Embed Size (px)
Citation preview
Data Analytics
CITI
388 Greenwich Street Greenwich Rooms New York City, NY
March 28, 2013
Dear ISACA NY Metro Member: On behalf of our Board of Directors, I'd like to welcome you to our 2013 Spring Conference. We have been holding Spring and Fall conferences for over two years, as a way to supplement our Membership and Education plan. And, thanks to you, and the hard work of our Membership Committee, our conferences have continued to grow and receive positive accolades. Our next membership event will be our Annual Gala, held on June 20 at the Union League Club in Midtown. This is where we announce our 2013-2014 Board of Directors and bestow the prestigious Wasserman Award to this year's winner, for doing the most for the profession. It's a top-notch event with an open bar and hors d'oeuvres, a sit-down dinner and plenty of networking opportunities. Details will be posted on our website soon. In fact, I'm meeting with our Past President's and previous Wasserman Award winners today, during this conference, to discuss the candidates who were nominated and obtain their vote for the recipient. I'll be sure to be at our Membership meeting which follows, and will look forward to seeing you all then. Thank you for all your support today, and throughout the year. We couldn’t be the organization we are today without a strong and dynamic membership. I hope you enjoy today's event and we’re already planning plenty more for the Summer and Fall so stay tuned. All the best, James C. Ambrosini CISA, CISSP, CFE, CRISC ISACA New York Metropolitan Chapter President
The ISACA New York Metropolitan Chapter’s Board of Directors and Membership Committee would like to thank the sponsors and speakers for contributing to this event. Their support and participation in the Spring Conference 2013 is very much appreciated.
President’s Message
Thank You to Our Sponsors and Speakers
1:30 – 2:00 Registration, Exhibits, Networking
2:00 – 2:15 Welcome to Spring Conference 2013 Introduction to Data Analytics
Michael Cangemi, CPA, President and CEO - Cangemi Company LLC
2:15 – 2:45 The Use of Data Analysis Technology in Auditing Qi Liu, Ph.D. Candidate at Rutgers Business School Data analysis is used by auditors in each stage in the audit cycle. While it could theoretically be performed manually, it is most effective when implemented using data analysis technology. This presentation will discuss how data analysis technologies facilitate the successful completion of audit objectives. The application of two widely used tools, ACL and IDEA, will be demonstrated, and advanced technologies will be introduced.
2:45 – 3:15 Data Analytics in Information Risk Management – Deployment Example Ted A., Risk Strategy, Technology Risk Management - BNY Mellon Jonathan Ruf, Risk Strategy, Technology Risk Management - BNY Mellon
As a multi-national financial services firm with trillions in assets under management and custody, managing information risk is a fiduciary requirement. A data analytics project is underway to improve Information Risk Management. This includes standardization and automation, but the key deliverable is point-in-time risk assessment and near-time IT control information. Improved visibility into current technology risk is the goal.
3:15 – 3:30 Break and Exhibits
3:30 – 4:00 Using Big Data to Align IT Security with Business Risk Mark Seward, Senior Director of Security and Compliance Solutions - Splunk Inc.
Security teams realize the future of security lies in using data for behavioral analysis of both people and systems. To know what's normal from what's not, security teams need to apply new thinking to level the playing field between attacker and defender and apply big data solutions and thinking. This session presents a new systematic approach to using big data to better align with business risk and examples of big data thinking.
4:00 – 4:30 Security Risk Analytics – Metrics That Matter Huzefa Olia, Director of Pre-Sales - Brinqa
Today’s enterprise risk professionals need to turn all types of risk data, structured and unstructured, across the enterprise into actionable information. A good risk analytics platform aggregates risk data from any source, has a flexible correlation engine, and a robust reporting framework for executive level views. Large enterprises can turn their risk data into information that matters and remediate risk before it becomes a costly issue.
4:30 – 4:45 Data Analytics – Barriers to Entry and Maturity Model Jose Ortiz, Head of Technology Audit – TD Ameritrade
This session recaps data analytics terminology, discusses barriers to implementing data analytics and presents an illustrative data analytics maturity model.
