contact us  |  print  |  français  |  log in
my downloads
pay an invoice
my account
Accounting & assurance
Business & finance
CPA Canada Handbook
Information technology
Practice management
Risk & governance
Tax
Other
in all formats

Displaying 53 search result(s)

20 Questions Directors Should Ask About Information Technology Security
20 Questions Directors Should Ask About Information Technology Security
(aussi disponible en français)

Directors are expected to satisfy themselves that risks potentially jeopardizing the integrity of information, the availability of information and operational systems, the confidentiality of sensitive data, and compliance with regulatory bodies, are identified and reduced or eliminated. This booklet provides questions for Boards to ask senior management as well as the context needed to ask the questions and assess responses.

This product was originally issued by a CPA Canada legacy body.

 
20 Questions que les administrateurs devraient poser sur la sécurité informatique
20 Questions que les administrateurs devraient poser sur la sécurité informatique
(also available in English)

Il incombe aux administrateurs d’acquérir la conviction que les risques d’atteinte à l’intégrité des données, de non-disponibilité des systèmes d’information et d’exploitation, de non-respect de la confidentialité des données confidentielles et de non-observation des exigences des autorités de réglementation sont identifiés et atténués ou éliminés. Le présent document expose une série de questions que les conseils d’administration pourraient poser aux cadres supérieurs, ainsi que le contexte dans lequel il convient de les poser et d’évaluer les réponses.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
2015 Commodity Tax Symposium
2015 Commodity Tax Symposium
(en anglais seulement)

September 28-29, 2015
(plus optional pre- and post- Symposium workshops)
The Westin Ottawa, Ottawa, ON

Join Canada’s commodity tax community in celebrating 35 years of “The Symposium.” For three and a half decades, The Symposium has been the cornerstone of knowledge distribution and networking for progressive professionals working or advising in commodity taxation. Containing a series of plenary sessions, concurrent presentations and keynote speakers addressing critical issues relating to HST, GST, PST, QST and Customs and Trade, The Symposium will launch you to the next level of understanding, and relevance.

Try our NEW Virtual Conference option! Helping you cut travel costs, without diminishing your access to expertise.

 
Aligning IT with Organizational Goals
Aligning IT with Organizational Goals
Research indicates that over 80% of strategies fail – not because they are not great, but rather because they are not executed. This important session reveals best practices in translating organizational strategic intent into the aligned processes, projects, organizational design and accountabilities within the IT organization to ensure effective execution and the monitoring of those actions. This session draws upon case studies and best practices from over 3,000 scorecards from around the world, and both the private and public sectors. The concepts is supported by audience / panel discussion based on presented examples.

This product was originally issued by a CPA Canada legacy body.

 
Application des techniques de vérification informatisée, 2e édition
Application des techniques de vérification informatisée, 2e édition
(also available in English)

Cette monographie s’adresse aux vérificateurs internes et externes des petites et des grandes entreprises, de même qu’aux chefs des finances, aux chefs de l’information et aux autres dirigeants et membres du personnel susceptibles de tirer parti des techniques de vérification informatisée (TVI) afin d’être plus efficaces dans l’exécution des appréciations des risques, des attestations et des vérifications de conformité.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Application of Computer-Assisted Audit Techniques, second edition
Application of Computer-Assisted Audit Techniques, second edition
(aussi disponible en français)

Designed to assist internal and external auditors of both large and small enterprises, as well as to CFOs, CIOs and other executives and their staff who can benefit from the use of computer-assisted audit techniques (CAATs) in their work, to perform more effective and efficient risk assessment, certification, and compliance audits.

This product was originally issued by a CPA Canada legacy body.

 
Auditing IT Disaster Recovery Planning
Auditing IT Disaster Recovery Planning
Disasters continue to make the headlines, but while more and more companies are creating disaster recovery plans, will they be effective? An estimated 80% of untested disaster recovery plans, even professionally developed plans, fail when implemented in a crisis. Understand the components of an effective disaster recovery plan; how to evaluate it against the Canadian standard – CSA Z1600-08; and how to successfully implement that evaluation.

This product was originally issued by a CPA Canada legacy body.

