Tuesday, December 8, 2015 Joint ISACA & IIA

Detroit Chapter Meeting

Pre-Dinner Topic: SoD - Segregation of Duties Pre-Dinner Speaker: Kevin Kobelsky, PhD After-Dinner Topic: The Quest for Talent—A View from the Front Line After-Dinner Speakers: Dave Flynn, CPA, CISA Kevin Suksi, CPA Date: December 8, 2015

Time: 4:00 - 4:30 Registration & Networking

4:30 - 5:30 Pre-Dinner Presentation 5:30 - 6:15 Dinner 6:15 - 7:15 After-Dinner Presentation

Location: VisTaTech Center 18600 Haggerty Rd. Livonia, MI 48152 Phone: (734) 462-4610

Cost: Advanced Online Registration Only

$20.00 Members $30.00 Non-Members $10.00 Students and Retirees

Walk-In Fees $40.00 Member $50.00 Non-Member $10.00 Students and Retirees

PRESIDENT VICE PRESIDENT TREASURER SECRETARY Linda Kearney CISA, CIA, CIPP-US Keith Cheresko JD, CIPP/US/IT Greg Boehmer CISA, CIA, CFE, CGEIT Juman Doleh-Alomary MScE, CISA, Fiat Chrysler Automobiles Privacy Associates Int’l LLC CISSP, CISM, CRISC, CRMA, PMP CISM, CRISC, ISO27001 presidentisacadetroit@gmail.com vpresidentisacadetroit@gmail.com Deloitte & Touche Wayne State University treasurerisacadetroit@gmail.com secretaryisacadetroit@gmail.com

VOLUME 30 # 4 REGION 4 CHAPTER 8

DATABYTE

NOTE: Online registration ends at noon on Thursday, December 3, 2015 and must be paid in full.

DIRECTORS

Brad Barton, CISA Lear Corporation 248-707-9372

Derrick Buckingham, CISA, CISSP, CISM, CRISC Detroit Medical Center 313-729-8816

Doug Copley, CISA, CISM Beaumont Health Systems 247-733-7337

Michele M. Dawson, CPA, CISA Beaumont Health Systems 734-637-9270

Michael A. Forrest, CISA, CGEIT Flagstar Bank 248-312-5435

Ryan Hodges, CISA, CISSP Deloitte & Touche 248-953-1151

Bhaskar Kakulavarapu, CISSP, CISM Comerica 248-925-7001

Brenda L. Karl, CISA, CGEIT, CRISC Orion Solutions Group 248-977-6526

D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246

Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224

Malini Sarma, CISA General Motors 313-667-2878

Carrie Schrader, CISA, CBM, CFE, CGEIT, CRISC GM Financial 586-817-8590

Melvin B. Taylor, CISA, CISM mbtaylor10@comcast.net 248-761-5671

Doug Wahr, CFE, CISA, CRMA, CISSP Auto Club Group (AAA) 313-436-7277

Manish Zaveri, CISA, CPA Delphi Corporation 248-888-9090

2

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Dear Detroit Chapter Members,

Hello Everyone!!! It is hard to imagine that the holidays are already up-on us. We have just completed our November meet-ing with two dynamic speakers. The first was Barba-ra McQuade, the U.S. Attorney for the Eastern District of Michigan, who presented the benefits of working with the Federal Law Enforcement Agencies in the event of a security incident. She spoke about how

their offices could help by bringing in their own resources to aid in the investigation and could work with other countries through extradition orders to bring fugitives back to the United States. When intellectual property is used as evidence in a jury trial, their office can help safe-guard the information through the use of a protective order. She gave a couple of automotive examples where this process was successfully utilized. After hearing her speak, we can certainly understand why companies would want to engage their resources. Our second speaker, Lizz Glenn from Dale Carnegie, demonstrated the use of pictures in a story as a tool to remember the steps in striking up a conversation. These pictures included a doormat, a house, a family with a cat chasing a dog, and more. This technique helps us to remember to engage the individual we are speaking to in order to find out more about their name, where they live, about their family, and more. She concluded by distributing Dale Carnegie’s Golden Book pamphlets to everyone in attendance. For those of you who were at the meeting, I encourage you to submit your feedback through the chapter survey. The results help us to un-derstand our member needs so that we can better serve you. It should only take a couple of minutes to complete. In addition, we are pleased to announce that we are implementing an automated CPE upload process in December. Therefore, once you have received the ISACA CPE Certificate email, be sure to check the ISACA International Web Site by logging into www.isaca.org, selecting “My Certifications”, then selecting “Manage My CPE”. The CPEs from the December Meeting will loaded under Unapplied CPE Hours. All you need to do is to apply them to your certification. These instruc-tions will be included in the email. The CPEs will continue to be avail-able in pdf form for those of you who require them for other certifica-tions. While we are on the topic of CPEs, I wanted to make everyone aware that our CPEs do not adhere to the NASBA / AICPA standards. If this would be of benefit to you, please send me an email. If we have enough members who are interested, we will pursue this further. Our next meeting is at the VisTaTech Center at SchoolCraft Col-lege. Because this is a joint meeting with the IIA, it will be held on Tuesday, December 8, so be sure to mark your calendars. I am look-ing forward to seeing everyone there!!! As always, if you have a suggestion or wish to volunteer, please do not hesitate to contact me or any other member of the Board. I can be reached during the monthly meetings or by sending me an email at presidentisacadetroit@gmail.com. I look forward to seeing you at the December meeting!

