DB1510 - Isaca
Transcription
DB1510 - Isaca
DATABYTE VOLUME 30 #2 PRESIDENT Linda Kearney CISA, CIA, CIPP-US Fiat Chrysler Automobiles presidentisacadet roit@gmail.com VICE PRESIDENT Keith Cheresko JD, CIPP/US/ IT Privacy Associates Int’l LLC vpresidentisacadetroit @gmail.com REGION 4 CHAPTER 8 TREASURER Greg Boehmer CISA, CIA, CFE, CGEIT CISSP, CISM, CRISC, CRMA, PMP Deloitte & Touche treasurerisacadetroit@gmail.com SECRETARY Juman Doleh-Alomary MScE, CISA, CISM, CRISC, ISO27001 Wayne State University secretaryisacadetroit @gmail.com DIRECTORS Brad Barton, CISA Lear Corporation 248-707-9372 Derrick Buckingham, CISA, CISSP, CISM, CRISC Detroit Medical Center 313-729-8816 Doug Copley, CISA, CISM Beaumont Health Systems 247-733-7337 Michele M. Daws on, CPA, CISA Federal-Mogul Corp. 248-971-8657 Michael A. Forrest, CISA, CGEIT Flagstar Bank 248-312-5435 October 21, 2015 ISACA Detroit Chapter Meeting Pre-Dinner Topic: GRC Within a System Implementation Pre-Dinner Speakers: Chris McGee and Sarah Eilerman After-Dinner Topic: Audit Analytics After-Dinner Speakers: Libby Roop, CFE Peter Baciorowski, CISA Ryan Hodges, CISA, CISSP Deloitte & Touc he 248-953-1151 Date: October 21, 2015 Bhask ar Kak ulavarapu, CISSP, CISM TD Auto Finance 248-925-7001 Time: 4:30 - 5:00 5:00 - 6:00 6:00 - 6:45 6:45 - 7:45 Brenda Karl, CISA, CGEIT, CRISC Independent Consultant 248-977-6526 D. Robert Ok opny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246 Location: Michigan State University Management Education Center 811 W. Square Lake Road Troy, MI 48098 Phone: 248-879-2456 Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224 Malini Sarma, CISA General Motors 313-667-2878 Carrie Schrader, CISA, CB M, CFE, CGEIT, CRISC GM Financial 586-817-8590 Melvin B. Taylor, CISA, CISM mbtaylor10@c omcast.net 248-761-5671 Registration & Networking Pre-Dinner Presentation Dinner After-Dinner Presentation Cost: Advanced Online Registration Only $20.00 Members $30.00 Non-Members $10.00 Students and Retirees Walk-In Fees $40.00 Member $50.00 Non-Member $10.00 Students and Retirees Doug Wahr, CFE, CISA, CRMA, CISSP Auto Club Group (AAA ) 313-436-7277 Manish Zaveri, CISA, CPA Delphi Corporation 248-888-9090 Note: Online registration ends at noon on Friday October 16, 2015 and must be paid in full. DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH Dear Detroit Chapter Members, Hello members!!! I hope everyone has enjoyed the great weather and is getting ready for fall! We had a successful September meeting where Keith Wilson spoke on the topic of “The Internet of Everything is Here - How do we secure it?” and one of our newest board members, Doug Copley, spoke on “Demonstrating Information Security Program Effectiveness”. I hope everyone came away with some valuable information from this meeting. In addition to our monthly meetings, we are planning two additional training sessions. Our fall seminar, scheduled for November 11 and 12 includes two topics: “Increasing Auditor Effectiveness in Recognizing & Detecting Fraud” and “Personal Skills for Professional Success”. We are also pleased to announce that we will also be holding training for the Cybersecurity Fundamentals Certificate Exam in November as well. This exams tests knowledge across five key areas: Cybersecurity concepts, Cybersecurity architecture principles, Cybersecurity of networks, systems, applications and data, Incident responses, and The security implications of the adoption of the emerging technologies. The certificate exam has no experience requirements. However, once you have successfully passed the Fundamentals exam, you may continue to get certification as a practitioner, specialist, or expert. At the specialist level, there are five areas aligned to existing global cyber security frameworks: Identify, Protect, Detect, Respond, and Recover. Each course combines lectures with at least 50 percent hands-on lab exercises in a virtual cyber lab environment. To learn more about the fundamentals certificate or any of the certifications, visit https://cybersecurity.isaca.org/csx-certifications. ISACA Program Chair, Malini Sarma with Sept. Speaker Doug Copley I also want to make you aware of ISACA International’s Research, which can be found at http://www.isaca.org/Knowledge-Center/Research/Pages/CurrentProjects.aspx. There are eight SAP® ERP Audit Assurance Programs, which complement the book, Security, Audit and Control Features SAP® ERP, 4th Edition. Additional ISACA International research includes: COBIT 5 for Business Benefits Realization, Critical Cyber Event Governance and Management: Board and Executive Guidance, DevOps Series (e.g., the movement within IT to improve relationships between development and operations), Internal Controls, Operational Risk Management/Basel Using COBIT 5, PCI DSS, and Privacy Principles and Program Management Guidance. Finally, our next meeting will