 
Auditing IT Governance
Auditing IT Governance
Organizations require a structured approach for managing strategic alignment, value delivery, risks, performance, and resources along with other challenges. Auditing IT governance provides an assessment of existing IT objectives, management controls and performance monitoring that are intended to keep IT on track and avoid unexpected outcomes. This session covers:
  • Corporate and IT Governance – understanding them and their focus areas
  • Auditing IT Governance – what, why and how
  • COBIT – an example of a tool used to perform these audits
  • Lessons learned

This product was originally issued by a CPA Canada legacy body.

 
Auditing IT Projects
Auditing IT Projects
This session will examine the value of auditing projects against best practice project management and system development lifecycle methodologies. In this presentation you will learn what it takes to plan and develop value-added and effective audit plans for IT projects throughout their lifecycle.

This product was originally issued by a CPA Canada legacy body.

 
Big Data Part I: Introduction to Big Data and Predictive Analytics
Big Data Part I: Introduction to Big Data and Predictive Analytics
We have entered a new era. The coming together of computing power, cheap storage, pervasive internet, available bandwidth and HUGE amounts of new data have opened doors of opportunity for auditors. Opportunity to do what we have done for so long better and faster and more effectively. Opportunity to shift the focus of our profession from retrospective, historical and reactive to prospective, real time and predictive.

Discussed in this session:
- What exactly is Big Data and why is it so important?
- Is this paradigm shift any different from cloud, internet, mobile and all the other changes we have seen?
-Why is the adoption of Big Data not optional - for businesses, governments and auditors?
- What should we be doing today to prepare ourselves and our organizations for taking advantage of upcoming changes and advances?
 
Big Data Part III: Key Success Factors for Enterprise Data Migrations
Big Data Part III: Key Success Factors for Enterprise Data Migrations
Too often, system transformations fail or get off to a bad start due to poorly planned or badly executed data migrations. Lack of preparation or understanding of quality objectives are just some of the underlying issues around failed data migrations. In this session, obtain an understanding of the key principles and techniques essential to a successful, high quality data migration within a major system transformation.

Session includes: relationship to the enterprise data governance plan; source to target data mapping activities; transformation tools; data validation strategies and objectives - layered approach; integration of the advisor / auditor.
 
Board Oversight of Management's IT-Related Risk Appetite and Tolerance: A New Imperative
Board Oversight of Management's IT-Related Risk Appetite and Tolerance: A New Imperative
Deficient board oversight of risk was consistently identified as a contributing factor following the financial crises of 2008. Boards have new expectations and are now increasingly looking to internal auditors and outside advisors to help them describe how they discharge their responsibility for risk oversight, including IT issues. While these new responsibilities extends across all types of business objectives and risks, overseeing IT related risks, particularly those that impact the organization's top value creation and potential value erosion objectives, are particularly important.

This session overviews the evolution of board risk oversight responsibilities and sets out practical steps you can take now to help your or your client's board and organization manage IT risks and meet these new expectations.
 
BYOD/BYOT - Balancing Benefits and Risks
BYOD/BYOT - Balancing Benefits and Risks
Over the past two decades, we have witnessed significant technology advances in mobile devices, from the personal data assistants (PDAs) of the late 1990s to the ubiquitous and multifunctional smartphones of today. These advances have extended the virtual boundaries of the enterprise, blurring the lines between home and office and coworker and competitor by providing constant access to email, enabling new mobile business applications and allowing the access to, and storing of, sensitive company data.

In this session, we will outline the risks related to today's most popular mobile device platforms and technologies, along with methods by which an organization may assess its exposure to these risks. Finally, we will outline means by which many of these risks may be mitigated through technical device controls, third-party software, and organizational policy. These components all contribute to an enterprise-grade mobility management program that will ultimately serve as a guide in the rapidly evolving mobile environment.
 
Challenges of Managing the Data Life Cycle
Challenges of Managing the Data Life Cycle
Pervasiveness of technology today has contributed to the exponential growth in volume of data. To the right eye, data is information and a competitive advantage. As data morphs itself into information and eventually into its retirement (Data Life Cycle), the value an enterprise derives is dependent on how well it manages both the Life Cycle itself and the related challenges. This session will provide insights into the Data Life Cycle, the challenges and strategies to manage them including: How to keep data relevant; can it be repurposed; how to manage privacy and consent surrounding its collection; and how to maintain security in its storage and retrieval.
 
