contact us  |  print  |  français  |  log in
my downloads
pay an invoice
my account
Accounting & assurance
Business & finance
CPA Canada Handbook
Information technology
Practice management
Risk & governance
Tax
Other
in all formats

Displaying 95 search result(s)

20 Questions Directors Should Ask About Information Technology Security
20 Questions Directors Should Ask About Information Technology Security
(aussi disponible en français)

Directors are expected to satisfy themselves that risks potentially jeopardizing the integrity of information, the availability of information and operational systems, the confidentiality of sensitive data, and compliance with regulatory bodies, are identified and reduced or eliminated. This booklet provides questions for Boards to ask senior management as well as the context needed to ask the questions and assess responses.

This product was originally issued by a CPA Canada legacy body.

 
20 Questions que les administrateurs devraient poser sur la sécurité informatique
20 Questions que les administrateurs devraient poser sur la sécurité informatique
(also available in English)

Il incombe aux administrateurs d’acquérir la conviction que les risques d’atteinte à l’intégrité des données, de non-disponibilité des systèmes d’information et d’exploitation, de non-respect de la confidentialité des données confidentielles et de non-observation des exigences des autorités de réglementation sont identifiés et atténués ou éliminés. Le présent document expose une série de questions que les conseils d’administration pourraient poser aux cadres supérieurs, ainsi que le contexte dans lequel il convient de les poser et d’évaluer les réponses.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
2011 Business and Industry Conference
2011 Business and Industry Conference
November 29-30, 2011, Toronto, ON

The successful senior financial officer in today’s Canadian corporation depends on a combination of technical expertise, soft skills, strategic finesse, and professional judgment. This two-day event offered a comprehensive blend of sessions that address the most relevant and current topics with insight on what’s coming next. Join your peers from other Canadian companies to discuss common challenges, explore parallel opportunities, and build your professional network.

This product was originally issued by a CPA Canada legacy body.

 
2011 Canadian Conference on IT Audit, Governance and Security Conference
2011 Canadian Conference on IT Audit, Governance and Security Conference
Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter.

The Canadian Conference on IT Audit, Governance and Security is a two-day conference featuring keynote addresses from top IT innovators, concurrent sessions in audit, governance, security, and other topics including IFRS impact on systems and IT solutions. This event delivered the practical training IT and financial professionals need to expand their knowledge while maintaining their competitive edge.

This product was originally issued by a CPA Canada legacy body.

 
2012 Canadian Conference on IT Audit, Governance and Security
2012 Canadian Conference on IT Audit, Governance and Security
March 26-27, 2012, Toronto, ON

This two-day conference featured keynote addresses and plenary sessions from top IT innovators combined with concurrent sessions on a variety of "hot topics", each of which encompassed different aspects of IT audit, governance, and security. This impressive, hand-picked program refocused the participants and their teams on the practical issues they need in order to expand their knowledge and enhance their competitive edge.

This product was originally issued by a CPA Canada legacy body.

 
2013 Canadian Conference on IT Audit, Governance and Security
2013 Canadian Conference on IT Audit, Governance and Security
This conference featured plenary combined with concurrent sessions from top IT industry and professional services leaders on a variety of "hot topics", each of which encompasses different aspects of IT audit, governance, and security. This impressive, jam-packed program refocused the participants and their teams on the practical issues they need in order to expand their knowledge and enhance their competitive edge.
 
2014 Canadian Conference on IT Audit, Governance and Security OR 2014 Fundamentals of IT Audit – A Three-Day Workshop
2014 Canadian Conference on IT Audit, Governance and Security
OR
2014 Fundamentals of IT Audit – A Three-Day Workshop
Archive Event
Note: As this event is now over, information is for reference purposes only.

March 26-28, 2014
Westin Harbour Castle Toronto Hotel, Toronto, ON
(en anglais seulement)

The conference and workshops are co-presented by the Chartered Professional Accountants of Canada (CPA Canada), the Institute of Internal Auditors (IIA) - Toronto Chapter and the Information Systems Audit and Control Association (ISACA) - Toronto Chapter.

2014 Canadian Conference on IT Audit, Governance and Security
March 26-27, 2014 (optional Post-Conference Workshop March 28)

This conference features plenary combined with concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance, and Security. This impressive, jam-packed program will refocus you and your team on the practical issues IT and senior financial professionals need in order to expand your knowledge and enhance your competitive edge.


OR

2014 Fundamentals of IT Audit – A Three-Day Workshop
March 26-28, 2014

This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.

 
2014 Commodity Tax Symposium
2014 Commodity Tax Symposium
(en anglais seulement) Archive Event
Note: As this event is now over, information is for reference purposes only.

September 29-30, 2014
(plus optional pre- and post- Symposium workshops)
The Westin Ottawa, Ottawa, ON

“The Symposium” is the annual gathering place for progressive professionals working or advising in commodity taxation. Containing a series of plenary sessions, concurrent presentations and keynote speakers addressing critical issues relating to HST, GST, PST, QST and Customs and Trade, the Symposium provides unprecedented networking opportunities in the marketplace.

