databyte - information assurance | isaca · more. she concluded by distributing dale carnegie’s...
TRANSCRIPT
Tuesday, December 8, 2015 Joint ISACA & IIA
Detroit Chapter Meeting
Pre-Dinner Topic: SoD - Segregation of Duties Pre-Dinner Speaker: Kevin Kobelsky, PhD After-Dinner Topic: The Quest for Talent—A View from the Front Line After-Dinner Speakers: Dave Flynn, CPA, CISA Kevin Suksi, CPA Date: December 8, 2015
Time: 4:00 - 4:30 Registration & Networking
4:30 - 5:30 Pre-Dinner Presentation 5:30 - 6:15 Dinner 6:15 - 7:15 After-Dinner Presentation
Location: VisTaTech Center 18600 Haggerty Rd. Livonia, MI 48152 Phone: (734) 462-4610
Cost: Advanced Online Registration Only
$20.00 Members $30.00 Non-Members $10.00 Students and Retirees
Walk-In Fees $40.00 Member $50.00 Non-Member $10.00 Students and Retirees
PRESIDENT VICE PRESIDENT TREASURER SECRETARY Linda Kearney CISA, CIA, CIPP-US Keith Cheresko JD, CIPP/US/IT Greg Boehmer CISA, CIA, CFE, CGEIT Juman Doleh-Alomary MScE, CISA, Fiat Chrysler Automobiles Privacy Associates Int’l LLC CISSP, CISM, CRISC, CRMA, PMP CISM, CRISC, ISO27001 [email protected] [email protected] Deloitte & Touche Wayne State University [email protected] [email protected]
VOLUME 30 # 4 REGION 4 CHAPTER 8
DATABYTE
NOTE: Online registration ends at noon on Thursday, December 3, 2015 and must be paid in full.
DIRECTORS
Brad Barton, CISA Lear Corporation 248-707-9372
Derrick Buckingham, CISA, CISSP, CISM, CRISC Detroit Medical Center 313-729-8816
Doug Copley, CISA, CISM Beaumont Health Systems 247-733-7337
Michele M. Dawson, CPA, CISA Beaumont Health Systems 734-637-9270
Michael A. Forrest, CISA, CGEIT Flagstar Bank 248-312-5435
Ryan Hodges, CISA, CISSP Deloitte & Touche 248-953-1151
Bhaskar Kakulavarapu, CISSP, CISM Comerica 248-925-7001
Brenda L. Karl, CISA, CGEIT, CRISC Orion Solutions Group 248-977-6526
D. Robert Okopny, PhD, CIA, CFE, CMA Eastern Michigan University 734-487-0246
Sajay Rai, CPA, CISSP, CISM Securely Yours LLC 248-723-5224
Malini Sarma, CISA General Motors 313-667-2878
Carrie Schrader, CISA, CBM, CFE, CGEIT, CRISC GM Financial 586-817-8590
Melvin B. Taylor, CISA, CISM [email protected] 248-761-5671
Doug Wahr, CFE, CISA, CRMA, CISSP Auto Club Group (AAA) 313-436-7277
Manish Zaveri, CISA, CPA Delphi Corporation 248-888-9090
2
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Dear Detroit Chapter Members,
Hello Everyone!!! It is hard to imagine that the holidays are already up-on us. We have just completed our November meet-ing with two dynamic speakers. The first was Barba-ra McQuade, the U.S. Attorney for the Eastern District of Michigan, who presented the benefits of working with the Federal Law Enforcement Agencies in the event of a security incident. She spoke about how
their offices could help by bringing in their own resources to aid in the investigation and could work with other countries through extradition orders to bring fugitives back to the United States. When intellectual property is used as evidence in a jury trial, their office can help safe-guard the information through the use of a protective order. She gave a couple of automotive examples where this process was successfully utilized. After hearing her speak, we can certainly understand why companies would want to engage their resources. Our second speaker, Lizz Glenn from Dale Carnegie, demonstrated the use of pictures in a story as a tool to remember the steps in striking up a conversation. These pictures included a doormat, a house, a family with a cat chasing a dog, and more. This technique helps us to remember to engage the individual we are speaking to in order to find out more about their name, where they live, about their family, and more. She concluded by distributing Dale Carnegie’s Golden Book pamphlets to everyone in attendance. For those of you who were at the meeting, I encourage you to submit your feedback through the chapter