2013 Canadian Conference on IT Audit, Governance and Security · March 26-28, 2013 (Running concurrently with the Conference) Attend our ever-popular three-day workshop and develop

Co-presented by:

EXHIBITORS:

SESSION SPONSOR:

ORFor those new to the world of IT Audit...

Fundamentals of IT Audit –A Three-Day WorkshopMarch 26-28, 2013 (Running concurrently with the Conference)

Attend our ever-popular three-day workshop and develop the core skills necessary to complete a wide range of IT audit assignments in today’s complex multi-layered computing environments.

Join your colleagues for the premier conference for IT decision makers and advisors.

Learn the latest state-of-the-art IT practices from an unparalleled group of industry and professional services leaders. Leave this conference equipped to face the toughest IT audit, governance and security challenges of today … and tomorrow!

March 26-27, 2013

March 28 – Optional Post-Conference Workshop: Introduction to COBIT 5

REGISTRATION NOW OPEN FOR: Two annual events uniquely designed for IT professionals in the areas of risk, security and governance.

KEYNOTE ADDRESS BY:

Steve Heck CIO Microsoft Canada Co. Transforming IT – Faster, Smarter, Leaner

THE WESTIN HARBOUR CASTLE • TORONTO, ONTARIO

2013 Canadian Conference on IT Audit, Governance and Security

For the most current inFormation and to register, visit: www.cpd.cica.ca/ITAudit 3


March 26-27, 2013 (Optional Workshop March 28) • The Westin Harbour Castle – Toronto, ON

FOr The MOsT CurrenT InFOrMATIOn And TO regIsTer, vIsIT: www.cpd.cica.ca/ITAudit2

2013 Canadian Conference on IT Audit, Governance and SecurityAND Fundamentals of IT Audit – A Three-Day Workshop

Who Should Attend the Canadian Conference on IT Audit, Governance and Security?IT decision makers and advisors in the areas of risk, security and governance including:

• auditors–internalandexternal

• ITsecurityofficers

• chiefinformationofficers

• financialprofessionalswithresponsibilityfortheITfunction

How YOU Will Benefit by Attending the Conference:

• gainvaluable practical insights and solutions for the critical IT challenges of today and tomorrow

• discussandexplorethelatest best practices and application onabroadrangeoftopicswithpeers and leading industry and professional services leaders from across Canada

• customizeyourlearningexperiencetomeet your professional needs and interests. In one conference you can choose from a productive, timely and relevant blend of sessions covering topics in IT audit, governance and security

• attendtheoptionalworkshopandgaininsights into COBIT 5.Learnaboutitsbenefits,thedifferencesbetweenitandCOBIT4.1andtransitionissues

• earnupto21 hours of CPD credits

CO

NF

ER

EN

CE

AG

EN

DA

DAY 1 • TUESDAY, MARCH 26, 2013

7:30 - 8:30 REGISTRATIONANDCONTINENTALBREAKFAST•EXHIBITSOPEN

8:30 - 9:30 Keynote Address: Transforming IT – Faster, Smarter, LeanerSteve Heck, CIO Microsoft Canada Co.

9:30 – 10:30 Board Oversight of IT-Related Risk Appetite and Tolerance: A New Imperative

10:30 - 11:00 COFFee •EXHIBITSOPEN

11:00 - 12:15 BYOD/BYOT – Balancing Benefits and Risks

Harvesting Good Intelligence from Big Data

How to Provide Effective Governance over Business Partners

12:15 - 1:30 LunCh

1:30 - 2:30 What Does It Take to Be an Effective IT Auditor – in the Brave New World?

How to Better Engage the CFO in IT Activities – Aligning CFO and CIO Priorities

NFC and RFID – Balancing Benefits and Risks


2:50 - 3:50 Leveraging Continuous Monitoring to Enhance Operational Auditing

COBIT 5 – What’s New? Rise of the Cloud – Leveraging the Cloud for Value

3:50 - 4:00 CHANGEBREAK

4:00 - 5:00 Fraud – Social Engineering Attacks on Social Networks

5:00 - 6:00 RECEPTIONSPONSORED BY:

DAY 2 • WEDNESDAY, MARCH 27, 2013

7:30 - 8:30 CONTINENTALBREAKFAST•EXHIBITSOPEN

8:30 - 9:30 Knowing Your Cyber Risks/Threats and Mitigating Them

9:30 - 10:45 Managing the Complex World of Compliance


11:15 - 12:15 You Can’t Do It All! Segregation of Non-Compatible IT Duties – What Every IT Auditor Should Know

Challenges in Managing Program and Project Risk: Sailing Through the Risky World of Program and Project Management

Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI Standards

12:15 - 1:30 LunCh

1:30 - 2:30 Writing for Action Challenges of Managing the Data Life Cycle

Shadow-IT – Do You Really Know What’s Going On?


2:50 - 3:50 Why Should You Implement COBIT 5?

Demystifying ITAF™ Strategies for Securing the Cloud


4:00 - 5:00 Security, Risk and 21st Century Technology: A Tabletop Exercise

DAY 3 • THURSDAY, MARCH 28, 2013 – POST-CONFERENCE WORKSHOP

7:30 - 8:30 REGISTRATIONANDCONTINENTALBREAKFAST

8:30 - 4:30 Optional Workshop: Introduction to COBIT 5

Are You New to the World of IT Audit?

Take advantage of the many benefits of attending the

Fundamentals of IT Audit – A Three-Day WorkshopAttending this workshop will provide new IT assurance-and-control professionals with the core skills needed to perform IT audit assignments in today’s complex computing environments:

• gainanunderstandingofkeyauditandcontrolprinciples• discoverpracticaltechniquesthatyoucanimmediatelyputtouse• getasolidfoundationtocontinuetobuildyourITauditexpertise• learnfromanindustryleader,CraigMcGuffin,whohasover25yearsexperienceinthefieldof

network controls and security• earnupto21hoursofCPDcredits

See page 9 for complete details.

The information is correct at time of printing. For the most current information on agenda items, speakers, sponsors, exhibitors etc., for both the Conference and Fundamentals of IT Audit, visit: www.cpd.cica.ca/ITAudit

*Conference registration includes online access to recorded presentations. Many technical sessions will be captured live and synchronized with the PowerPoint Presentations and will be available online approximately 6-8 weeks post-event.

Conference Speaker Directory to DateKEYNOTE SPEAKER: Steve Heck, CIO Microsoft Canada Co.Chris Anderson, Grant Thornton LLPVishi Bindra, MNP LLPCharan Kumar Bommireddipalli, Collins Barrow LLPDavid Craig, PwCRobert D. Crawford, Ministry of Finance, Ontario Internal Audit DivisionRafael Etges, Ernst & Young, LLPBashir S. Fancy, Grant Thornton LLPJerrard Gaertner, Managed Analytic Services Inc. Dale Hamilton, ScotiabankJohn Heaton, AccentureRaj Kapoor, The Whitestone Group Reza Kopaee, RiskView Inc. Michael Kostanecki, ProtivitiNaveen Kumar, KPMG LLPTim Leech, Risk Oversight Inc.Blake Lindsay, BCE Ujjwal Malhotra, ScotiabankAlbert J. Marcella, Business Automation Consultants, LLCPeter Ostapchuk, icorp.ca inc. Scott Page, Wajax Corporation Peter A. Parsan, The Hospital For Sick ChildrenCraig Pattinson, BCE Richard Pearse, eHealth OntarioKevin Pengelly, Wajax Corporation Marc Poirier, ProtivitiBaskaran Rajamani, DeloitteRichard Reiner, CC Stratus Capital Corp.Elaine Stanley, Interprovincial Lottery CorporationMike Tanner, Independent Communications Consultant Omar Tucci, PwCRonald E. Wretham, Investigative Solutions Network Inc.