4:45 – 5:25 Panel Discussion Moderated by Michael Cangemi, CPA, President and CEO - Cangemi Company LLC
Alexander Abramov, IT Governance, Risk and Compliance Anthony Noble, Vice President of Internal Audit - Viacom Inc. Miklos A. Vasarhelyi, PH.D., Professor - Rutgers University Edward Zimmer, Director, Internal Audit Department - Citigroup
5:25 – 5:30 Raffle and Closing Remarks
Agenda
Ted A. manages the Risk Strategy team within Technology Risk Management for BNY Mellon. This includes initiatives to centralize, standardize, and streamline TRM services in an effort to reduce complexity, improve operational efficiency and focus remediation efforts. Risk Strategy also addresses the alignment of TRM to the overall enterprise strategies, information technology, and business objectives. Deploying a risk analytics solution is currently a top priority for the team. Ted has 13 years of experience in Information Risk Management and Information Technology at various financial services firms. This has included risk assessment, CERT, forensics, penetration testing, business continuity/disaster recovery, and hands-on technology deployment and administration. ________________________________________________________________________________________ Alexander Abramov has over 20 years of experience in IT Governance, Risk, Compliance, and Audit. He helps organizations to create risk-based and cost -effective IT Governance frameworks to protect company information assets and achieve compliance with applicable regulatory requirements. His experience includes Technology Risk Controller at JP Morgan, and Practice Leader for IT Governance and Compliance at Ernst & Young. Mr. Abramov is Certified Information Security Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC). Currently he serves on the ISACA New York Metropolitan Board of Directors and is Chair of Corporate Relations Committee. ________________________________________________________________________________________ Michael P. Cangemi CPA, author and business advisor is the former President, Chief Executive Officer and Director of Etienne Aigner Group, Inc., and former President and Chief Executive Officer of Financial Executives International. He currently serves as President of Cangemi Company LLC, which has a significant focus on Continuous Monitoring and Auditing. Mr. Cangemi is a Senior Advisor to Oversight Systems and CaseWare RSM. He serves on the Rutgers Continuous Audit Advisory Board (Founding Member), FEI’s Committee on Finance& Technology, the EDPACS Editorial Advisory Board, and the SOX&GRC Institute Advisory Board. He recently published “The Internal Auditors Role in Continuous Monitoring” (EDPACS 2010) and “The Benefits of CM”, a significant research project for C level executives, published in summer 2011by FEI’s research foundation FERF. ________________________________________________________________________________________ Qi Liu is a PhD candidate in the Accounting Information Systems Program at Rutgers Business School. Her current research includes continuous auditing, fraud detection and text mining. At Rutgers, Qi has taught several graduate courses in Audit Analytics, and Advanced Auditing and Information Systems. Qi has a Bachelors Degree in E-commerce/Law from Wuhan University in China, and a Master Degree in Management from Conservatoire National des Arts et Métiers (CNAM) in France. ________________________________________________________________________________________ Anthony Noble is Vice President of Internal Audit at Viacom Inc. He was a member of the development team for the ISACA white paper on “Data Analytics – A Practical Approach.” Anthony is currently a member of the ISACA Framework Committee and is the Chair of the "COBIT 5 for Assurance Guide" Task Force which is due to be published in April/May 2013. ________________________________________________________________________________________ Jose Ortiz CGEIT CISA CISSP CRISC CRMA is head of Technology Audit for TD Ameritrade Broker/Dealer. He is responsible for all technology application and infrastructure audits and the data analytics program for the Corporate Audit Department. Jose is the owner of Ideal Convergence LLC, a Risk Management and Technology Services company focusing on Risk Management, Audit Assurance, and Consultation Services for small businesses in the technology Industry. Jose is a Registered Representative and General Securities Principal (Series 7, 62 and 24).
