Chicago Chapter ISACA
Spring Seminar - REGISTRATION CLOSED
We are sorry, but this seminar has reached capacity
and we can no longer accept new entries.
April 9th - 10th 2009
8:00AM-5:00PM (15 CPE hours)
Continental Breakfast 8:00 AM, Class 8:30 AM
Special pricing for chapter members. The Chicago Chapter Board is offering
this course at a special rate of only $250 to our membership in support
of just one of the numerous values of being a Chicago Chapter ISACA member
in these difficult economic times.
IT Audit Planning Using a Risk-Based Approach
Focusing on Risk to Improve the Efficiency and Effectiveness of Your
IT Audits
Instructor: Richard H. Tarr, CIA, CISA - MIS Training Institute
UBS Tower, 2nd Floor Conference Center
1 North Wacker Drive
Chicago, IL 60606
UBS Telephone: 312-327-2370
UBS Tower Web Site: www.conferencecenteratubstower.com
April 9th - 10th 2009
8:00AM-5:00PM (15 CPE hours)
Continental Breakfast 8:00 AM, Class 8:30 AM
Focus and Features
IT risks are increasingly recognized as critical factors in enterprise
risk management. From preventing failures in regulatory compliance to
helping avoid devastating harm to the reputation of the organization from
headline-making security breaches, IT auditors have an obligation and
value-adding opportunities to assess enterprise vulnerabilities through
effective risk-based IT audit planning.
In this two-day seminar you will explore the varied aspects of developing
an effective risk-based IT audit plan, and examine the use of risk-based
standards and frameworks, including COSO ERM. You will review such risk
elements in IT audit planning as regulatory compliance risks, IT governance
risks, business information risks and IT infrastructure risks. You will
also cover the increased risks introduced by outsourced IT operations
and functions. Throughout this high-impact seminar you will focus on developing
an annual IT audit universe based on assessing enterprise information
risks. You will leave this intensive seminar with a proactive strategy
that will help you establish a comprehensive risk-based IT audit plan
that will boost the efficiency and effectiveness of your IT audits.
Agenda
What You Will Learn
1. Effective IT Audit Coverage Through Risk-Based Planning
- risk definitions: threat, vulnerability, exposure, safeguard
- effects of risk
- risk criteria
- COSO ERM risk definitions
- cost/risk balance
- COSO Risk Assessment
- IIA/ISACA standards on risk assessment
- financial and operational risks
- IT risks and exposures
- linking IT risks to business risks
- IT risk assessment and audit planning strategies
- IT infrastructure risks
- integrated audits: enterprise risk coverage
2. Using Risk-Based IT Standards and Frameworks
- IIA GTAG
- ISO-27002 Security Controls
- FIPS 199 Security Risk Categorization
- NIST 800-53 Security Controls
- NIST 800-53A Assessment Guide
- mapping to COBIT®
3. Using COBIT
- COBIT control objectives
- COBIT framework and domains
- RACI chart, goals/metrics, and maturity model
- COBIT Control Practices
- IT Assurance Guide
- value drives/risk drivers
- COBIT On-line
- COBIT PO 9: Assess and Manage IT Risks
4. COSO Enterprise Risk Management
- definition of enterprise risk management (ERM)
- why use COSO ERM?
- ERM objectives and components
- COSO vs. COSO ERM
- risk definitions
- COSO ERM and technology
5. Developing an IT Risk Assessment Framework
- IT risk assessment steps
- information asset integrity, confidentiality, and availability risks
- examples of risk criteria
- performing IT risk and impact/probability analyses
- developing the IT audit universe
- ISACA Standards/Guidelines: Risk Assessment
- NIST 800-53: IT Systems Risk Management Guide
- OCTAVE Risk Evaluation Process
6. Risk Compliance Critical Success Factors
- building a sustainable risk compliance process
- management and control ownership
- risk management
- sustainability
- change recognition
- risk compliance management structure
- embedded risk control specialists
- standardizing compliance
- risk/control frameworks
- Internal Audit’s role
7. Determining IT Governance Risks
- defining IT governance within enterprise governance
- why IT governance is critical to the enterprise
- IT governance risks, responsibilities, and components
- IT oversight committee
- information security governance
- COBIT® IT governance risks
- IIA and ISACA governance audit standards
8. Information Security Risks
- linking information risks to confidentiality, integrity, availability
- determining information security risks
- insider risks
- user access management
- information classification
- privacy risks
- user authentication and single sign-on risks
- authorization risks
- conflict matrix
- privileged access
- audit trail
- managing user accounts
- security monitoring
- remote access
- sensitive data on PCs and workstations
- social engineering risks
9. System Software Integrity Risks
- operating systems risks
- software parameters
- patch management
- vulnerability testing
- database management risks
10. IT Infrastructure Risks
- physical security
- environmental controls
- change management
- disaster recovery planning
- network perimeter security
- encryption
11. Business Application System Risks and Audit Planning
- transaction life cycle
- input, output, and processing risks/controls
- end-user computing risks
- top-down, risk-based business application audit planning
12. System Development and Acquisition Risks
- business risks of development projects
- determining system development and acquisition risks
- assessing project management
- IT audit’s role in system development projects
- IT audit independence issues
13. Outsourced IT: Identifying the Risks
- outsourcing risks
- offshore outsourcing risks
- ensuring strong contractual agreements
- how to obtain a right to audit
- risks associated with SAS-70 reports
- relationship monitoring risks
14. Developing a Risk-Based Annual IT Audit Plan
- implementing an IT audit strategy
- creating the audit universe
- structuring the audit universe to address risks
- developing a comprehensive risk-based annual IT audit plan
Seminar Registration - We are sorry, but this seminar has reached
capacity and we can no longer accept new entries.
REGISTRATION CLOSED
Bob Pardon
Phone: 630-292-6244
bobpardon@aol.com
Home
|