Affairs in a Dynamic Environment
Presenter(s): Joanna Rojas, Duke University

This presentation will be delivered remotely. 

Student Affairs is involved in all aspects of undergraduate and graduate student lives. Student Affairs provides opportunities to enrich a student’s intellectual, social, cultural and physical/mental development by providing opportunities to explore beyond the classroom.  The pandemic introduced new challenges to providing an immersive campus experience while enforcing evolving COVID-19 health guidelines.  During this session, we will discuss risks managed by Student Affairs and operational audits focused on key processes and risk mitigation strategies.  We will discuss techniques Duke University Student Affairs implemented to support  university-wide initiatives throughout the pandemic. In this session, we will use risk assessment and assurance engagement examples to fuel detailed discussions surrounding various aspects of Student Affairs including:  

  • Undergraduate and graduate student risks  

  • Operational audits within Student Affairs, specifically Student Conduct and Student Health. Examples of risk assessment and audit programs will be discussed 

  • Student Affairs response and initiatives to pandemic priorities and protocols during COVID 


After this session, participants will be able to:
  • Assess risks related to Student Affairs departments, specifically Student Conduct and Student Health 

  • Identify relevant audit procedures 

  • Recognize areas in which internal audit can assist Student Affairs 


Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
9:15 AM - 9:35 AM
Break
9:35 AM - 10:35 AM
A9: Conflict of Interest
Presenter(s): Baker Tilly & ACUA Institutional Rep, TBA
Knowledge Level: 
Advanced Preparation:
Field of Study: 
Prerequisites:
9:35 AM - 10:35 AM
B9: Financial Management Dashboard - Using Data Analytics to Manage Risk and Improve Compliance
Presenter(s): Zuleikha Shakoor, UC San Francisco
Arthur Gong, UC San Francisco

This presentation will be delivered remotely. 

This session explores how the use of data analytics and visualization tools has resulted in a launch of an enterprise-wide dashboard at the University of California, San Francisco (UCSF) to manage financial and compliance risks more efficiently and effectively. UCSF launched a financial management dashboard in August 2018 to help department finance managers proactively monitor critical financial risk and policy and regulatory compliance. The dashboard provides a mechanism for continuous monitoring to better facilitate decision-making, and to prompt remediation actions. 

The tool helps departments assess their financial compliance risk, using metrics that address highly regulated and critical areas, such as sponsored research compliance, philanthropic fund management and financial performance.  The dashboard presents information visually as well as in detailed data tables, and allow for quick “at-a-glance” views of major indicators of compliance risk. 

After this session, participants will be able to: 

  • Develop and implement a continuous monitoring dashboard using data analytics 
  • Enhance compliance and monitor financial risks as part of an internal controls program 
  • Engage stakeholders from business operations to develop a dashboard through collaboration
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Finance
Prerequisites: None

 

2:00 PM - 2:30 PM
Break
11:05 AM - 12:20 PM
Keynote Session: Edward Snowden: The Ultimate Insider Threat
Presenter(s): Steven Bay
Edward Snowden was the quintessential insider threat that all organizations fear. In this presentation, you will hear the inside story of Snowden’s last few months at NSA, the search for him, and the impact of his actions from his then boss, Steven Bay.  From this presentation, you will take away a better understanding of who insider threats are, lessons learned about detecting and protecting yourself from them, and a better understanding of the level of damage insiders can do.

This keynote is sponsored by AuditBoard, a Strategic Partner of ACUA. 

After this session, participants will be able to: 
  • Describe who insider threats are and where they may be hiding
  • Identify ways to detet and protect from insider threats
  • Discuss the amount of damage that can be done by insiders 
Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None

 
8:00 AM - 9:00 AM
A10: How Risky Is IT Security at Your Institution
Presenter(s): Sharon Kurek, Virginia Tech
Justin Noble, Virginia Tech
We all understand that information technology is inherently high risk.  However, how do you differentiate and assess that risk in the highly complex decentralized higher education environment?  That is the task we found ourselves tackling in a recently completed advisory engagement at Virginia Tech.  This presentation will review our approach in partnering with management to conduct an IT Security risk and compliance assessment.  We will talk through the critical components of the review, our struggles and wins, and the big 'takeaways' from this project. 

After this session, participants will be able to: 

  • Discuss the critical components of an IT risk and compliance assessment in a decentralized environment 

  • Identify resources to assist in performing an assessment 

  • Describe lessons learned from a recently completed assessment 


Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Information Technology
Prerequisites: None

 
8:00 AM - 9:00 AM
B10: Enterprise Risk Management at the University of Montana
Presenter(s): Anta Coulibaly, Univ of Montana
Curious about how to implement an Enterprise Risk Management (ERM) program? This session offers tips and strategies for deploying a successful, nimble ERM process, especially at small or medium-sized institutions of higher education. Learn how to create a dynamic risk inventory by effectively identifying, assessing, and managing risks to the achievement of your organization's strategic objectives. 

