Reserve your seat
now, email: IsacaChicago@gmail.com
May 15 - Steve Schlarmann, Chief
Compliance Strategist of Brabeion,
discuss the IT Risk Management issues of effective and efficient
IT
Policies, Standards and Procedures including the concept of Policy
Lifecycle Management
Reserve your seat
now, email: IsacaChicago@gmail.com
Previous Meeting Information:
April Meeting:
IT Risk Management issues of data loss prevention
and approaches to mitigate the risk
Mike Twitty from Vontu will discuss the IT Risk Management
issues of data loss prevention and approaches to mitigate the risk
March Meeting:
IT Risk Management -related regulations and standards
including the newly developed BS25999
Sally Smoczynski, Managing Partner of the The Radian
Group,
will speak about the various IT Risk Management -related regulations
and
standards including the newly developed BS25999
February Meeting:
Organizing, Measuring, and Maturing Risk Management
Programs
David Nolan, CEO of Fusion Risk Management, will
speak about
management's challenge to manage risk and measuring their progress
to
mitigating loss.
"Organizing, Measuring, and Maturing Risk Management Programs"
..."This
presentation will focus on building a comprehensive Risk Management
Program that organizes, consolidates and incorporates the Audit,
Compliance, Operational Risk, and Governance agendas. The presentation
will put forth a process and a Framework Model for capturing and
measuring program effectiveness over time, and against peer groups.
Lastly, the presentation will put forth concepts and processes for
setting priorities and building business cases for addresses risk."
January Meeting:
Detecting Fraud Using Data Analysis Techniques
Description of Topic:
The growing complexity of computer systems and accounting applications
has revolutionized the accounting field. Fraudsters take advantage
of this opportunity through vulnerabilities in the systems and in
their controls. Data analysis tools and methods can assist in the
detection of red flags that indicate fraud. Data analysis is the
automated extraction of volumes of data, usually databases containing
records such as: account information, general ledgers, payroll,
and sales records. Through sophisticated testing of data one can
take advantage of CAATs (computer-assisted audit techniques) to
identify anomalies, detect the red flags of fraud and assist in
fraud prevention.
This presentation will provide:
1. A brief technical overview of the current IT audit and investigative
software and processes used to explore contemporary accounting systems
and databases.
2. A panel discussion around actual use and application of CAATs
along with the obvious benefits of employing CAATs: Increasing the
personal productivity of auditors, increasing the efficiency of
the audit process, and increasing the market value of audit professionals.
Outline of presentation:
1. Fraud Risk Assessment Approach (15 minutes)
A. Analysis of inherent risks
B. Internal Controls for mitigation of fraud risks
2. CAATs (computer-assisted audit techniques) (15 minutes)
A. Introduction
B. Data Analysis Methods
C. Red Flags and Anomalies
3. Panel Discussion (90 minutes)
Presented By:
Kumar Setty, IT Audit Manager, SolomonEdwardsGroup LLC
Kumar Setty is an IT Audit Manager with the SolomonEdwardsGroup.
He has experience in a variety of projects relating to: SOX 404,
IT Risk Assessment, Business Continuity Management, and software
application development.
For further information about SolomonEdwardsGroup, please go to
. www.solomonedwards.com
Panelists:
Sandra J.H. Rolnicki , National Director, Global Internal Audit
- Jones Lang LaSalle
Scott Sullivan, Oversight Systems, Inc.
Walter Clements, Regional Executive - ACL Services Ltd.
November Meeting:
There is a lot of confusion in the marketplace about
the topic of IT governance and the definition continues to evolve
....
Please join Russ Gates, founder and CEO of Dupage
Consulting, as he leads a panel discussion of IT leaders as they
explore this important and highly relevant topic !
Open Panel Discussion:
Jeff Eberwein, Chief Information Officer, United Center
John McCormick, Global Head, IT Compliance, Accenture
Ron Isbell, Chief Information Security Officer, Children's Memorial
Hospital,
Wayne Cerne, Global Head of IT Risk Control, UBS Global Asset Management
Thursday, October 18, 2007
Building a
World Class IT Audit Function
Tom is an Executive within Crowe Chizek’s Columbus,
Ohio’s Risk Consulting practice with responsibilities for
providing full service Information Technology audit and consulting
support including: technology risk assessments, technology/infrastructure
controls evaluations, external vulnerability assessments, compliance
reviews, disaster recover/business continuity analysis, vendor management,
and overall information governance assessments. In addition to being
a CISA, Tom has over 28 years of experience in conducting assessments
within large complex technology infrastructure and security environments
– domestically and internationally – while bringing
the unique combination of external audit, internal audit, consulting,
and ownership of operational technology. This experience provides
the critical blending and balancing of security, Information Technology
governance, and a practical operational control perspective. Tom’s
professional experiences include serving as a Captain in the US
Army, a Senior Manager with Arthur Andersen’s Computer Risk
Management practice, CIO for a mid-sized credit card company, and
First Vice President/Senior Director with Bank One/JP Morgan Chase’s
internal infrastructure audit team. In addition to conducting internal
and client training, Tom has provided processional presentation
on a wide rage of risk and technology topics at both national ISACA
and Institute of Internal Auditors (IIA) Conferences.
Thursday September 20th, 2007:
Click
here to see Ed Hill's Presentation from the September 20th meeting!
ISACA September Presentation
-- AS/5
Overview and Impact on IT General Controls
Many companies have undertaken efforts to achieve
a more
cost-effective level of compliance with Section 404 of the
Sarbanes-Oxley Act (“Sarbanes-Oxley”). This has been
a daunting
undertaking for many companies, particularly in the area of
Information Technology General Controls (ITGC’s). ITGC’s
tend to be
complex and a pervasive component of many companies’ internal
control
design. The recent SEC approval of AS/5 has introduced several new
and revised requirements and considerations that present a further
opportunity to fine-tune the scope of this work. Ed Hill, Managing
Director, Protiviti, currently the global leader of Protiviti's
IT
audit practice, which includes IT Risk and Control work related
to
Sarbanes-Oxley (SOX) compliance projects, will explore how these
recent changes might impact a company's approach to ITGCs and some
alternatives to scoping this work in light of the recent SEC and
PCAOB releases.
Ed Hill will be delivering the presentation.
Ed is the global Managing
Director responsible for
Protiviti’s IT Audit product family and he was a
member of the IIA’s GAIT Core Team.
Prior meetings imformation is now also available in our monthly
Newsletters
|