Linda Kearney, CISA, CIA, CIPP-US ISACA Detroit Chapter President

November Speaker Barbara McQuade with ISACA Program Chair, Malini Sarma

November Speaker Lizz Glenn with ISACA Program Chair, Malini Sarma

3

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

ADVERTISE IN THE DATABYTE NEWSLETTER

¼ Page $50.00 ½ Page $100.00 Full Page $200.00

Contact Geralyn Jarmoluk at administrator@isaca-det.org

or Mike Forrest at m_forrest@wowway.com

Before Dinner Topic Segregation of Duties (SoD) is a fundamental element of internal

control but there are gaps between the SoD models described in

theory, in the practitioner literature and auditing standards, and in

practice. A new SoD model will be presented that integrates these

and differentiates between primary SoD, which enables detection

of errors, and secondary SoD, which helps organizations maintain a

consistent, repeatable level of internal control. This may provide

an opportunity for organizations to enhance the quality and/or

reduce the cost of internal control in practice.

Before Dinner Speaker Kevin Kobelsky, Ph.D. is Associate Professor of Ac-counting at the University of Michigan-Dearborn Col-lege of Business. D r. Kobelsky holds a Bachelor of Com-merce from the University of Windsor, an M.B.A. from York University, and a Ph.D. from the University of Cali-fornia, Irvine, and previously held appointments at the University of Southern California and Baylor University.

He also has nine years of professional experience as a Chartered Accountant (Canada) and a Certified Information Systems Auditor working in the areas of public accounting, internal auditing and business process reengineering.

Dr. Kobelsky joined the faculty in 2011. He teaches graduate and

undergraduate courses in accounting information systems and

information systems auditing. He has served the Information Sys-

tems section of the American Accounting Association in several

roles including acting as the Annual Meeting Section Program

Chair. He has also served as Group Vice President of the Special

Interest Group for Accounting Information Systems in the Associa-

tion for Information Systems.

After Dinner Topic The Quest for Talent – A View from the Front Line During a re-cent IIA meeting, a panel of audit executives commented on the difficulties in finding and retaining internal audit and IT audit talent in the current market.

Our after dinner speakers, Dave Flynn and Kevin Suksi, deal with

these challenges every day. Their firm, Orion Solutions Group, pro-

vides recruiting, staffing and project services. A significant portion

of their business is focused in the audit and compliance realms.

Dave and Kevin will first provide a presentation on the state of the

market and what candidates are looking for in an opportunity.

This will be followed by a discussion panel consisting of several

professionals who recently took new audit/IT audit roles. The pan-

elists will discuss their experiences from learning about the roles

and what attracted them to consider a change.

After Dinner Speakers Dave Flynn is the President and a founding member of Orion Solutions Group. Dave brings more than 20 years of experience delivering client solutions across a variety of industries including automotive, bank-

Welcome New ISACA Detroit Chapter Members

Alvin Ferdinand Eric Haenke Oshan Weerasinghe Christine LaBelle

Ruiqing Liu Abdullah Obeid Robert Nemeth Brandon Pilcher Sneha Ramakrishna Kenneth Heskett Lauren White Ramanjot Singh Anand Lynette Patterson

ing, insurance, and government. In addition to managing con-sulting and staffing practices, Dave is a hands-on leader with a broad range of project experience across industries and functional areas.

Dave earned his BA in accounting and his MBA from Michigan State University. Dave has earned the CPA and CISA designations, and sits on the boards of Junior Achievement of Southeastern Michigan and the Detroit Chapter of the Institute of Internal Audi-tors. Kevin Suksi is the Vice President and a founding member of Ori-

on Solutions Group. Kevin and his team focus on identifying and recruiting professionals for clients across all our service lines. For more than a decade, Kevin has developed the ability to bring the right person to the table through relationship building, intelligent research, and relentless effort.

Kevin earned his BBA in Accounting from the University of Michi-

gan-Dearborn. Prior to his career as a recruiter, Kevin earned his

CPA license while working at a major regional CPA firm and also

worked in corporate accounting.

