contact us  |  print  |  français  |  log in
my downloads
pay an invoice
my account
Accounting & assurance
Business & finance
CPA Canada Handbook
Information technology
Practice management
Risk & governance
in all formats

Conference on IT Audit, Governance and Security 2016
Fundamentals of IT Audit – A Three-Day Workshop 2016

Conference on IT Audit, Governance and Security 2016ORFundamentals of IT Audit – A Three-Day Workshop 2016 - This product is available in the following media types: Conference(en anglais seulement) Archive Event
Note: As this event is now over, information is for reference purposes only.

2016 Conference on IT Audit, Governance and Security
March 21-22, 2016 (optional Post-Conference Workshop March 23)


2016 Fundamentals of IT Audit – A Three-Day Workshop
March 21-23, 2016

ItemCPDItem no.Price
Registration starting at 
Prices may change without notice. User license policies

Event dates, locations and prices subject to change.

Conference on IT Audit, Governance and Security

Plus optional one-day Post-Conference Workshop (March 23)

Who Should Attend

This is the ideal conference for IT professionals and financial leaders with responsibility for the IT function including:

  • CFOs
  • CIOs
  • IT Security Officers
  • managers of: IT, IT audit, internal audit, compliance
  • auditors: external, internal and IT
  • finance professionals with responsibility for the IT function

Topics Include

  • Developments in Corporate Risk and IT Governance: The IT Risks Boards Need to Hear About
  • Measuring Risks to Recovery in IT: Are we Asleep at the Wheel?
  • Understanding and Managing Cybersecurity Risk
  • The Internet of Everything: Security Concerns and Audit Challenges with the Future State of Integrated Security
  • Big Data and Predictive Analytics
  • Trends in Vendor Risk Management/Governance
  • Star Wars, Regulatory Expectations and the Emergence of the Next Generation IT Audit Function: Maintaining and Effective Third Line of Defence


Day 1

Monday, March 21, 2016

7:30am - 8:30am
8:30am - 9:30am
Opening Keynote Address: Learning from Crisis
Speaker: Dr. Marie-Helen Maras, Associate Professor, John Jay College of Criminal Justice


Transnational security issues encompass military and nonmilitary threats that traverse borders around the globe, threaten the social, political and legal order of nations, and adversely impact the quality of life of the population of nations. The impacts of transnational security threats are felt beyond a single nation's borders and impact the international community as a whole. The increasing use of and reliance on communications, information and computer technologies by populations around the world has also altered the meaning of borders in the context of security. This session critically examines major threats to global security and responses to these threats.

About Dr. Marie-Helen Maras

Dr. Marie-Helen Maras is an Associate Professor at the Department of Security, Fire, and Emergency Management at John Jay College of Criminal Justice. She is also part of the faculty of the MS program in Digital Forensics and Cybersecurity at John Jay College of Criminal Justice and the PhD in Criminal Justice at the CUNY Graduate Center. Dr. Maras has a DPhil in Law and an MPhil in Criminology and Criminal Justice from the University of Oxford. In addition, she holds a graduate degree in Industrial and Organizational Psychology from the University of New Haven and undergraduate degrees in Computer and Information Science and Psychology from UMUC. She is the author of: Computer Forensics: Cybercriminals, Laws, and Evidence (now in its second edition); Counterterrorism (2012); CRC Press Terrorism Reader (2013); and Transnational Security (2014), among other publications. Furthermore, Dr. Maras is the creator and co-editor for a monograph and edited volume series titled, "Palgrave Studies in Cybercrime and Cybersecurity." She is currently working on a monograph on Terrorism and Social Media for Palgrave-Macmillan and a book on Cybercriminology for Oxford University Press. Prior to her academic post, she served in the U.S. Navy as a Law Enforcement Specialist and Command Investigator.

9:35am -10:30am
Compliance Landscape (IT Audit)
Speaker: Bashir Fancy, Corporate Solutions and Services Inc.


There are significant challenges in ensuring the ongoing well?being of any Organization. These challenges are further complicated due to the significant pace of change in technology, poor or no knowledge transfer, ability to retain key staff and the ensuing skills gaps. Throw into the mix global disruptive businesses/technologies, competition and cyber security threats and the problem get compounded.

Are we approaching these problems in a sensible manner that take into account all the issues above and many more? Or do we continue to do what we have always done with some incremental changes? Is that approach going to ensure our well?being and ensure our competitiveness and security? Evidence suggests that we could and must do a lot better. We need to re?think our approach. The good news is that it can be done. You will hear from someone who has led in this field in the global environment and has dealt with complex issues. He continues to innovate in this area.

About Bashir Fancy

Bashir Fancy is the Managing Director, Corporation Solutions & Services Inc., providing Risk Management, Governance, Security, Operations, IT consulting services and Internal Audit globally. He is also the current Chairman of Canadian Information Processing Society (CIPS) -National Board. CIPS was formed 58 years ago to oversee IT Industry in Canada and in fact represents Canada in the world on IT Matters and has the backing of the legislation. He also is the Vice President of CIPS Ontario.

Mr. Fancy has held position of Senior Executive Advisor, with Deloitte & Touche and also assisted Grant Thornton in similar position. Prior to that, Mr. Fancy served as the Executive Vice President for Risk Management & Security at Visa International and was also the Global Head of Internal Audit for Visa based out of San Francisco. He was key part of developing the "Account Information Security" -Data Security Standards (now known as PCI? DSS), impacts anyone that stores, processes or transmits credit/debit card transactions. This standard is intended to prevent data breaches, ensuing fraud, costs and brand damage. Bashir Fancy, as the Head of Risk Management & Security for Visa Canada, developed & implemented a strategy that led to 50% reduction in fraud losses, after a growth of 40% per year for 5 previous years. This strategy was adopted globally for Banks issuing Visa Cards.

Mr. Fancy assists financial institutions globally including the World Bank, Telecoms, Retail businesses, Governments and others, to deal with the root causes and become secure, efficient and compliant. He has excellent background at both working and executive level in the Payments, Retail, Airline Industry, 3rd Party processing and the Banking world that spans many countries.

Mr. Fancy held senior management positions that included Systems, Operations, Systems, Finance, Risk management, Internal Audit, Marketing & Sales and strategy in Organizations that included Visa international (Visa Inc.), Citibank, SNS (became known as Emergis, now absorbed into TELUS) - 3rd party card processor and effectively the back office managing point of sale for Canadian Banks and major retailers. His other roles included senior management role in Air Canada and the "Supermarket Group", after starting his career to pursue CA at West, Wake & Price (Auditors) -became part of Price Waterhouse.