Keynote Speaker                                  Special Luncheon Speaker

 
2014 National Conference on Income Taxes for SMPs
2014 National Conference on Income Taxes for SMPs
(en anglais seulement) Archive Event
Note: As this event is now over, information is for reference purposes only.

October 6-7, 2014
(Optional Workshop(s) October 8)
Metro Toronto Convention Centre, Toronto, ON

This Canadian income tax conference is dedicated to giving small and medium-sized practitioners the perfect balance of practical and technical insights into the year’s most vital tax strategies and legislative changes. Featuring a number of special extended-length as well as plenary and concurrent sessions, you’ll learn from some of Canada’s most notable tax experts, and have an opportunity to share thoughts and ideas with the faculty and your peers during our special networking reception.

 
2015 CPA Canada’s Not-for-Profit Financial Executive Forum
2015 CPA Canada’s Not-for-Profit Financial Executive Forum

NEW for 2015!

(en anglais seulement)

TBD 2015
Toronto, ON
2 day Conference including general and concurrent sessions

In today's not-for-profit environment, financial executives are regarded as mission critical. Success comes from being a strategic leader whose team adds value. This requires possessing a combination of technical expertise and well-honed personal and leadership skills. Attend this NEW and unique conference to get up-to-date technically and to gain practical insights into organizational and leadership development through a comprehensive blend of sessions that will address the tough challenges facing today's not-for-profit financial executive. The conference also provides a tremendous networking opportunity to share experiences with colleagues, peers and leading industry experts from across the industry.
 
Aligning IT with Organizational Goals
Aligning IT with Organizational Goals
Research indicates that over 80% of strategies fail – not because they are not great, but rather because they are not executed. This important session reveals best practices in translating organizational strategic intent into the aligned processes, projects, organizational design and accountabilities within the IT organization to ensure effective execution and the monitoring of those actions. This session draws upon case studies and best practices from over 3,000 scorecards from around the world, and both the private and public sectors. The concepts is supported by audience / panel discussion based on presented examples.

This product was originally issued by a CPA Canada legacy body.

 
Application des techniques de vérification informatisée, 2e édition
Application des techniques de vérification informatisée, 2e édition
(also available in English)

Cette monographie s’adresse aux vérificateurs internes et externes des petites et des grandes entreprises, de même qu’aux chefs des finances, aux chefs de l’information et aux autres dirigeants et membres du personnel susceptibles de tirer parti des techniques de vérification informatisée (TVI) afin d’être plus efficaces dans l’exécution des appréciations des risques, des attestations et des vérifications de conformité.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Application of Computer-Assisted Audit Techniques, second edition
Application of Computer-Assisted Audit Techniques, second edition
(aussi disponible en français)

Designed to assist internal and external auditors of both large and small enterprises, as well as to CFOs, CIOs and other executives and their staff who can benefit from the use of computer-assisted audit techniques (CAATs) in their work, to perform more effective and efficient risk assessment, certification, and compliance audits.

This product was originally issued by a CPA Canada legacy body.

 
Audit Tools – Commonly Used Software Tips to Help You Become a More Effective Analytical Auditor
Audit Tools – Commonly Used Software Tips to Help You Become a More Effective Analytical Auditor
Commonly available software products have a wealth of creative features and functionality available that can help auditors analyze data and trends, identify key areas of risk and controls, improve business efficiencies, verify process effectiveness and report results in an efficient and effective manner. This session reviews some of the neat tools available in commonly used software that can add to the "WOW" factor to your engagement and improve your audit engagement results.

This product was originally issued by a CPA Canada legacy body.

 
Auditing IT Disaster Recovery Planning
Auditing IT Disaster Recovery Planning
Disasters continue to make the headlines, but while more and more companies are creating disaster recovery plans, will they be effective? An estimated 80% of untested disaster recovery plans, even professionally developed plans, fail when implemented in a crisis. Understand the components of an effective disaster recovery plan; how to evaluate it against the Canadian standard – CSA Z1600-08; and how to successfully implement that evaluation.

This product was originally issued by a CPA Canada legacy body.

 
Auditing IT Governance
Auditing IT Governance
Organizations require a structured approach for managing strategic alignment, value delivery, risks, performance, and resources along with other challenges. Auditing IT governance provides an assessment of existing IT objectives, management controls and performance monitoring that are intended to keep IT on track and avoid unexpected outcomes. This session covers:
  • Corporate and IT Governance – understanding them and their focus areas
  • Auditing IT Governance – what, why and how
  • COBIT – an example of a tool used to perform these audits
  • Lessons learned

This product was originally issued by a CPA Canada legacy body.

