1

Letter from the President

I N S I D E T H I S

I S S U E :

Letter from the

President

1

Next Meeting

Agenda

1

News from

ISACA

International

2

...and in other

news

2

UT Dallas Fraud Summit

3

February’s

Chapter

Meeting

4

Announcement

for test takers

4

Seminar:

Auditing Oracle

5

Current Job

Postings

6

Upcoming

Events

6

The PasswordThe PasswordThe Password M A R C H , 2 0 1 4

March is a busy month! Among the activities are spring break, the annual March Madness college

basketball tournament starting 3/18, and the first day of Spring on

3/20! Our March meeting

takes place on Tuesday 3/4 at the

Petroleum Club in Fort Worth. We’re holding our first ever joint meeting with the Fort Worth IIA chapter. Our own Rick Link is speaking on the ‘Texas Medical Records Privacy Act – Texas House Bill (HB) 300’ at the pre-lunch session. The

lunch session features Earl Parsons discussing ‘ROI Analysis on IT Projects’ and Courtenay Thompson presents `The Impact of Technology on Stewardship, Risk and Fraud’ at the post-lunch session. Space is limited, so sign up by Friday 2/28

to secure your seat. You can see the

meeting details and register for this event on our web site at www.isaca-northtexas.org. Seats are still available for our 2014 Spring Seminar ‘Auditing Oracle’s E-

Business Suite’ on Monday 3/24 through Wednesday 3/26/14. This three day seminar is presented by Jeffrey Hare, a leading authority on Oracle E-

Business Suite controls. It is a must for auditors and those involved in implementing and supporting Oracle’s E-

Business Suite. The seminar is being offered at a considerable savings over the publically offered class in addition to saving travel and lodging expenses. Cost

is $700, which includes 24 hours of CPE as well as all training materials, lunch, snacks and beverages. Thank you to JCPenney for hosting this seminar in Plano. If your company is interested in hosting a future training

event, please contact us at Education@isaca-northtexas.org. Don’t forget our Certification Reviews for the CISA and CISM June exams will start in April. Stay tuned for

details.

See you at the March meeting! Greg Streder, CISA, CISSP President

Pre-Luncheon (10:00)

“Texas Medical Records Privacy Act

Texas House Bill 300 (HB 300)”

Ricky Link

Coalfire Systems, Inc.

Luncheon (11:00)

"ROI Analysis on IT Projects”

Earl Parsons

Radioshack

Post-Luncheon (12:30)

"The Impact of Technology on

Stewardship, Risk & Fraud"

Courtenay Thompson, CPA

Next Meeting Agenda When: Tuesday, March 4th Where: Pretroleum Club in Fort Worth

2

...and elsewhere

Did you enjoy CACS last year? This year it’s in Vegas! Be sure to get

registered!

Time is running out! Get your colleagues to join ISACA by December

31st to win a tablet or other prizes!

Many of us think we have all the right answers...but how many of us

know the right questions? Submit your certification exam questions to

ISACA and get PAID!

Haven’t even taken that test yet? The June 2014 exams are now open

for registration.

The 2013 IT Risk/Reward barometer examines plans and perceptions of

many of the hot topics in our field, taken from members around the

world.

Have a passion for helping out your fellow IT geeks? Want to do more

within the community? Become an ISACA volunteer!

T H E P A S S W O R D

How much is too much when it comes to IT risk management?

Microsoft has joined the FIDO (Fast IDentity Online) alliance in an

attempt to move away from passwords to more secure means of

authentication. Sounds great...but surely nobody will ever guess “123456”

is your password?

News from ISACA International Did you enjoy CACS last year? This year it’s in Vegas! Register and pay

by 3/3 to save $200!

Speaking of CACS, closing keynote speaker and astronaut, Mike

Mullane, discusses IT in outer space in the ISACA Now blog.

Looking to get the hang of COBIT 5? As an ISACA member, you can

download the eBook for free.

Regarding COBIT, it has been included in the US Cybersecurity

Framework. The NIST will present on the framework at CACS.

ISACA is issuing open badges, which will enable interested parties to

learn more about your certification with a single click. Be on the

lookout for an email from ISACA in the next month to get yours!

Have a passion for helping out your fellow IT geeks? Want to do more

within the community? Become an ISACA volunteer!

Submit certification exam questions to ISACA and earn 2 CPEs and $50

-$100 for each accepted item!

Three ISACA certifications top the list of the 15 top-paying IT

certifications for 2014. Do you have yours? If not, now’s the time to

get registered for an exam!

P A G E 2

...and in other news This month’s Internal Auditor magazine cover story is a great read on the

whistleblower of the Olympus billion-dollar fraud.