Emerging Cyber Threats and Practical Mitigation Strategies(IT Security)
Speakers: Emmett O'Reilly, Kando and Ruchir Kumar, KPMG LLP


This session will present emerging cyber threats in a dynamic cyber landscape. This will entail key threat actors, their goals and the techniques these actors are using to achieve them. Step through an actionable defense approach that organizations should consider as a part of the cyber security strategy to reduce the associated risk.

About Emmett O'Reilly

Emmett O'Reilly is a technology consultant with 18+ years of professional experience managing cyber security risk in various industries which include critical infrastructure and public safety. His expertise includes conducting security assessments and leading technology implementation projects. His work provides value to organizations by increasing the level of protection of critical IT assets and improving detection and response capabilities. Emmett possesses comprehensive knowledge of security controls, business applications and technology infrastructure. Recently, Emmett has focused on applying his cyber security skills in cloud and big data technology initiatives. He has a Bachelor's of Commerce degree from Ryerson University and has achieved certifications which include CISSP, CISM, CISA, IBM Infrastructure Architect, TOGAF and technology related certificates.

About Ruchir Kumar

Ruchir is a member of the Cyber Security Practice at KPMG Advisory Services and has over 17 years of advisory experience in North America and Asia. In this role, he provides subject matter expertise to clients in IT security risk management, Cyber Threat Intelligence and data governance, data privacy and data loss prevention. He is a trusted advisor to the executive management and provides guidance on developing the Cyber security roadmap / strategies tailored to the client's risk profile. He has led several complex global consulting engagements. He has extensive experience in legal compliance requirements (PCI-DSS, HIPPA, SOX and NI 52-109), IT security frameworks and standards (COBIT, COSO, ITIL, ISO 27002:2005/13, HITRUST CSF, PMBOK, NERC, NIST and BS 25999).

Strengthening Controls in a Shared Services Environment - The COSO Framework at Work (IT Governance)
Speaker: Mario Durigon, KPMG LLP


The session will cover the current trends in IT Outsourcing and challenges that organizations are experiencing with outsourced/shared service arrangements. With the understanding of the trends and challenges, the session will present a series of examples of how the use of a well designed control framework such as COSO can help organizations better manage the risks and stakeholder expectations of such arrangements. The session will also cover some common points for organizations to consider in the implementation of an outsourced/shared service arrangement.

Mario Durigon is a Partner in the Risk Consulting - IT Advisory practice at KPMG in Toronto. He is the firm's national IT Audit leader and was the Chair of the Information Management and Technology Advisory Committee at CPA Canada from 2012 to 2014.

About Mario Durigon

Mario is an IT Advisory Partner in KPMG's Risk Consulting Practice in Toronto. He is also the National Leader of the Information Risk Management in External Audit practice at KPMG. As part of this role, Mario oversees the development and delivery of training to the firm's IT Auditors including disseminating changes in IT audit methodology. Mario also leads the incorporation of IT Audit innovation to the Integrated and Financial Statement Audit process including Data & Analytics. Mario is also Canada's representative on the KPMG Americas and Global Information Management in External Audit council. Mario is a senior, experienced information risk professional with significant experience assisting large, complex organizations in assessing and managing their risks over their business processes and supporting IT environments, including processes that have been outsourced to third parties. Mario has over 25 years of experience in IT audit and risk management.

Mario currently serves as lead IT auditor on some of KPMG's largest and most complex audit clients, including a major Canadian bank and a national cable and wireless provider.

Mario is also the lead engagement partner for numerous audits of controls at various service organizations in various industries including asset management, fund administrators, custodial service providers and logistics providers to name a few.

As part of his continuing support and commitment to the profession, from 2012 to 2015 Mario served as the Chair of the CPA Canada Information Management and Technology Advisory Committee, a group of professionals representing accounting firms, public and private organizations, the public sector and academic institutions, providing insight to CPAs on emerging issues and trends impacting information technology and business.

10:30am - 11:00am
11:00am -12:00pm
How to Use IT Tools to Improve the Process and Coverage of the IT Audit (IT Audit)
Speakers: Ujjwal Malhotra, Scotiabank and Carlos Chalico, Nymity Inc.

About Ujjwal Malhotra

Ujjwal Malhotra is a Certified Project Management Professional and a Certified Information Systems Auditor currently working within Scotiabank Risk Management Information Technology as Director - Business Analysis. Ujjwal has over 15 years of experience in professional firms & financial industry.

Ujjwal work experience includes managing end-to end global programs and projects, Data analysis and data transformation, technology delivery to support operational and liquidity risk management, business process (both financial and operational) audit and optimization, end to end controls assurance and IT audit engagements including assessment and development of Corporate Governance framework assessment and analysis of IT environments with respect to effectiveness, risk, governance frameworks, organizational structure, IT processes, Business and Disaster Continuity, and the development, selection and deployment of frameworks or technologies to meet an organization's strategic business needs.

Ujjwal has detailed and practical knowledge of IT governance models, Project management and IT audit methodologies, including the PMP, Agile, CoBIT and COSO frameworks.

About Carlos Chalico

Carlos Chalico is an Information Security, IT Risk and Privacy Professional with almost 20 years of experience. He recently became the Strategic Alliance Director of NYMITY Inc. the leading global research company specializing in accountability, risk, and compliance solutions for the privacy office. Before that, Carlos was the head of the Toronto office of Ouest Business Solutions Inc. a Canadian consulting company and before that he was with Ernst & Young for almost 16 years where he served as an Information Security, IT Risk and Privacy professional, leading the corresponding practices including specific activities such as penetration testing, vulnerability assessments, Cybersecurity architecture definition, compliance, InfoSec research, privacy and IT risk in general. He is also an instructor for the University of Toronto School of Continuing Studies for the programs of Big Data, Cybersecurity and IT Governance. Carlos is also a volunteer advisor for the Canadian Red Cross in issues related to Information Security. He holds the following designations: CISA, CISSP, CISM, CGEIT, ISO27001LA and was designated in 2011 as Privacy by design Ambassador by Dr. Ann Cavoukian former Information and Privacy Commissioner for the province of Ontario.

The Internet of Everything - Security Concerns and Audit Challenges with the Future State of Integrated Security (IT Security)
Speaker: Stewart Wolfe, CISCO Systems Canada Co.


The Internet of Everything is creating unprecedented opportunities to realize dramatically greater value from networked connections among people, processes, data and things. Cisco estimates the IoE will create $19 Trillion in global value over the next decade by connecting the unconnected.