survey. The results help us to un-derstand our member needs so that we can better serve you. It should only take a couple of minutes to complete. In addition, we are pleased to announce that we are implementing an automated CPE upload process in December. Therefore, once you have received the ISACA CPE Certificate email, be sure to check the ISACA International Web Site by logging into www.isaca.org, selecting “My Certifications”, then selecting “Manage My CPE”. The CPEs from the December Meeting will loaded under Unapplied CPE Hours. All you need to do is to apply them to your certification. These instruc-tions will be included in the email. The CPEs will continue to be avail-able in pdf form for those of you who require them for other certifica-tions. While we are on the topic of CPEs, I wanted to make everyone aware that our CPEs do not adhere to the NASBA / AICPA standards. If this would be of benefit to you, please send me an email. If we have enough members who are interested, we will pursue this further. Our next meeting is at the VisTaTech Center at SchoolCraft Col-lege. Because this is a joint meeting with the IIA, it will be held on Tuesday, December 8, so be sure to mark your calendars. I am look-ing forward to seeing everyone there!!! As always, if you have a suggestion or wish to volunteer, please do not hesitate to contact me or any other member of the Board. I can be reached during the monthly meetings or by sending me an email at [email protected]. I look forward to seeing you at the December meeting!
Linda Kearney, CISA, CIA, CIPP-US ISACA Detroit Chapter President
November Speaker Barbara McQuade with ISACA Program Chair, Malini Sarma
November Speaker Lizz Glenn with ISACA Program Chair, Malini Sarma
3
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
ADVERTISE IN THE DATABYTE NEWSLETTER
¼ Page $50.00 ½ Page $100.00 Full Page $200.00
Contact Geralyn Jarmoluk at [email protected]
or Mike Forrest at [email protected]
Before Dinner Topic Segregation of Duties (SoD) is a fundamental element of internal
control but there are gaps between the SoD models described in
theory, in the practitioner literature and auditing standards, and in
practice. A new SoD model will be presented that integrates these
and differentiates between primary SoD, which enables detection
of errors, and secondary SoD, which helps organizations maintain a
consistent, repeatable level of internal control. This may provide
an opportunity for organizations to enhance the quality and/or
reduce the cost of internal control in practice.
Before Dinner Speaker Kevin Kobelsky, Ph.D. is Associate Professor of Ac-counting at the University of Michigan-Dearborn Col-lege of Business. D r. Kobelsky holds a Bachelor of Com-merce from the University of Windsor, an M.B.A. from York University, and a Ph.D. from the University of Cali-fornia, Irvine, and previously held appointments at the University of Southern California and Baylor University.
He also has nine years of professional experience as a Chartered Accountant (Canada) and a Certified Information Systems Auditor working in the areas of public accounting, internal auditing and business process reengineering.
Dr. Kobelsky joined the faculty in 2011. He teaches graduate and
undergraduate courses in accounting information systems and
information systems auditing. He has served the Information Sys-
tems section of the American Accounting Association in several
roles including acting as the Annual Meeting Section Program
Chair. He has also served as Group Vice President of the Special
Interest Group for Accounting Information Systems in the Associa-
tion for Information Systems.
After Dinner Topic The Quest for Talent – A View from the Front Line During a re-cent IIA meeting, a panel of audit executives commented on the difficulties in finding and retaining internal audit and IT audit talent in the current market.
