Upload
truongdiep
View
213
Download
0
Embed Size (px)
Citation preview
1
Letter from the President
I N S I D E T H I S
I S S U E :
Letter from the
President
1
Next Meeting
Agenda
1
News from
ISACA
International
2
...and in other
news
2
UT Dallas Fraud Summit
3
February’s
Chapter
Meeting
4
Announcement
for test takers
4
Seminar:
Auditing Oracle
5
Current Job
Postings
6
Upcoming
Events
6
The PasswordThe PasswordThe Password M A R C H , 2 0 1 4
March is a busy month! Among the activities are spring break, the annual March Madness college
basketball tournament starting 3/18, and the first day of Spring on
3/20! Our March meeting
takes place on Tuesday 3/4 at the
Petroleum Club in Fort Worth. We’re holding our first ever joint meeting with the Fort Worth IIA chapter. Our own Rick Link is speaking on the ‘Texas Medical Records Privacy Act – Texas House Bill (HB) 300’ at the pre-lunch session. The
lunch session features Earl Parsons discussing ‘ROI Analysis on IT Projects’ and Courtenay Thompson presents `The Impact of Technology on Stewardship, Risk and Fraud’ at the post-lunch session. Space is limited, so sign up by Friday 2/28
to secure your seat. You can see the
meeting details and register for this event on our web site at www.isaca-northtexas.org. Seats are still available for our 2014 Spring Seminar ‘Auditing Oracle’s E-
Business Suite’ on Monday 3/24 through Wednesday 3/26/14. This three day seminar is presented by Jeffrey Hare, a leading authority on Oracle E-
Business Suite controls. It is a must for auditors and those involved in implementing and supporting Oracle’s E-
Business Suite. The seminar is being offered at a considerable savings over the publically offered class in addition to saving travel and lodging expenses. Cost
is $700, which includes 24 hours of CPE as well as all training materials, lunch, snacks and beverages. Thank you to JCPenney for hosting this seminar in Plano. If your company is interested in hosting a future training
event, please contact us at [email protected]. Don’t forget our Certification Reviews for the CISA and CISM June exams will start in April. Stay tuned for
details.
See you at the March meeting! Greg Streder, CISA, CISSP President
Pre-Luncheon (10:00)
“Texas Medical Records Privacy Act
Texas House Bill 300 (HB 300)”
Ricky Link
Coalfire Systems, Inc.
Luncheon (11:00)
"ROI Analysis on IT Projects”
Earl Parsons
Radioshack
Post-Luncheon (12:30)
"The Impact of Technology on
Stewardship, Risk & Fraud"
Courtenay Thompson, CPA
Next Meeting Agenda When: Tuesday, March 4th Where: Pretroleum Club in Fort Worth
2
...and elsewhere
Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get
registered!
Time is running out! Get your colleagues to join ISACA by December
31st to win a tablet or other prizes!
Many of us think we have all the right answers...but how many of us
know the right questions? Submit your certification exam questions to
ISACA and get PAID!
Haven’t even taken that test yet? The June 2014 exams are now open
for registration.
The 2013 IT Risk/Reward barometer examines plans and perceptions of
many of the hot topics in our field, taken from members around the
world.
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
T H E P A S S W O R D
How much is too much when it comes to IT risk management?
Microsoft has joined the FIDO (Fast IDentity Online) alliance in an
attempt to move away from passwords to more secure means of
authentication. Sounds great...but surely nobody will ever guess “123456”
is your password?
News from ISACA International Did you enjoy CACS last year? This year it’s in Vegas! Register and pay
by 3/3 to save $200!
Speaking of CACS, closing keynote speaker and astronaut, Mike
Mullane, discusses IT in outer space in the ISACA Now blog.
Looking to get the hang of COBIT 5? As an ISACA member, you can
download the eBook for free.
Regarding COBIT, it has been included in the US Cybersecurity
Framework. The NIST will present on the framework at CACS.
ISACA is issuing open badges, which will enable interested parties to
learn more about your certification with a single click. Be on the
lookout for an email from ISACA in the next month to get yours!
Have a passion for helping out your fellow IT geeks? Want to do more
within the community? Become an ISACA volunteer!
Submit certification exam questions to ISACA and earn 2 CPEs and $50
-$100 for each accepted item!
Three ISACA certifications top the list of the 15 top-paying IT
certifications for 2014. Do you have yours? If not, now’s the time to
get registered for an exam!
P A G E 2
...and in other news This month’s Internal Auditor magazine cover story is a great read on the
whistleblower of the Olympus billion-dollar fraud.
