Leadership · Insight · Knowledge

Welcome to the Institute of Internal Auditors New Zealand, the professional body for internal auditing

About UsJoin Us

What is internal audit?

Internal audit is a dynamic profession that provides independent assurance that an organisation's risk management, governance and internal control processes are operating effectively Essentially, Internal Auditors help organisations to succeed.

Read More

Membership benefits

Join our professional community and access a range of local and international benefits to expand your thinking, knowledge and networks.

Learn MoreJoin Now

Events & training

Connect with other internal audit, risk and assurance professionals and grow your knowledge and skills with a range of online and local events.

Find out more

Subscribe to newsletters

Subscribe to monthly IIA NZ Newsletters here


home | events

Event Details


Institute of Internal Auditors Education Day Wellington 2023

31 May 2023
9:00 am - 3:00 pm
Intercontinental Hotel,
2 Grey Street, Wellington
Or Online

Education Day 2023 (Wellington)

Navigating the Internal Auditors New Frontier: CyberRisk and Assurance in the Digital Age

A Hybrid face-to-face and online event

Seize the opportunity, let us come together, and let us connect


Navigating the Internal Auditors New Frontier: CyberRisk and Assurance in the Digital Age

Our theme conveys the increasing reliance on digital technology and the rise of cyber threats, organisations must adapt and evolve their risk management and assurance practices to stay ahead of the curve. The phrase “new frontier” suggests that this is a constantly evolving and dynamic area and as Internal Auditors will need to be flexible and adaptable in our approach. The Education Day will highlight the importance of balancing risk and opportunity in the digital landscape, and the need for internal auditors to play a key role in ensuring their organisations are equipped to manage both.

Our Hosts

Tee Chow Lee

IIA NZ Board member

Tee Chow head’s the Internal Audit team at New Zealand’s largest developer and property manager, Kāinga Ora. He brings with him 15 years of experience in New Zealand and Singapore across diverse roles in internal audit, finance, consulting, corporate, and private and public sectors. This deep experience, at all levels of management and governance, has driven Tee Chow’s passion for Internal Audit advocacy, development and maturity. Tee Chow is looking forward to contributing to the Board and the future of the profession.

Grace Nunn

IIA NZ Board member

Grace is an Assistant Manager at KPMG based in Wellington and has been an IIA NZ member since 2016. During this time, Grace has been involved in numerous events and brings enthusiasm and passion for internal audit. Her recent entrance to the profession means that she can bring new ideas and align the interests of those new to this profession to those with more experience. Grace has experience providing internal audit and advisory services to both public and private organisations and is a strong advocate for the value of internal audit.

Our Speakers

Adam Boileau

CyberCX (Cyber Security Experts)

Adam Boileau is an executive director at CyberCX, with 25 years experience in the infoSec industry. Outside of that, Adam is known as the cohost of weekly infosec news podcast Risky Business, and the frontman of Kiwicon, the NZ hacker conference. 

Topic: “From the Early Days of Computing to the Digital Age: The Evolution of Cyber Risk and Assurance, How We Got Here, and What the Future holds?”

Cyber risk refers to the potential loss or damage that can arise from a failure in the security of an organisation’s digital systems and networks. This can include data breaches, cyber attacks, and other incidents that can compromise the confidentiality, integrity, and availability of critical information.

Assurance, on the other hand, refers to the processes and controls that organisations put in place to mitigate cyber risk and ensure the security of their digital assets. This can include security audits, risk assessments, and other measures that are designed to identify vulnerabilities and ensure that appropriate controls are in place to mitigate them.

The evolution of technology and the increasing reliance on digital systems and networks have led to a corresponding increase in cyber risk. This has been driven by a range of factors, including the growing sophistication of cyber criminals, the proliferation of new attack vectors, and the increasing interconnectedness of digital systems. 

To address these challenges, organisations have turned to a range of cyber assurance practices and technologies, including threat intelligence, vulnerability assessments, and advanced security controls. These measures are designed to help organisations stay ahead of evolving cyber threats and ensure the security and resilience of their digital assets.

Internal auditors attending the speaker session on “From the Early Days of Computing to the Digital Age: The Evolution of Cyber Risk and Assurance, How We Got Here, and What the Future holds?” will gain insights into the historical development of cyber risk and assurance practices, as well as a forward-looking perspective on emerging cyber threats and technologies.