Our after dinner speakers, Dave Flynn and Kevin Suksi, deal with
these challenges every day. Their firm, Orion Solutions Group, pro-
vides recruiting, staffing and project services. A significant portion
of their business is focused in the audit and compliance realms.
Dave and Kevin will first provide a presentation on the state of the
market and what candidates are looking for in an opportunity.
This will be followed by a discussion panel consisting of several
professionals who recently took new audit/IT audit roles. The pan-
elists will discuss their experiences from learning about the roles
and what attracted them to consider a change.
After Dinner Speakers Dave Flynn is the President and a founding member of Orion Solutions Group. Dave brings more than 20 years of experience delivering client solutions across a variety of industries including automotive, bank-
Welcome New ISACA Detroit Chapter Members
Alvin Ferdinand Eric Haenke Oshan Weerasinghe Christine LaBelle
Ruiqing Liu Abdullah Obeid Robert Nemeth Brandon Pilcher Sneha Ramakrishna Kenneth Heskett Lauren White Ramanjot Singh Anand Lynette Patterson
ing, insurance, and government. In addition to managing con-sulting and staffing practices, Dave is a hands-on leader with a broad range of project experience across industries and functional areas.
Dave earned his BA in accounting and his MBA from Michigan State University. Dave has earned the CPA and CISA designations, and sits on the boards of Junior Achievement of Southeastern Michigan and the Detroit Chapter of the Institute of Internal Audi-tors. Kevin Suksi is the Vice President and a founding member of Ori-
on Solutions Group. Kevin and his team focus on identifying and recruiting professionals for clients across all our service lines. For more than a decade, Kevin has developed the ability to bring the right person to the table through relationship building, intelligent research, and relentless effort.
Kevin earned his BBA in Accounting from the University of Michi-
gan-Dearborn. Prior to his career as a recruiter, Kevin earned his
CPA license while working at a major regional CPA firm and also
worked in corporate accounting.
Communications Improvement Initiative - Update
Earlier this year we announced a Detroit Chapter initiative to as-sess our communications processes and implement changes to improve on the delivery of membership announcements and up-dates. The ad hoc committee formed to work on this initiative has progressed and we are ready to begin testing changes. To ensure effectiveness, the Communications Committee is asking for volun-teers to help in testing and providing input to the assessment/change process. If you are interested in joining the committee in this effort, please contact Brad Barton, our immediate past presi-dent. Brad can be reached by emailing: [email protected], or you can contact any of the Board mem-bers to learn more or express you interest in participating.
4
Attend up to 4 Chapter Meetings FREE In these difficult times, the ISACA Detroit Chapter Board wants to help. If you are unemployed, laid-off, or are not currently receiving a paycheck, we have some good news. It’s during times such as these that maintaining a network of peers and maintaining your level of training is so very important. We are, therefore, offering to allow you to attend up to four (4) meetings FREE. You must register for each meeting through the Membership Chairman by sending an e-mail stating that you are currently out of work and wish to attend the meeting. The e-mail must be received prior to the meeting registra-tion close for that meeting. Please send the e-mail to Mike Forrest at [email protected].
The Chapter must provide the number of reservations by 8:00 a.m. on the Monday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can pro-vide the best service possible, please make your reservations prior to noon on Wednesday December 3, 2015. If you have made a reservation and cannot attend, please contact Geralyn Jarmoluk at [email protected], or 248-762-7421 prior to the above noted deadline for refunds. Your cooperation is greatly appreciated. We are very sorry, but reservations not cancelled prior to the above noted deadline cannot be refunded as we are committed to the caterer for the meals ordered.