Advisory Committee:Charan Kumar Bommireddipalli, Collins Barrow LLP, TorontoRobert D. Crawford, Ministry of Finance, Ontario Internal Audit Division, TorontoRaul Mangalindan, BCE – Internal Audit, TorontoMonique Muzerie, HP Enterprise Services, Toronto Maura O’Shea, BCE, VerdunP. Mary Olynik, CICA, TorontoMohammad Sharifullah, CIBC Internal Audit, Toronto






Who Should Attend the Canadian Conference on IT Audit, Governance and Security?IT decision makers and advisors in the areas of risk, security and governance including:

• auditors–internalandexternal

• ITsecurityofficers

• chiefinformationofficers

• financialprofessionalswithresponsibilityfortheITfunction

How YOU Will Benefit by Attending the Conference:

• gainvaluable practical insights and solutions for the critical IT challenges of today and tomorrow

• discussandexplorethelatest best practices and application onabroadrangeoftopicswithpeers and leading industry and professional services leaders from across Canada

• customizeyourlearningexperiencetomeet your professional needs and interests. In one conference you can choose from a productive, timely and relevant blend of sessions covering topics in IT audit, governance and security

• attendtheoptionalworkshopandgaininsights into COBIT 5.Learnaboutitsbenefits,thedifferencesbetweenitandCOBIT4.1andtransitionissues

• earnupto21 hours of CPD credits

CO

NF

ER

EN

CE

AG

EN

DA

DAY 1 • TUESDAY, MARCH 26, 2013

7:30 - 8:30 REGISTRATIONANDCONTINENTALBREAKFAST•EXHIBITSOPEN

8:30 - 9:30 Keynote Address: Transforming IT – Faster, Smarter, LeanerSteve Heck, CIO Microsoft Canada Co.

9:30 – 10:30 Board Oversight of IT-Related Risk Appetite and Tolerance: A New Imperative


11:00 - 12:15 BYOD/BYOT – Balancing Benefits and Risks

Harvesting Good Intelligence from Big Data

How to Provide Effective Governance over Business Partners

12:15 - 1:30 LunCh

1:30 - 2:30 What Does It Take to Be an Effective IT Auditor – in the Brave New World?

How to Better Engage the CFO in IT Activities – Aligning CFO and CIO Priorities

NFC and RFID – Balancing Benefits and Risks


2:50 - 3:50 Leveraging Continuous Monitoring to Enhance Operational Auditing

COBIT 5 – What’s New? Rise of the Cloud – Leveraging the Cloud for Value


4:00 - 5:00 Fraud – Social Engineering Attacks on Social Networks

5:00 - 6:00 RECEPTIONSPONSORED BY:

DAY 2 • WEDNESDAY, MARCH 27, 2013

7:30 - 8:30 CONTINENTALBREAKFAST•EXHIBITSOPEN

8:30 - 9:30 Knowing Your Cyber Risks/Threats and Mitigating Them

9:30 - 10:45 Managing the Complex World of Compliance


11:15 - 12:15 You Can’t Do It All! Segregation of Non-Compatible IT Duties – What Every IT Auditor Should Know

Challenges in Managing Program and Project Risk: Sailing Through the Risky World of Program and Project Management

Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI Standards

12:15 - 1:30 LunCh

1:30 - 2:30 Writing for Action Challenges of Managing the Data Life Cycle

Shadow-IT – Do You Really Know What’s Going On?


2:50 - 3:50 Why Should You Implement COBIT 5?

Demystifying ITAF™ Strategies for Securing the Cloud


4:00 - 5:00 Security, Risk and 21st Century Technology: A Tabletop Exercise

DAY 3 • THURSDAY, MARCH 28, 2013 – POST-CONFERENCE WORKSHOP

7:30 - 8:30 REGISTRATIONANDCONTINENTALBREAKFAST

8:30 - 4:30 Optional Workshop: Introduction to COBIT 5

Are You New to the World of IT Audit?

Take advantage of the many benefits of attending the

Fundamentals of IT Audit – A Three-Day WorkshopAttending this workshop will provide new IT assurance-and-control professionals with the core skills needed to perform IT audit assignments in today’s complex computing environments:

• gainanunderstandingofkeyauditandcontrolprinciples• discoverpracticaltechniquesthatyoucanimmediatelyputtouse• getasolidfoundationtocontinuetobuildyourITauditexpertise• learnfromanindustryleader,CraigMcGuffin,whohasover25yearsexperienceinthefieldof

network controls and security• earnupto21hoursofCPDcredits

See page 9 for complete details.

The information is correct at time of printing. For the most current information on agenda items, speakers, sponsors, exhibitors etc., for both the Conference and Fundamentals of IT Audit, visit: www.cpd.cica.ca/ITAudit

*Conference registration includes online access to recorded presentations. Many technical sessions will be captured live and synchronized with the PowerPoint Presentations and will be available online approximately 6-8 weeks post-event.

Conference Speaker Directory to DateKEYNOTE SPEAKER: Steve Heck, CIO Microsoft Canada Co.Chris Anderson, Grant Thornton LLPVishi Bindra, MNP LLPCharan Kumar Bommireddipalli, Collins Barrow LLPDavid Craig, PwCRobert D. Crawford, Ministry of Finance, Ontario Internal Audit DivisionRafael Etges, Ernst & Young, LLPBashir S. Fancy, Grant Thornton LLPJerrard Gaertner, Managed Analytic Services Inc. Dale Hamilton, ScotiabankJohn Heaton, AccentureRaj Kapoor, The Whitestone Group Reza Kopaee, RiskView Inc. Michael Kostanecki, ProtivitiNaveen Kumar, KPMG LLPTim Leech, Risk Oversight Inc.Blake Lindsay, BCE Ujjwal Malhotra, ScotiabankAlbert J. Marcella, Business Automation Consultants, LLCPeter Ostapchuk, icorp.ca inc. Scott Page, Wajax Corporation Peter A. Parsan, The Hospital For Sick ChildrenCraig Pattinson, BCE Richard Pearse, eHealth OntarioKevin Pengelly, Wajax Corporation Marc Poirier, ProtivitiBaskaran Rajamani, DeloitteRichard Reiner, CC Stratus Capital Corp.Elaine Stanley, Interprovincial Lottery CorporationMike Tanner, Independent Communications Consultant Omar Tucci, PwCRonald E. Wretham, Investigative Solutions Network Inc.

Advisory Committee:Charan Kumar Bommireddipalli, Collins Barrow LLP, TorontoRobert D. Crawford, Ministry of Finance, Ontario Internal Audit Division, TorontoRaul Mangalindan, BCE – Internal Audit, TorontoMonique Muzerie, HP Enterprise Services, Toronto Maura O’Shea, BCE, VerdunP. Mary Olynik, CICA, TorontoMohammad Sharifullah, CIBC Internal Audit, Toronto







Day 1 • Tuesday, March 26, 2013

7:30 am REGISTRATION AND CONTINENTAL BREAKFAST – EXHIBITS OPEN

8:30 am KEYNOTE ADDRESS:

Transforming IT – Faster, Smarter, LeanerSteve Heck, CIO Microsoft Canada Co.

9:30 am Board Oversight of IT-Related Risk Appetite and Tolerance: A New ImperativeTim Leech, Risk Oversight Inc.

Deficientboardoversightofriskwasconsistentlyidentifiedasacontributingfactorfollowingthefinancialcrisisof2008.Boardshavenewexpectations and are now increasingly looking to internal auditors and outside advisors to help them describehowtheydischargetheirresponsibilityforrisk oversight, including IT issues. While these new responsibilitiesextendacrossalltypesofbusinessobjectivesandrisks,overseeingIT-relatedrisks,particularlythosethatimpacttheorganization’stop value-creation and potential value-erosion objectives,areparticularlyimportant.

In this session, an overview of the evolution ofboardrisk-oversightresponsibilitieswillbeprovided. In addition, it will set out practical steps you can take now to help your, or your client’s, boardandorganizationmanageITrisksandmeetthese new expectations.

10:30 am COFFEE BREAK – EXHIBITS OPEN

12:15 pm LUNCH

1:30 pm CONCURRENT SESSIONS – CHOOSE ONE OF THREE

What Does It Take to Be an Effective IT Auditor – in the Brave New World?Marc Poirier and Michael Kostanecki, Protiviti

Practitionersneedacombinationoftechnicaland people skills to forge a career in auditing technology.Organizationsareinvestingsubstantialsumsintheircomputersystems,databasesandsupply chains to compete and leverage customer relationships.Atthesametime,theyarebeginningtorecognizethatITauditorscanassisttheminunderstanding the constantly shifting risks of the information age.