Also in Internal Auditor magazine, Rick Warren of Crowe-Horwath looks at

Closing the Gaps in Third-Party Risk

Management.

WhatsApp - The $19 billion Facebook

acquisition and its security weaknesses.

In the aftermath of the breach, Target

vows to put $100 million towards

accelerating adoption of smart cards

ahead of the October 2015 deadline, when credit card companies shift

liability for fraud to the merchants.

3

Thursday Conference

Price: $300/person

Thursday, March 27th

8:00am – 5:00pm, 8 hours CPE

Three workshops to choose from:

“Inside the Mind of a Hardcore Fraudster” - Sam Antar,

Convicted Felon, White Collar Crime Consultant, Whistleblower, and Former CFO, Crazy Eddie’s

Look inside the mind of a white-collar criminal. Learn to identify the tactics, strategies, diversions, and progression of

fraudsters. Learn to spot potential fraud in public companies through red flags in financial statements.

“Targeting Fraud and Corruption in Contract and Procurement Activities” - Nicholas DiMola, Co-Founder

and Principal, Quality Plus & Associates and Paul Flora, Co-Founder and Principal, Quality Plus & Associates

Review key factors to effectively assess fraud risk within your company, and identify indicators of corruption and fraud

in contracts and procurement activities. Learn the importance of having the correct controls, processes and preventative

strategies to mitigate the possibility of fraud. This session will also interact with the audience to discuss best practices

for preventing, detecting and investigating contract and procurement fraud.

“How to Manage Fraud for the Next 5 Years” - Jarrett W. Kolthoff, President/CEO, SpearTip | Naveen

Krishnan, Audit Manager, Whitley Penn | John Williamson, Audit Senior, Whitley Penn

Learn the strategic and tactical ways of managing fraud within an organization for today’s risks. With the enhanced

emphasis on privacy and regulatory requirements, what is the right mix of controls and security necessary to protect

your company's information? We will emphasize executive management's role in the process, legal impacts,

interviewing techniques, investigative personnel, and IT security to protect against the savvy hacker.

Friday Conference

Price through March 1st: $300/person

8:00am – 5:00pm, 7 hours CPE

Keynote Speaker: Sam Antar

Mr. Antar is a convicted felon, white-collar crime consultant, SEC

whistleblower, and former CFO of Crazy Eddie's. He will

provide valuable insight into the mind of a fraudster and

techniques for recognizing financial fraud. This session will

feature Mr. Antar on a panel with law enforcement personnel.

Two General Sessions

24 Breakout Sessions

P A G E 3

T H E P A S S W O R D

Volunteers for the 8th annual UT Dallas fraud summit helped make

it the best yet. This year’s organizers hope to make it even better.

Last Chance to Register!

4

P A G E 4

CPE Policy Update: The following change to the ISACA certification CISA, CISM, CGEIT and CRISC CPE policies has been made. This change went into effect 1 January 2014 and has been approved of by the respective Certification Committees. The change applies uniformly to all ISACA certifications.

Passing related professional examinations (no limit): This activity pertains to the pursuit of other related professional examinations. Two CPE hours are earned for each exam hour when a passing score is achieved.

Previously only one CPE hours was earned for each examination hour. In other words, if a certified individual passes a related professional examination that was 4 hours in length, 8 CPE would be earned. Prior to 1 January 2014, 4 CPE would have been earned. This change in CPE policy does not change what is meant by “related professional examination” - -only the number of CPE hours earned are affected. For complete details, please visit the updated CPE policies at:

For CISA: www.isaca.org/cisacpepolicy For CISM: www.isaca.org/cismcpepolicy For CGEIT: www.isaca.org/cgeitcpepolicy For CRISC: www.isaca.org/crisccpepolicy

Should you have any questions on any of these changes, feel free to contact the ISACA Certification Department at certification@isaca.org or +1.847.660.5660.

Announcement for test takers

T H E P A S S W O R D

The Gist:

You now get 2

CPE for each

testing hour

when passing!

February’s chapter meeting Brookhaven Country Club played host to our February meeting. Pre-luncheon, Richard Bruner of GM Financial took us through Intellectual Property Protection. The growing importance of intellectual property, the threats, and methods for mitigation were discussed. Sajay Rai of Michigan-based Securely Yours took on the hot topic of auditing mobile devices during our luncheon session. His guidance will be a useful

baseline for those seeking to get started in their own audit program or even shore up some weaknesses. Our day concluded with a look at mobile payment card processing. Richard Poworski of Seccuris went through the challenges and benefits of complying with PCI standards. Being an area that is gaining more and more attention, it will be

interesting to see if we can stay ahead of the risks. As always, visit our presentations library for details.