be held at MSU Management Education Center on W. Square Lake Road in Troy, Michigan. This will be our first meeting at the MSU Troy campus, so be sure to familiarize yourself with this location. We’re looking forward to seeing you there. As always, if you have a suggestion or wish to volunteer, please do not hesitate to contact me or any other member of the Board. I can be reached during the monthly meetings or by sending me an email to: presidentisacadetroit@gmail.com. I am looking forward to seeing you at the October meeting!!! Linda Kearney, CISA, CIA, CIPP-US ISACA Detroit Chapter President Sept. Speaker Keith Wilson with ISA CA Program Chair, Malin i Sarma 2 DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH Before Dinner Topic GRC Within a System Implementation Participants in this session will understand common risks and pitfalls within a large scale business process transformation or system implementation. Additionally, they will gain an understanding of how having a strong Governance, Risk and Control framework that covers both the project itself and the product that is being delivered can help to mitigate these risks and what to look forward to determine if that framework exists. Before Dinner Speakers Chris McGee - Chris is a Director in KPMG's Advisory GRC practice. He has 17 years of experience in engineering, consulting and industry. He has worked with over 20 companies during large scale system transformation projects to help implement and evaluate their controls structure to help ensure a successful go-live. Sarah Eilerman - Sarah is a Manager in KPMG’s IT Audit and Assurance practice. She has 7 years of experience in performing a variety of IT and operational advisory services to insurance and manufacturing organizations. Sarah also has experience leading several SSAE16 (SOC1) engagements. After Dinner Topic Audit Analytics Having an insight driven audit is a way to assist clients in strengthening the efficiency and effectiveness of their control framework. The increased availability of rich data sets, and the sophistication of analytical tools, provides an opportunity to exploit the valuable insight which was previously not accessible. As many companies have experienced, substantive audit testing of controls, business processes, and financial statements has historically been manual, requiring a large amount of time and resources. By utilizing analytics, companies can enhance and sustain confidence over their testing population, tailor tests based on risks identified in planning, quantify control deficiencies, and better assess the cause of an exception found in testing. This presentation provides details on how analytics can both enhance a company’s internal audit function and empower the auditor to generate insight in a greater capacity than previously known. We will also provide some examples and details as to how analytics has been applied at several clients of ours. revenue, and conversions. She has served in a variety of industries, with a focus in Automotive, providing data analysis services such as data mapping/conversion validation, reconciliation of source and legacy systems, profiling, data assessments, and sampling. Ms. Roop also has a BA and MA in Statistics from the University of Michigan and is a Certified Fraud Examiner (CFE). Peter Baciorowski CISA - Mr. Baciorowski is an Advisory Manager in Deloitte’s Assurance market offering, specializing in analytics. He has over nine years of experience specializing in various data analysis procedures including data visualization, data warehousing, data conversion, data profiling, trend analysis, reconciliation procedures, statistical sampling techniques, and supply chain management. Peter has built analytics platforms to support audit and consultative services in the testing of various business processes, including journal entries, time and expense, mobile expenses, freight, accounts payable, accounts receivable, payroll, revenue, and securitizations. His industry experience includes the automotive sector, manufacturing, consumer business, financial services, and mortgage banking. His primary responsibilities have included managing and coordinating data analytics projects to support business process enhancement, internal audit and financial statement audit engagements. Mr. Baciorowski has a BS Computer Science & Engineering from Oakland University and is a Certified Information Systems Auditor (CISA). Welcome New ISACA Detroit Chapter Members Christina Galloway Brandon Riney Christina Ghannam John Karpach James Fisher Jordan Collins Karen Halik Fateala Vines Prateek Jain William GIng Moses Lahey Colin Goodman Tyler Peterson Andrea Cogo John Carter Aijia Yuan Michael Collins Melissa Garrett Varun Sahlot Djoman Amemate After Dinner Speakers Libby Roop CFE - Ms. Roop is an Advisory Senior Manager in Deloitte’s Assurance market offering, specializing