Changing business models and consumer consumption requirements is forcing business to change the way they operate in order to remain relevant. Capitalizing on IoE opportunities requires secure networked connections, and 73 percent of decision makers expect the IoE to increase in threat severity over the next two years.

Protecting and auditing IoE interactions is crucial for people and organizations to benefit from IoE advances. Using a threat-centric architectural approach, Stewart Wolfe shares his perspective on the future state of integrated security within the IoE.

About Stewart Wolfe

Stewart Wolfe is a Senior Manager in Cisco's global security practice and leads the Canadian pre-sales security team. In his leadership role within Cisco's global security services, Stewart has the primary responsibility to drive the pursuit of architectures and advisory services for Cisco's Canadian customers.

Stewart is a member of ISACA since 2007 and holds both CISA as well as CISM certifications. With 23 years of Information Security experience, Stewart has worked for the largest IT company in the world as well as "Big 4" consulting firms. His focus areas include security advisory and managing security services.

Specializations include GRC, security strategy, cloud and mobile security, IOE security, identity and access management, and managed security services.

Measuring Risks to Receovery in IT; Are We Asleep at the Wheel? (IT Governance)
Speaker: Ann Wyganowski, HZX Business Continuity Planning


Technologies such as virtualization have made IT availability seem easy and have shortened recovery timelines, but are they really supported by sound disaster recovery plans (DRPs)? There are many things that might not have been considered that need to be part of successful DRP risk management. Have the vendors and the technobabble confused everyone about the real state of recoverability? What really makes for a foolproof IT disaster recovery plan? Case studies of risks identified during in-depth analysis of actual IT recoverability, timelines, strategy design slip ups, data centre risks and the continual misinterpretation of what IT disaster recovery planning really means will be discussed.

About Ann Wyganowski

Ann's consulting background includes over 29 years of managing large projects across various industries ranging from health services, banking, pension & investment management, education, research & development, manufacturing, distribution, transportation, public utilities, food, property development & management, publishing, human resources, not-for-profits and telecommunications. Ann's global BCP, DRP, and pandemic planning experience with people, culture, environments and risks includes numerous countries across Europe and Asia, Canada, USA, Australia, Mexico, and Brazil.

Her focus on Business Continuity began in the 1990's. As the industry evolved, Ann expanded her diverse business process and continuity knowledge to adapt and create agile holistic plans for a wide variety risks in many environments from large global corporations to small businesses, critical infrastructure, and charitable organizations.

Ann is a Master Business Continuity Professional (MBCP), and Certified Business Resilience Manager (CBRM) and Member of the Business Continuity Institute (MBCI), all of which are internationally recognized designations in the field and works as a consultant in the industry. .

Ann was a President and Board Member of the Toronto Disaster Recovery Information Exchange from 2006 - 2015, sits on the Disaster Recovery Institute of Canada's Board, and is a member of the Ontario Association of Emergency Managers. Ann chairs Centennial College's Emergency Management and Public Safety Institute Steering Committee. She speaks regularly at conferences on Business Continuity, IT DRP, Emergency Response, Health Emergency Planning and Security to both business and government. Ann also teaches IT Disaster Recovery Planning for George Brown College, Virtual EOC for Centennial College. Her firm's clients for business continuity, emergency planning, and IT DR planning work span all levels of government, numerous business sectors and industry. .

12:00pm - 1:15pm
1:25pm - 2:15pm
National Cyber Security: Effectively Managing the Risks
Speakers: Ray Boisvert, I-SEC Integrated Strategies and Jonathan Raymond, SAS Canada

Session Sponsored by SAS Canada


Canadian businesses, institutions and government agencies are under constant attack from the outside and within - - and at an unprecedented velocity and level of complexity.

The pace of socially engineered emails, or Phishing attacks, along with the betrayal by "insiders", is evolving faster than our apparent ability to control associated risks. The growing volume of malicious events, with ever deeper impacts, are taking their toll on profits and reputations. We are now considered to be in the age of asymmetrical threats, a space where a diverse set of actors, from terrorists to hacktivists, have attained disproportionate power over open and free societies. It is also a world of Fifth Dimensional warfare targeting business, critical infrastructure, defence resources, intellectual property, personal information and a country's financial stability - often from converging global interests.

Managing risks of this nature, therefore, will require equally innovative and rapidly paced solution sets - - from applied Threat Intelligence, to the exploitation of advanced Data Analytics. During this session, two unique subject matter experts, one from national security, the other from the world of data analytics, will outline the drivers behind this increasingly relevant challenge to all risk managers - from CIOs and CFOs, to auditors and compliance officers. Both Ray Boisvert and Jonathan Raymond will deliver the background, explain the trendlines and offer up unique insights on risk management and mitigation strategies for the 21st Century.

About Ray Boisvert

After almost three decades in national security, Ray now works with a variety of client organizations to help them gain a deeper understanding of intelligence and security matters in a global context, and the impact on their operating environments.

Currently, as President of I-Sec Integrated Strategies (ISECIS), Ray delivers business intelligence solutions affecting core challenges such as cyber and insider threats, while guiding resilience building around the principles of pro-active defence. Ray also works with Hill + Knowlton Strategies, delivering bespoke advice to clients in relation to mergers and acquisitions, and other areas with potential National Security complexities.

After five years in federal policing, Ray joined the Canadian Security Intelligence Service (CSIS) in 1984 and retired in 2012 as the Assistant Director, Intelligence. During his tenure, Ray was involved in broad facets of security intelligence operations, from leadership of the Counter Terrorism domain, to driving national security priorities pertaining to Operational Risk management, Data Exploitation programs, Human Source management, Foreign Collection framework and all Special Operations efforts.

About Jonathan Raymond

Jonathan Raymond currently serves as National Practice Lead, Cyber Analytics for SAS. In this role, he is responsible for business development, go to market strategy and building high value partnerships on behalf of SAS. SAS' cybersecurity platform is built upon 39 years of global market leading advanced analytics. SAS' Cyber Analytics solution provides intelligence to North America's preeminent Enterprise security teams at the speed, depth and scale necessary to detect and respond to today's threats.

Prior to joining SAS, Jonathan held leadership roles within leading cybersecurity software, professional consulting, and Managed Security Service Provider (MSSP) organizations.

Going on 16 years in the Information Technology and Cyber Security industry, Jonathan has been a primary contributor upon the selling, design, deployment and ongoing management oversight and accountability for numerous high profile, complex and/or critical IT security projects inside the largest Private, Publicly traded and Public Sector organizations in North America.

