Global Oil Companies (GOC) IA Forum - 6th Edition (Wintershall DEA)

Global Oil Companies (GOC) IA Forum, formed by ADNOC aims to provide structured platform for dialogue and debate on innovative internal audit practices. ADNOC’s objective is to establish a focused and easy channel of communication between the Internal Audit functions and to enable an open discussion while respecting each other's confidentiality and Intellectual Property Rights (IPR) interests. 

In continuation of the GOC IA Forum series, we extend our gratitude to Wintershall Dea for hosting the 6th Edition and welcome all members for another engaging discussion on a theme that has only gained in relevance in recent times.
 
This theme for the 6th Edition is Cyber Security as well as the increasing convergence between IT and Operation Technology that impacts the overall risk, and more so in the current landscape of COVID-19. The session includes an Escape Room, and starts from the basic to more complex elements. The outcome of this session is a common understanding of terminology and also for members to share their experience of mobilizing cyber security internal audit as part of their IA portfolio.

Agenda for the GOC IA Forum – 6th Edition:

Welcome and Introductions 
Larissa Janz, Chairperson for the 6th Edition
Ahmed Abujarad, Founding Chairperson
Rajula Subramanian, Secretary, GOC

Overview of Wintershall Internal Audit Governance and Operations
Larissa Janz, Wintershall Dea

Online Cyber Security Escape Room
Csaba Gyimesi, PwC

The Escape Room puts you in the attacker's shoes: You are a spy, who got into your target's office. You have 10 minutes to exploit his bad security habits and obtain as many pieces of confidential data as possible. Can you get out with the information in time? The session will commence with a 5-8 minutes of briefing and story setting beforehand, plus a similar debriefing, lessons learned after they have played, with a total of 30 minutes slot. End result statistics (points, issues found by the players, time of escape) will be shared in the debrief as in a competition setting sorts.

Cyber-Security and Operational Technology
Andrew D Miller, PwC

Each of the below discussion areas will be covered through a 10 to 15 minutes of talk in a collaborative manner followed by 5 minutes of Q&A. The topics will progress from basics to more complex elements as the session progresses.

- What does cyber security internal audit look like?         
- How important is understanding the Threat in managing cyber risk? 
- Hot topic focus - Covid19 and Ransomware 
- Internal Audit around Operational Technology 
- Trends to the future of cyber security internal audit

IT and Operational Technology (OT) Convergence Paradigm
Muzamil Riffat & Asha Sankaranarayanan, ADNOC 

Whilst cyber risks in the IT domain are generally well known, the convergence between IT and OT has increased the risk landscape as industrial systems that were once air-gapped are now connected to the Internet with potential not to just disrupt the production line but can also pose immense danger to safety of personnel and environment. The session will set a common understanding of the associated risks and share leading practices in this domain. Furthermore, the survey results from GOC members will also be presented highlighting the current practices in managing cybersecurity practices in OT area. 

IT/OT Cybersecurity Strategy and Internal Audit Plan
Cristina Fabre Chicano, Pilar Durban, Susana Zumel Vara, CEPSA

CEPSA’s corporate information systems director will talk about their IT/OT Cybersecurity Strategy and their corporate internal audit will explain the Internal Audit Plan linked to this strategy.

Closing Remarks - Larissa Janz, Wintershall Dea

Key Speakers – in order of Agenda

Larissa Janz: SVP Corporate Audit at Wintershall Dea

Larissa Janz is responsible for internal audits across all Wintershall Dea Group’s assets and activities with a background in finance, economics, and business administration. Larissa started her career with PwC Germany in external audit of a diverse industry portfolio. Larissa has more than 14 years of experience in the oil and gas industry, gained in different roles and responsibilities – in finance and economics, risk, treasury, internal audit, post-merger planning and integration – and assignments in both corporate and joint ventures structures of the Wintershall Dea Group – Germany, Qatar, Russia. 

Ahmed K. Matar Abujarad: Senior Vice President at ADNOC Group Audit & Assurance Function

Mr. Ahmed K. Matar Abujarad heads the ADNOC Group’s Audit & Assurance function, driving the transformation of internal audit through group-wide initiatives, which support ADNOC’s uncompromising focus on good governance, and the use of international best practice. As founding Chairperson of GOC IA Forum, Ahmed’s vision was to bring the internal audit functions of the global oil and gas companies on a structured platform to promote a healthy dialogue and debate and learn from each other.

Csaba Gyimesi, Director at PwC

Csaba is a Director in Cybersecurity and Privacy in PwC CEE, based in Hungary. He is a cybersecurity and IT consultant professional with 15+ years of experience in cybersecurity, system integration, IT and security consulting and auditing. He is driving the Cybersecurity & Privacy practice in Hungary and regional efforts as part of the CEE and EMEA teams, focusing on Industrial Cybersecurity, Risk and Management Awareness. 

Andrew D Miller: Partner at PwC

Andrew Miller leads the Energy, Utilities and Resources market and is also responsible for cyber security internal audit across all markets. Andrew brings over 20 years of experience in the cyber security industry covering the full spectrum of specialisms and responsibilities including the CISO of a UK critical national infrastructure organization. Andrew has set up and leads the PwC global oil and gas cyber network attended quarterly by 35+ Partners and Directors throughout the PwC network. 

Muzamil Riffat: Manager, IT Audit at ADNOC Audit & Assurance Function

Muzamil is responsible for managing IT Audit Department in ADNOC HQ and oversees improvements in IT Audit activities across ADNOC Group. He has diverse experience in software development, IT audit and security. He has worked for consultancy, private, semi-government and government organizations in different parts of the world. He also holds several general and vendor-specific professional certifications.

Asha Sankaranarayanan: Senior IT Auditor at ADNOC Audit and Assurance Function

Asha is responsible for leading and executing IT audits at ADNOC HQ and its group companies. She has experience in delivering audits in IT, OT and managing Cyber Security. Prior to joining ADNOC, she has worked in international consulting for private, government and semi-government organization in different parts of the world. 

Cristina Fabre Chicano: Head of Internal Audit, Compliance & Risk at Cepsa

As Head of Internal Audit, Compliance & Risk, Cristina is focused on providing to senior management and the audit, risk and compliance committee a single, comprehensive and holistic view of risk management and controls. Cristina is an advocate of digitalization as a lever to capture efficiencies and value leakages. She sees teamwork as a great value for Cepsa.

Pilar Durban Diez de la Cortina: Head of Internal Audit at Cepsa

As Head of Internal Audit, Pilar always has an eye on the future, and is focused on incorporating best practices to ensure that the internal audit team brings value to the organization.

Susana Zumel Vara: Director Information Systems at Cepsa

Susana Zumel is an Industrial Engineer and has developed her professional career in Information Technologies, working for different consulting firms (IBM, EY, and Deloitte) with a clear focus on the Energy sector. In 2004 she joined the IT team at Cepsa, where she has played different global roles (Application development and maintenance, IT governance and architecture, IT Strategy). In 2018 she was appointed as the CIO at Cepsa.