Cloud Computing – Understanding the Value, Risks and Related Audit Issues
Cloud Computing – Understanding the Value, Risks and Related Audit Issues
Cloud computing is an emerging IT service delivery model that enables convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned with minimal effort or service provider interaction. Leading Canadian information and communication technology service providers are developing and launching their Cloud products to capture a share of the Canadian Cloud market that is projected to reach $1 billion in 2012. This session discusses the business advantages of cloud computing, related risks and audit implications from a service provider's perspective.

This product was originally issued by a CPA Canada legacy body.

 
COBIT 5 – What's New?
COBIT 5 – What's New?
ISACA recently released its COBIT 5 framework with significant updates to its content and processes. Building on the previous versions, COBIT 5 integrates several other components like VAL IT and RISK IT. This session will provide a high level overview of the major changes in COBIT 5 compared to COBIT 4.1. Existing users will gain insights into planning their transition and non-users will receive an overview of this latest IT framework.
 
Conference on IT Audit, Governance and Security 2015 ORFundamentals of IT Audit – A Three-Day Workshop 2015
Conference on IT Audit, Governance and Security 2015
OR
Fundamentals of IT Audit – A Three-Day Workshop 2015
(en anglais seulement) Archive Event
Note: As this event is now over, information is for reference purposes only.

March 25-26, 2015
Hyatt Regency Toronto, Toronto, ON


The conference and workshops are offered in collaboration with Chartered Professional Accountants of Canada (CPA Canada), the Information Systems Audit and Control Association (ISACA) - Toronto Chapter, the Institute of Internal Auditors (IIA) - Toronto Chapter and the American Institute of Certified Public Accountants (AICPA)

2015 Conference on IT Audit, Governance and Security
March 25-26, 2015 (optional Post-Conference Workshop March 27)

This conference features plenary as well as concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance and Security. This impressive, jam-packed program will refocus you and your team on the practical information IT and senior financial professionals need in order to expand your knowledge and sharpen your competitive edge.

Opening Keynote Speaker                  Keynote Speaker


OR

2015 Fundamentals of IT Audit – A Three-Day Workshop
March 25-27, 2015

This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as learn many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.

 
CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2)
CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2)
(aussi disponible en français)
CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2) is a practical resource for practitioners engaged to audit and report on the privacy and security of a service organization’s systems.

Take your guides with you on your eReader, laptop, smartphone or tablet. SOC Guides are available in convenient and searchable eBook format!

 
CPA Canada Guide, Service Organizations - Applying CSAE 3416, Reporting on Controls at a Service Organization (SOC 1)
CPA Canada Guide, Service Organizations - Applying CSAE 3416, Reporting on Controls at a Service Organization (SOC 1)
(aussi disponible en français)

A practical resource for practitioners engaged to audit and report on a service organization’s controls, The CPA Canada Guide, Service Organizations – Applying CSAE 3416, Reporting on Controls at a Service Organization (SOC 1), will assist practitioners performing engagements under the Canadian Standard on Assurance Engagements (CSAE 3416).

Take your guides with you on your eReader, laptop, smartphone or tablet. SOC Guides are available in convenient and searchable eBook format!

 
CPA Canada’s Not-for-Profit Financial Executive Forum 2015
CPA Canada’s Not-for-Profit Financial Executive Forum 2015

NEW for 2015!

(en anglais seulement) Archive Event
Note: As this event is now over, information is for reference purposes only.

March 9-10, 2015
Radisson Admiral Hotel Toronto-Harbourfront, Toronto, ON
Two-day Conference including general and concurrent sessions

In today's not-for-profit environment, financial executives are regarded as mission-critical. Success comes from being a strategic leader whose team adds value. Successful leaders need to possess a combination of technical expertise and well-honed personal and leadership skills. Attend this NEW and unique conference to update your technical knowledge. Gain practical insights into organizational and leadership development through a blend of sessions that will address the tough challenges facing today's not-for-profit financial executive. The conference also provides a tremendous networking opportunity to share experiences with colleagues, peers and leading industry experts from across the industry.
 
Données interactives – Intégrer XBRL aux systèmes d’information comptable
Données interactives – Intégrer XBRL aux systèmes d’information comptable
(also available in English)

La publication Données interactives examine l’utilisation d’XBRL, analyse son utilité pour rationaliser et automatiser le processus d’information financière, décrit les étapes de sa mise en œuvre et traite des pièges courants à éviter.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Financial Institutions and Compliance Challenges
Financial Institutions and Compliance Challenges
Canadian financial institutions continue to face a complex regulatory environment that requires the ongoing assessment, monitoring, and mitigation of regulatory and operational risks. Moreover, the expectations on institutions is that appropriate technological solutions are deployed to address new regulations and issues. This session discusses the process and challenges of deploying the appropriate information technological solutions to support the compliance requirements such as Basel II, III, Dodd Frank and OSFI.
 