IT auditors focus on the governance of IT systems andprocesseswithauditsrangingfrombusinesscontinuity to development processes to information security.Tobeeffective,ITauditorsmustacquirethe right hard and soft skills.

MostITauditorsknowaboutthehardskillsrequiredto meet professional requirements. This session willfocusonthekeyattributesthatsuccessfulITauditorsmusthaveintheirrepertoiretobeeffective,thatis,thesoftskills–in the brave new world.

OR How to Better Engage the CFO in IT Activities – Aligning CFO and CIO PrioritiesPeter A. Parsan, The Hospital For Sick Children

enterprises today are facing unprecedented uncertainty requiring a new level of agility to adapt quicklytochangesinthebusinessenvironment.Although IT cost savings are still a key focus for theCFO,businessagilityrequiresanewfocus,urgencyandcooperationbetweentheCFOandCIO for setting priorities and aligning IT strategies tobusinessstrategiesforachievingsustainablerevenuegrowth,profitabilityandcompetitiveness.

This session will focus on how the CFO must becomemoreinvolvedandworkwiththeCIOonIT issues relating to: understanding IT cost drivers; improvingbusinessagilitythroughITsolutions;andmitigating risk.

11:00 am CONCURRENT SESSIONS – CHOOSE ONE OF THREE

BYOD/BYOT – Balancing Benefits and RisksRafael Etges, Ernst & Young, LLP

Over the past two decades, we have witnessed significanttechnologyadvancesinmobiledevices,fromthepersonaldataassistants(PDAs)ofthelate1990stotheubiquitousandmultifunctionalsmartphones of today. These advances have extendedthevirtualboundariesoftheenterprisebyblurringthelinesbetweenhomeandofficeand coworker and competitor through providing constantaccesstoemail,byenablingnewmobilebusinessapplicationsandbyallowingaccessto,andstorage of, sensitive company data.

In this session, we will outline the risks related to today’smostpopularmobiledeviceplatformsandtechnologies,alongwithmethodsbywhichanorganizationmayassessitsexposuretotheserisks.Finally,wewilloutlinemeansbywhichmanyoftheserisksmaybemitigatedthroughtechnical device controls, third-party software andorganizationalpolicy.Thesecomponentsallcontributetoanenterprise-grademobilitymanagement program that will ultimately serve as a guideintherapidlyevolvingmobileenvironment.

OR Harvesting Good Intelligence from Big DataNaveen Kumar, KPMG LLP

Adaydoesnotgobywhenyouarenotreadingabout“BigData”andtheopportunitiestoexploitit.Today,businessesandusersareflushwithdata.In this session, learn: what others are doing with “BigData”tobetterunderstandtheirexistingbusiness;howitisusedtobettermanagetheirbusinessandmakebetterbusinessdecisions;andthekeychallengesfacedbyusers,systemsanddatagovernance.

OR How to Provide Effective Governance over Business PartnersRaj Kapoor, The Whitestone Group Peter Ostapchuk, icorp.ca inc.

With the trend to multi-vendor IT support, companies need to manage processes across vendors efficiently and effectively in order to ensure alignment and consistency of IT delivery. What to avoid is the increased reliance on vendors for vendor management. In this session, insights into activemanagementwillbediscussedincluding:allowing for vendor stratification; deploying key management processes; monitoring performance; ensuring adherence to these processes and pushing for continuous improvement.

OR NFC and RFID – Balancing Benefits and RisksBlake Lindsay, BCE

how and where are nFC and rFId used? What are thebenefits?Whataresomeoftheauditandriskconsiderations? nFC and rFId create a new way of looking at how to audit and control financial and shipping records, for example, how you audit a paperless trail. There are also risk, governance, and security considerations, such as: how to get your audit information and how to ensure the security and integrity of the data. In this session, insights intothebenefitsandrisksforusingNFCandRFIDwillbediscussedandexplored.

2:30 pm COFFEE BREAK – EXHIBITS OPEN


Leveraging Continuous Monitoring to Enhance Operational Auditing Charan Kumar Bommireddipalli, Collins Barrow LLP Robert D. Crawford, Ministry of Finance, Ontario Internal Audit Division

The successful achievement of an enterprise’s goals andobjectivesisaccomplishedthroughthedesignandimplementationofvariousbusinessprocessesthroughouttheorganization.Theeffectivenessof these processes (desired outcomes) and their efficiency (resources used economically) impact the extent to which strategic goals are successfully achieved.

While operational auditing assists the enterprise in evaluating and improving the design of various businessprocesses,continuousmonitoringassistsinensuringthatthebusinessprocessesareoperatingas intended.

This session will address: What is continuous monitoring? how can it assist in operational auditing? What is operational auditing and how can operational auditing add value to your IT audit? In addition, this session will also provide a working solution for continuous monitoring in action.

OR COBIT 5 – What’s New?Vishi Bindra, MNP LLP

ISACArecentlyreleaseditsCOBIT5framework with significant updates to its content and processes. Buildingonthepreviousversions,COBIT5 integrates several other components like vAL ITandRISKIT.Thissessionwillprovideahigh-leveloverviewofthemajorchangesinCOBIT5comparedtoCOBIT4.1.Existinguserswillgaininsights into planning their transition and non-users will receive an overview of this latest IT framework.

CONFERENCE SESSION DESCRIPTIONS







Day 1 • Tuesday, March 26, 2013

7:30 am REGISTRATION AND CONTINENTAL BREAKFAST – EXHIBITS OPEN

8:30 am KEYNOTE ADDRESS:

Transforming IT – Faster, Smarter, LeanerSteve Heck, CIO Microsoft Canada Co.

9:30 am Board Oversight of IT-Related Risk Appetite and Tolerance: A New ImperativeTim Leech, Risk Oversight Inc.

Deficientboardoversightofriskwasconsistentlyidentifiedasacontributingfactorfollowingthefinancialcrisisof2008.Boardshavenewexpectations and are now increasingly looking to internal auditors and outside advisors to help them describehowtheydischargetheirresponsibilityforrisk oversight, including IT issues. While these new responsibilitiesextendacrossalltypesofbusinessobjectivesandrisks,overseeingIT-relatedrisks,particularlythosethatimpacttheorganization’stop value-creation and potential value-erosion objectives,areparticularlyimportant.

In this session, an overview of the evolution ofboardrisk-oversightresponsibilitieswillbeprovided. In addition, it will set out practical steps you can take now to help your, or your client’s, boardandorganizationmanageITrisksandmeetthese new expectations.


12:15 pm LUNCH


What Does It Take to Be an Effective IT Auditor – in the Brave New World?Marc Poirier and Michael Kostanecki, Protiviti

Practitionersneedacombinationoftechnicaland people skills to forge a career in auditing technology.Organizationsareinvestingsubstantialsumsintheircomputersystems,databasesandsupply chains to compete and leverage customer relationships.Atthesametime,theyarebeginningtorecognizethatITauditorscanassisttheminunderstanding the constantly shifting risks of the information age.

IT auditors focus on the governance of IT systems andprocesseswithauditsrangingfrombusinesscontinuity to development processes to information security.Tobeeffective,ITauditorsmustacquirethe right hard and soft skills.

MostITauditorsknowaboutthehardskillsrequiredto meet professional requirements. This session willfocusonthekeyattributesthatsuccessfulITauditorsmusthaveintheirrepertoiretobeeffective,thatis,thesoftskills–in the brave new world.

OR How to Better Engage the CFO in IT Activities – Aligning CFO and CIO PrioritiesPeter A. Parsan, The Hospital For Sick Children

enterprises today are facing unprecedented uncertainty requiring a new level of agility to adapt quicklytochangesinthebusinessenvironment.Although IT cost savings are still a key focus for theCFO,businessagilityrequiresanewfocus,urgencyandcooperationbetweentheCFOandCIO for setting priorities and aligning IT strategies tobusinessstrategiesforachievingsustainablerevenuegrowth,profitabilityandcompetitiveness.