Communications Improvement Initiative - Update

Earlier this year we announced a Detroit Chapter initiative to as-sess our communications processes and implement changes to improve on the delivery of membership announcements and up-dates. The ad hoc committee formed to work on this initiative has progressed and we are ready to begin testing changes. To ensure effectiveness, the Communications Committee is asking for volun-teers to help in testing and providing input to the assessment/change process. If you are interested in joining the committee in this effort, please contact Brad Barton, our immediate past presi-dent. Brad can be reached by emailing: pastpresidentisa-cadetroit@gmail.com, or you can contact any of the Board mem-bers to learn more or express you interest in participating.

4

Attend up to 4 Chapter Meetings FREE In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of peers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to four (4) meetings FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registra-tion close for that meeting. Please send the e-mail to Mike Forrest at m_forrest@wowway.com.

The Chapter must provide the number of reservations by 8:00 a.m. on the Monday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can pro-vide the best service possible, please make your reservations prior to noon on Wednesday December 3, 2015. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at Administrator@isaca-det.org, or 248-762-7421 prior to the above noted deadline for refunds. Your cooperation is greatly appreciated. We are very sorry, but reservations not cancelled prior to the above noted deadline cannot be refunded as we are committed to the caterer for the meals ordered.

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

November Chapter Meeting Raffle Winners

John Karpach Kevin Warner Sally Dovitz Pamela Fisher Michele Dawson Dean Chandler David Ganem William Wayland Ashley Fecteau Matthew Locricchio

ISACA Detroit Chapter 2015 - 2016 Programs Schedule

Topic Speaker Company

Tues. Dec. 8 Joint Mtg. w/IIA Pre Dinner Segregation of Duties SoD Kevin Kobelsky PhD U of M Dearborn College of Business

Vista Tech After Dinner The Quest for Talent Dave Flynn & Kevin Suksi Orion Solutions Group

Wed. Jan.20 Pre Dinner Cyber Law Related Melissa Markey Hall, Render, Killian PLLC

Vista Tech After Dinner TBD TBD TBD

Wed. Feb. 17 Pre Dinner TBD TBD TBD

MSU After Dinner TBD TBD TBD

Wed. Mar. 16 Student's Night Pre Dinner TBD TBD TBD

MSU After Dinner TBD TBD TBD

Wed. Apr. 20 Pre Dinner TBD TBD TBD

Vista Tech After Dinner TBD TBD TBD

Wed. May 18 Pre Dinner TBD TBD TBD

MSU After Dinner TBD TBD TBD

The December 8, 2015 Meeting will be held at

VisTaTech Center on the Schoolcraft College Campus East side of Haggerty Road between 6 & 7 Mile Roads

18600 Haggerty Road Livonia, MI 48152 Phone: (734) 462-4610

The ISACA Detroit Chapter Certification Committee Wishes to

Congratulate the Following Newly Certified:

Nicholas Galloway, CISA Ryan McElhone, CISA Mark Jasinski, CISA Lee Cobb, CISA Peter Samoray, CISM Jenina Brown, CISM

The ISACA Detroit Chapter Certification Committee Wishes to Congratulate the Following who Passed the

September 2015 ISACA CISA Certification Exam:

Peter Samoray Jenina Brown

5

2015-2016 ISACA Detroit Chapter Committees

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Academic Relations

Sajay Rai (Chair)

Michele Dawson

Robert Okopny

Bhaskar Kakulavarapu

Manish Zaveri

Ryan Hodges

Certification Brenda Karl (Chair)

Michael Forrest

Michele Dawson

Charles Murray (Non-Board Member)

Facilities

Carrie Schrader (Chair)

Mike Forrest

Linda Kearney

Ryan Hodges

Internet

Ryan Hodges (Chair)

Brad Barton

Juman Doleh-Alomary (Social Media)

Bhaskar Kakulavarapu (Webmaster)

Membership Michael Forrest (Chair)

Brenda Karl

Doug Wahr

Nominating & Audit Sajay Rai (Chair)

Brad Barton

Program

Malini Sarma (Chair)

Doug Copley

Juman Doleh-Alomary

Greg Boehmer

Keith Cheresko

Spring Training Juman Doleh-Alomary (Chair)

Seminars

Manish Zaveri (Chair)

Carrie Schrader

Brad Barton

Doug Wahr

Bylaws, Policies and Pro-cedures

Keith Cheresko (Chair)

Michael Forrest

Doug Wahr

Sajay Rai

Linda Kearney

Melvin Taylor (Chair)