Jonathan's experience as a leader in cyber security for large Enterprise includes a broad range of proficiency including: Cyber Analytics, Incident Response & Forensics, Vulnerability and Threat Research, Software & Mobile Security, Governance, Risk and Compliance, Industrial Control System and Embedded Security, and Identity and Access Management.

2:20pm - 3:20pm
Identity and Access Management (IT Audit)
Speaker: John Heaton, Accenture


The Internet of Things (IoT) is a term used to describe a world of where everyday physical objects are becoming intelligent and are connected over the internet, enabling us to use them to automate processes and for us to control them remotely to perform tasks ranging from adjusting our home central heating through to operating our critical infrastructures such as power, oil, gas, water, communication and transport systems. Ever left your home during a cold winter day with the windows open in order to ensure proper house aeration just to get back home later that day and feel uncomfortable because of the low temperature inside? That thing belongs to the past with the automation capabilities of the IoT. Identity Management solutions have been developed and deployed in support of users, customers and employees. In an IoT world, devices will also need digital identities in order to communicate with other devices and for consumers to work with them. This session will provide a background on the current state of IoT, the key risks with IoT and the approaches seen to manage digital identities for IoT, including connected cars, connected cities and related devices.

About John Heaton

John brings 25 years of business experience with over 20 years of consulting, risk management and security experience. John is focused on helping organizations sustain their compliance efforts by leveraging technology. He has spent the last 18 years of his career helping clients design, build, implement and run technology and related processes in support of their risk management, compliance and security requirements. He brings industry leading practices in the areas of analytics, risk management and security to clients through his relationships with vendors and his prior experience. John has worked across multiple industries, including banking, communications, technology and manufacturing. He has extensive global experience, including spending four years working in London, UK and Western Europe. John is a Chartered Accountant and holds relevant security certifications, including CISA and CISSP. He holds a BBA (Honours - Co-Op) from Wilfrid Laurier University in Waterloo, Ont

Introducing the Digital Economy (IT Security)
Speaker: Neil Bhattacharya, Ernst & Young LLP


Digital may be defined as Technology and Processes to transform companies from selling products and services to competing on delivering personalized customer experiences with measurable results. This will be an interactive discussion focusing on case studies showing how product and services companies are jointly going to market to deliver measurable outcomes for their customers.

This introduction to the emerging Outcome Economy, will also focus on how the lines between traditional industries are blurring at an unprecedented rate. Products and Services that can be connected through technology are being connected. Customers are moving into a shared model within a partner ecosystem.

Digital, the technology and processes of the Outcome Economy, is improving profitability and helping established lines of business stay relevant in the disruptive economy.

About Neil Bhattacharya

Neil leads the Digital practice at EY in Canada. For the past 18 years, Neil has helped organizations globally implement the building blocks of Digital offerings including Customer Centric Design, Mobility, Security and Analytics. Most recently, Neil has helped a number of organizations with idea incubation, development and launch of Digital products and services that are leading the Digital Economy. These organizations have introduced innovative, ecosystem assisted offerings to their customers in regulated industries.

Data Governance - What You Need to Know to Effectively Leverage Your Data Assets (IT Governance)
Speaker: Jordan Prokopy, PwC LLP


Effective data governance helps companies drive growth and strategic priorities while also managing data-related risks. In this presentation, Jordan will help clarify fact from fiction: What is data governance? Why should you do it? What are other companies doing about it? And what does good data governance actually look like? This way you can embark on a data governance initiative well-informed, set up for success and armed to avoid common pitfalls and failed attempts.

About Jordan Prokopy

Jordan is a Director of Cybersecurity and Privacy at PwC and leads the Canadian Privacy Practice. Jordan provides clients with practical privacy solutions to help them stay one step ahead of emerging privacy risks and effectively adapt to evolving business, IT, and regulatory environments.

For over 10 years, Jordan has developed, assessed, and executed privacy programs, including in support of large IT solutions - from ownership, strategy, and governance to decision-making, processes, and culture. She has conducted over 50 privacy audits and privacy impact assessments, helped organizations understand their privacy obligations, and developed and implemented privacy strategies, policies, and controls.

Jordan also served as the Program Manager for Target Canada where she built the Information Protection Program, including the enterprise (US and Canadian) program to comply with Canada's Anti-Spam Law (CASL).

3:35pm - 4:30pm
Keynote Address: From the Desk of City of Toronto's Chief Information Officer
Speaker: Rob Meikle


As cyber risks continue to rise, Canadian and global organizations are elevating their cybersecurity efforts to make them more strategic and overall, a business imperative. Good governance, privacy and audit practices are all essential. At the same time many organizations are fostering a culture of innovation, transparency and high performance teams. Balancing all these dynamics can be challenging and often viewed as opposing objectives. This session will share a strategic approach used by the City of Toronto that drives service excellence

About Rob Meikle

Rob Meikle is the Chief Information Officer (CIO) for the City of Toronto. In his role as CIO, Rob provides visionary leadership for the delivery of flexible and integrated information and communication technology solutions that enable and drive Service Excellence.

Rob is a strategic business leader who is innovative and results driven with a proven track record of 20+ years experience planning, developing, and implementing award winning global business and technology solutions in the private, public and not for profit sector.

He has received globally recognition for his visionary leadership and ability to maximize the potential of teams to achieve transformational results.

Rob became the first Canadian municipal CIO to be named on the prestigious global CIO 100 honoree list. In addition, he has received the Global Computerworld Premier 100 IT Leadership Award and the National Government (GTEC) Next Generation Leadership Award.

Prior to the City of Toronto Rob was the Chief Information Officer at the City of Brampton and has held various leadership roles in the private sector including Global Operations, Customer Service, Marketing, eBusiness and Information Technology.

Rob is a graduate of the University of Waterloo and holds an Honours BMath in Computer Science & Business Administration. He holds a Masters Certificate - IT Executive Leadership Development from Ryerson University. >

4:30pm - 6:00pm

Day 2

Tuesday, March 22, 2016

8:00am - 9:00am
9:00am - 10:00am
Keynote Address: Tech Law at Internet Speed: Keeping Pace with Privacy, Security, and IT Issues
Speaker: Michael Geist, Canada Research Chair in Internet and E-commerce Law, University of Ottawa, Faculty of Law


The intersection between law and technology is constantly shifting at Internet speed. From emerging privacy issues to mounting security concerns, how can law and policy stay relevant and how can organizations keep on top of their compliance and legal obligations? This fast-paced keynote will examine the changing Canadian landscape, focusing on new law and policy issues involving privacy, security, online marketing, open data, and broader IT governance concerns.