Guide de CPA Canada Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2)
Guide de CPA Canada Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2)
(also available in English)

Le guide de CPA Canada intitulé Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2) se veut un outil pratique pour les professionnels en exercice qui se voient confier la mission de délivrer, après audit, un rapport sur les contrôles exercés par une société de services sur son système en ce qui a trait à la sécurité et à la protection des renseignements personnels.

Les guides CSS sont aussi disponibles en version électronique! Ce format pratique permettant la recherche plein texte peut être téléchargé sur votre liseuse électronique, votre portable, votre téléphone intelligent ou votre tablette.

 
Harvesting Good Intelligence from Big Data
Harvesting Good Intelligence from Big Data
A day does not go by where you are not reading about big data and the opportunities to exploit it. Today, businesses and users are flush with data. Learn what others are doing with "Big Data" to better understand their existing business, how to use it to better manage their business and make better business decisions, and what are the key challenges to users, systems and data governance.
 
How to Better Engage the CFO in IT Activities — Aligning CFO and CIO Priorities
How to Better Engage the CFO in IT Activities — Aligning CFO and CIO Priorities
Enterprises today are facing unprecedented uncertainty requiring a new level of agility to adapt quickly to changes in the business environment. Although IT cost savings are still a key focus for the CFO, business agility requires a new focus, urgency and cooperation between the CFO and CIO for setting priorities and alignment of IT strategies to business strategies for achieving sustainable revenue growth, profitability and competitiveness.
 
Identity Theft – Avoidance and Recovery
Identity Theft – Avoidance and Recovery
Identity theft is the fastest-growing non-violent crime in North America and one that can impact your personal life, finances and reputation. The protection against identity theft is a shared responsibility between individuals and companies who have responsibility over personal information. This session provides an overview of how best to protect your organization, your employees and your customers from the ever growing threat of identity theft.

This product was originally issued by a CPA Canada legacy body.

 
Information Technology Control Guidelines, 3rd Edition
Information Technology Control Guidelines, 3rd Edition
(aussi disponible en français)

Information Technology Control Guidelines provides a practical means of identifying, understanding, assessing and implementing information technology controls in all types of enterprises.

This product was originally issued by a CPA Canada legacy body.

 
Interactive Data - Building XBRL into Accounting Information Systems
Interactive Data - Building XBRL into Accounting Information Systems
(aussi disponible en français)
A comprehensive research study, Interactive Data - Building XBRL into Accounting Information Systems explores the implementation and business process implications of using Extensible Business Reporting Language (XBRL) at different levels in an organization's information structure.

This product was originally issued by a CPA Canada legacy body.

 
Is Cloud Ready for Enterprise Deployment?
Is Cloud Ready for Enterprise Deployment?
Organizations are continuously under pressure to make more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity for agile and elastic computing with a lower capital cost. However, many organizations are reluctant to trust cloud service providers with critical information.

The purpose of this session is to understand potential opportunities of cloud computing while managing the enterprise risks. It explores good practices from business requirements gathering to design, implementation, and security of cloud based solutions.
 
James Bond in Your Midst - Battling Corporate Espionage
James Bond in Your Midst - Battling Corporate Espionage
Although the Cold War between countries no longer exists, a new battle ground is emerging in the global marketplace with the rise in industrial espionage due to a more competitive environment. With an increased pressure to gain competitive advantages and the advances in information technology, companies must setup protective measures to address risks such as emerging hacking techniques, electronic surveillance systems, and the rise of social engineering. Billions of dollars have been lost to foreign and domestic competitors targeting economic intelligence for technologies and corporate trade secrets. Is your company in a position to defend this risk? This session will focus on the various forms of corporate espionage and methods to protect your business.
 
Knowing Your Cyber Risks/Threats and Mitigating Them
Knowing Your Cyber Risks/Threats and Mitigating Them
Senior management and board of directors have a fiduciary responsibility to oversee all facets of risk, including cyber risk. Cyber risk, in addition to being an IT risk can impact the business' revenues, expenses, strategy, brand and reputation. At this session, you will learn how a leading Canadian information technology service provider takes an enterprise risk approach to obtain a comprehensive understanding of the related exposures, how the risks are communicated to key stakeholders and how they are mitigated.
 
