MANAGING RISK. IMPROVING PERFORMANCE. Prerequisites: Understanding of basic Internal Auditing methods and philosophies. Effective construction management is typically a critical success factor for many companies, especially those companies who depend on organic growth and facility expansion to meet their strategic objectives. In the oil and gas industry, for example, companies can spend billions of dollars per year in this area. Projects are often extremely complicated and very expensive, increasing the risk for inefficient project execution, fraud or abuse, or significant billing errors. The purpose of this presentation will be to provide guidance on some of the fundamentals of auditing construction- related projects for your company or clients, as well as specific examples of common or emerging patterns of abuse and control gaps. Specifically, we will cover: A more collaborative alternative approach to construction auditing Types of construction contracts Identifying which construction projects to audit using data analytics and risk ranking. Examples of audit findings and controls pitfalls related to: Auditing Construction Projects  Vendor management  Bidding and awarding of work  AFE management  Vendor contracts and rates negotiation  Vendor billings  Purchasing and inventory management.  Per diems  Markups – the new revenue stream  Retainage  Equipment rentals  Payment discounts  Project closure and completion

MANAGING RISK. IMPROVING PERFORMANCE. Jeff is a Principal with Stinnett & Associates. He has over 30 years of experience in both Audit and Information Technology and has worked for several large organizations including Williams Companies and Magellan Midstream Partners. During his career, he has held such positions as Associate General Auditor, Director of Audit Services, and Information Technology Manager. Jeff’s additional experience and accomplishments include quality assurance reviews; enterprise Business Continuity Planning, Internal Audit management services, business process re-engineering; construction management consulting; oil and gas field operations and security reviews; SCADA network security; development of a structured systems acquisition and integration schema and conversion of legacy systems. Jeff has also been a frequent speaker at such events as MISTI SuperStrategies Conference, IIA International Conference, and the National Telecommunication and Information Administration’s (NTIA) national security summit. Prior to joining Stinnett, Jeff managed many aspects of the Internal Audit function at a major multi-billion dollar company. This included coordinating all IT audit activities throughout the enterprise, Sarbanes-Oxley compliance management, business operations audits, enterprise risk planning, audit universe management, and all senior management customer interactions. As Associate General Auditor, Jeff worked directly with the company’s Board of Directors and Audit Committees to discuss issues and trends in controls. Jeff holds a Bachelor of Science degree in Computer Science from Oklahoma State University. He is a Certified Internal Auditor, a Certified Information Systems Auditor, and a member of the Institute of Internal Auditors (IIA) and the Information Systems Audit and Control Association (ISACA). Jeff Dehart, CIA, CISA