Also in Internal Auditor magazine, Rick Warren of Crowe-Horwath looks at
Closing the Gaps in Third-Party Risk
Management.
WhatsApp - The $19 billion Facebook
acquisition and its security weaknesses.
In the aftermath of the breach, Target
vows to put $100 million towards
accelerating adoption of smart cards
ahead of the October 2015 deadline, when credit card companies shift
liability for fraud to the merchants.
3
Thursday Conference
Price: $300/person
Thursday, March 27th
8:00am – 5:00pm, 8 hours CPE
Three workshops to choose from:
“Inside the Mind of a Hardcore Fraudster” - Sam Antar,
Convicted Felon, White Collar Crime Consultant, Whistleblower, and Former CFO, Crazy Eddie’s
Look inside the mind of a white-collar criminal. Learn to identify the tactics, strategies, diversions, and progression of
fraudsters. Learn to spot potential fraud in public companies through red flags in financial statements.
“Targeting Fraud and Corruption in Contract and Procurement Activities” - Nicholas DiMola, Co-Founder
and Principal, Quality Plus & Associates and Paul Flora, Co-Founder and Principal, Quality Plus & Associates
Review key factors to effectively assess fraud risk within your company, and identify indicators of corruption and fraud
in contracts and procurement activities. Learn the importance of having the correct controls, processes and preventative
strategies to mitigate the possibility of fraud. This session will also interact with the audience to discuss best practices
for preventing, detecting and investigating contract and procurement fraud.
“How to Manage Fraud for the Next 5 Years” - Jarrett W. Kolthoff, President/CEO, SpearTip | Naveen
Krishnan, Audit Manager, Whitley Penn | John Williamson, Audit Senior, Whitley Penn
Learn the strategic and tactical ways of managing fraud within an organization for today’s risks. With the enhanced
emphasis on privacy and regulatory requirements, what is the right mix of controls and security necessary to protect
your company's information? We will emphasize executive management's role in the process, legal impacts,
interviewing techniques, investigative personnel, and IT security to protect against the savvy hacker.
Friday Conference
Price through March 1st: $300/person
8:00am – 5:00pm, 7 hours CPE
Keynote Speaker: Sam Antar
Mr. Antar is a convicted felon, white-collar crime consultant, SEC
whistleblower, and former CFO of Crazy Eddie's. He will
provide valuable insight into the mind of a fraudster and
techniques for recognizing financial fraud. This session will
feature Mr. Antar on a panel with law enforcement personnel.
Two General Sessions
24 Breakout Sessions
P A G E 3
T H E P A S S W O R D
Volunteers for the 8th annual UT Dallas fraud summit helped make
it the best yet. This year’s organizers hope to make it even better.
Last Chance to Register!
4
P A G E 4
CPE Policy Update: The following change to the ISACA certification CISA, CISM, CGEIT and CRISC CPE policies has been made. This change went into effect 1 January 2014 and has been approved of by the respective Certification Committees. The change applies uniformly to all ISACA certifications.
Passing related professional examinations (no limit): This activity pertains to the pursuit of other related professional examinations. Two CPE hours are earned for each exam hour when a passing score is achieved.
Previously only one CPE hours was earned for each examination hour. In other words, if a certified individual passes a related professional examination that was 4 hours in length, 8 CPE would be earned. Prior to 1 January 2014, 4 CPE would have been earned. This change in CPE policy does not change what is meant by “related professional examination” - -only the number of CPE hours earned are affected. For complete details, please visit the updated CPE policies at:
For CISA: www.isaca.org/cisacpepolicy For CISM: www.isaca.org/cismcpepolicy For CGEIT: www.isaca.org/cgeitcpepolicy For CRISC: www.isaca.org/crisccpepolicy
Should you have any questions on any of these changes, feel free to contact the ISACA Certification Department at [email protected] or +1.847.660.5660.
Announcement for test takers
T H E P A S S W O R D
The Gist:
You now get 2
CPE for each
testing hour
when passing!
February’s chapter meeting Brookhaven Country Club played host to our February meeting. Pre-luncheon, Richard Bruner of GM Financial took us through Intellectual Property Protection. The growing importance of intellectual property, the threats, and methods for mitigation were discussed. Sajay Rai of Michigan-based Securely Yours took on the hot topic of auditing mobile devices during our luncheon session. His guidance will be a useful
baseline for those seeking to get started in their own audit program or even shore up some weaknesses. Our day concluded with a look at mobile payment card processing. Richard Poworski of Seccuris went through the challenges and benefits of complying with PCI standards. Being an area that is gaining more and more attention, it will be
interesting to see if we can stay ahead of the risks. As always, visit our presentations library for details.