Social Committee Ryan Hodges

Malini Sarma

Ad Hoc Committees

Enhance Member Experience: Michael Forrest, Juman Doleh-Alomary, Malini Sarma

Increase Executive Participation: Linda Kearney

Leverage Social Media: Ryan Hodges, Juman Doleh-Alomary

Volunteers: Brad Barton, Sajay Rai, Melvin Taylor

Spending: Linda Kearney Chair, Sajay Rai, Greg Boehmer

Communications: Brad Barton

BCBSM is looking for highly qualified individuals to join the Blues team. Apply to mibluetalent.com

Some of the areas where BCBSM provides exciting careers are: Blue Cross Blue Shield of Michigan/Detroit/Michigan - Auditor III This position assists management with general supervision in mitigating corporate risk exposures by conducting corporate control assessments of, providing risk education and consulting services to BCBSM, its subsidiaries, vendors, supplier and con-tractors of the company. Candidate must be able to perform audits and reviews which include identifying risks and controls to mitigate risk, testing of controls, writing audit reports and conducting exit conference meetings. Financial audit experi-ence, knowledge of data analytic tools (i.e. ACL, SAS) and continuous auditing is preferred. B.A. required and advanced degree preferred. Five years related work experience required, which includes 3 (three) years of auditing experience. Blue Cross Blue Shield of Michigan/Detroit/Michigan - IT Auditor I This position assists management with general supervision in mitigating corporate risk exposures by conducting IT control audits and IT advisory services. Candidate must be able to per-form IT audits and reviews on information security, applica-tions, operating systems, networks, and IT governance con-trols. Knowledge of data analytic tools (i.e. ACL, SAS) and continuous auditing is preferred. Must have strong communi-cation skills. Two years of experience in IT Auditing or related IT experience required. Blue Cross Blue Shield of Michigan/Detroit/Michigan - IT Auditor II Project Risk and Advisory Services These positions assists management with general supervision in mitigating corporate risk exposures by conducting IT control and project implementation assessments. Candidates must be able to function as skilled project advisors able to identify, as-sess, and effectively communicate risks affecting large corpo-rate implementations and initiatives as well as provide recom-mendations for mitigation. Knowledge of traditional IT audit, project management, and IT governance related to large scale project system implementations is preferred. Must have strong communication skills. Three plus years of related work experi-ence preferred. Note – Certifications strongly preferred.

6

DATABYTE Geralyn Jarmoluk, Editor

P.O. Box 43 Romeo, MI 48065

DATABYTE

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Spring Training Chapter News The Detroit Chapters of IIA and ISACA are proud to co-sponsor the 17th Annual Spring Training. Once again the Spring Training Committee has ob-tained some of the top trainers in auditing from around the country to provide their personal expertise to our members. As you all know, this is our 17th year for the training and it has gained out-of-state recognition. Do not miss your opportunity to get the training you need. A number of clas-ses sell out each year! Don't miss out on the opportunity to network with your peers, enhance your skills, and learn about new products and ser-vices in the marketplace. Please click the following link to view and/or print the Spring Conference brochure: IIA and ISACA Spring Training Brochure Register today at: IIA & ISACA Spring Training Registration The Spring Training Committee

December 8, 2015 Menu Chef’s Choice Fresh baked rolls, butter, relish tray and coffee included. Two alcoholic drinks limit (beer & wine only); no other liquor available.

TRACK

MON APRIL 4

TUES APRIL 5

WED APRIL 6

A Coaching for Enhanced

Performance (Don Levonius)

Driving Change Without Running Others Over

(Don Levonius)

Leading with Integrity and Authenticity

(Don Levonius)

B Enterprise Risk Management

(Paul Zikmund)

Lessons from Real Fraud Examinations: Case Studies

(Paul Zikmund)

Internal Audit’s Role in Fraud Risk Management (Paul Zikmund)

C Emotional Intelligence: The Heart of Leadership

(Dr. Keith Levick)

Managers to Leaders (Dr. Keith Levick)

Conflict Management (Dr. Keith Levick)

D Best Practices in Internal

Auditing (Dr. James Roth)

How to Evaluate the Risk and Control Culture (Dr. James Roth)

E Advanced Auditing for In-Charge Auditors

(Kathleen Crawford)

F Using Risk Assessment to Build Individual Audit Programs

(Greg Duckert)

G Internal Audit University (Dr. Hernan Murdock)

H Introduction to Incident Response

(Mary Siero)

I Virtualization Security & Audit

(John Tannahill) Cloud Management and Security

(John Tannahill)

J Is Your Data Really Se-

cure?...13 Ways to Avoid Cyber Data Leaks (Ken Cutler)

Cyber Audits of Identity and Access Control Management (Ken Cutler)

K Auditors Role in IT

Governance (Mitch Levine) Auditing Disaster Recovery & Business Continuity Planning

(Mitch Levine)

L Safeguarding Critical Assets

(Sajay Rai) Introduction to Information Security for IT Auditors

(Sajay Rai)