This session will focus on how the CFO must becomemoreinvolvedandworkwiththeCIOonIT issues relating to: understanding IT cost drivers; improvingbusinessagilitythroughITsolutions;andmitigating risk.


BYOD/BYOT – Balancing Benefits and RisksRafael Etges, Ernst & Young, LLP

Over the past two decades, we have witnessed significanttechnologyadvancesinmobiledevices,fromthepersonaldataassistants(PDAs)ofthelate1990stotheubiquitousandmultifunctionalsmartphones of today. These advances have extendedthevirtualboundariesoftheenterprisebyblurringthelinesbetweenhomeandofficeand coworker and competitor through providing constantaccesstoemail,byenablingnewmobilebusinessapplicationsandbyallowingaccessto,andstorage of, sensitive company data.

In this session, we will outline the risks related to today’smostpopularmobiledeviceplatformsandtechnologies,alongwithmethodsbywhichanorganizationmayassessitsexposuretotheserisks.Finally,wewilloutlinemeansbywhichmanyoftheserisksmaybemitigatedthroughtechnical device controls, third-party software andorganizationalpolicy.Thesecomponentsallcontributetoanenterprise-grademobilitymanagement program that will ultimately serve as a guideintherapidlyevolvingmobileenvironment.

OR Harvesting Good Intelligence from Big DataNaveen Kumar, KPMG LLP

Adaydoesnotgobywhenyouarenotreadingabout“BigData”andtheopportunitiestoexploitit.Today,businessesandusersareflushwithdata.In this session, learn: what others are doing with “BigData”tobetterunderstandtheirexistingbusiness;howitisusedtobettermanagetheirbusinessandmakebetterbusinessdecisions;andthekeychallengesfacedbyusers,systemsanddatagovernance.

OR How to Provide Effective Governance over Business PartnersRaj Kapoor, The Whitestone Group Peter Ostapchuk, icorp.ca inc.

With the trend to multi-vendor IT support, companies need to manage processes across vendors efficiently and effectively in order to ensure alignment and consistency of IT delivery. What to avoid is the increased reliance on vendors for vendor management. In this session, insights into activemanagementwillbediscussedincluding:allowing for vendor stratification; deploying key management processes; monitoring performance; ensuring adherence to these processes and pushing for continuous improvement.

OR NFC and RFID – Balancing Benefits and RisksBlake Lindsay, BCE

how and where are nFC and rFId used? What are thebenefits?Whataresomeoftheauditandriskconsiderations? nFC and rFId create a new way of looking at how to audit and control financial and shipping records, for example, how you audit a paperless trail. There are also risk, governance, and security considerations, such as: how to get your audit information and how to ensure the security and integrity of the data. In this session, insights intothebenefitsandrisksforusingNFCandRFIDwillbediscussedandexplored.



Leveraging Continuous Monitoring to Enhance Operational Auditing Charan Kumar Bommireddipalli, Collins Barrow LLP Robert D. Crawford, Ministry of Finance, Ontario Internal Audit Division

The successful achievement of an enterprise’s goals andobjectivesisaccomplishedthroughthedesignandimplementationofvariousbusinessprocessesthroughouttheorganization.Theeffectivenessof these processes (desired outcomes) and their efficiency (resources used economically) impact the extent to which strategic goals are successfully achieved.

While operational auditing assists the enterprise in evaluating and improving the design of various businessprocesses,continuousmonitoringassistsinensuringthatthebusinessprocessesareoperatingas intended.

This session will address: What is continuous monitoring? how can it assist in operational auditing? What is operational auditing and how can operational auditing add value to your IT audit? In addition, this session will also provide a working solution for continuous monitoring in action.

OR COBIT 5 – What’s New?Vishi Bindra, MNP LLP

ISACArecentlyreleaseditsCOBIT5framework with significant updates to its content and processes. Buildingonthepreviousversions,COBIT5 integrates several other components like vAL ITandRISKIT.Thissessionwillprovideahigh-leveloverviewofthemajorchangesinCOBIT5comparedtoCOBIT4.1.Existinguserswillgaininsights into planning their transition and non-users will receive an overview of this latest IT framework.

CONFERENCE SESSION DESCRIPTIONS







OR Rise of the Cloud – Leveraging the Cloud for ValueReza Kopaee, RiskView Inc. Richard Reiner, CC Stratus Capital Corp.

Organizationsarecontinuouslyunderpressuretomake more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity; however, manyorganizationsarereluctanttotrustcloudservice providers with critical information.

The purpose of this session is to understand potential opportunities of cloud computing for enterprisesofallsizes,inparticular,small-andmedium-size-organizations.Wewillexploregoodpracticesfrombusinessrequirementsgathering to design, implementation, and security of cloud-basedsolutions.

3:50 pm CHANGE BREAK

4:00 pm Fraud – Social Engineering Attacks on Social NetworksModerator: Charan Kumar Bommireddipalli, Collins Barrow LLP

Panelists: Albert J. Marcella, Business Automation Consultants, LLC Ronald E. Wretham, Investigative Solutions Network Inc. Lawyer TBD

social networks have integrated into our social lives and gained an influential role in society. Morepersonalinformationisavailableforpublicconsumptionthaneverbefore.Unfortunately,socialnetworkshaveincreasedourvulnerabilitytosociallyengineered attacks in which victims are tricked into doingtheattacker’sbidding.

This session will address questions such as: Whataretherealriskstoanorganization?Who canbevictims?Whatisthetechnicalanatomyof a social engineering attack? What are the legal rightsandobligations?

Our panel consists of experienced veterans who will share their war stories, views and experiences and will provide an investigator and law enforcement perspective toward social engineering risks.

5:00 pm NETWORKING RECEPTION SPONSORED BY

OR Challenges in Managing Program and Project Risk: Sailing Through the Risky World of Program and Project ManagementDale Hamilton and Ujjwal Malhotra, Scotiabank Elaine Stanley, Interprovincial Lottery Corporation Omar Tucci, PwC

This panel discussion is designed to focus on common risks present in almost all the large programsandprojects.Itoffers60yearsofexperienceofthepanelmembersinjust60minutes.highly experienced individuals from different levels and fields will share their uncut versions of challenges, experiences and stories on what key riskstheyfaceonaday-to-daybasisandhowtheymanagethoserisks.Participantswillbeenrichedbyideastoaddtotheirtoolkit,includingbestpracticesto face the challenges of identifying and managing programandprojectrisksmorediligently.

OR Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI StandardsBashir S. Fancy, Grant Thornton LLP

Attendees at this session will hear how taking a trulyrisk-basedapproachtosecuritywillalsoattainPCIcompliance,makeitsustainableandachieveits real intent. It will also demonstrate how Internal Auditcanplayapro-activeroleasapartneronPCIcompliance and derive a return on their investment fortheirorganization.

12:15 pm LUNCH


Writing for ActionMike Tanner, Independent Communications Consultant

Today, it’s not enough for IT auditors to understand complexITsystems,businessprocesses,security,riskandcomplianceissues.Tobesuccessful,theymustalsocommunicatetheirobservationsandrecommendations clearly and directly to their target audience.

Unfortunately,goodreportwritingdoesn’tjusthappen. It is a process that involves distinct steps and lots of practice. Fortunately, good writing can belearned.

Whether you are experienced or a novice at writing reports to the Audit Committee, senior Management, your supervisor, your peers, or preparing staff memos or emails, this session will help you develop a systematic approach for writing effectively for Action!

Day 2 • Wednesday, March 27, 2013

7:30 am CONTINENTAL BREAKFAST – EXHIBITS OPEN

8:30 am Knowing Your Cyber Risks/Threats and Mitigating ThemCraig Pattinson, BCE

Seniormanagementandboardsofdirectors haveafiduciaryresponsibilitytooverseeallfacetsofrisk,includingcyberrisk.Cyberrisk,inaddition tobeinganITrisk,canimpactthebusiness’srevenues,expenses,strategy,brandandreputation.At this session, you will learn how a leading Canadian information technology service provider takesanenterprise-riskapproachtoobtainacomprehensive understanding of the related exposures, how risks are communicated to key stakeholders and how they are mitigated.