Speakers
Huzefa Olia is currently in the role of Director of Pre-Sales with Brinqa, a leader in Risk Analytics solutions. He is responsible for leading the pre-sales division and driving revenue growth via direct services sales as well as working through channel partners. Huzefa thought leadership in the Risk Management space is a result of extensive experience and interactions with some of the largest global companies. As a result of this experience, Huzefa has been instrumental in analyzing the complex security challenges faced by prospects and customers today. He brings over 10 years of experience from similar roles at Oracle, Sun Microsystems and Vaau. Huzefa is based in the greater New York area. ________________________________________________________________________________________ Jonathan Ruf is Vice President for BNY Mellon where he is responsible for initiatives to centralize, standardize, and streamline TRM services in an effort to reduce complexity, improve operational efficiency and focus remediation efforts. Deploying a risk analytics solution is currently a top priority. Jonathan has 12 years of experience in Information Risk Management and Information Security at various financial instructions. This has included Identity and Access Management, Application Security, Ethical Hack, Vendor Risk Management, and, Technology Risk Assessments. ________________________________________________________________________________________ Mark Seward CISA is currently Senior Director of Security and Compliance at Splunk Inc and has over 12 years of experience in the IT security management profession as a security practitioner and security product manager. Mark’s specialties include experience delivering services through a managed security services provider, log management, and software-as-a-service (SaaS) vulnerability management. His main focus is highlighting security as a factor in managing financial and reputational risk as well as healthcare data analytics. Mark has a Master’s of Science in Information Technology and a US Federal CIO certification from the University of Maryland. ________________________________________________________________________________________ Miklos A. Vasarhelyi [Ph.D in MIS (UCLA) MBA (MIT) and BS in Economics and Electrical Engineering (the State University of Guanabara and Catholic University of Rio de Janeiro)]. Professor Vasarhelyi is the KPMG Professor of Accounting Information Systems and Director of the Continuous Auditing and Reporting Laboratory (CARLAB) at Rutgers University, and also the Technology Consultant at the AT&T Laboratories. He has taught executive programs to many large international organizations including GE, J&J, Eli Lilly, Baxter, ADL, Volvo, Siemens, and Chase Bank. Prof. Vasarhelyi is the editor of the Artificial Intelligence in Accounting and Auditing series and two academic journals, and has published more than 200 articles and 20 books. He is credited with the original continuous audit application and as the leading researcher in this field. In 2011, Prof. Vasarhelyi received ISACA’s Wasserman award and was named Educator of the Year by the AAA, IS section. ______________________________________________________________________________________ Edward Zimmer has over thirty years of audit experience evaluating technology risk and controls for financial services firms. Currently, at Citigroup’s Internal Audit Department, he has responsibility for Institutional Client Group technical audits, and the development of automated tools to enhance audit’s efficiency and effectiveness. The use of Analytics is a priority goal for Internal Audit. Key areas of focus include the analysis of large data populations to test the effectiveness of automated controls, the identification of transaction outliers, and the evaluation of key risk indicator trends to identify potential emerging risks and controls weaknesses. Ed has a BS in Accounting and a MBA in Management Information Systems, both from St. John’s University.
Speakers
Conference and Refreshment Sponsor The Integrated Risk Analytics Platform Brinqa provides enterprises and government agencies with an integrated risk analytics platform for aggregation of risk data in large complex environments. The solution delivers insightful analysis and intelligent reporting for informed decisions
and improved operational effectiveness. Brinqa’s offering is the most comprehensive available on the market today, based on our forward-thinking vision of a centralized, fully automated, and re-usable risk analytics platform. Target solutions include, Risk Management, Risk Analytics, Security Risk Analytics, Privacy Management, Vendor Risk Management and IT Operations Management. http://www.brinqa.com | [email protected]
________________________________________________________________________________________________________________________________________________
Conference Sponsor
Splunk Inc. provides the engine for machine data™. Splunk® software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks and mobile devices that power business. Over 4,800 customers use Splunk Enterprise to gain Operational Intelligence to improve uptime, reduce cost and mitigate cyber-security risk.
http://www.splunk.com
________________________________________________________________________________________________________________________________________________
Conference Sponsor
CaseWare is an industry leader in providing technology solutions for audit professionals, with over 400,000 users worldwide. IDEA® is a leading data analysis solution designed to extend auditing capabilities and detect fraud. Monitor™ is a continuous controls monitoring solution that allows business users and auditors to monitor any automated system. http://www.caseware.com/idea http://www.caseware.com/products/monitor
Sponsors
