Technology

Friday, May 7, 2010
8:30 - 4:30

Renaissance International Plaza, Tampa (Map)

RSVP On-line - When attending under the pre-paid plan, please RSVP with the specific attendees each time.

Price* - $175 members of IIA, ISACA or IMA, $200 non-members

* - for non IIA Package holders

This training qualifies for 8 hours of CPE credit.

8:30-10:00

This session shall assist you in the familiarity with all Professional Guidance produced by the IIA and an introduction to the various levels of guidance with a focus on Technology and how you can maximize its use in your day to day audits.

Heriot Prentice, MIIA, FIIA, QiCA - Director, Standards and Guidance, The IIA, has been a member since 1985 and served on the Board in the UK and Ireland as well as the Global IIA Board. he worked for the Government for 20 years in the UK and worked for Deloitte for almost 8. He specialized in IT and Forensics and developed the GTAG series and also the GAIT methodology on staff. I am a distinguished Faculty member for the IIA.

10:00 - 10:15 - Break

10:15- 12:00

RISK-IT the New Framework for IT Risk Management

Finally we have got the first comprehensive IT risk governance framework fully integrated with COSO, ERM, COBIT and VAL-IT. To help to better understand and be able to efficiently and effectively implement this framework we provide this session to our members and other key stakeholders. The framework is very useful for auditors defining common key IT risks with mapping of key controls and other suggested controls. This session is a practical session that provides the quick wins to start to use this excellent free framework to manage IT risks.

Introduction
The key components of the framework
How should business stakeholders (IT, Management, Board, etc) use this framework – The quick wins
How should an auditor use this framework – The quick wins
Q&A

This session will provide you with a lot valuable tools and tips to bring home.

Risk IT is a set of proven, real-world practices that helps your enterprise achieve its goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows your enterprise to manage—and even capitalize on—risk in the pursuit of its objectives. It extends COBIT, the globally recognized IT governance framework, and saves time, cost and effort by providing your enterprise with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.

Risk IT was developed by a team of global business and IT experts from ISACA, a nonprofit, independent association with more than 86,000 constituents in 160 countries, and is freely available for download from www.isaca.org/riskit. Please down load it and bring it with you to the luncheon if possible.

Risk IT helps professionals detect warning signs earlier to better protect their business and revenue. Many of these risks can be reduced by using IT and many are the direct result of the existence of technology. Currently, these IT-related risks are often managed in silos. Risk IT addresses these issues by providing a business focus and holistic way of managing—and capitalizing on—risks.

Risk IT offers the broad view of risk that has been missing from the industry and from practitioners’ knowledge bases. It provides an umbrella for addressing enterprise risk across other more focused and detailed frameworks and process models. The Risk IT Framework, a publication in the Risk IT set, includes a chart comparing Risk IT to several other major standards and frameworks, allowing professionals to select what works best for their needs.

Risk IT has two components—The Risk IT Framework (which helps convey the risk landscape and prioritize activities) and The Risk IT Practitioner Guide (which provides practical guidance on carrying out programs to improve the management of risk). It is divided into three domains—Risk Governance (RG), Risk Evaluation (RE) and Risk Response (RR)—each containing three processes. It complements COBIT and Val IT and expands on the risk management principles established in COBIT PO9 Assess and Manage IT Risks. It also is highly effective as standalone guidance, if an organization does not use COBIT.

Speaker – Johan Lidros, CISA, CISM, CGEIT, ITIL-F

Professional Background
Johan Lidros is the co-founder and President of Transcendent Group which provides Technology Risk Management Services in Florida and Europe. Previously, Johan was the Florida and Caribbean Computer Risk Management practice leader at Arthur Andersen. He provided service to clients from the Nordic countries, New York and Florida for over 10 years before opening his own firm in 2001. He has specialized in providing IT Risk Management services, IT audit and information security assurance solutions for the government, financial, and healthcare industries.

