2021 December Training - Full Day Session

When: December 01, 2021 - 0800-1630
Where: Virtual
Registration: Webex Registration

Once you complete registration you will receive a confirmation that contains a link to the webinar. This is a unique URL and will be used to track attendance. If you call in using your phone, please email the This email address is being protected from spambots. You need JavaScript enabled to view it.with your Call In Number (assigned by Webex, if available), Webex Registration ID (found in confirmation email), name and email address so it can be matched to the attendance log.

Cost:  Free
CPEs: Up to 8
Handouts: Will Be Uploaded When available

Morning Session

Topic 1 - 5 Critical Elements for Quality Questions
Great auditors and fraud professionals must be able to ask good questions. Battling difficult clients while trying to overcome our own insecurities often leaves us with unanswered questions and incomplete projects. What if I told you that you can improve your questioning skills with five simple changes?
In this session, participants will:
• Identify and discuss the five elements of effective questions.
• Understand the power of questions.
• Describe and avoid the barriers to asking good questions.
• Utilize a five-step approach to ask better questions, get better answers, and perform better audits.

Topic 2 - Making Remote Auditing Work
We’ve been thrust into the world of remote work. Which means it is a perfect opportunity to take advantage of operational efficiencies when you use technology effectively.
The 1 hour course explores a few tools and techniques that can help you win at remote auditing. Topics covered include
• Boosting morale for remote workers
• Collecting audit evidence in a remote environment
• Building trust and relationships in a remote environment

Topic 3 - Introduction to Active Listening for Internal Auditors
People often confuse the physical act of hearing with the emotional art of listening. The modern educational system emphasizes speaking and writing, but does not teach the important skill of active listening. When you genuinely listen you show respect, create trust, and develop rapport.
Active listening also helps you
1) identify and solve problems,
2) increase your knowledge and
3) avoid misunderstandings

By the end of this session, participants should be able to:
Define Active Listening
Explain why you should care about active listening
Explain why we listen
Identify what's stopping you from actively listening
Explain the listening styles
Identify and explain listening strategies

Speaker: Robert Berry, CPA, CIA, CISA - President, That Audit Guy

Robert Berry, CPA, CIA, CISA, is the President of That Audit Guy, a consulting and training company. He helps improve people, who in turn improve processes, which improves profits. He is an international speaker, corporate trainer and writer. He specializes in active listening, asking questions, making remote work more efficient and better business writing. He is the author of three books, including Creating Wonderful Workpapers and Ask Better Questions, Get Better Answers, Perform Better Audits,, along with 100+ articles on audit and life. You can find him hanging out on LinkedIn or www.thatauditguy.com.

Afternoon Session: Cloud Identity Management, Hacks and Countermeasures

As organizations expand their multi-cloud environments, managing permissions in the cloud becomes increasingly complex. Permissions in the cloud are being granted based on guesswork, admin permissions are difficult to understand, and every cloud environment is growing like a carbon life form. All of this has contributed to the attack surface being used by attackers to target cloud infrastructures. In this presentation, we'll discuss the Cloud Infrastructure Cyber Kill Chain to uncover attacks beyond the perimeter. We'll uncover aspects of cloud privilege escalation, lateral movement, alternate backdoors, and more. This will provide the basis for then discussing a new approach to managing permissions in the cloud and pursuing least privileges in a more calculated and automated way to eliminate guesswork and assumptions based approaches.

Speaker: Mike Raggo

Michael T. Raggo has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear. His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.