Link North America section Link Europe section Link Asia section
All programs Audit World 2010 Cloud Security Alliance Congress Governance, Risk & Compliance 2010 InfoSec World Conference & Expo 2010 IT Audit & Controls 2010 IT Governance, Risk and Compliance SuperStrategies 2010
All programs The Audit Directors and Managers Symposium The MIS Audit Leadership Institute
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Training Weeks      In-House Training      Online Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      Products      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
   
Conference Program Registration/Hotel EXPO Press/Media
Workshops

Workshops-at-a-Glance

Monday, September 20
9:00 AM – 5:00 PM

W1 Cloud Computing: Risk and Controls – How Auditing Practices are Impacted
Jason Wood, CPA, CITP, CIA, CISA, President, WoodCPA Plus p.c.

This workshop will demystify the concept of cloud computing, and compare/contrast "legacy" cloud computing environments and "new" cloud computing environments. Risks and controls specific to a cloud computing environment will be examined to reinforce the new types of audit considerations that need to be placed in the audit universe. Discussion of the additional risk an organization takes on when they no longer control their applications/IT environment, and place it in a third parties hand in a cloud computing environment. An example audit program will be reviewed to help provide guidance to the practitioner.
This workshop will cover:
– The basics of cloud computing
– Old and new risks introduced by the cloud computing evolution
– A set of controls that can be deployed in an audit of cloud computing
– The differences between traditional IT auditing and auditing a cloud computing environment
– Determining when to rely on a SAS 70 for a cloud computing environment, or perform additional specific procedures


W2 A Step-by-Step Approach to Building a Control Framework
Sue Bascom-Erazmus, PMP, Vice President, Risk and Compliance Management, People's United Bank

Securing any company's environment is a complex effort. Whether you are facing the need to manage reputational risk, regulatory risk, risk of loss, or any of the multitude of threats that exist across the wide breadth of industries. Measures must be in place to provide assurance that those risks are mitigated to an acceptable residual level. This workshop will focus on the steps that can be taken to develop, implement and maintain a sustainable control framework. We will approach the construction of a control framework by addressing the elemental questions of "Who? What? Where? When? How? and Why?"
The workshop will cover:
– Who are the stakeholders?
– What is at stake and what are your goals?
– Where are the gaps?
– When will you get there?
– How to ensure adoption?
– Why is a sustainable program of control essential?

Thursday, September 23
1:30 PM – 5:00 PM

W3 Developing High-Impact Reports
Robert L. Mainardi, CFSA, Founder & President, Mainardi & Associates

This workshop identifies the critical nature of audit reporting by developing a common understanding of the true purpose of an audit report as well as the specific required fields that ensure the report is delivering a complete message. The audit report purpose will become the cornerstone for the course as it discusses the four main reasons for issuing reports. The course also provides an overview of the recommended report format and the field level detail that each report should contain. It discusses what makes a potential issue "reportable" and how to make that determination (especially on a consistent basis). To complement this topic section, we will identify, discuss, and practice using the five components of a reportable issue.


W4 Leveraging ERM to Build a Risk-Based Audit Plan
Shahid Khwaja, CPA, CIA, CISA, CCSA, Chief Audit Executive, Crane Co.

With the rapidly changing business environment, greater flexibility is required within organizational processes including Internal Audit departments. Add to that the fact that Audit Committees and businesses are re-evaluating adequate risk coverage along with the role of Internal Audit organizations. And it is time Internal Audit organizations adopt various new approaches to deliver increased coverage with limited resources.

This workshop will identify ways to leverage the ERM output for building an Internal Audit plan. Monitoring techniques and approaches will be shared to align Internal Audit initiatives with enterprise risk and control oversight for completeness and quality of risk management framework. The workshop will also address challenges and risks associated with downsizing the Internal Audit function and identifying areas to increase efficiency and effectiveness.