They will learn about the increasing complexity and sophistication of cyber risks, as well as the various assurance practices and technologies that organisations use to mitigate these risks. By understanding the evolution of cyber risk and assurance practices, internal auditors can help organisations stay ahead of emerging cyber threats and ensure the security and resilience of their digital assets in the future.

Hugh Devereux-Mack

Senior Advisor (Cert NZ)

Hugh Devereux-Mack is a Senior Advisor with CERT NZ, the government agency created to help increase New Zealand’s cyber resilience.

With more than 10 years’ experience in the private sector, he uses this experience to help both businesses and individuals understand the cyber security environment they operate within. 

Topic: Stories from the trenches – CERT NZ will provide insights into the current cyber security environment based on their recently published 2022 Report Summary. This presentation will also to explore different lessons from businesses case studies that have suffered from cyber attacks before finishing with a practical exercise to help you understand how to check whether your password has been compromised.

CERT NZ works to support businesses, organisations and individuals who are affected (or may be affected) by cyber security incidents. We provide trusted and authoritative information and advice, while also collating a profile of the threat landscape in New Zealand.

CERT NZ is a key component of New Zealand’s Cyber Security Strategy, contributing to the delivery of the Strategy’s vision of a confident and secure digital New Zealand.

Christopher Miller

Principal Cybersecurity Consultant (Datacom)

As a Principal Cybersecurity Consultant, I am privileged to work with large and small organisations across New Zealand raising and fortifying their cybersecurity maturity by providing advice and guidance into system design, governance and risk based decision-making, supported by a Datacom team that includes some of the most highly qualified cybersecurity professionals in the country.

Cybersecurity is a constantly changing and evolving domain, and our customers need dedicated professionals to help defend their organisations and data. By applying Zero Trust principles, our team help organisations to embed these security principles into their technology and architecture.

My primary goal is to position Datacom as the go-to option for organizations that recognize cybersecurity as a critical part of their overall strategy. With 20 years of experience in both Cybersecurity and IT, I am well-versed in bridging the gap between business and technology. I have worked with a range of public and private sector agencies, giving me an understanding of both the measured, compliance approach of government and the quick and adaptable approach of the private sector.

Ramon Manzano

Chief Audit Executive and General Manager (health Alliance)

Ramon has been practicing internal audit for more than 25 years across 11 countries. In 18 of these years, he led internal audit teams for large complex international organisations both in the private and public sectors. He is currently Chief Audit Executive and General Manager at Health New Zealand-healthAlliance. He has held this role since 2010 overseeing the growth of the internal audit function from 5 members serving 3 organisations to a current team of 12 looking after 7 organisations and along the way getting the IIA’s Team Excellence in Internal Auditing award.

His lifelong passion is internal audit and developing high-performing audit teams. He constantly upskills staff, challenges the existing processes, and embraces new technologies. When trusted and respected, he believes internal audit can make a positive difference since its recommendations reach the highest levels in the organisation.

A lifelong learner and at this stage of his career, Ramon is looking forward to freely sharing his vast experience and insights through mentoring (via the Auckland IIA mentoring pilot last year), training, coaching, and board memberships at not-for-profit organisations - such as the IIA. In his role as speaker in national conferences, webinars, and round-table discussions, he is hard at work ensuring that current and future internal auditors have the skills needed to become trusted advisers. He is prepared to do his part by networking with fellow auditors in securing the continued relevance of the internal audit profession in decades to come.

Ramon is blissfully married with two lovely daughters who now can out-run, out-swim and out-ski him. He attended university in America finishing with an MBA then a Masters Degree in Accounting - with distinction. He is also a Chartered Accountant, a Certified Internal Auditor, an ACL Certified Data Analyst, and in 2017 was named Internal Auditor of the Year.


Education day registration fees

Members: $499.00
Non-members: $659.00

Exclusive of GST.

This is a HYBRID event, we welcome you to register and attend in person or via video conference.

For those attending an event face to face, the ticket price includes morning tea, a light luncheon, renowned speakers, AV and event management.

If you are attending the event online, the ticket price includes renowned speakers, AV, online video conference connectivity and event management.