Education Background and Professional Affiliations
Johan has a Bachelor of Science in Economics from the Stockholm University. Johan is a Certified Information System Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and certified in IT Infrastructure Library (ITIL-F). He is also a member of the Information System and Control Association (ISACA), the Institute of Internal Auditors (IIA), Computer Security Institute (CSI), Information System Security Association (ISSA), Healthcare Information and Management Systems Society (HIMSS) and Association of Healthcare Internal Auditors (AHIA). He has been a member of the board of information security at SWEDAC (Swedish Certification Authority), Swedish General Standards Institution committee for ISO27001 (LIS), ISACA Sweden and ISACA West Florida. He is the current CISA coordinator for ISACA West Florida chapter. Johan has authored several articles on IT risk management and a speaker at several seminars regarding IT security and IT risk management.

About Transcendent Group
Transcendent Group is a boutique IT risk management consulting firm with offices in Tampa, Florida and Stockholm, Sweden. The firm offers IT Governance, IT Risk Assessment, Information Security, and IT Strategy & Management services in multiple industries with an emphasis in healthcare, financial services, local government, and higher education. Transcendent only employs certified, experienced professionals with over 10 years of relevant experience. The firm focuses on client values with tailored solutions that meet each client’s unique needs. Feel free to contact Johan Lidros, President, at johan.lidros@transcendentgroup.com or 813-355-6104 with any questions.

12:00 - 1:00 - Lunch

1:00 – 2:30

Patrick Murphy providing a Performance Consultant’s view on assessing, designing and managing organization performance.

Designing and managing exceptional performance: Exceptional performance is not an accident. It requires careful consideration of the variables necessary to achieve desired results. Today’s discussion will provide a Performance Consultant’s view on assessing, designing and managing organization performance.

NOTE: The intent of the presentation is to put forth the concept that our disciplines share a common goal of helping organizations understand and improve their performance.

About Performance Design Lab:
Performance Design Lab (PDL) is a leading research, consulting and training organization respected in both the business world and the performance improvement industry for our thought leadership and experience. Our theory base and methodologies have been adopted as the standard for:

Improvement initiatives within Fortune 100 companies,
Consultant development in the consulting industry, and
The curriculum of business schools

We wrote the book on performance:
Three, in fact. PDL's straightforward and time-tested approaches to performance analysis, performance design and performance management have been documented over the years with three acclaimed books, Improving Performance – How to Manage the White Space on the Organization Chart (Rummler & Brache) (1990,1995), Serious Performance Consulting According to Rummler (2004). and White Space Revisited (Rummler/Ramias/Rummler) (2009).

What’s in a name?
PDL is in the results/performance improvement business. At its core is our fundamental belief that performance can be designed, that performance improvement is not magic, but science. Our theory base and methodologies allow us to do this in a systematic and repeatable way with predictable results.

About Patrick Murphy:
Pat has consulted with and managed consulting engagements for client organizations ranging from entrepreneurial start-ups to Fortune 100 companies in North America, Europe and Asia on a broad range of organizational performance issues. His experience transcends a wide variety of industries including; Pharmaceuticals, Banking, Telecommunications, Manufacturing, Transportation, and Public Service Utilities to name a few. Client organizations have included such notable firms as; Johnson & Johnson, Hewlett Packard, Charles Schwab, ADP, CIGNA, and LCI International. Pat’s role at Performance Design Lab encompasses consulting with clients as well as the development and delivery of their training curriculum.

2:30 - 2:45 - Break

2:45 -4:30

Regulation and Standards – What Internal Auditors Need to Understand

Internal Auditors face the challenge of understanding internal business strategies, risks and the effectiveness of controls. However, they also must apply knowledge of regulations and standards as they evaluate organizational risk, especially as these relate to constantly-changing technology.

Protiviti’s regulatory and Information technology practice will present discuss recent research into key areas of technical competence, then discuss three prominent areas of regulation and standards; PCI, HITECH and HITRUST. All Internal Auditors should be conversant with the intent and reach of the underlying regulations, and the techniques internal auditors can apply the standards to identify the relevant issues. The Protiviti team will emphasize the reasons why (for example) PCI isn’t just a “Retail” standard and why HITECH isn’t just a “healthcare” risk.

The discussion will emphasize the hands-on experience of Protiviti professional Jose Torres (Managing Director, Technology Solutions), David Taylor (Director, IT Security Solutions), Vickie Paterson (Associate Director and National PMO Leader for Compliance) and Bill Thomas (Managing Director). Each member will address a topic, share experiences and advice, and – most importantly – apply this knowledge to questions you may have regarding the ways your organization should consider these important topics.