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
November Chapter Meeting Raffle Winners
John Karpach Kevin Warner Sally Dovitz Pamela Fisher Michele Dawson Dean Chandler David Ganem William Wayland Ashley Fecteau Matthew Locricchio
ISACA Detroit Chapter 2015 - 2016 Programs Schedule
Topic Speaker Company
Tues. Dec. 8 Joint Mtg. w/IIA Pre Dinner Segregation of Duties SoD Kevin Kobelsky PhD U of M Dearborn College of Business
Vista Tech After Dinner The Quest for Talent Dave Flynn & Kevin Suksi Orion Solutions Group
Wed. Jan.20 Pre Dinner Cyber Law Related Melissa Markey Hall, Render, Killian PLLC
Vista Tech After Dinner TBD TBD TBD
Wed. Feb. 17 Pre Dinner TBD TBD TBD
MSU After Dinner TBD TBD TBD
Wed. Mar. 16 Student's Night Pre Dinner TBD TBD TBD
MSU After Dinner TBD TBD TBD
Wed. Apr. 20 Pre Dinner TBD TBD TBD
Vista Tech After Dinner TBD TBD TBD
Wed. May 18 Pre Dinner TBD TBD TBD
MSU After Dinner TBD TBD TBD
The December 8, 2015 Meeting will be held at
VisTaTech Center on the Schoolcraft College Campus East side of Haggerty Road between 6 & 7 Mile Roads
18600 Haggerty Road Livonia, MI 48152 Phone: (734) 462-4610
The ISACA Detroit Chapter Certification Committee Wishes to
Congratulate the Following Newly Certified:
Nicholas Galloway, CISA Ryan McElhone, CISA Mark Jasinski, CISA Lee Cobb, CISA Peter Samoray, CISM Jenina Brown, CISM
The ISACA Detroit Chapter Certification Committee Wishes to Congratulate the Following who Passed the
September 2015 ISACA CISA Certification Exam:
Peter Samoray Jenina Brown
5
2015-2016 ISACA Detroit Chapter Committees
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Academic Relations
Sajay Rai (Chair)
Michele Dawson
Robert Okopny
Bhaskar Kakulavarapu
Manish Zaveri
Ryan Hodges
Certification Brenda Karl (Chair)
Michael Forrest
Michele Dawson
Charles Murray (Non-Board Member)
Facilities
Carrie Schrader (Chair)
Mike Forrest
Linda Kearney
Ryan Hodges
Internet
Ryan Hodges (Chair)
Brad Barton
Juman Doleh-Alomary (Social Media)
Bhaskar Kakulavarapu (Webmaster)
Membership Michael Forrest (Chair)
Brenda Karl
Doug Wahr
Nominating & Audit Sajay Rai (Chair)
Brad Barton
Program
Malini Sarma (Chair)
Doug Copley
Juman Doleh-Alomary
Greg Boehmer
Keith Cheresko
Spring Training Juman Doleh-Alomary (Chair)
Seminars
Manish Zaveri (Chair)
Carrie Schrader
Brad Barton
Doug Wahr
Bylaws, Policies and Pro-cedures
Keith Cheresko (Chair)
Michael Forrest
Doug Wahr
Sajay Rai
Linda Kearney
Melvin Taylor (Chair)
Social Committee Ryan Hodges
Malini Sarma
Ad Hoc Committees
Enhance Member Experience: Michael Forrest, Juman Doleh-Alomary, Malini Sarma
Increase Executive Participation: Linda Kearney
Leverage Social Media: Ryan Hodges, Juman Doleh-Alomary
Volunteers: Brad Barton, Sajay Rai, Melvin Taylor
Spending: Linda Kearney Chair, Sajay Rai, Greg Boehmer
Communications: Brad Barton
BCBSM is looking for highly qualified individuals to join the Blues team. Apply to mibluetalent.com
Some of the areas where BCBSM provides exciting careers are: Blue Cross Blue Shield of Michigan/Detroit/Michigan - Auditor III This position assists management with general supervision in mitigating corporate risk exposures by conducting corporate control assessments of, providing risk education and consulting services to BCBSM, its subsidiaries, vendors, supplier and con-tractors of the company. Candidate must be able to perform audits and reviews which include identifying risks and controls to mitigate risk, testing of controls, writing audit reports and conducting exit conference meetings. Financial audit experi-ence, knowledge of data analytic tools (i.e. ACL, SAS) and continuous auditing is preferred. B.A. required and advanced degree preferred. Five years related work experience required, which includes 3 (three) years of auditing experience. Blue Cross Blue Shield of