January 2018 Meeting – Joint meeting with ISACA

Date: January 12, 2018

Location: UTD- Naveen Jindal School of Management

Address: 800 West Campbell Road, Richardson Texas 75080

Time: 8:00am – 12:00pm

John Gatto was with Health Care Service Corporation (HCSC) in Chicago, IL from December, 2005 until his retirement in January, 2015. He was the Divisional Vice President, Audit Services and was responsible for all aspects of IT Audit for the five Blue Cross Blue Shield Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC.

Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit.

John has over 45 years of audit experience, most of it in the IT Audit arena. He is a CISA and CRISC and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations. In 2010 he was named “Educator of the Year” by the Chicago Chapter of the IIA.

Since retiring, John has spoken at the 2015 Texas State Auditor’s Office Audit Conference, the 2014 ISACA CACS Conference and at the ISACA Chapters in South Carolina, North Carolina, Harrisburg PA, New Jersey, Minnesota, New Mexico and Central Florida. As well as IIA Chapters in Baton Rouge, Cincinnati, DC and St. Louis.

Crisis and Change Management – Internal Audit Involvement

EXECUTIVE SUMMARY: This session will review the implications and impacts of crisis management and organizational change management and what the internal auditor may need to do.


  • Definition: Reputation Integrity & Crisis
  • Crisis Management Planning
  • Crisis Management Execution
  • Audit’s Role
  • Definition: Organizational Change Management
  • Impacts on the organization
  • What may be needed from Internal Audit

Auditing Disaster Recovery / Business Resumption Planning

EXECUTIVE SUMMARY: This presentation will discuss the various components of a disaster recovery plan, the ten critical things the auditor should be considering when reviewing the plan, the different types of DR exercise approaches the auditor may encounter, and the detailed steps to follow when doing this type of audit.


  • The seven key categories within the DR plan that need to be in place and reviewed
  • The makeup of a DR Plan / Exercise
  • Audit focus points during the review
  • Risk identification and mitigation
  • Learn the benefits of doing a DR review
  • Know how Business Continuity and DR are interweaved


No prerequisites required

4 Hours Continuing Professional Education

Leave a Reply


Subscribe to Our Newsletter

Register below to receive updates, news, and breaking Chapter developments via periodic e-mail notes.

Event Calendar

IIA Meetings, Conferences, and Seminars

December 2017

    Upcoming Events:

    • No events.

Audit Links

Dallas IIA