I N F O R M A T I O N   T E C H N O L O G Y

Sessions will cover IT governance, risk, compliance, hacking, IT auditing and other IT hot topics.

CS 1-5
Demystifying IT Auditing for Internal Auditors
Kenneth Mory, City of Austin

IT has become the backbone of every business and increasingly pervades every area that we might touch as auditors. Unfortunately, internal auditors are often intimidated by the "shamans and lingo" of technology and often avoid technology audits. However, auditors can no longer afford to dodge their responsibility for engaging in technology auditing without at best risking losing relevance or at worst being viewed as negligent or incompetent.

In this session, participants will learn how to:

  • Understand how to comfortably delve into the world of "botnets," "zombies," "clouds," "Judas threats," and other threats and vulnerabilities.
  • Learn a common-sense approach to IT Auditing as a non-IT auditor and make IT part of your everyday audits.
  • Identify resources available to incorporate IT auditing in all your audits.
  • Learn when co-sourcing or outsourcing might be appropriate.

FIELD OF STUDY: AUDITING

CS 2-5
Managing Privacy Risk in a Social Media Driven Society
Tom Andreesen, Protiviti

The growth of social media technology to support businesses today increases the risk of sensitive information being exposed outside the boundaries of companies. How can auditors identify such risk and implement mitigating steps?

In this session, participants will learn how to:

  • Assess privacy risk exposure points within a company’s use of social media.
  • Identify ongoing usage of social media by company employees.
  • Implement employee awareness programs.
  • Inventory current and proposed privacy regulatory legislation.

FIELD OF STUDY: AUDITING

CS 3-5
The Value of GAIT
Norman Marks, SAP Business Objects Division

In their last Internal Audit Capabilities and Needs Survey, Protiviti said, “Overall, the greatest need to improve is with The IIA's Guide to the Assessment of IT Risk (GAIT).” This methodology shows how internal auditors can identify all the controls relied upon to manage a business risk, so they can be included in audit scope – a critical activity if you want to perform integrated audits, or just make sure your audit scope is complete.

In this session, participants will learn how to:

  • Understand how to identify the combination of controls relied upon to manage any risk, whether financial reporting, compliance, or operational effectiveness.
  • Identify where a failure in IT processes could cause a failure to manage a business risk.
  • Select the right IT controls to assess and test, including both application controls and IT general controls.

FIELD OF STUDY: AUDITING

CS 4-5
Adding Value Through Risk-Based IT Auditing
Dragon Tai, Continental Holdings Corporation

Due to the pervasiveness of IT and increasing dependence on IT for business processes, the audit of IT related systems and processes can become very complicated. An effective IT risk assessment in IT audit planning and execution is vital in adding value to the organization.

In this session, participants will learn how to:

  • Distinguish between conventional and risk-based IT auditing
  • Identify all aspects of IT risk through IT risk assessment
  • Follow a risk-based framework for conducting blended engagements

FIELD OF STUDY: AUDITING

CS 5-5
IT Governance, Risk and Compliance Concepts and Frameworks
Brian Barnier, ValueBridge Advisors

So what is a risk – really? Does your risk profile make you look fat? What’s the difference between a mitigation and a response? Is a risk treatment something you get at a day spa? Or two aspirin? Does governance really come in “layers?” Or is that a parfait? Or, an onion? Are ARMS, COSO and AS/NZS something on an eye chart? Through clarity (and knowing where clarity doesn’t quite yet exist), you can learn how to use frameworks to help you more easily communicate and drive progress, without tripping over terminology. Join this popular session to make your professional practice easier.

In the session, participants will learn how to:

  • Identify common frameworks used in IT-GRC.
  • State terminology and variations between frameworks.
  • Communicate more easily with various business areas, IT, regulators and partners.
  • Synthesize several frameworks to meet your organization’s needs.

FIELD OF STUDY: AUDITING

CS 6-5
IT Hacking for Fun and Profit
Michael Saylor, Accretive Solutions

Cyber criminals have evolved from recreational social hobbyists to today’s criminal, political, and terrorist activists. Beginning mostly with exploiting telecommunications systems, today’s hackers are targeting financial institutions, intellectual property, personal identities, and state secrets.

In this session, participants will learn:

  • A brief history of hacking and cybercrime.
  • The motivators of today’s hackers.
  • Examples of recent cybercriminals.
  • And brief look at the cybercrime underground.

FIELD OF STUDY: COMPUTER SCIENCE

CS 7-5
IT Hot Topics Panel
Norman Marks, SAP (Moderator)
Dragon Tai, Continental Holdings Corporation
Kenneth Mory, City of Austin
Brian Barnier, ValueBridge Advisors
Tom Andreesen, Protiviti

The pace of change and advances in technology continues to increase. What is the latest buzz? What are the aspects of technology that auditors should be worried about, and what should they be using better in their daily work?

After this session participants will be able to:

  • Have a better understanding of current IT hot topics.
  • Review current trends and best practices in IT auditing.
  • Identify current challenges and opportunities within IT and the internal audit profession.

FIELD OF STUDY: AUDITING

© 2009 The Institute of Internal Auditors | Atlanta photos © AtlantaPhotos.com