About Michael Geist

Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. He has obtained a Bachelor of Laws (LL.B.) degree from Osgoode Hall Law School in Toronto, Master of Laws (LL.M.) degrees from Cambridge University in the UK and Columbia Law School in New York, and a Doctorate in Law (J.S.D.) from Columbia Law School. Dr. Geist is a syndicated columnist on technology law issues with his regular column appearing in the Toronto Star and the Hill Times. Dr. Geist is the editor of many books including Law, Privacy and Surveillance in Canada in the Post-Snowden Era (2015, University of Ottawa Press), The Copyright Pentalogy: How the Supreme Court of Canada Shook the Foundations of Canadian Copyright Law (2013, University of Ottawa Press), From "Radical Extremism" to "Balanced Copyright": Canadian Copyright and the Digital Agenda (2010, Irwin Law) and In the Public Interest: The Future of Canadian Copyright Law (2005, Irwin Law).He is also the editor of several monthly technology law publications, and the author of a popular blog on Internet and intellectual property law issues.

Dr. Geist serves on many boards, including the CANARIE Board of Directors, the Canadian Legal Information Institute Board of Directors, the Canadian Internet Registration Authority Board of Directors, and the Electronic Frontier Foundation Advisory Board. He has received numerous awards for his work including the Kroeger Award for Policy Leadership and the Public Knowledge IP3 Award in 2010, the Les Fowlie Award for Intellectual Freedom from the Ontario Library Association in 2009, the Electronic Frontier Foundation's Pioneer Award in 2008, Canarie's IWAY Public Leadership Award for his contribution to the development of the Internet in Canada and he was named one of Canada's Top 40 Under 40 in 2003. In 2010, Managing Intellectual Property named him on the 50 most influential people on intellectual property in the world and Canadian Lawyer named him one of the 25 most influential lawyers in Canada in 2011, 2012 and 2013.

10:00am - 10:20am
10:20am - 11:20am
Breaking Down Blockchain (IT Audit)
Speakers: Alan Wunsche, Leading Knowledge; Iliana Oris Valiente and Matthew Spoke, Rubix by Deloitte


The purpose of this presentation is to share perspectives on the evolution of blockchain technology, from bitcoin and cryptocurrencies to next generation, smart distributed ledgers. Content will cover how the technology works and how various industries are experimenting with blockchain applications, while focusing on the assurance implications. The session will highlight how this technology will have a tangible impact on the financial reporting and auditing industry, including opportunities and risks.

Fundamentally, the ability to create distributed ledgers opens up the potential to re-engineer current processes and completely alter even the most commonly accepted solutions that have remained static for decades. Blockchain technology can transform the role that trusted third parties have traditionally played in ensuring trust and transparency over companies' financial reporting, changing the role of auditors. Blockchain technology could finally enable the realization of real time accounting and the long desired concept of "continuous audit."

About Alan Wunsche

Alan Wunsche is CEO of Leading Knowledge Ltd., a blockchain technology and solutions company. Alan is a technology executive and blockchain thought leader, author and blogger for Chief Data Officers and Chief Information Officers at He helps clients understand the rapidly evolving blockchain landscape and develops innovative applications on the Ethereum blockchain. Throughout his 25 year career, Alan has held leadership positions at PwC, Deloitte and Scotiabank and worked with over 20 Fortune 500 companies. By combining technology expertise with strategic planning, process reengineering and change management, Alan has been a trusted business partner to CIO's, CFO's CRO's, CMO's and CHRO's while leading business performance improvement programs.

At Scotiabank, Alan was Vice-President, Credit Information Systems in the Global Risk Management division, where he led the development of a new Business Intelligence Centre of Excellence and the Bank's first global Data Governance Office for wholesale (non-retail) exposures. As Chair, Non-retail Data Governance Office, he represented Scotiabank as BCBS-239 credit risk lead with OSFI and the Canadian Bankers Association. Alan's "THE CFO AS STRATEGIST AND CATALYST IN BUILDING A HIGH-PERFORMANCE CULTURE" was published in Ivey Business Journal and he won Deloitte's Best Author award for "THE WORLD IS YOUR THINK TANK".

About Iliana Oris Valiente

Iliana Oris Valiente (CPA, CA, CBP) is a co-founder of Rubix by Deloitte, a blockchain technology development team, spearheading business development and general strategy. Within Rubix, Iliana has led projects to conceptualize and prototype proof-of-concepts related to the impact of blockchain technology on the audit and assurance industry, as well as for clients in the Financial Services, Healthcare, Consumer Products, and Technology, Media, and Telecommunications industries.

Iliana deeply believes in the power of cooperation and in the blockchain space in particular, she is an active proponent of the need for unprecedented collaboration to modernize a number of industries, especially audit and accounting. Prior to Rubix, Iliana worked in corporate finance and M&A, specializing in valuations for technology and resource companies. Iliana has experience advising organizations (Fortune 500 companies, small seed-stage tech startups, and NPOs) on business strategy, financial diligence and models, operations, and marketing.

Iliana is a Chartered Professional Accountant, Certified Bitcoin Professional, and is working towards her Chartered Business Valuator designation. Iliana holds a bachelor of commerce, specializing in finance and accounting from the University of Ottawa. In addition to English, Iliana also speaks French, Russian, and Spanish. Beyond her passion for emerging financial technologies, with whatever spare time she can find, Iliana hosts a scotch-enthusiasts club, golfs, and travels� a lot!

About Matthew Spoke

Matthew is the Leader of Rubix by Deloitte. Headquartered in Toronto, with a growing team around the world, Rubix is proving the value of its technology by enabling powerful blockchain enterprise applications. Matthew is a CPA, CA by training, and spent his early career practicing International Tax before he founded this blockchain initiative at Deloitte. Together with a world class team, they are delivering real solutions to large clients around the globe. Matthew has also been a leading contributor to work being done to understand the impact blockchain and distributed ledger technologies could have on the accounting function and the future role of the auditor.
Understanding and Managing Cybersecurity Risk (IT Security)
Speakers: Alexander Rau and Marcus Troiano, Mandiant, a FireEye Company


Many cybersecurity events of the past year and a half have brought to light the damaging effects that cyber attacks can have on a wide range of the global economy - from governments, retailers and banks to health care providers, technology firms and media outfits. While the nature and objective of attacks may vary, the impact these can have is profound.

This session will examine the cybersecurity risk landscape, focusing on the attackers, their targets and the effects of attacks on business operations.