Michigan/Detroit/Michigan - IT Auditor I This position assists management with general supervision in mitigating corporate risk exposures by conducting IT control audits and IT advisory services. Candidate must be able to per-form IT audits and reviews on information security, applica-tions, operating systems, networks, and IT governance con-trols. Knowledge of data analytic tools (i.e. ACL, SAS) and continuous auditing is preferred. Must have strong communi-cation skills. Two years of experience in IT Auditing or related IT experience required. Blue Cross Blue Shield of Michigan/Detroit/Michigan - IT Auditor II Project Risk and Advisory Services These positions assists management with general supervision in mitigating corporate risk exposures by conducting IT control and project implementation assessments. Candidates must be able to function as skilled project advisors able to identify, as-sess, and effectively communicate risks affecting large corpo-rate implementations and initiatives as well as provide recom-mendations for mitigation. Knowledge of traditional IT audit, project management, and IT governance related to large scale project system implementations is preferred. Must have strong communication skills. Three plus years of related work experi-ence preferred. Note – Certifications strongly preferred.
6
DATABYTE Geralyn Jarmoluk, Editor
P.O. Box 43 Romeo, MI 48065
DATABYTE
DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH
Spring Training Chapter News The Detroit Chapters of IIA and ISACA are proud to co-sponsor the 17th Annual Spring Training. Once again the Spring Training Committee has ob-tained some of the top trainers in auditing from around the country to provide their personal expertise to our members. As you all know, this is our 17th year for the training and it has gained out-of-state recognition. Do not miss your opportunity to get the training you need. A number of clas-ses sell out each year! Don't miss out on the opportunity to network with your peers, enhance your skills, and learn about new products and ser-vices in the marketplace. Please click the following link to view and/or print the Spring Conference brochure: IIA and ISACA Spring Training Brochure Register today at: IIA & ISACA Spring Training Registration The Spring Training Committee
December 8, 2015 Menu Chef’s Choice Fresh baked rolls, butter, relish tray and coffee included. Two alcoholic drinks limit (beer & wine only); no other liquor available.
TRACK
MON APRIL 4
TUES APRIL 5
WED APRIL 6
A Coaching for Enhanced
Performance (Don Levonius)
Driving Change Without Running Others Over
(Don Levonius)
Leading with Integrity and Authenticity
(Don Levonius)
B Enterprise Risk Management
(Paul Zikmund)
Lessons from Real Fraud Examinations: Case Studies
(Paul Zikmund)
Internal Audit’s Role in Fraud Risk Management (Paul Zikmund)
C Emotional Intelligence: The Heart of Leadership
(Dr. Keith Levick)
Managers to Leaders (Dr. Keith Levick)
Conflict Management (Dr. Keith Levick)
D Best Practices in Internal
Auditing (Dr. James Roth)
How to Evaluate the Risk and Control Culture (Dr. James Roth)
E Advanced Auditing for In-Charge Auditors
(Kathleen Crawford)
F Using Risk Assessment to Build Individual Audit Programs
(Greg Duckert)
G Internal Audit University (Dr. Hernan Murdock)
H Introduction to Incident Response
(Mary Siero)
I Virtualization Security & Audit
(John Tannahill) Cloud Management and Security
(John Tannahill)
J Is Your Data Really Se-
cure?...13 Ways to Avoid Cyber Data Leaks (Ken Cutler)
Cyber Audits of Identity and Access Control Management (Ken Cutler)
K Auditors Role in IT
Governance (Mitch Levine) Auditing Disaster Recovery & Business Continuity Planning
(Mitch Levine)
L Safeguarding Critical Assets
(Sajay Rai) Introduction to Information Security for IT Auditors
(Sajay Rai)