After this session, participants will be able to: 
  • Discuss key differences between the most common ERM frameworks.
  • Describe core elements of the ERM cycle, from strategy/objective setting to risk identification, assessment, and mitigation.
  • Recognize common challenges to implementing a successful ERM program. 

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Management Services
Prerequisites: None
9:00 AM - 9:20 AM
Break
9:20 AM - 10:20 PM
A11: Tackling Challenges in Athletics
Presenter(s): Kevin Robinson, Auburn
Katlyn Andrews, Baker Tilly
Marion Candrea, Ohio University
Often described as the “front porch” of an institution, intercollegiate athletics is one of the most, if not the most, visible part of any college or university. Despite any variable: big or small, urban or rural, football or not – schools must tackle a variety of operational challenges. This panel discussion will dive into challenges that have dominated the landscape including new name, image, and likeness rules and their application. 
 

After this session, participants will be able to: 

  • Discuss some of the current challenges in intercollegiate athletics including addressing changes to name, image, and likeness regulations 

  • Identify how institutions are approaching challenges within athletics 

  • Determine ways in which internal audit can help support athletics operations 

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: None
9:20 AM - 10:20 AM
B11: Amazon Web Services - Risk and Your Private Cloud Infrastructure
Presenter(s): Angela Atkins, Wake Forest
James Ponce, Wake Forest
Introduction to basic concepts of Amazon Web Services (AWS) private cloud infrastructure and examples of use cases at Wake Forest.  Describe concepts of AWS Shared Responsibility Model and potential implications for your school. Consider how the model also affects 3rd party service providers whose solutions are built in AWS. Discuss potential risk and control considerations with private infrastructure deployment, including cloud pricing model, account governance, security and access management, vulnerability management and monitoring, and change management. 

After this session, participants will be able to: 

  • List three potential use cases of Amazon Web Services as an infrastructure resource. 
  • Explain the basic concept of the AWS Shared Responsibility Model for security and compliance, and list two reasons customer understanding of this is key.  
  • Identify four risk and control considerations for AWS infrastructure deployments
Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Information Technology
Prerequisites: None
10:20 AM - 10:40 AM
Break
10:40 AM - 11:40 AM
A12: Small Shop Internal Audit in a Remote Envionment: Approaches for Benchmarking Contracting, Procurement, and Gaining Coverage in a Dynamic Virtual Setting
Presenter(s): David Terry, Portland State; Kyra Castano, Baker Tilly (Kyra will present remotely)

Kyra's portion of the presentation will be delivered remotely. 

This session is designed to help all levels of auditors obtain insights into how Portland State University worked with Baker Tilly to conduct a co-sourced performance audit on contracting, procurement, and sponsored project processes and controls.  This session will provide attendees insights into: 

  • How benchmarking procedures were performed; 

  • Risk areas to look for and consider testing; and 

  • Data obtained from this project that can lead to other projects such as: 

  • GASB 87 implementation; 

  • Section 117 of the Higher Education Act for foreign gift/contract reporting; and 

  • Diversity, equity, and inclusion in procurement and contracting processes. 


After this session, participants will be able to:
  • Analyze and assess the performance of their institution’s contracting and procurement services processes; 

  • Analyze and assess the performance of their institution’s sponsored project processes 

  • Identify strategies for analyzing diversity, equity, and inclusion in contracting and procurement services at your organization. 

Knowledge Level: Basic
Advance Preparation: None
Field of Study: Auditing
Prerequisites: None
10:40 AM - 11:40 AM
B12: COGR Update
Presenter(s): Douglas Horr, Vanderbilt University
The Council On Government Relations (COGR) advocates for policies and practices that reflect the mutual interests and separate obligations of federal agencies and research institutions as it relates to research and graduate education. This session will provide participants an update on the organizations current activities and important policy and regulation changes recently adopted and currently being worked on, including COVID-19 resources, HEERF, and legislation dealing with security over our science.

After this session, participants will be able to:‎
  • Describe agency and legislative concerns regarding security around our ‎institutions’ research.‎
  • Evaluate implementation and compliance requirements regarding the three branches of the ‎Higher Education Relief Fund
  • Discuss recent changes to federal drawdown process, submission of final federal financial ‎reports and various costing matters associated Uniform guidance.‎
Knowledge Level: Basic
Advance Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: None
Track A
Track B
Track C (In-Person Only)