2015 March - Full Day Training Session

When: March 4, 2015 - 0800-1630
Where: RTP HQ
Registration: Website

Cost: 

ISACA-RTC Members - Free (Log in to register)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $75
All Others: $100

CPEs: Upto 8

Handouts:

Topic I - Outsourcing and the Need for Vendor Audits

This presentation will discuss the reasons why companies use vendors, either as in an outsourced arrangement or in a true vendor arrangement. Also covered will be risks from a security and privacy perspective, contract elements and a look into minimum security requirements that should be put in contracts. 

Topic II - BYOD

More companies are trying to reduce their internal expenses for company owned devices by allowing employees to use their smart phone, iPads, etc. to access company data. This poses significant risks or data loss and security breaches. The auditor must be aware of this and be able to comment upon the strategy being proposed.

Topic III - Auditor’s Role in System Development

This session focuses on the need for the auditor to be involved in the various phase of the SDLC process, the different types of review that can be done based on timing and staffing, the risks the audit involvement should help to avoid. Also covered will be a value add process for selecting the applications that pose the greatest risk to the company, along with the time allocation, audit steps, and reporting requirements.

Topic IV - Social Networking – Business, Compliance & Audit Implications

Most corporations have social media sites for their customers and clients. These sites could be sources of security risks for the company and the personnel using them. This session will discuss these issues from the corporation’s perspective and from the individual’s perspective.

Speaker - John Gatto, JAG Associates

Until retirement in January 2015, John had been with Health Care Service Corporation (HCSC) in Chicago, IL. since December, 2005 and was the Divisional Vice President, IT Audit & Advisory. In this role, he was responsible for all aspects of IT Audit for the five Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC. 

Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit.

John has over 45 years of audit experience, most of it in the IT arena. He is a CISA and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations.

CPE Policy Updates

The following clarifications and changes to the ISACA certification CPE policies have been made.   These modifications were approved by the Credentialing and Career Management Board and went into effect 1 January 2013.  They are universal and apply equally to all ISACA certifications.

  1. Reconsideration and Appeal: Individuals whose certification has been revoked due to noncompliance with the CPE policy and who later appeal for reinstatement may incur an additional reinstatement fee of US $50. This reinstatement fee is effective for those reinstated after 1 January 2013 (when the revocation had been outstanding more than 60 days) and is in addition to any back or current certification maintenance fees needed to bring the certified individual in compliance with the CPE policy.
  2. Calculating CPE Hours: CPEs can be reported in quarter hour increments. One CPE hour is earned for each fifty (50) minutes of active participation (excluding lunches and breaks) for qualifying ISACA and non-ISACA professional educational activities and meetings. CPE hours can be earned in quarter hour increments and can also be reported in quarter hours (rounded to the nearest quarter hour).
  3. Exam question development and review (no limit): For those serving on an ISACA committee/task force that is responsible for exam question review, evidence of actual hours for the formal item review process will be provided.
  4. Contributions to the profession (20-hour annual limit): CPE hours are earned for the actual number of hours contributed.

For complete details, please visit the updated CPE policies at:

-CISA:  www.isaca.org/cisacpepolicy

-CISM:  www.isaca.org/cismcpepolicy

-CGEIT:  www.isaca.org/cgeitcpepolicy

-CRISC:  www.isaca.org/crisccpepolicy

Should you have any questions on any of these changes, feel free to contact the ISACA Certification Department at This email address is being protected from spambots. You need JavaScript enabled to view it. or +1.847.660.5660

New CPE Reporting System

A new means of collecting CPE hours online will be introduced that changes the way certification holders report CPE hours. Attached is an overview of the new system, which is being provided to give you a first-hand view of what it looks like and how it will work.

ISACA CPE Reporting System

ISACA K. Wayne Snipes Award Honorable Mention

ISACA has recognized the Research Triangle Chapter with an honorable mention in our region for 2013. Honorable mentions are given to chapters who did not win the K. Wayne Snipes award, however, still excelled as a top chapter throughout the year.

Research Opportunities

 ISACA is seeking volunteers for Developers and Reviewers for the following research projects:

  • Securing Mobile Devices
  • COBIT for Risk
  • COBIT for Assurance
  • COBIT:  Enabling Information

 Interested members may email This email address is being protected from spambots. You need JavaScript enabled to view it.

Loading feeds...

Affordable Custom Logo Design