*Further information relating to CPE and the IIA NZ Event and  Attendance Policy 

In person event: Register

Online event: Register 

Wellington Programme

Wednesday 31 May 2023

Venue: Intercontinental Hotel, 2 Grey Street, Wellington or online




Adam Boileau

CyberCX Cyber Security Experts

Topic: “From the Early Days of Computing to the Digital Age: The Evolution of Cyber Risk and Assurance, How We Got Here, and What the Future holds?”


Hugh Devereux-Mack

Cert NZ

Topic: “Stories from the trenches” 

CERT NZ will provide insights into the current cyber security environment based on their recently published 2022 Report Summary.


Morning Tea & Networking


Christopher Miller

Principal Cybersecurity Consultant (Datacom)

Topic: “taking a zero trust approach to organisational security”


Ramon Manzano

Chief Audit Executive and General Manager (Health Alliance) 

Topic: A proactive approach to risk — what risk profiling and risk controls need to  be considered. How the risk culture of an organisation contributes to Cyber  risk management.


Lunch & Networking


*Interactive Round Robin Workshops and Case Study Discussion

Cert NZ

IIA NZ Facilitator


*Interactive Round Robin Workshops and Case Study Discussion

Christopher Miller

IIA NZ Facilitator


*Interactive Round Robin Workshops and Case Study Discussion

Ramon Manzano

IIA NZ Facilitator


Panel Discussion/ Q&A 

Cert NZ
IIA NZ Facilitator
Ramon Manzano
Christopher Miller

Topic: How can we help protect organisations in New Zealand (private and public sector) from cyber risk in the future?


Concluding remarks


Event Ends

Download Programme

* See below for  further information relating to the interactive Round Robin Workshops and Case Study discussion

Additional Event Information

Interactive Round Robin Workshops and Cast Study Discussion

A round-robin 30-minute education workshop is a format that allows for engaging and interactive learning. In this format, the audience is divided into three groups, and each group rotates between three different workshops, each lasting 30 minutes. The workshops are facilitated by an Internal Auditor and a speaker, who will present a case study topic relevant to the industry. 

The case study topic will be designed to provide a practical example of how the industry can effectively manage cyber risk and ensure the effectiveness of its assurance practices. The facilitator and speaker will encourage active participation from the audience and engage them in hands-on activities that reinforce the learning outcomes of each workshop. 

The round-robin format allows participants to engage in focused learning sessions and interact with multiple facilitators and speakers. This format provides a dynamic and interactive learning experience, where participants can learn from each other, share insights, and gain practical knowledge that can be applied in their role as internal auditors.

Overall, the round-robin 30-minute education workshop is an effective format for internal auditors to gain practical knowledge and skills in managing cyber risk and ensuring the effectiveness of assurance practices. It provides a practical and engaging learning experience that can help participants stay ahead of emerging cyber threats and ensure the security and resilience of their organisation’s digital assets.

IIA NZ event refund and attendance policy for the event

  • Christchurch hybrid event tickets close on the 15 May at 8am. Maximum of 40 Attendees face-to-face.
  • Wellington hybrid event tickets close on the 22 May at 5pm. Maximum of 100 Attendees face-to-face.
  • Full refund: You can receive a full refund before ticket sales close as noted above or until sold out, whichever comes first.
  • No refund after the event closing date, or when tickets are sold out, we cannot provide a refund due to confirmed catering numbers and other related event matters.
  • We highly encourage you to register early for this event. In the unlikely event of cancellation, rest assured that all registered participants will receive a full refund.
  • Postponement due to COVID: If there are any constraints caused due to COVID, we will notify you of a postponement. In such a case, your funds will be held with IIA NZ until we can confirm a new date for the event.
  • Upon registration, you understand that this is a hybrid event that combines both in-person and virtual attendance options, allowing attendees to participate in the conference from anywhere in the world. In this case, the IIA NZ education day may be recorded for promotional purposes, meaning that portions of the event could be used for promotional purposes later.

Please note that by purchasing a ticket to the event, you agree to the terms and conditions outlined in this refund and attendance policy.


Attendance for either session will provide 1 CPE per hour.

A CPE certificate will be emailed to those registered following the sessions attended.

In person event: Register

Online event: Register 

MoST Content Management V3.0.8634