in analytics. She has over ten years of experience during which she has specialized in data analysis methodologies aimed at determining the quality and integrity of enterprise data. Libby has built analytics platforms to support audit and consultative services in the testing of various business processes, including journal entries, accounts payable, accounts receivable, payroll, 3 DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH The Detroit Chapter of ISACA is happy to announce the upcoming fall seminar covering two important topics: Increasing A uditor Effectiveness in Recognizing & Detecting Fraud and Personal Skills for Professional Success. This two day event, which will be held on November 11th and 12th (Wednesday and Thursday), explores the roles auditors play in surfacing dishonest and fraudulent activity, and the auditor’s ability to gather information, analyze, reach conclusions and sell ideas to others. The instructor for these two courses is Courtenay M. Thompson Jr. of Courtenay Thompson & Associates. Mr. Thompson is a recognized authority in fraud-related training for managers, auditors, and investigators. His experience based courses provide practical solutions to real problems. Given that the seminar covers two difference topics, enrollment can be made for one or both days. When signing up be sure to make your choice for both or either of the sessions. The training venue will be MSU’s Management Education Center located at 811 W Square Lake Rd, Troy, MI 48098. Class will begin at 8:30am on both days and it is expected to conclude around 4:30pm. CPE for the session will total 8 hours per day and certificates will be sent to the attendees via email. Cost of the seminar will be $150 for members attending both days and $300* for non-members. If you choose to attend only one day, the cost for members will be $75 and $200* for non-members. A light breakfast, beverages and lunch will be served. So mark your calendar for this important date and take advantage of one of the unique opportunities associated with being a member of ISACA. A full description of both courses can be found below and on behalf of the Seminar committee, we hope to see you there. Day 1 – Increasing Auditor Effectiveness in Recognizing and Detecting Fraud Auditors and public accountants are under fire. There seems to be an increasing expectation that auditors detect fraud in routine audits. This course explores roles auditors play in surfacing dishonest and fraudulent activity, including mobilizing management and establishing fraud policy. It includes case examples, detection methods and how to avoid common mistakes made by auditors and others. Participants will learn symptoms of fraud occurrence and behavioral red flags, brainstorm fraud exposures, and apply a five step detection approach to their own areas. The course includes fraud in technology and technology projects, using data analysis as well as common perils and pitfalls. Suggestions for identifying kickbacks and corruption are also included. Day 2 - Personal Skills for Professional Success Exceptional personal skills lead to improved communication, selfmanagement, and better responses to today’s challenges. Professional success requires not only technical competence but also the ability to gather information, analyze, reach conclusions and sell ideas. This session will provide timeless proven techniques along with insights from recent developments in technology and communications. These insights can provide practical tools for auditors committed to seeing what others don’t and understanding those they audit. The course is packed with tips and techniques proven to increase effectiveness. Effective audit interviewing is included along with suggestions for continued growth. *The non-member fee includes one full year of ISACA International and ISACA Detroit chapter membership. The ISACA Detroit Chapter Certification Committee wishes to congratulate the following Newly Certified: Geeta Kapoor, CISM Leslie Addison, CISA Jewell Mizell, II, CRISC Julie Aprain, CGEIT Darren Lee, CISA Oleg Savka, CISM September Chapter Meeting Raffle Winners Patrick O’Neill Dwight Evans Timothy Banfill Vicki Riley Daniel Bargy Daniel Norberg Owen Ekechukwu Sr. Marcia Mangold Michael Stolarczyk Jacqueline DeConinck The ISACA Detroit Chapter CISA/CISM/CRISC/CSX December Exam Review Classes The ISACA Detroit Chapter is pleased to offer CISA, CISM, CRISC, and CSX (new) review classes in preparation for the December 2015 exams. The classes will be held at the Eastern Michigan University (EMU) site in Livonia (6 Mile and Haggerty - directions will be provided upon registration). The classes, including a mock exam, will be held on the following dates from 6:00 p.m. to 9:30 p.m.: Thursday, Thursday, Thursday, Thursday, Thursday, Thursday, Oct 15 Oct 22 Oct 29 Nov 5 Nov 12 Nov 19 CISA Domain