MIS Training Institute - Agenda Details - IT Audit Management Summit

Agenda Details

IT Audit Management Summit

Date: Wednesday, 21 April 2010
Time: 1:30pm - 5pm

Wednesday, April 21

1:30 PM – 2:00 PM
Opening Remarks
Fred C. Roth, CISA, Vice President, IT Audit Division, MIS Training Institute

2:00 PM – 3:00 PM
Top Five Challenges Facing IT Auditors and How to Overcome Them
IT auditors are working in increasingly complicated and multifaceted organizations, with new regulations, security threats and technology evolving at an alarming rate. With this in mind, help us kick off the summit by identifying key challenges that you deal with on a daily basis. This session will be your opportunity to influence the agenda and make sure your pressing concerns will be addressed during the next two days.

3:00 PM – 3:15 PM Refreshment Break

3:15 PM – 5:00 PM
IT Controls and Risk Management During a Recession: An Essential Survival Guide
• Industry update on the latest in IT, security trends, best practices and standards
• Web 2.0, cloud computing, virtualization, collaboration – friends or foes?
• The state of computer crime and abuse, and what it means to your organization
• Ten proven ways to reduce your IT operating costs while improving your IT controls management
• Free IT audit and security tools that you can't live without

Thursday, April 22

8:30 AM – 10:30 AM
Managing the IT Audit Department
• Getting and keeping the right staff
• Streamlining the audit process
• Understanding our audit customer
• Integrating IT into the internal audit process
• Maximizing the manager's role throughout the audit
• Managing co-sourced IT audits
• Determining appropriate audit metrics
• Updating your audit tool-kit with the latest tools

10:30 AM – 10:45 AM Refreshment Break

Concurrent Sessions
10:45 AM – 12:15 PM
SESSION 1 Conducting Internal Audit Quality Assessment Reviews
• What is a peer/quality review and why you need one
• Internal Audit QAR methodologies and frameworks
• Preparing for your own QAR
• What to expect during an assessment
• A survival checklist

SESSION 2 Implementing an Effective IT Risk Assessment: Why Is It so Difficult?
• Understanding the parameters of the IT risk assessment
• Integrating IT risks with enterprise risk
• Determining what metrics to use
• SOX financial system considerations
• What leading companies are doing

12:15 PM Networking Luncheon

Concurrent Sessions
1:45 PM – 3:15 PM
SESSION 3 IT Governance: Achieving Compliance Without Going Overboard
• What is IT governance? Where are its boundaries?
• Determining effective oversight of IT management
• Maintaining a good relationship with IT
• Establishing an IT governance implementation plan
• Understanding how COBIT can help

SESSION 4 Continuous Auditing: Is It Finally Time?
• Defining continuous auditing vs. control monitoring
• Identifying roles and responsibilities
• Transitioning to continuous auditing
• Overcoming roadblocks to achieving continuous auditing
• Best practices from companies successfully implementing continuous auditing

3:30 PM – 5:00 PM
Break-Out Session by Department Size

Tackling Difficult IT Audit Management Hurdles
• IT audit staffing: recruiting and retaining
• Understanding the new IT risks
• Developing effective risk assessment models
• Selling your IT recommendations to management
• Metrics for measuring audit's performance

5:00 PM – 6:15 PM Networking Cocktail Reception

Friday, April 23

Concurrent Sessions
8:30 AM – 10:00 AM
SESSION 5 COBIT: A Case Study in the Practical Application of Reasonable Controls
• Assessing your IT department's level of maturity
• Achieving management buy-in
• Developing a repeatable and commonsense approach to "good practices"
• Understanding COBIT as the "what" framework for IT
• Implementing the right amount of controls
• Keeping the focus on risk management

SESSION 6 Enhancing Audits by Leveraging International Standards and Frameworks
Demystifying the following references:
• ISO-27001 and ISO-27002
• ITIL
• FIPS 199, 200
• NIST 800-53 and NIST 800-53A
• GAO FISCAM
• DOD DISA checklists
• PCI DSS

10:00 AM – 10:15 AM Refreshment Break

10:15 AM – 12:00 PM
Boosting IT Audit to the Next Level
• Value-added auditing
• Linking IT audit goals to enterprise risk
• Implementing best practices
• Developing leaders within your IT audit team
• Building blocks for establishing an effective auditee relationship
• Making the most out of your "good deeds"
• Strategically positioning IT audit

SUMMIT FACULTY
Fred C. Roth, CISA, Vice President, IT Audit Division, MIS Training Institute
Ken Cutler, CISSP, CISA, CISM, Vice President, Information Security, MIS Training Institute; Principal Consultant, Ken Cutler
& Associates
Xenia Ley Parker, CIA, CISA, CFSA, CGEIT, Senior Director, MMC Audit & Control
Brian Porter, Senior IT Consultant, G.1440; former Director, IT Governance & Process Excellence, Erickson Retirement Communities
Richard Tarr, CISA, CIA, President, Richard Tarr & Associates