Sajay Rai Securely Yours

Door Prize Winners

5

SPECIAL UPCOMING SEMINAR

Auditing Oracle’s E-Business Suite: An Introduction to the Application’s Architecture

This three day seminar is presented by Jeffrey Hale, a leading authority on Oracle E-Business Suite controls. It is a must for auditors and those involved in implementing and supporting Oracle’s E-Business Suite. The seminar is offered at a considerable saving over the publically offered class in addition to saving in travel and lodging expenses. Don’t miss the opportunity to be part of this learning experience and earn valuable CPE credits.

Date: Monday, March 24 thru Wednesday, March 26, 2014

Time:

8:30 AM – 4:30 PM Location: JCPenney 6501 Legacy Drive, Plano, TX 75024, Cost: $700 Members and Non-Members (Includes training materials, lunch, snacks and beverages)

Register at www.isaca-northtexas.org

Online registration closes on Friday, March 14, 2014 at 5:00 PM. No walk-ins. Prepay by Credit Card, PayPal or Check Only. Checks must be received by Friday, March 14, 2014.

Class size is limited to the first 45 registrants.

For any information regarding refunds, complaints, and program cancellation policies, visit www.isaca-northtexas.org/SitePages/ProgramPolicies.aspx.

PROGRAM DESCRIPTION Oracle’s E-Business Suite offers a wide variety of applications which require specific audit programs. Auditors and those implementing and supporting Oracle’s E-Business Suite need actionable information about the associated risks and controls. The program will be presented by Jeffrey Hare, CPA, CISA, CIA, CEO of ERP Risk Advisors, a leading thought leadership firm providing risk advisory services for organizations running Oracle Applications. In 2009 Mr. Hare published Oracle E-Business Suite Controls: Application Security Best Practices. LEARNING OBJECTIVES This foundational three-day course will take you from a basic understanding to an intermediate understanding of application risks and controls for the most commonly implemented Oracle applications along with the elements common to all implementations. It will delve deeply into application security and other IT general controls and provide you with a several SQL queries frequently used in assessments.

P A G E 5

Space Still

Available!

T H E P A S S W O R D

6

Current Career Opportunities P A G E 6

The Password is a free copyrighted publication of the North Texas Chapter of ISACA. It is published periodically from August through June. It is an objective of the North Texas Chapter of ISACA to be a forum of free expression and interchange of

ideas. Statements of position or expressions of opinion appearing herein are those of the authors and not, by the fact of publi-cation, necessarily those of ISACA or the North Texas Chapter. Likewise, the publication of any advertisement is not construed

to be an endorsement of the product or service offered unless specifically stated.

Copyright 2014 ISACA North Texas Chapter

all rights reserved

Questions? Comments? Corrections? Please advise us at newsletter@isacantx.org

March 27 & 28, 2014

Dallas IIA Annual Fraud Summit @ UT Dallas

Thursday Workshop

($300/person) Attendees choose one of three

workshops.

Friday Conference ($200-300)

Keynote Speaker: Sam Antar

See Page 3 for more details

March 4, 2014

Joint Meeting with Fort Worth IIA

LOCATION

Fort Worth Petroleum Club 777 Main St #4000, Fort Worth, Texas

PRE-MEETING

Texas Medical Records Privacy Act - Texas House Bill 300

(HB 300)

Luncheon ROI on IT projects

POST-MEETING

The Impact of Technology on Stewardship, Risk & Fraud

REGISTER

March 24-26, 2014

Auditing Oracle E-Business Suite

LOCATION JC Penney

Corporate HQ Plano, Texas

TIME

8:30-4:30 PM

COST $700 (includes lunch &

materials)

See Page 5 for more details

or:

REGISTER

Space Available

Register Now!

T H E P A S S W O R D

Senior Auditor (IT) UT Southwestern Medical Center

Dallas, TX Permanent Non-Management

11/7/2013 3/31/2014

IT Audit, Associate Manager Molkentine Professional Search, Inc

Dallas, TX Permanent Management 12/11/2013 2/28/2014

Sr GRC Systems Administrator - IT Services GM Financial

Arlington, Texas

Permanent Non-Management

12/26/2013 2/28/2014

Vendor Auditor Ocwen Coppell,

Texas Permanent

Non-

Management 1/15/2014 4/1/2014

Supplier Management Senior Auditor Citigroup Irving, TX Permanent

Non-Management

1/16/2014 4/1/2014

IT / IS Auditor (External) Aporia Solutions United

States Permanent

Non-

Management 2/7/2014 2/28/2014

IS Assurance Senior Associate BDO USA, LLP Dallas Permanent Non-

Management 2/12/2014 4/30/2014

IT Auditor Kimberly-Clark Dallas, TX Permanent Non-

Management 2/13/2014 4/30/2014

Upcoming Events