Mandiant will walk through the cyber risk mitigation tools and techniques which have become critical components of an organization's approach to managing cyber risk, and examine the lessons learned with regard to preparing for, and recovering from, a security breach.

About Alexander Rau

Alexander is a Senior Manager with Mandiant's Security Consulting Services. With over 16 years' experience in IT specializing in security, Alexander holds CISSP and CISM certifications and has consulted with many large public and private sector organizations on how to address their security challenges. Prior to joining Mandiant, he held positions as the National IT Security Strategist for Symantec Canada as well as a Sr. IT Security consulting role with IBM. He also was the Manager of IT for a small manufacturing company.

Since 2008, Alexander has also been a part-time faculty member at Georgian College in Barrie, ON, teaching computer and network systems security. Combining his experience as Manager of IT and roles in consulting and as an IT security strategist, Alexander is able to bring a unique perspective on how to address the ever changing security landscape and how it impacts organizations.

About Marcus Troiano

Marcus Troiano is a Cybersecurity Strategy Consultant based in Toronto, Canada, with a focus on providing solutions to the complex security challenges his clients face. He has managed and delivered large Security Program Assessment and Development engagements, and Response Readiness Assessment engagements for clients in Canada and the United States.

Prior to joining Mandiant, Marcus spent over 4 years in KPMG Canada's Risk Consulting Advisory practice, and was directly involved in client engagements in the areas of enterprise risk management, business transformation, operations improvement, IT security, and strategy, primarily in the Financial Services, Government, Healthcare, and Energy sectors.

Developments in Corporate, Risk and IT Governance: The IT Risks Boards Need to Hear About (IT Governance)
Richard LeBlanc, York University


In this session, Richard LeBlanc, Professor at York University will discuss:

- Regulatory changes to governance and the treatment, mandate and reporting of risk.

- Overall changes to risk governance, including the risk appetite framework, internal controls, limitations and assurance.

- Where internal audit may be weak, in IT assurance and compliance failure, and the role of Audit Committees and Boards.

- Role of senior and operating management, in the reporting and assurance by Internal Audit over IT risks.

- Cyber security, BYOD and social media, and the role of Internal Audit in testing controls.

- In camera sessions between Internal Audit and the Audit Committee.

- Independent, coordinated, mapped assurance, and a risk based Internal Audit mandate. - Best whistle-blowing practices. - Interactive Questions and Answers.

About Richard LeBlanc

Professor Richard Leblanc is one of Canada's leading experts on corporate governance and accountability. He is an award-winning teacher and researcher, lawyer, public speaker, consultant, and specialist on boards of directors. He has taught at leading universities including Harvard University. He is a former recipient of Canada's Top 40 Under 40�award; received a teaching award as one of the top five university teachers in Ontario; and was named to Canadian Who's Who.

Dr. Leblanc brings to business and professional audiences a depth of information from his extensive research and work with over 150 organizations; and training, assessment and development of over 1,000 directors and managers. He is engaging, dynamic and personable. Because of his work with leading companies and current research, Richard is always on the cutting edge of emerging global developments.

Author of dozens of scholarly and practitioner articles, programs and reports, Richard's work has been described by various faculty at Harvard, Yale, London Business School and elsewhere as "great & much needed," "wonderful and pragmatic," "thorough" and "nothing short of remarkable," as well as by Fortune 500, NYSE, FTSE and other company leaders as "leading edge," "ground-breaking," "valuable guidance," "indispensable," "compelling" and "exceptional."

Dr. Leblanc possesses an extensive and diversified professional network. He is the founder of the LinkedIn Group "Boards and Advisors," with over 20,000 members globally, which is the largest and most active online corporate governance group. Richard adopts a framework for governance effectiveness developed over several years. His work, directly or indirectly, has impacted companies throughout the world, including those that have used Richard's methodology to strengthen their governance effectiveness and accountability practices.

Dr. Leblanc's insight has guided leaders of organizations through his teaching, writing and direct consultation to government regulators and national and multi-national corporations. He has provided extensive service as an external advisor to boards of directors that have won national awards and peer endorsement for their governance practices.

Dr. Leblanc possesses a Bachelor of Science degree, an MBA, Canadian and American law degrees, a Masters in Law, and a PhD focusing on corporate governance.

11:25am - 12:25pm
Big Data and Predictive Analytics in the Insurance Sector(IT Audit)
Speaker: Jack Martin, KPMG LLP


While insurers have always been in the business of data, today's sessions centreson how auditors are leveraging data and analytics (D&A) capabilities to manage the risks and opportunities they face. This session will include predictive analytics examples from claims management and the presentation of KPIs about how key metrics can be enhanced through the usage of an effective D&A program. This session will provide insights, including leading big data trends within the Insurance industry. Participants will gain insights into:

-Where to use D&A o What a D&A process looks like from end-to-end

-The importance of analysis and interpretation of key scope considerations

-Examples from real engagements

About Jack Martin

Jack Martin joined the KPMG Forensic practice in January 2008. As a Director and Vice-President of KPMG Forensic, he is involved in a wide range of consulting services including fraud investigations, forensic data analytics and, continuous auditing engagements. Jack is considered a leader in forensic data analytics, and has designed complex audit procedures and computer assisted audit techniques that were used as expert testimony for litigation support, as well as for fraud investigation and dispute services engagements. Prior to joining KPMG, Jack spent eight years at a global accounting firm's Audit Practice and Technology and Security Risk Services department, assessing risks relating to external and internal financial statement audits. Jack is a part-time lecturer at the John Molson School of Business, where he teaches Auditing and IT Auditing courses in the undergraduate and graduate accounting programs.

Secure the Human (IT Security)
Speaker: Samer Adi, Capgemini Canada


This session will cover the following:

- The number one enterprise security problem

- Why Capgemini is different?

- Why Employees are important?

- Uneducated Employees

- 7 Deadly Sins

About Samer Adi

Samer currently the Cyber Security Officer for Capgemini - Canada. Cyber Security team is responsible for providing a complete cyber security services externally to clients and internally within Capgemini Global structure. Before joining Capgemini, Samer was the CISO for Moneris Solutions, the largest payment processing company in Canada. With Moneris Samer was able to maintain PCI-DSS complaint status for the company for 2012 - 2014 and PA-DSS status for all their payment applications. In addition Samer served with TNS Smart Network with the same capacity and before with NCR. Samer have more than 25 years experience in Information Security and Information Technology Infrastructure support.