9:30 am Managing the Complex World of Compliance Panel of industry leaders moderated by David Craig, PwC

Ensuringsustainablecompliancewiththelargenumberofcurrentregulationsisconsideredtobeoneofthemajorrisksfacingallorganizationstoday.how can risks associated with non-compliance and sustainabilitybemanaged?

In this session, a panel of leaders from a variety of industries will explore and discuss the common complianceissuesthatarecurrentlybeingfacedandtherolesplayedbyITaudit,governanceandsecurityinensuringsustainablecomplianceisachieved. The panel will also discuss some of the challenges you face along with suggestions for overcoming them.



You Can’t Do It All! Segregation of Non-Compatible IT Duties – What Every IT Auditor Should KnowScott Page and Kevin Pengelly, Wajax Corporation

SegregationofDuties(SoD)inITplaysamajorrolein reducing IT risk in the areas of fraud, undetected errors,sabotageandprogramminginefficiencies.This session addresses some of the key roles and functionsthatneedtobesegregatedincluding:ITdutiesversususerdepartments;databaseadministration versus the rest of IT functions; application development and maintenance versus application operations; new application development versus application maintenance; information security versus IT functions; IT organizationalstructureforITactivities;andauditing for sod.

OR Challenges of Managing the Data Life CycleJerrard Gaertner, Managed Analytic Services Inc. Richard Pearse, eHealth Ontario

Pervasivenessoftechnologytodayhascontributedto the exponential growth in the volume of data. To the right eye, data is information and a competitive advantage. As data morphs into information and eventuallyintoretirement(DataLifeCycle),thevalue an enterprise derives is dependent on how wellitmanagesboththeLifeCycleitselfandthe related challenges. This session will provide insights into the data Life Cycle, the challenges and strategies to manage data including: ways to keep datarelevant;possibilitiesforrepurposing;waysto manage privacy and consent surrounding data collection; and ways to maintain security in storage and retrieval.

OR Shadow-IT – Do You Really Know What’s Going On?Baskaran Rajamani, Deloitte

“Shadow-IT”or“businessmanagedtechnology”arerecenttermsthathavereplaced“EndUserComputing”.Thesetermsrefertothebusinessdirectlybuying,subscribingordevelopingapplications or services, without the involvement of enterprise IT and causing potentially newer risk exposures. Though the issue is not new, the scope, extent, nature and level of risks have growninrecentyearstobeofconcerntointernaland external stakeholders including regulators. Organizationsarethereforetryingtosizetheissue,experiment with different solutions and figure out the roles of various functional groups. After a primer on the issue and the risks, this session aimstodiscussbestpracticesforestablishingand sustaining a set of controls and governance practicesinorganizationsofdifferentsizes.



Why Should You Implement COBIT 5?Moderator: John Heaton, Accenture

Leaders, from consulting firms and industry, with proven experience and expertise in implementing COBIT5willsharetheirviewsandperspectivesaboutthebenefitsofimplementingCOBIT5aswell as common challenges and issues faced. Their insightsandvaluabletipswillhelpparticipantstodecidewhethertheyshouldimplementCOBIT5or help in their transition or new implementation. Participantsmayalsousethisforumtogetanswersto their own questions or issues.







OR Rise of the Cloud – Leveraging the Cloud for ValueReza Kopaee, RiskView Inc. Richard Reiner, CC Stratus Capital Corp.

Organizationsarecontinuouslyunderpressuretomake more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity; however, manyorganizationsarereluctanttotrustcloudservice providers with critical information.

The purpose of this session is to understand potential opportunities of cloud computing for enterprisesofallsizes,inparticular,small-andmedium-size-organizations.Wewillexploregoodpracticesfrombusinessrequirementsgathering to design, implementation, and security of cloud-basedsolutions.


4:00 pm Fraud – Social Engineering Attacks on Social NetworksModerator: Charan Kumar Bommireddipalli, Collins Barrow LLP

Panelists: Albert J. Marcella, Business Automation Consultants, LLC Ronald E. Wretham, Investigative Solutions Network Inc. Lawyer TBD

social networks have integrated into our social lives and gained an influential role in society. Morepersonalinformationisavailableforpublicconsumptionthaneverbefore.Unfortunately,socialnetworkshaveincreasedourvulnerabilitytosociallyengineered attacks in which victims are tricked into doingtheattacker’sbidding.

This session will address questions such as: Whataretherealriskstoanorganization?Who canbevictims?Whatisthetechnicalanatomyof a social engineering attack? What are the legal rightsandobligations?

Our panel consists of experienced veterans who will share their war stories, views and experiences and will provide an investigator and law enforcement perspective toward social engineering risks.

5:00 pm NETWORKING RECEPTION SPONSORED BY

OR Challenges in Managing Program and Project Risk: Sailing Through the Risky World of Program and Project ManagementDale Hamilton and Ujjwal Malhotra, Scotiabank Elaine Stanley, Interprovincial Lottery Corporation Omar Tucci, PwC

This panel discussion is designed to focus on common risks present in almost all the large programsandprojects.Itoffers60yearsofexperienceofthepanelmembersinjust60minutes.highly experienced individuals from different levels and fields will share their uncut versions of challenges, experiences and stories on what key riskstheyfaceonaday-to-daybasisandhowtheymanagethoserisks.Participantswillbeenrichedbyideastoaddtotheirtoolkit,includingbestpracticesto face the challenges of identifying and managing programandprojectrisksmorediligently.

OR Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI StandardsBashir S. Fancy, Grant Thornton LLP

Attendees at this session will hear how taking a trulyrisk-basedapproachtosecuritywillalsoattainPCIcompliance,makeitsustainableandachieveits real intent. It will also demonstrate how Internal Auditcanplayapro-activeroleasapartneronPCIcompliance and derive a return on their investment fortheirorganization.

12:15 pm LUNCH


Writing for ActionMike Tanner, Independent Communications Consultant

Today, it’s not enough for IT auditors to understand complexITsystems,businessprocesses,security,riskandcomplianceissues.Tobesuccessful,theymustalsocommunicatetheirobservationsandrecommendations clearly and directly to their target audience.

Unfortunately,goodreportwritingdoesn’tjusthappen. It is a process that involves distinct steps and lots of practice. Fortunately, good writing can belearned.

Whether you are experienced or a novice at writing reports to the Audit Committee, senior Management, your supervisor, your peers, or preparing staff memos or emails, this session will help you develop a systematic approach for writing effectively for Action!

Day 2 • Wednesday, March 27, 2013

7:30 am CONTINENTAL BREAKFAST – EXHIBITS OPEN

8:30 am Knowing Your Cyber Risks/Threats and Mitigating ThemCraig Pattinson, BCE

Seniormanagementandboardsofdirectors haveafiduciaryresponsibilitytooverseeallfacetsofrisk,includingcyberrisk.Cyberrisk,inaddition tobeinganITrisk,canimpactthebusiness’srevenues,expenses,strategy,brandandreputation.At this session, you will learn how a leading Canadian information technology service provider takesanenterprise-riskapproachtoobtainacomprehensive understanding of the related exposures, how risks are communicated to key stakeholders and how they are mitigated.

9:30 am Managing the Complex World of Compliance Panel of industry leaders moderated by David Craig, PwC

Ensuringsustainablecompliancewiththelargenumberofcurrentregulationsisconsideredtobeoneofthemajorrisksfacingallorganizationstoday.how can risks associated with non-compliance and sustainabilitybemanaged?

In this session, a panel of leaders from a variety of industries will explore and discuss the common complianceissuesthatarecurrentlybeingfacedandtherolesplayedbyITaudit,governanceandsecurityinensuringsustainablecomplianceisachieved. The panel will also discuss some of the challenges you face along with suggestions for overcoming them.