La gestion du contrôle de l'informatique, 3e édition (GCI)
La gestion du contrôle de l'informatique, 3e édition (GCI)
(also available in English)

La troisième édition de Normes de contrôle interne dans un cadre informatique, dont on a largement salué les qualités, a non seulement changé de titre, mais elle reflète aussi l'évolution considérable des technologies de l'information au cours des douze dernières années, soit depuis la publication de la deuxième édition.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Les éléments probants électroniques
Les éléments probants électroniques
(also available in English)
Ce nouveau rapport de recherche pourra vous aider à régler les multiples questions que suscite l'utilisation des éléments probants électroniques en vue d'étayer le contenu du rapport de vérification.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Managing an IT Outsourcing Relationship – Governance Lessons Learned from the Trenches - Panel Discussion
Managing an IT Outsourcing Relationship – Governance Lessons Learned from the Trenches - Panel Discussion
Organizations have increasingly embraced outsourcing to reduce costs and be able to focus on core competencies. Establishing appropriate mechanisms for risk management, governance and obtaining assurance is crucial to ensuring success. This panel explores what makes an outsourcing relationship successful and how an organization can address outsourcing governance. You will benefit from the insights and real-life stories shared by the experienced panelists and take away implementable practical solutions.

This product was originally issued by a CPA Canada legacy body.

 
Managing Your Online Presence – A Strategic Imperative!
Managing Your Online Presence – A Strategic Imperative!
Drawing on the Potash Corp. experience, this session investigates the importance of a company's online presence and how to build it. Speakers explore the essential links between corporate goals and objectives, communications, web strategy, and the use of social and other online media to engage stakeholders and manage risk, particularly reputation risk. They share their process for understanding and meeting stakeholder needs and applying best practice standards for proactive content development. Different approaches to corporate website development and management is discussed. Web security, disaster recovery, and business continuity issues is also covered.

This product was originally issued by a CPA Canada legacy body.

 
Mobile Security and PCI
Mobile Security and PCI
Mobile payments have the potential for tremendous expansion and increased convenience that brings with it the promise of growth in the payment industry. Many organizations and technologies are currently vying to become leaders in this field. All of these will have to overcome concerns about security on their way to achieving end user confidence and acceptance. Ultimately any organization venturing into this area will need to be sure their solutions will work with compliance frameworks such as PCI. This presentation examines these challenges from the perspective of organizations wishing to exploit mobile payments in the current regulatory environment with a view to how this may change.
 
National Conference on Income Taxes for SMPs 2014
National Conference on Income Taxes for SMPs 2014
(en anglais seulement) Archive Event
Note: As this event is now over, information is for reference purposes only.

October 6-7, 2014
(Optional Workshop(s) October 8)
Metro Toronto Convention Centre, Toronto, ON

This Canadian income tax conference is dedicated to giving small and medium-sized practitioners the perfect balance of practical and technical insights into the year’s most vital tax strategies and legislative changes. Featuring a number of special extended-length as well as plenary and concurrent sessions, you’ll learn from some of Canada’s most notable tax experts, and have an opportunity to share thoughts and ideas with the faculty and your peers during our special networking reception.

 
Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI Standards
Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI Standards
Attendees at this session will hear how taking a true risk based approach to security will also attain PCI compliance, make it sustainable and achieve its real intent. It will also demonstrate how Internal Audit can play a pro-active role as a partner on PCI compliance and derive a return on their investment for their organization.
 
Planning Successful Offshore Audits
Planning Successful Offshore Audits
Increasingly, corporations are required to plan and execute portions of their audits offshore with their IT service providers in order to provide assurance on controls. This session will focus on the recipient of the audit illustrating how to ensure that the audit is an effective one. The session will also provide an overview of how to plan these types of audits from the auditors' perspective.

This product was originally issued by a CPA Canada legacy body.

 
Practical Implementation of the 2013 COSO Internal Control Framework
Practical Implementation of the 2013 COSO Internal Control Framework
The objective of this session is to provide a concise understanding of the requirements of the 2013 Updated COSO and how it differs from the existing 1992 COSO Internal Control Framework. The session will also demonstrate how to transition to the new COSO with the least amount of disruption to the business of the entity as well as its current Internal Control Program.
 