CISA, CISM, CRISC Domains CISA, CISM, CRISC Domains CISA, CISM, CRISC, CSX Domains CISA, CISM, CRISC, CSX Domains CISA, CISM, CRISC, CSX Mock Exams NOTE: A schedule of the do mains that will be cov ered each session will be sent to all participants by our Chapter Administrator. The cost for each of the CISA, CISM, CRISC or CSX review courses is $100 per person. No dinner or beverages will be provided – Attendees are encouraged to bring a snack and a beverage. There is also a minimum enrollment requirement – if enrollment does not reach at least 15 students combined for the CISA, CISM, CRISC, and CSX classes, the sessions will be cancelled and your money refunded. Enrollees will be notified by Monday, October 12 th if the sessions are cancelled. For registration, please visit our Chapter’s web site (www.isacadet.org). The registration will begin on Wednesday, September 30 th and will close on Sunday, October 11th. If you have questions, please feel free to contact me: brendakarl55@gmail.com. Brenda L. Karl, CISA, CGEIT, CRISC ISACA Detroit Chapter Certification Director The Seminar Committee of the Detroit Chapter of ISACA 4 DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH 2015-2016 ISACA Detroit Chapter Committees Academic Relations BCBSM is looking for highly qualified individuals to join the Blues team. Apply to mibluetalent.com Certification Some of the areas where BCBSM provides exciting careers are: Blue Cross Blue Shield of Michigan/Detroit/Michigan Auditor III This position assists management with general supervision in mitigating corporate risk exposures by conducting corporate control assessments of, providing risk education and consulting services to BCBSM, its subsidiaries, vendors, supplier and contractors of the company. Candidate must be able to perform audits and reviews which include identifying risks and controls to mitigate risk, testing of controls, writing audit reports and conducting exit conference meetings. Financial audit experience, knowledge of data analytic tools (i.e. ACL, SAS) and continuous auditing is preferred. B.A. required and advanced degree preferred. Five years related work experience required, which includes 3 (three) years of auditing experience. Blue Cross Blue Shield of Michigan/Detroit/Michigan IT Auditor I This position assists management with general supervision in mitigating corporate risk exposures by conducting IT control audits and IT advisory services. Candidate must be able to perform IT audits and reviews on information security, applications, operating systems, networks, and IT governance controls. Knowledge of data analytic tools (i.e. ACL, SAS) and continuous auditing is preferred. Must have strong communication skills. Two years of experience in IT Auditing or related IT experience required. Blue Cross Blue Shield of Michigan/Detroit/Michigan IT Auditor II Project Risk and Advisory Services These positions assists management with general supervision in mitigating corporate risk exposures by conducting IT control and project implementation assessments. Candidates must be able to function as skilled project advisors able to identify, assess, and effectively communicate risks affecting large corporate implementations and initiatives as well as provide recommendations for mitigation. Knowledge of traditional IT audit, project management, and IT governance related to large scale project system implementations is preferred. Must have strong communication skills. Three plus years of related work experience preferred. Note – Certifications strongly preferred. Facilities Internet Membership Nominating & Audit Program Spring Training Seminars Sajay Rai (Chair) Michele Dawson Robert Okopny Bhaskar Kakulavarapu Manish Zaveri Ryan Hodges Brenda Karl (Chair) Michael Forrest Michele Dawson Charles Murray (Non-Board Member) Carrie Schrader (Chair) Mike Forrest Linda Kearney Ryan Hodges Ryan Hodges (Chair) Brad Barton Juman Doleh-Alomary (Social Media) Bhaskar Kakulavarapu (Webmaster) Michael Forrest (Chair) Brenda Karl Doug Wahr Sajay Rai (Chair) Brad Barton Malini Sarma (Chair) Doug Copley Juman Doleh-Alomary Greg Boehmer Keith Cheresko Juman Doleh-Alomary (Chair) Manish Zaveri (Chair) Carrie Schrader Brad Barton Doug Wahr Keith Cheresko (Chair) Michael Forrest Bylaws, Policies and ProDoug Wahr cedures Sajay Rai Social Committee Ad Hoc Committees Linda Kearney Melvin Taylor (Chair) Ryan Hodges Malini Sarma Enhance Member Experience: Michael Forrest, Juman Doleh-Alomary, Malini Sarma Increase Executive Participation: Linda Kearney Leverage Social Media: Ryan Hodges, Juman Doleh-Alomary Volunteers: Brad Barton, Sajay Rai, Melvin Taylor Spending: Linda Kearney Chair, Sajay Rai, Greg Boehmer Communications: Brad Barton 5 DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH Reserve YOUR seat TODAY! 