Samer holding a Master of Science in Computer Science and Information Technology. C|CISO, CISSP, PCIISA, PCIP, CISM certified. Also published two books in Computer Maintenance. Both books are part of the Grade 11 & 12 curriculum.

Defining, Measuring and Using IT Risk Appetite and Key Risk Indicators for Future State IT Risk Management (IT Governance)
Speakers: Baskaran Rajamani, Deloitte and Christine Dewhurst, Bank of Montreal


Recent trends and emerging risks have necessitated IT risk management to be increasingly sophisticated. CIOs and IT Risk Managers are being challenged between two extremes - on one hand to exploit opportunities presented by trends such as Cloud computing, Agile development and Managed security services in a risk intelligent manner, while on the other hand having to manage downside emerging risks caused for example by Cyber threats.

Since IT risks are essentially business risks, the business is increasingly becoming aware and getting involved in shaping IT risk management programs. Just as the board sets the risk appetite for a firm as a guiding parameter for risk taking, the IT risk appetite statement of an organization is an excellent way to bring business alignment on how much risk IT is taking and the appropriate calibration of IT's risk management programs. Key (IT) Risk Indicators (KRIs) are early warning signs on imminent IT risks and can enable proactive management of risks if the KRIs are carefully selected, measured and responded to. Key IT performance indicators (KPIs) could complement KRIs in measuring and optimizing overall risk adjusted IT performance. Definition of IT risk appetite, establishment of KRIs/KPIs, timely risk reporting and effective risk response are becoming essential ingredients of future state IT risk management.

This session will discuss these topics with practical examples and real life experiences shared by the speaker(s).

About Baskaran Rajamani

Baskaran Rajamani is a Partner with Deloitte in Toronto. As a recognized leader in Deloitte's Enterprise Risk Services, Baskaran specializes in helping Financial Services clients in the areas of: IT compliance, outsourcing, IT governance, IT risk management and IT Audit. Baskaran has facilitated several of Deloitte's round-tables related to IT risk and is also a Faculty at Deloitte University in Dallas, TX. Baskaran has over 32 years of experience of which the last 20 years have been in professional services, preceded by his career in manufacturing automation. Baskaran is a popular speaker and author and presented at local and international conferences. He holds a Master's degree in Engineering and an MBA. His designations include CISA and CISSP and he is the recent past President of the ISACA Toronto Chapter.

About Christine Dewhurst

Christine Dewhurst is a Director and Head of Bank of Montreal's Technology Business Controls Group. In her role, Christine oversees IT risk management performance and control effectiveness monitoring at the first line of defense. Christine is also a business unit compliance officer for Technology. In this role she coordinates interactions and facilitates liaison during regulatory examinations as well as audits by internal / external auditors. Christine has been associated with the Bank's IT Risk reporting initiative which includes KPI and KRI reporting and has steered this program to success and is passionate on this topic. Christine started her career as an IT Audit professional in Arthur Andersen and later at BMO's Corporate Audit Division. Christine is a CPA, CMA and a Certified Information Systems Auditor.

12:25pm - 1:30pm
1:35pm - 2:35pm
Global State of Security: Trneds and Issues 2016
Speakers: David Craig and Adriana Gliga-Belavic, PwC LLP


By now, the numbers have become numbing. Cybersecurity incidents are daily news, with reports of escalating impacts and costs. Beyond the headlines, however, there are new reasons for optimism. Join us as we explore the turnaround and transformation in cybersecurity in 2016.

We will take a closer look at how innovative businesses are responding to rising cyber-risks and how businesses are expanding the roles of key executives and Boards of Directors to allow for enhanced communication of cyberthreat information and help build better-prepared, more resilient cybersecurity capabilities. We will also explore how Canadian organizations are doing compared to global peers and provide industry specific insight to help you better prepare in addressing cyber risk in your enterprise. "

About David Craig

David is a Partner in PwC's Risk Assurance practice and leads the Cybersecurity & Privacy practice for PwC Canada. David joined the firm in 2004 and has 30 years of international experience having lived and led projects in Canada, Europe, the United States and South America. David is a key contributor to PwC's thought leadership in the areas of cybersecurity, privacy, technology and operations. His clients include some of the world's leading companies in their industry. As a consultant, his experience ranges from operational and financial due diligences, and internal audit support, through to running and improving operations for clients. Prior to joining consulting, David ran large departments, such as Network Operations, Customer Service, and Billing & Collection within a national communications carrier.

About Adriana Gliga-Belavic

Ms. Adriana Gliga-Belavic is a Director in the PwC Risk Assurance Practice in Toronto and leads the Cyber Security & Privacy practice in the GTA and the PCI Practice in Canada. She has over fifteen years of consulting experience in the areas of Information security strategy, architecture design, Security & Privacy governance, security organizational and process design, Payment Card Industry (PCI), large project and program management. In the last couple of years her focus has been on leading large data protection engagements that address security and privacy regulations through assessment, remediation and operationalization of compliance.

Adriana works with both public and private clients to help them assess their information security threats and risks and design and implement security solutions to strengthen their security posture while enabling business results. Adriana brings deep PCI and Security expertise as demonstrated by successful delivery of numerous PCI assessments, remediation and PCI program development engagements for Merchants, Service Providers and Payment Processors/Acquirers.

She is a frequent speaker at conferences and is actively involved with the Information Security Forum in the development of security though leadership such as "Privacy and security implications in the cloud, Mobile payments security implications, Cyber Crime in the rapidly growing environment of mobile technology in Pharma.

2:30pm - 3:00pm
3:00pm - 4:00pm
Star Wars, Regulatory Expectations and the Emergence of the Next Generation IT Audit Function: Maintaining an Effective Third Line of Defence (IT Audit)
Speaker: Doug Johnson, Equity Financial Trust


Today's IT audits are complex and the skill set required to satisfy professional requirements for competence is daunting and constantly changing. Consider: COBIT 5, Third Party and Vendor IT risks, Cyber Threats, Application Integrity, Access & Data Security, Apple Pay, Fraud, Corporate Espionage, IT Governance, ISO frameworks, Cloud, Privacy, Data & System Piracy, Mobile Aps, Business and Data Resiliency and Crisis Management.

Today's regulated financial institution is expected to maintain three fully capable lines of defense. Designing the next generation IT audit function requires a unique focus to delivery on regulatory expectations. Today's IT Auditor is required to ensure the effectiveness of both the first line and the second line in identifying and managing risk.

This session will explore today's expectations for identifying, governing and auditing IT risks and their impact on today's IT audit and IT security professionals in heavily regulated financial institutions.