Rise of the Cloud — Leveraging the Cloud for Value
Rise of the Cloud — Leveraging the Cloud for Value
Organizations are continuously under pressure to make more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity. However, many organizations are reluctant to trust cloud service providers with critical information.

The purpose of this session is to understand potential risks and controls for cloud based solutions. We will explore good practices from business requirements gathering to design, implementation, and security assessment of cloud based solutions. The participants will receive a copy of RiskView's Cloud Security & Risk Assessment toolkit.
 
Safe Spreadsheets and Good End-User Computing Practices
Safe Spreadsheets and Good End-User Computing Practices
Good end-user computing practices can help companies harness the power of low-cost and flexible tools while managing the risks of significant errors. The widespread corporate use of spreadsheets has increased recently with the blend of aging applications and pressing business requirements (eg, IFRS conversion). This session provides guidelines to effectively develop safe spreadsheets and end-user computing tools so that the risk of significant errors to companies’ operations and financial reporting is minimized.

This product was originally issued by a CPA Canada legacy body.

 
Shadow-IT - The Sequel: IT Risk Transformation and Lines of Defense
Shadow-IT - The Sequel: IT Risk Transformation and Lines of Defense
As a sequel to last year's primer on the Shadow-IT issue and the risks, this session aims to broaden the discussion to other emerging drivers of IT related business risks and the impact of "IT risk transformation" that organizations are experiencing. Traditional IT risk management processes (risk identification, assessments and management) while still relevant in many respects, is proving to be inadequate in the face of unexpected risk exposures caused by organizations' extended boundaries and emerging IT risks (e.g. BYOD, social media, cloud computing, cyber security, shadow-IT). Organizations in the regulated industries experience regulatory pressures forcing this transformation. This session provides an overview of how organizations can address this challenge and plan for their risk transformation journey, the nature of changes required to the organization, roles and responsibilities, processes and tools. Discussed are concepts such as: three/six lines of defense, key risk indicators, risk appetite, risk tolerance and risk reporting.
 
Shadow-IT – Do You Really Know What's Going On?
Shadow-IT – Do You Really Know What's Going On?
"Shadow-IT" or "business managed technology" are recent terms that have replaced "End User Computing". These terms refer to the business directly buying, subscribing or developing applications or services, without the involvement of enterprise IT, causing potentially newer risk exposures. Though the issue is not new, the scope, extent, nature and level of risks have grown in recent years to be of concern to internal and external stakeholders including regulators. Organizations are therefore trying to size the issue, experiment different solution approaches and figuring out the roles of various functional groups. After a primer on the issue and the risks, this session aims to discuss best practices for establishing a sustaining a set of controls and governance practices in organizations of different sizes.
 
Social Media Risks and Governance
Social Media Risks and Governance
Social media is quickly becoming the new way people receive information and stay up to date with latest trends and events - such as; advertisements, endorsements, recommendations, gossip, and news. Whether it is through Twitter, Facebook, LinkedIn, on-line blogs, or many of the other emerging tools - all of these social media forums offer great potential for connecting with friends, peers, and customers. Many use these forums as a way to voice their opinions, rally support, or simply to make a statement.

One of the biggest impacts of the social media evolution is that instead of the conversations being between only a few individuals, the conversations are now broadcast to the masses at lightning speed. Effective methods of monitoring and responding to cyber chatter are necessary to protect organizations from reputational risk. This session explores social media risks, myths, and leading practices for risk mitigation. It provides some examples of social media mistakes, discuss questions organizations should be asking, and provide some examples of how social media can be used as a tool to support audit or investigation work.
 
Strategies for Securing the Cloud
Strategies for Securing the Cloud
Service models including applications, platforms, and infrastructure are some of the areas where an organization can leverage the benefits of the cloud. However benefits come with their fair share of security risks. Network dependency; complexities of hybrid systems; reliability; and cross border legal implications increase the complexities in adapting to the cloud. Infrastructure, security framework and the type of cloud configuration can significantly influence security from a privacy, compliance and legal stand point. In addition, evolving risks, new threats, financial budget constraints and a lack of skilled and experienced personnel create significant challenges to mitigate these risks. Are you up to the challenge?