You Can’t Do It All! Segregation of Non-Compatible IT Duties – What Every IT Auditor Should KnowScott Page and Kevin Pengelly, Wajax Corporation

SegregationofDuties(SoD)inITplaysamajorrolein reducing IT risk in the areas of fraud, undetected errors,sabotageandprogramminginefficiencies.This session addresses some of the key roles and functionsthatneedtobesegregatedincluding:ITdutiesversususerdepartments;databaseadministration versus the rest of IT functions; application development and maintenance versus application operations; new application development versus application maintenance; information security versus IT functions; IT organizationalstructureforITactivities;andauditing for sod.

OR Challenges of Managing the Data Life CycleJerrard Gaertner, Managed Analytic Services Inc. Richard Pearse, eHealth Ontario

Pervasivenessoftechnologytodayhascontributedto the exponential growth in the volume of data. To the right eye, data is information and a competitive advantage. As data morphs into information and eventuallyintoretirement(DataLifeCycle),thevalue an enterprise derives is dependent on how wellitmanagesboththeLifeCycleitselfandthe related challenges. This session will provide insights into the data Life Cycle, the challenges and strategies to manage data including: ways to keep datarelevant;possibilitiesforrepurposing;waysto manage privacy and consent surrounding data collection; and ways to maintain security in storage and retrieval.

OR Shadow-IT – Do You Really Know What’s Going On?Baskaran Rajamani, Deloitte

“Shadow-IT”or“businessmanagedtechnology”arerecenttermsthathavereplaced“EndUserComputing”.Thesetermsrefertothebusinessdirectlybuying,subscribingordevelopingapplications or services, without the involvement of enterprise IT and causing potentially newer risk exposures. Though the issue is not new, the scope, extent, nature and level of risks have growninrecentyearstobeofconcerntointernaland external stakeholders including regulators. Organizationsarethereforetryingtosizetheissue,experiment with different solutions and figure out the roles of various functional groups. After a primer on the issue and the risks, this session aimstodiscussbestpracticesforestablishingand sustaining a set of controls and governance practicesinorganizationsofdifferentsizes.



Why Should You Implement COBIT 5?Moderator: John Heaton, Accenture

Leaders, from consulting firms and industry, with proven experience and expertise in implementing COBIT5willsharetheirviewsandperspectivesaboutthebenefitsofimplementingCOBIT5aswell as common challenges and issues faced. Their insightsandvaluabletipswillhelpparticipantstodecidewhethertheyshouldimplementCOBIT5or help in their transition or new implementation. Participantsmayalsousethisforumtogetanswersto their own questions or issues.




OR Demystifying ITAF™Chris Anderson, Grant Thornton LLP

The Information Technology Assurance Framework (ITAF™)isaroadmapforISauditorstomakeeffective use of IsACA (and other relevant standard settingbodies)standardsandguidelinesinperforming IT audits in a consistent, high-quality manner.

This session will review ITAF™ at a high level, show participants how it ‘plugs in conceptually’ to internal andexternalauditsandbrieflyworkthroughanexample of how to use ITAF™ in performing an audit on an important IT process.

OR Strategies for Securing the CloudReza Kopaee, RiskView Inc.

service models including applications, platforms, and infrastructure are some of the areas where an organizationcanleveragethebenefitsofthecloud.However,benefitscomewiththeirfairshareofsecurity risks. network dependency, complexities ofhybridsystems,reliabilityandcrossborderlegalimplications increase the complexities of adapting to the cloud. Infrastructure, security framework and the type of cloud configuration can significantly influence security from a privacy, compliance and legal stand point. In addition, evolving risks, new threats,financialbudgetconstraintsandalackofskilled and experienced personnel create significant challenges to mitigate these risks. Are you up to the challenge?

Thissessionwillexplorecurrentstrategiesandbestpracticesonhowtosecurethe“CLOUD”


4:00 pm Security, Risk and 21st Century Technology: A Tabletop ExerciseAlbert J. Marcella, Business Automation Consultants, LLC

do you ever wonder what the future of insider threatswilllooklike?Willyouoryourorganizationbeprepared?Thisclosingsessionwillchallengeyour audit and control expertise, test your technical andeconomicjudgmentandplaceyousquarelyinthecommandhotseat.Bringwhatyouknow.Usewhat you learned at the Conference. don’t attend this session if you wish to relax, wrap up your day and expect to listen to an hour of summary comments.Youcan’tbeapassiveattendeeinthissession. You are the session!

5:00 pm CONFERENCE CONCLUDES

Day 3 • Thursday, March 28, 2013

Optional Post-Conference Workshop

7:30 am REGISTRATION AND CONTINENTAL BREAKFAST

8:30 am Introduction to COBIT 5Workshop Leader: Barry Lewis, Cerberus ISC Inc.

This one-day workshop provides an overview of COBIT5,ISACA’snewgovernanceframework.Theworkshop will provide existing practitioners and potentialnewCOBITusersexcellentinsightintothenewframeworkandexplainthedifferencesbetweenCOBIT4.1andCOBIT5.

Aftercompletingthisworkshop,attendeeswillbeableto:• discusshowITmanagementissuesaffect

organizations• understandtheprinciplesoftheGovernance

of enterprise IT and explain the differences betweenmanagementandgovernance

• assesshowtheCOBIT5ProcesseshelpguidethecreationofthefivebasicPrinciplesandthesevenGovernanceandManagementEnablers

• discusstheCOBIT5EnablerGuide,includingtheGoalsCascadeandtheProcessReferenceModel.

• describethebasicsofhowtoimplement COBIT5

• understandthedifferencesbetweenCOBIT4.1 andCOBIT5andwhattoconsiderwhentransitioning

• explainthebenefitsofusingCOBIT5

Who Should Attend?• currentCOBIT4.1usersneedingtodecide

whethertheywanttoadoptCOBIT5• newtoCOBITandwanttolearnmoreabout

COBIT5• ITprofessionalsworkinginaudit,assurance,risk,

security and governance

BarryLewis,CISM,CGEIT,CRISC,CISSP,Cerberus,isone of north America’s pre-eminent experts in the informationsecurityfield.Since1980hehasbeeninvolved in the security field, designing, developing and implementing security measures from high-level standards to detailed technical security controls.

BarryreceivedtheprestigiousJohnKuyersBestSpeaker/ConferenceContributorAwardattheIsACA 2008 International CACs Conference.

Workshop Leader: Craig R. McGuffin, C.R. McGuffin Consulting Services

This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skillsneededbyallinformationtechnologyauditors.You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.

Topics covered include overall IT audit planning and objectives,aswellasauditriskassessment.We’llalso examine the wide range of controls needed for managing the IT function, system development/acquisition and implementation, IT operations, logical andphysicalsecurityandbusinessresumption/disasterrecovery.Includedarethevitalbusinessprocess controls found within specific financial tracking and reporting systems. In addition, we will consider important technology components IT auditors must beabletounderstand,useandevaluate.

Keytopicsinclude:• understandingITauditrisksanddefiningauditscope• internalcontrolconceptsandtheroleofcomputer

control standards• generalcontrolsprotectingtheITenvironment• businessprocesscontrolscoveringspecificfinancial

systems• communicatingauditfindings

Yourunderstandingwillbefacilitatedbydemonstrationsand discussions of current technology and audit techniques to help reinforce the key concepts. After completingtheworkshop,youwillbeabletotake part in many types of IT audit assignments and have asolidfoundationonwhichtocontinuetobuildyouraudit expertise.

Workshop Leader Craig McGuffin,CA,CISA,CISM,CGEIT,CRISC,PrincipalofC.R.McGuffinConsultingServices,hasmorethan25yearsofexperienceinthefieldofcomputerandnetworkcontrolsandsecurity.Hehasabackgroundincomputerscience and has worked as an information systems auditor, security consultant and securitymanager,obtainingexperienceinallmajorcomputingandnetworkingenvironments.Healsoistheco-authoroftwobooksonnetworkingtechnology.

Craig is an award-winning and extremely popular speaker on the use of computer technology, controls and security, delivering core knowledge and practices through university courses, training seminars and conferences on six continents. he frequently presentsonbehalfofISACA,IIA,andCICA.

Fundamentals of IT Audit – A Three-Day Workshop

March 26-28, 2013 • The Westin Harbour Castle – Toronto, ON

Workshop runs from 8:30 a.m. to 4:30 p.m., each day with continental breakfast available at 7:30 a.m.

