Hot Topics in IT Audit
Wednesday, November 10, 2010 from 8:00 AM to 4:30 PM (EST)
Course Segment Descriptions, Speakers, and Bios:
Course description: Electronic Discovery can be a complex and expensive process for corporations that are not sufficiently prepared. This presentation will provide an overview of the eDiscovery process, examine audit considerations throughout the process, discuss common pitfalls and explore leading practices to help your organization be prepared for eDiscovery.
Speaker Bio: Brian Wilkinson is a Director of eDiscovery and Computer Forensics in the Baltimore office of PwC. In his present capacity, Brian is responsible for advising a wide range of domestic and global clients in matters of electronic discovery, computer forensics, litigation readiness planning, email archiving, internal investigations and regulatory inquires.
Business Continuity Management
Course Description: This presentation will provide an overview of Business Continuity Management (BCM). It will provide detailed review of the key concepts and key components of a BCM program. In addition, the presentation will provide a discussion of trends in BCM from an audit perspective. The presentation will provide a review of what to look for when performing an audit of your organization's BCM program. In addition, there will be a discussion of what controls should be in place, providing insight into how to develop an audit program for BCM.
Speaker Bio: Gerry Smith is a Manager in PwC's BCM practice and has over 32 years of experience in providing business continuity and crisis and emergency management services. His extensive experience in implementing BCM programs in support of an organization's resiliency/business continuation requirements includes projects for Fortune 100 and Fortune 500 clients in the retail and consumer products, petroleum, chemical, pipeline, pharmaceutical, aerospace, agribusiness, energy, industrial, food products, and hospitality industries, and in the not-for-profit sector. He has been responsible for the development and implementation of client corporate preparedness strategic plans and programs. He has been a trusted senior preparedness counsel and has trained executive and senior-level management teams on managing adverse events such as product liability and recalls, shareholder activism, geopolitical incidents, industrial accidents, natural disasters, and major project failures. As National Practice Leader, Gerry has been responsible for design, development, conduct, and evaluation of all client exercise activities including tabletops, drills, and full-scale exercises. He has a B.S. from the State University of New York - Brockport, and an M.S. in Public Policy Analysis from the University of Rochester.
Cyber Threats and Other Security Concerns
Course Description: This section will provide an overview of the latest cyber attacks and threats to businesses and other organizations. It will provide an overview on ways to prevent data breaches. In addition, it will provide insights and recommendations on how to respond to data breaches and other intrusions.
Speaker Bio: Kimberly Kiefer Peretti, J.D., LL.M., CISSP, joined PricewaterhouseCoopers in May 2010 as a Director in the Washington D.C. Forensic Services practice. Peretti, a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section, focuses on the prevention, response and remediation of all types of data breaches, including breaches involving payment card information (PCI), personally identifiable information (PII), and personal health information (PHI). She also services a wide range of clients in matters of cyber intrusions, cyber investigations, cyber security, financial crime, fraud, and regulation, payment systems compliance and risk mitigation, economic espionage, and Intellectual Property theft.
While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez who is currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the Department of Justice in which over 170 million credit and debit card numbers were stolen from over 14 major U.S. retailers. Peretti's law review article entitled "Data Breaches: What the Underground World of Carding Reveals," resulted in a hearing before the US House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry. She is a frequent keynote speaker and lecturer on the topic of data breaches, cyber investigations and cyber crime, and has been recognized as an "industry pioneer" by SC Magazine in the information security industry.
Prior to her work at the Department, Peretti practiced law at Brobeck, Phleger & Harrison and Mayer, Brown & Platt, focusing on information security, privacy, technology, and financial institution regulation. She is a Certified Information Systems Security Professional (CISSP), and holds an LL.M. (Masters of Law) from the University of Munich, Germany, and a J.D. from Georgetown University Law Center (magna cum laude).
Course Description: This presentation will provide an overview of some specific points around Oracle R12. Included in the discussion will be an overview of the differences from previous versions of Oracle. In addition, the presentation will provide specific points to consider when planning or performing an audit. The presentation will provide considerations for Internal Audit to include whether the plan is to perform a pre-implementation review or an audit of Oracle once it is already in production.
Speaker Bio: Brandon is a Director in the Systems and Process Assurance ("SPA") practice of PricewaterhouseCoopers. Based in McLean, Virginia, he is a Certified Public Accountant and Certified Information Systems Auditor with more than eleven years of experience assessing business process and information systems controls and security. He is responsible for the delivery of audit and advisory services around the management of systems and process risks, including evaluating information technology and application-based controls; assessing the effectiveness of existing information security and security strategies; assessing the quality of systems delivery; and evaluating business change management procedures for the greater Washington Metro area. Brandon also provides controls optimization, both financially and operationally, to clients with a focus on leveraging system functionality.
Brandon is the chair of the SPA national steering committee tasked with creating audit guides, best practices, and developing training over the Oracle E-Business Suite application for PricewaterhouseCoopers. He is also a global instructor of Auditing Oracle Applications for the firm and active within the PwC-Oracle alliance team. Brandon has a dual B.S. in Accounting and Management Information Systems from the Indiana University of Pennsylvania.
Brandon’s clients have included several Fortune 500 companies in the software, technology, cable, and telecommunications industries.
SAS 70 / SSAE 16 Update Course Description: The AICPA has issued Statement on Standards for Attestation Engagements (SSAE) No. 16. This new standard can be implemented now, and for any audits with an ending date after June 15, 2011, SSAE 16 will replace SAS 70 as the standard for reporting on service organizations. If you were not aware of the change or have not taken steps to address the new standards and the implications it has to your organization, now is the time for action. This update will help clear up questions and quickly set you on the right track. After participating in this 60 minute webinar, you will be able to: Describe the differences between SAS 70 and SSAE 16, Explain to your organization and subservice organizations what SSAE 16 means to them, Develop a list of what you should be doing now to prepare for the change.
SAS 70 / SSAE 16 Update
Course Description: The AICPA has issued Statement on Standards for Attestation Engagements (SSAE) No. 16. This new standard can be implemented now, and for any audits with an ending date after June 15, 2011, SSAE 16 will replace SAS 70 as the standard for reporting on service organizations. If you were not aware of the change or have not taken steps to address the new standards and the implications it has to your organization, now is the time for action. This update will help clear up questions and quickly set you on the right track.
After participating in this 60 minute webinar, you will be able to: Describe the differences between SAS 70 and SSAE 16, Explain to your organization and subservice organizations what SSAE 16 means to them, Develop a list of what you should be doing now to prepare for the change.
Speaker Bio: Gurmeet is the Regional Director of IT Assurance and Advisory at Clifton Gunderson with over 12 years experience in the areas of information technology governance and risk management. Prior to joining Clifton Gunderson, Gurmeet worked with a large international accounting firm and led several internal audit co-sourcing arrangements. He also has extensive experience in enterprise risk management initiatives at such large enterprises as Daimler Automotive Group, General Motors and Chrysler. Gurmeet has led several IT effectiveness assessments, ERP integrity reviews, data governance reviews, business continuity planning and SAS 70 audits.
Time: 8:00 AM to 4:30 PM (Registration starts at 7:30). Lunch from 12:00 to 1:00.
CPE: 8 hours