This session will explore current strategies and best practices on how to secure the "CLOUD"
 
The Evolution of Protecting Your Network - Adapt or Else....
The Evolution of Protecting Your Network - Adapt or Else....
The traditional approach to protecting a network is no longer enough. Firewalls, anti-virus protection, intrusion detection systems and other security devices are critical cornerstones of network defence, but they alone are not enough. The cyber threat is real and agile. This presentation covers the basic building blocks of cyber security, the multitude of threats faced by the network every day, the shift to a risk-based approach to cyber security and the importance of building cyber situational awareness in order to be proactive rather than reactive. In addition, some of the processes and tools used to detect, prevent, and remediate the malware on the network are discussed.
 
The Insider Threat - Lessons from the Front Line
The Insider Threat - Lessons from the Front Line
This session covers the key elements in building "Security in Depth" to address the Insider Threat using real world scenarios ranging from data loss prevention to malicious actions from disgruntled internal, vendors and business partner employees. Provided are system security engineering pointers and identify industry tools that can be used to start addressing potential insider threats that your organization may be facing.
 
Three Unique Challenges for IT ERM
Three Unique Challenges for IT ERM
Many organizations are encountering challenges when implementing an ERM process for their IT department. There are unique complexities in designing an IT risk process since there are multiple layers of IT risk. How do you separate and manage IT strategic risk, implementation risk, and the risk presented to other areas of the organization that rely on IT's services? Who owns these risks and how do you determine how large the impact is across the enterprise for any given IT risk? This session will discuss these questions and provide you with a practical approach to identify, assess, and manage your IT risks within the ERM framework.
 
What CFO's Should Know About Privacy
What CFO's Should Know About Privacy
Privacy is a business challenge and different from security. In this session you will learn about a "practitioner view" of privacy and why it can have a positive or negative impact on an organization regardless of the organization size or creed. The session also will cover a series of industry best practices that are widely available to help you further your knowledge of privacy and apply that knowledge to the specific needs of your organization. The session will conclude by discussing the enabling role of technology to manage privacy and why IT solutions for security do not necessarily work for privacy, and wraps up with two case studies.

This product was originally issued by a CPA Canada legacy body.

 
What Does it Take to be an Effective IT Auditor — in the Brave New World?
What Does it Take to be an Effective IT Auditor — in the Brave New World?
Practitioners need a combination of technical and people skills to forge a career in auditing technology. Organizations are investing substantial sums in their computer systems, databases, and supply chains to compete and leverage customer relationships. At the same time, they are beginning to recognize that IT auditors can assist them in understanding the constantly shifting risks of the information age.

IT auditors focus on the governance of IT systems and processes with audits ranging from business continuity to development processes, to information security. To be effective, IT auditors must acquire the right hard and soft skills.

Most IT auditors know about the hard skills required to meet professional requirements. In addition to addressing different sources of key knowledge (the hard skills) that IT auditors should be familiar with, this session will focus on the key attributes that successful IT auditors must have in their repertoire to be effective (the soft skills) - in the brave new world
 
Writing for Action
Writing for Action
Today, IT auditors not only need to understand and assess complex IT systems, business processes, security, risk and compliance issues, to be successful they also need to be able to communicate and report their observations and recommendations in a clear, concise and direct manner to their targeted audience.

Unfortunately, good report writing doesn't just happen. It is a process that involves several steps - and lots of practice.

Whether you are experienced or a novice, writing reports to the Audit Committee, Senior Management, your supervisor, your peers, or preparing staff memos or emails, - this session will help you develop a systematic approach for writing effectively for Action!
 
You Can't Do It All! Segregation of Non-compatible IT Duties — What Every IT Auditor Should Know
You Can't Do It All! Segregation of Non-compatible IT Duties — What Every IT Auditor Should Know
Segregation of Duties (SoD) in IT plays a major role in reducing IT risk in the areas of fraud, undetected errors, sabotage, and programing inefficiencies. This session addresses some of the key roles and functions that need to be segregated including: - IT duties vs. user departments - database administration (DBA) vs. rest of IT functions - application development and maintenance vs. application operations - new application development vs. application maintenance - information security vs. IT functions - IT organizational structure for IT activities - auditing for SoD
 

View Terms and conditions | Privacy policy | Shipping and store policies | AODA

Help Desk: Mon-Fri, 9am-5pm ET | 1-866-256-6842 | Contact us

© 2001-2015, CPA Canada | EYEP. All rights reserved.