FOr The MOsT CurrenT InFOrMATIOn And TO regIsTer, vIsIT: www.cpd.cica.ca/ITAudit 9

Attend this workshop and get a solid foundation to continue to build your IT audit expertise.





OR Demystifying ITAF™Chris Anderson, Grant Thornton LLP

The Information Technology Assurance Framework (ITAF™)isaroadmapforISauditorstomakeeffective use of IsACA (and other relevant standard settingbodies)standardsandguidelinesinperforming IT audits in a consistent, high-quality manner.

This session will review ITAF™ at a high level, show participants how it ‘plugs in conceptually’ to internal andexternalauditsandbrieflyworkthroughanexample of how to use ITAF™ in performing an audit on an important IT process.

OR Strategies for Securing the CloudReza Kopaee, RiskView Inc.

service models including applications, platforms, and infrastructure are some of the areas where an organizationcanleveragethebenefitsofthecloud.However,benefitscomewiththeirfairshareofsecurity risks. network dependency, complexities ofhybridsystems,reliabilityandcrossborderlegalimplications increase the complexities of adapting to the cloud. Infrastructure, security framework and the type of cloud configuration can significantly influence security from a privacy, compliance and legal stand point. In addition, evolving risks, new threats,financialbudgetconstraintsandalackofskilled and experienced personnel create significant challenges to mitigate these risks. Are you up to the challenge?

Thissessionwillexplorecurrentstrategiesandbestpracticesonhowtosecurethe“CLOUD”


4:00 pm Security, Risk and 21st Century Technology: A Tabletop ExerciseAlbert J. Marcella, Business Automation Consultants, LLC

do you ever wonder what the future of insider threatswilllooklike?Willyouoryourorganizationbeprepared?Thisclosingsessionwillchallengeyour audit and control expertise, test your technical andeconomicjudgmentandplaceyousquarelyinthecommandhotseat.Bringwhatyouknow.Usewhat you learned at the Conference. don’t attend this session if you wish to relax, wrap up your day and expect to listen to an hour of summary comments.Youcan’tbeapassiveattendeeinthissession. You are the session!

5:00 pm CONFERENCE CONCLUDES

Day 3 • Thursday, March 28, 2013

Optional Post-Conference Workshop

7:30 am REGISTRATION AND CONTINENTAL BREAKFAST

8:30 am Introduction to COBIT 5Workshop Leader: Barry Lewis, Cerberus ISC Inc.

This one-day workshop provides an overview of COBIT5,ISACA’snewgovernanceframework.Theworkshop will provide existing practitioners and potentialnewCOBITusersexcellentinsightintothenewframeworkandexplainthedifferencesbetweenCOBIT4.1andCOBIT5.

Aftercompletingthisworkshop,attendeeswillbeableto:• discusshowITmanagementissuesaffect

organizations• understandtheprinciplesoftheGovernance

of enterprise IT and explain the differences betweenmanagementandgovernance

• assesshowtheCOBIT5ProcesseshelpguidethecreationofthefivebasicPrinciplesandthesevenGovernanceandManagementEnablers

• discusstheCOBIT5EnablerGuide,includingtheGoalsCascadeandtheProcessReferenceModel.

• describethebasicsofhowtoimplement COBIT5

• understandthedifferencesbetweenCOBIT4.1 andCOBIT5andwhattoconsiderwhentransitioning

• explainthebenefitsofusingCOBIT5

Who Should Attend?• currentCOBIT4.1usersneedingtodecide

whethertheywanttoadoptCOBIT5• newtoCOBITandwanttolearnmoreabout

COBIT5• ITprofessionalsworkinginaudit,assurance,risk,

security and governance

BarryLewis,CISM,CGEIT,CRISC,CISSP,Cerberus,isone of north America’s pre-eminent experts in the informationsecurityfield.Since1980hehasbeeninvolved in the security field, designing, developing and implementing security measures from high-level standards to detailed technical security controls.

BarryreceivedtheprestigiousJohnKuyersBestSpeaker/ConferenceContributorAwardattheIsACA 2008 International CACs Conference.

Workshop Leader: Craig R. McGuffin, C.R. McGuffin Consulting Services

This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skillsneededbyallinformationtechnologyauditors.You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.

Topics covered include overall IT audit planning and objectives,aswellasauditriskassessment.We’llalso examine the wide range of controls needed for managing the IT function, system development/acquisition and implementation, IT operations, logical andphysicalsecurityandbusinessresumption/disasterrecovery.Includedarethevitalbusinessprocess controls found within specific financial tracking and reporting systems. In addition, we will consider important technology components IT auditors must beabletounderstand,useandevaluate.

Keytopicsinclude:• understandingITauditrisksanddefiningauditscope• internalcontrolconceptsandtheroleofcomputer

control standards• generalcontrolsprotectingtheITenvironment• businessprocesscontrolscoveringspecificfinancial

systems• communicatingauditfindings

Yourunderstandingwillbefacilitatedbydemonstrationsand discussions of current technology and audit techniques to help reinforce the key concepts. After completingtheworkshop,youwillbeabletotake part in many types of IT audit assignments and have asolidfoundationonwhichtocontinuetobuildyouraudit expertise.

Workshop Leader Craig McGuffin,CA,CISA,CISM,CGEIT,CRISC,PrincipalofC.R.McGuffinConsultingServices,hasmorethan25yearsofexperienceinthefieldofcomputerandnetworkcontrolsandsecurity.Hehasabackgroundincomputerscience and has worked as an information systems auditor, security consultant and securitymanager,obtainingexperienceinallmajorcomputingandnetworkingenvironments.Healsoistheco-authoroftwobooksonnetworkingtechnology.

Craig is an award-winning and extremely popular speaker on the use of computer technology, controls and security, delivering core knowledge and practices through university courses, training seminars and conferences on six continents. he frequently presentsonbehalfofISACA,IIA,andCICA.


March 26-28, 2013 • The Westin Harbour Castle – Toronto, ON

Workshop runs from 8:30 a.m. to 4:30 p.m., each day with continental breakfast available at 7:30 a.m.

FOr The MOsT CurrenT InFOrMATIOn And TO regIsTer, vIsIT: www.cpd.cica.ca/ITAudit 9

Attend this workshop and get a solid foundation to continue to build your IT audit expertise.


11FOr The MOsT CurrenT InFOrMATIOn And TO regIsTer, vIsIT: www.cpd.cica.ca/ITAudit10

Please register me for the following:

q Conference* ONLY(March26-27) $1,295 $ ______________

q Conference* PLUS Post-Conference Workshop(March26-28) $1,695 $ ______________

q Post-Conference Workshop ONLY(March28) $645 $ ______________

*Conference registration includes online access to recorded presentations. (Online access will be available approximately 6-8 weeks post-event.)

OR

q Fundamentals of IT Audit – A Three-day Workshop(March26-28) $1,495 $ ______________ (Conference or online access to conference sessions not included.)

plus13%HST $ ______________

GST/HST#R106861578RT0001QST#1010544323TQ0001SS TOTAL PAYMENT $ ______________

FirstName(preferred) _______________________________________________ MiddleInitial(s) __________________

BadgeName(ifdifferentfromabove) ____________________________________________________________________

surname ____________________________________________________________________________________________

Designation(s) _______________________________________________________________________________________

Title ________________________________________________________________________________________________

Firm/employer _______________________________________________________________________________________

department __________________________________________________________________________________________

BusinessAddress _____________________________________________________________________________________

City ______________________________________ Province ________________ PostalCode _____________________

BusinessPhone ____________________________________ BusinessFax ______________________________________

email _______________________________________________________________________________________________

Specialdietaryorotherrequirements(needs,notpreferences): _______________________________________________

YOU MUST HAVE AN ACCOUNT TO REGISTER:

I have an up-to-date account/profile with CICA

q Yes q nO

If NO, visit the CA Store at www.castore.ca and click “my account” (top right-hand corner), and either Login and ensure your profile information is current, or create a profile if you do not have an account.