2015 North American International Cyber Summit Monday, October 26, 2015 - COBO Center – Detroit, MI REGISTER TODAY AT: www.michigan.gov/cybersummit The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year’s event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. The State of Michigan has long been considered a national leader on cyber security, leading the discussion on emerging trends and best practices in policy, law and all manner of public and private interests. The agenda for the event will feature internationally recognized keynote speakers as well as experts from around the country to lead featured breakout sessions. Keynote & Featured Speakers Governor Rick Snyder David Behen, Director and Chief Informat ion Officer, Michigan Department of Technology, Management and Budget Ben Cotton, President/CEO, CyTech Services Beth Niblock, CIO, City of Detroit Reynold N. Hoover, Major General, USA, Director, Intelligence and Command, Control, Communications, and Computers and Chief Information Officer Barbara McQuade, U.S. Attorney, Eastern District of Michigan, United States Department of Justice Kelvin Coleman, Branch Chief, Government Engagement, Cybersecur ity and Communications, Department of Homeland Security G. Thomas Winterhalter, Federal Bureau of Investigation Jeffrey S. McLeod, Director, Homeland Security and Public Safety Division, National Governors Association Terry Hect, Director, Chief Security Strategist, AT&T Richard Dorough, Senior Managing Director, PwC Peter Romness, Cybersecurity Solutions Lead, U.S. Public Sector, Cisco Systems Kelly Bissell, Principal, Deloitte & Touche LLP Additional featured speakers and session speakers are listed on the website www.michigan.gov/cybersummit NEW Pricing for 2015 Cost is $79 to attend. NOTE: Discount price of $59 for students or members of the following organizations: ISSA, InfraGard, West Michigan Cyber Security Consortium, ISACA, Mi-GMIS, members of the military and WC4. Secure your seat today! 6 DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH ISACA Detroit Chapter 2015 - 2016 Programs Schedule Topic Speaker Wed. Sept. 16 Joint mtg. with ISSA Pre Dinner The Internet of Everything is Here How do we secure it? Keith Wilson Vista Tech After Dinner Demonstrating Information Security Program Effectiveness Doug Copely Wed. Oct. 21 Pre Dinner GRC Within a System Implementation MSU After Dinner Data Analytics Wed. Nov. 18 Pre Dinner MSU After Dinner Company Lancope Chris McGee Libby Roop & Pete Baciorowski KPMG TBD TBD TBD 6 Easy Ways to Make a Positive First Impression Lizz Glen Ralph Nichols Group, Inc. Tues. Dec. 8 Joint Meeting Pre Dinner with IIA TBD Brad Barton Lear Vista Tech After Dinner SOD Kevin W. Kobelsky PhD University of Michigan Wed. Jan.20 Pre Dinner Cyber Law Related Melissa Markey Hall, Render, Killian PLLC Vista Tech After Dinner TBD TBD TBD Wed. Feb. 17 MSU Pre Dinner After Dinner TBD TBD TBD TBD TBD TBD Wed. Mar. 16 Student's Night Pre Dinner TBD TBD TBD MSU After Dinner TBD TBD TBD Wed. Apr. 20 Vista Tech Pre Dinner After Dinner TBD TBD TBD TBD TBD TBD Wed. May 18 Pre Dinner TBD TBD TBD MSU After Dinner TBD TBD TBD Attend up to 4 Chapter Meetings FREE In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of peers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to four (4) meetings FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registration close for that meeting. Please send the e -mail to Mike Forrest at m_forrest@wowway.com. Deloitte October 21, 2015 Menu Salads: Italian Chopped Salad; Broccoli Salad Entrees: Carved Roasted Prime Beef; Chicken Marsala; Salmon with Dill Beurre Blanc Side Dishes: Mashed Potato and Cheese Strata; Seasonal Vegetables Vegetarian: Ravioli Trio Dessert: Chef’s Chocie Fresh baked rolls, butter, relish tray and coffee included. Two alcoholic drinks limit (beer & wine only); no other liquor available. ADVERTISE IN THE DATABYTE NEWSLETTER ¼ Page $50.00 ½ Page $100.00 Full Page $200.00 Contact Geralyn Jarmoluk at administrator@isaca-det.org or Mike Forrest at m_forrest@wowway.com 7 DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH The October 21, 2015 Meeting will be held at Michigan State University Management Education Center 811 W. Square Lake Road Troy, MI 48098-2831 Phone: 248-879-2456 The Chapter must provide the number of reservations by 8:00 a.m. on the Monday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can provide the best service possible, please make your reservations prior to noon on Friday October 16, 2015. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at Administrator@isacadet.org, or 248-762-7421 prior to the above noted deadline for refunds. Your cooperation is greatly appreciated. We are very sorry, but reservations not cancelled prior to the above noted deadline (noon Friday prior to the meeting) cannot be refunded as we are committed to the caterer for the meals ordered. DATABYTE Geralyn Jarmoluk, Editor P.O. Box 43 Romeo, MI 48065 8