Sajay Rai Securely Yours
Door Prize Winners
5
SPECIAL UPCOMING SEMINAR
Auditing Oracle’s E-Business Suite: An Introduction to the Application’s Architecture
This three day seminar is presented by Jeffrey Hale, a leading authority on Oracle E-Business Suite controls. It is a must for auditors and those involved in implementing and supporting Oracle’s E-Business Suite. The seminar is offered at a considerable saving over the publically offered class in addition to saving in travel and lodging expenses. Don’t miss the opportunity to be part of this learning experience and earn valuable CPE credits.
Date: Monday, March 24 thru Wednesday, March 26, 2014
Time:
8:30 AM – 4:30 PM Location: JCPenney 6501 Legacy Drive, Plano, TX 75024, Cost: $700 Members and Non-Members (Includes training materials, lunch, snacks and beverages)
Register at www.isaca-northtexas.org
Online registration closes on Friday, March 14, 2014 at 5:00 PM. No walk-ins. Prepay by Credit Card, PayPal or Check Only. Checks must be received by Friday, March 14, 2014.
Class size is limited to the first 45 registrants.
For any information regarding refunds, complaints, and program cancellation policies, visit www.isaca-northtexas.org/SitePages/ProgramPolicies.aspx.
PROGRAM DESCRIPTION Oracle’s E-Business Suite offers a wide variety of applications which require specific audit programs. Auditors and those implementing and supporting Oracle’s E-Business Suite need actionable information about the associated risks and controls. The program will be presented by Jeffrey Hare, CPA, CISA, CIA, CEO of ERP Risk Advisors, a leading thought leadership firm providing risk advisory services for organizations running Oracle Applications. In 2009 Mr. Hare published Oracle E-Business Suite Controls: Application Security Best Practices. LEARNING OBJECTIVES This foundational three-day course will take you from a basic understanding to an intermediate understanding of application risks and controls for the most commonly implemented Oracle applications along with the elements common to all implementations. It will delve deeply into application security and other IT general controls and provide you with a several SQL queries frequently used in assessments.
P A G E 5
Space Still
Available!
T H E P A S S W O R D
6
Current Career Opportunities P A G E 6
The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is an objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of
ideas. Statements of position or expressions of opinion appearing herein are those of the authors and not, by the fact of publi-cation, necessarily those of ISACA or the North Texas Chapter. Likewise, the publication of any advertisement is not construed
to be an endorsement of the product or service offered unless specifically stated.
Copyright 2014 ISACA North Texas Chapter
all rights reserved
Questions? Comments? Corrections? Please advise us at [email protected]
March 27 & 28, 2014
Dallas IIA Annual Fraud Summit @ UT Dallas
Thursday Workshop
($300/person) Attendees choose one of three
workshops.
Friday Conference ($200-300)
Keynote Speaker: Sam Antar
See Page 3 for more details
March 4, 2014
Joint Meeting with Fort Worth IIA
LOCATION
Fort Worth Petroleum Club 777 Main St #4000, Fort Worth, Texas
PRE-MEETING
Texas Medical Records Privacy Act - Texas House Bill 300
(HB 300)
Luncheon ROI on IT projects
POST-MEETING
The Impact of Technology on Stewardship, Risk & Fraud
REGISTER
March 24-26, 2014
Auditing Oracle E-Business Suite
LOCATION JC Penney
Corporate HQ Plano, Texas
TIME
8:30-4:30 PM
COST $700 (includes lunch &
materials)
See Page 5 for more details
or:
REGISTER
Space Available
Register Now!
T H E P A S S W O R D
Senior Auditor (IT) UT Southwestern Medical Center
Dallas, TX Permanent Non-Management
11/7/2013 3/31/2014
IT Audit, Associate Manager Molkentine Professional Search, Inc
Dallas, TX Permanent Management 12/11/2013 2/28/2014
Sr GRC Systems Administrator - IT Services GM Financial
Arlington, Texas
Permanent Non-Management
12/26/2013 2/28/2014
Vendor Auditor Ocwen Coppell,
Texas Permanent
Non-
Management 1/15/2014 4/1/2014
Supplier Management Senior Auditor Citigroup Irving, TX Permanent
Non-Management
1/16/2014 4/1/2014
IT / IS Auditor (External) Aporia Solutions United
States Permanent
Non-
Management 2/7/2014 2/28/2014
IS Assurance Senior Associate BDO USA, LLP Dallas Permanent Non-
Management 2/12/2014 4/30/2014
IT Auditor Kimberly-Clark Dallas, TX Permanent Non-
Management 2/13/2014 4/30/2014
Upcoming Events