PAYMENT OPTIONS:

Credit Card: q visa q MasterCard q AMeX

Card no. ___________________________________________

expiry date _________________________________________

name of Cardholder __________________________________

REGISTRATION FORMREGISTRATION INFORMATION AND CONDITIONS:

HOTEL INFORMATION:

The Westin Harbour Castle OneHarbourSquare Toronto, On

Phone416-869-1600, 1-888-625-5144 www.westin.com/Toronto

TheWestinHarbourCastle,TorontoisaCAA/AAAFourDiamondhotellocatedintheheartof downtown Toronto. guests can easily access the city’s most thrilling destinations, from the bustlingfinancialdistricttothelivelyLakeOntariowaterfront.

Hotelreservationsaretheresponsibilityoftheparticipant.Conference/Fundamentals of IT Audit Workshopparticipantscanenjoyarateof$169.00 (plus applicable taxes). early reservations are recommended. After February 28, or until our room block is full, reservations areacceptedonaspaceandrateavailabilitybasis.

Contact starwood reservations at Tel: 1-888-625-5144. Identify yourself as a 2013 Canadian Conference on IT Audit, Governance and Security participant to qualify for the special conference rate.

Tomakeyourreservationson-linegototheconferencewebsiteatwww.cpd.cica.ca/ITAudit and click on venue.

PROGRAM DISCLAIMER:

TheConference/Workshopmaybecancelledandallfeesrefundediftherequiredminimumenrolmentisnotobtained.Thespeakers,topics,programformatandeventsarecorrectatthetime of printing. If unforeseen circumstances occur, CICA reserves the right to alter or delete items from the program, or cancel the Conference/Workshop.

CANCELLATION POLICY:

Ifyouareunabletoattendaneventforanyreason,youmaysubstitute,byarrangementwiththeParticipantCoordinator,someoneelsefromyourorganization,or,youmaycancelupto14calendardayspriortotheeventstartdateforafullrefund.Cancellationsreceivedwithin14calendardaysoftheeventstartdatewillbesubjecttoa$150administrationfee(plusapplicabletaxes).Allcancellationrequestsmustbereceivedby5:00p.m.ETonthedaypriortotheeventstartdate.Refundsarenotavailableafterthatpoint.

PLEASENOTE:Allcancellationsmustbereceivedinwriting,eitherbymailto CICAContinuingEducation,277WellingtonStreetWest,Toronto,ONM5V3H2, Attn:LiliiaDubko,ParticipantCoordinator,orfaxedto(416)204-3415,[email protected].



WAYS TO REGISTER:

REGISTER ONLINE AT:

www.cpd.cica.ca/ITAudit

REGISTER BY PHONE:

416-651-5086 or toll-free 1-888-651-5086

MAIL REGISTRATION FORM AND PAYMENT TO:

CICA Conference Office c/o aNd Logistix 1345 St. Clair Ave. W., 3rd floor Toronto, ON M6E 1C3

Earn the CPD hours you need with low-cost flexible elearning from the CA Learning Centre.hear the latest insights and technical updates from industry and professional services leaders who are experts in their field.

go to www.calearningcentre.caandchoose“E-Learning”

11FOr The MOsT CurrenT InFOrMATIOn And TO regIsTer, vIsIT: www.cpd.cica.ca/ITAudit10

Please register me for the following:

q Conference* ONLY(March26-27) $1,295 $ ______________

q Conference* PLUS Post-Conference Workshop(March26-28) $1,695 $ ______________

q Post-Conference Workshop ONLY(March28) $645 $ ______________

*Conference registration includes online access to recorded presentations. (Online access will be available approximately 6-8 weeks post-event.)

OR

q Fundamentals of IT Audit – A Three-day Workshop(March26-28) $1,495 $ ______________ (Conference or online access to conference sessions not included.)

plus13%HST $ ______________

GST/HST#R106861578RT0001QST#1010544323TQ0001SS TOTAL PAYMENT $ ______________

FirstName(preferred) _______________________________________________ MiddleInitial(s) __________________

BadgeName(ifdifferentfromabove) ____________________________________________________________________

surname ____________________________________________________________________________________________

Designation(s) _______________________________________________________________________________________

Title ________________________________________________________________________________________________

Firm/employer _______________________________________________________________________________________

department __________________________________________________________________________________________

BusinessAddress _____________________________________________________________________________________

City ______________________________________ Province ________________ PostalCode _____________________

BusinessPhone ____________________________________ BusinessFax ______________________________________

email _______________________________________________________________________________________________

Specialdietaryorotherrequirements(needs,notpreferences): _______________________________________________

YOU MUST HAVE AN ACCOUNT TO REGISTER:

I have an up-to-date account/profile with CICA

q Yes q nO

If NO, visit the CA Store at www.castore.ca and click “my account” (top right-hand corner), and either Login and ensure your profile information is current, or create a profile if you do not have an account.

PAYMENT OPTIONS:

Credit Card: q visa q MasterCard q AMeX

Card no. ___________________________________________

expiry date _________________________________________

name of Cardholder __________________________________

REGISTRATION FORMREGISTRATION INFORMATION AND CONDITIONS:

HOTEL INFORMATION:

The Westin Harbour Castle OneHarbourSquare Toronto, On

Phone416-869-1600, 1-888-625-5144 www.westin.com/Toronto

TheWestinHarbourCastle,TorontoisaCAA/AAAFourDiamondhotellocatedintheheartof downtown Toronto. guests can easily access the city’s most thrilling destinations, from the bustlingfinancialdistricttothelivelyLakeOntariowaterfront.

Hotelreservationsaretheresponsibilityoftheparticipant.Conference/Fundamentals of IT Audit Workshopparticipantscanenjoyarateof$169.00 (plus applicable taxes). early reservations are recommended. After February 28, or until our room block is full, reservations areacceptedonaspaceandrateavailabilitybasis.

Contact starwood reservations at Tel: 1-888-625-5144. Identify yourself as a 2013 Canadian Conference on IT Audit, Governance and Security participant to qualify for the special conference rate.

Tomakeyourreservationson-linegototheconferencewebsiteatwww.cpd.cica.ca/ITAudit and click on venue.

PROGRAM DISCLAIMER:

TheConference/Workshopmaybecancelledandallfeesrefundediftherequiredminimumenrolmentisnotobtained.Thespeakers,topics,programformatandeventsarecorrectatthetime of printing. If unforeseen circumstances occur, CICA reserves the right to alter or delete items from the program, or cancel the Conference/Workshop.

CANCELLATION POLICY:

Ifyouareunabletoattendaneventforanyreason,youmaysubstitute,byarrangementwiththeParticipantCoordinator,someoneelsefromyourorganization,or,youmaycancelupto14calendardayspriortotheeventstartdateforafullrefund.Cancellationsreceivedwithin14calendardaysoftheeventstartdatewillbesubjecttoa$150administrationfee(plusapplicabletaxes).Allcancellationrequestsmustbereceivedby5:00p.m.ETonthedaypriortotheeventstartdate.Refundsarenotavailableafterthatpoint.

PLEASENOTE:Allcancellationsmustbereceivedinwriting,eitherbymailto CICAContinuingEducation,277WellingtonStreetWest,Toronto,ONM5V3H2, Attn:LiliiaDubko,ParticipantCoordinator,orfaxedto(416)204-3415,[email protected].



WAYS TO REGISTER:

REGISTER ONLINE AT:

www.cpd.cica.ca/ITAudit

REGISTER BY PHONE:

416-651-5086 or toll-free 1-888-651-5086

MAIL REGISTRATION FORM AND PAYMENT TO:

CICA Conference Office c/o aNd Logistix 1345 St. Clair Ave. W., 3rd floor Toronto, ON M6E 1C3

Earn the CPD hours you need with low-cost flexible elearning from the CA Learning Centre.hear the latest insights and technical updates from industry and professional services leaders who are experts in their field.

go to www.calearningcentre.caandchoose“E-Learning”

Documents

2013 Canadian Conference on IT Audit, Governance and Security · March 26-28, 2013 (Running concurrently with the Conference) Attend our ever-popular three-day workshop and develop