About Doug Johnson

Doug Johnson is the Chief Audit Executive at Equity Financial Trust Company, an OSFI regulated, CDIC insured Financial Institution in residential mortgage business. He has more than 20 years of experience in the financial services sector, including several of the large Canadian Banks and one of the larger property & casualty Insurance companies within Canada. Doug has been in senior leadership roles within internal audit, enterprise risk management and governance. Prior to entering the financial services industry, he was with Ernst & Young in Toronto.

Doug is a CPA CA, CIA, and CISA and holds a Masters degree in Accounting from the University of Waterloo.

A Pragmatic Approach to Addressing Cyber Risk (IT Security)
Speaker: Brian Anidjar, Ernst & Young LLP


An introduction to cyber security risks geared towards IT and audit professionals which will enable attendees to establish or enhance an effective cyber security program. This session will cover key topics including: understanding risks which relate to your organization, taking a structured approach to evaluating cyber security practices, addressing cyber risks, and measuring performance.

About Brian Anidjar

Brian Anidjar is a Senior Manager in the Cyber Risk Services practice of Ernst & Young. He has extensive experience in developing security solutions and leading engagement teams. Brian's security experience includes IT security operations, threat analysis, threat intelligence, incident response, physical security, business continuity, security governance, security compliance and risk assessments.

Brian has over 10 years of experience delivering security services to clients ranging SMB to large national/international organizations. His experience spans multiple sectors including Financial Services, Energy, Telecommunications, Healthcare, Government and Retail.

Trends in Vendor Risk Management/Governance (IT Governance)
Speaker: Gustavo Leite, PwC LLP


Increasingly companies are leveraging third-parties to perform activities on behalf of their organizations. In many cases, these third-parties rely on other third-parties to support their operations. Businesses have to successfully navigate a complex ecosystem of relationships that extends far beyond any one industry or geography.

While these relationships can offer significant benefits (i.e. cost reduction) the trust companies place in third-parties could be exposing them to increased fiscal, regulatory and reputational risk. Natural disasters, cyber attacks, data breaches, corruption, and supply chain disruptions can also happen to your third-party vendors. Simply put, you need to better understand those who conduct business on your behalf.

You can outsource functions and operations, but you can't outsource risk and compliance responsibilities. Learn more in this topical session.

About Gustavo Leite

Gus is a Director in the PwC Risk Assurance Services. He has 15 years of experience at PwC, including 11 years in Risk Assurance and four years in the Data Management Group. Gus has developed a well-rounded skill set within IT and business processes internal controls and accounting/ auditing standards.

Gus has both international and domestic experience (Brazil, United States and Canada), including evaluating and implementing internal control frameworks. Gus has performed an integral role in projects focused on Service Organization Control reports (SOC reports), NI 52-109, U.S. SOX, and system Implementation reviews. He currently works with medium and large financial institutions as well as the top technology companies in Canada in both capacities: as an auditor and as a consultant helping them audit and build trust through the complex outsourcing relationships and requirements we currently have in the market place.

Day 3

Wednesday, March 23, 2016 Optional One Day workshop

7:30am - 8:30am
8:30am - 4:00pm
Optional Workshop: COBIT 5 Training: Bridging the governance gap between what the business wants and what IT delivers
Workshop Leaders: Preeti Shivpuri, Tabish Gill and Cherylanne D'souza, Deloitte


COBIT 5 is a business framework that assists organizations in governance and management of enterprise IT. Join us for an educational session on the functional components of COBIT 5 and practical guidance. Leave with practical knowledge, interactive examples and actionable insights into how COBIT can be leveraged to create more value for your organization. At the end of the session, participants will understand:

- The need for an effective framework to govern and manage enterprise IT

- The practical use of COBIT 5 by all the 3 lines of defense, that are: Business functions, Compliance functions and Audit functions

- The IT management issues that an organization faces and the know-how to use COBIT to respond to those challenges

About Preeti Shivpuri

The workshop leader, Preeti Shivpuri, is a Senior Manager in Enterprise Risk services at Deloitte and provides management consulting services in the area of IT and Data Governance & IT Risk Management services to large financial institutions, healthcare, Hi-tech, manufacturing, telecom and various other public and private clients. She has extensive experience with organizations' risk management and compliance functions, interactions with the three lines of defense and industry standards/ frameworks (COBIT 5, ISO 38500, 4A MIT Sloan IT risk management framework, ISO 27001 & 27002, PCI DSS, OSFI/FFIEC, SOX and BCBS 239). She is a Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP) and Certified in the Governance of Enterprise IT (CEGIT).

Sponsors and Exhibitors



Fundamentals of IT Audit – A Three-Day Workshop

Who Should Attend

This workshop is ideal for new IT assurance-and-control professionals including:

  • internal auditors
  • external auditors
  • IT professionals providing assurance or advice on controls
  • other professionals seeking an understanding of the fundamentals of an IT Audit

Topics Include

Key topics include:

  • understanding IT audit risks and defining audit scope
  • internal control concepts and the role of computer control standards
  • general controls protecting the IT environment
  • business process controls covering specific financial systems
  • communicating audit findings


Hyatt Regency Toronto
370 King Street West
Toronto, ON M5V 1J9
t. 1-877-806-0006

Experience Hyatt Regency Toronto’s convenient location in the center of the city’s vibrant downtown. Enjoy being within walking distance of the business and financial districts, the Metro Toronto Convention Centre, and over 150 restaurants and bars. Explore attractions like the Royal Ontario Museum, the Opera House, Theatre District, and CN Tower. Take a shopping trip to Eaton Centre, trendy Queen Street, or exclusive Yorkville.


We have arranged a conference guestroom rate of $199 per night at the Hyatt Regency Hotel.
Reservations can be made:
By phone at 1-877-806-0006
Address 370 King Street West Toronto, Ontario M5V 1J9

Please reference “Conference on IT Audit, Governance and Security” to receive the conference rate.
Please note: Attendees are responsible for making their own reservations. Guaranteed conference rate is available until February 28, 2016 (or when room block is sold out). Book early to avoid disappointment.

Contact Us

For general inquiries, contact:
Joanna Boutasis, Event Coordinator
Phone: 416-204-3269

For registration inquiries, contact:
Phone: 1-888-337-3242

CPA Canada offers many Sponsorship Opportunities to promote your products and services.

View Terms and conditions | Privacy policy | Shipping and store policies | AODA

Help Desk: Mon-Fri, 9am-5pm ET | 1-866-256-6842 | Contact us

© 2001-2017, CPA Canada | EYEP. All rights reserved.