 
Auditing IT Projects
Auditing IT Projects
This session will examine the value of auditing projects against best practice project management and system development lifecycle methodologies. In this presentation you will learn what it takes to plan and develop value-added and effective audit plans for IT projects throughout their lifecycle.

This product was originally issued by a CPA Canada legacy body.

 
Best Practices for Maximizing IT Value and Effectiveness
Best Practices for Maximizing IT Value and Effectiveness
The global economic environment is tough today and when the going gets tough only the tough get going. Building a value-add IT function is critical to the success of today's organizations. Having IT as a business enabler and strategic advantage requires an efficient and effective IT that maximizes its value by aligning its resources and activities to support strategic organizational goals and objectives. How can IT Governance help? This session explores: how Boards can successfully support IT's role and mandate as an enabler through effective governance; how IT projects and initiatives can contribute to successful corporate goals, objectives, and strategies; and how to measure and monitor IT's performance in terms of those measures that matter most to the Board.

This product was originally issued by a CPA Canada legacy body.

 
Board Oversight of Management's IT-Related Risk Appetite and Tolerance: A New Imperative
Board Oversight of Management's IT-Related Risk Appetite and Tolerance: A New Imperative
Deficient board oversight of risk was consistently identified as a contributing factor following the financial crises of 2008. Boards have new expectations and are now increasingly looking to internal auditors and outside advisors to help them describe how they discharge their responsibility for risk oversight, including IT issues. While these new responsibilities extends across all types of business objectives and risks, overseeing IT related risks, particularly those that impact the organization's top value creation and potential value erosion objectives, are particularly important.

This session overviews the evolution of board risk oversight responsibilities and sets out practical steps you can take now to help your or your client's board and organization manage IT risks and meet these new expectations.
 
Business Continuity and Pandemic Awareness in an Interconnected World
Business Continuity and Pandemic Awareness in an Interconnected World
Global crises appear to be happening more frequently. With our global market place and technological dependencies how do we ensure the impacts have limited interruptions to our local business? In this session you will be presented with practical actions that you can take to ensure the appropriateness of their business continuity programs regardless of their global footprint.

This product was originally issued by a CPA Canada legacy body.

 
Business-Managed Technology – How to Balance End-User Flexibility with Risk Management and Governance
Business-Managed Technology – How to Balance End-User Flexibility with Risk Management and Governance
In today's corporate IT environment, IT and business leaders need to strike a fine balance between meeting business needs and managing technology risks. Business leaders may not necessarily understand all the security risks that come along with the flexibility of end user solutions. IT leaders may not necessarily understand the business realities linked with limiting business units' flexibility to address current business needs. This session covers the risk and control considerations from both sides.
 
BYOD – How Do You Manage the Security Issues?
BYOD – How Do You Manage the Security Issues?
Given the proliferation of smart phone and tablet based technology, organizations will either "adopt" or "tolerate" policies for "Bring Your Own Device" (BYOD). This leaves the IT organization with less control over the devices and related supporting services. Organizations need to seek new secure methods to allow personal devices to connect to the corporate infrastructure. During this session we discuss: challenges and risks presented by allowing employee-owned devices in the enterprise; Mobile Device Management and what does this mean for my organization; strategies for addressing the risks associated with BYOD; and maintaining regulatory compliance.

This product was originally issued by a CPA Canada legacy body.

 
BYOD/BYOT - Balancing Benefits and Risks
BYOD/BYOT - Balancing Benefits and Risks
Over the past two decades, we have witnessed significant technology advances in mobile devices, from the personal data assistants (PDAs) of the late 1990s to the ubiquitous and multifunctional smartphones of today. These advances have extended the virtual boundaries of the enterprise, blurring the lines between home and office and coworker and competitor by providing constant access to email, enabling new mobile business applications and allowing the access to, and storing of, sensitive company data.

In this session, we will outline the risks related to today's most popular mobile device platforms and technologies, along with methods by which an organization may assess its exposure to these risks. Finally, we will outline means by which many of these risks may be mitigated through technical device controls, third-party software, and organizational policy. These components all contribute to an enterprise-grade mobility management program that will ultimately serve as a guide in the rapidly evolving mobile environment.
 
Challenges of Managing the Data Life Cycle
Challenges of Managing the Data Life Cycle
Pervasiveness of technology today has contributed to the exponential growth in volume of data. To the right eye, data is information and a competitive advantage. As data morphs itself into information and eventually into its retirement (Data Life Cycle), the value an enterprise derives is dependent on how well it manages both the Life Cycle itself and the related challenges. This session will provide insights into the Data Life Cycle, the challenges and strategies to manage them including: How to keep data relevant; can it be repurposed; how to manage privacy and consent surrounding its collection; and how to maintain security in its storage and retrieval.
 
Cloud Computing – Are You Up in the Cloud on Governance Issues?
Cloud Computing – Are You Up in the Cloud on Governance Issues?
Cloud computing offers the advantage of flexibility, scalability and the ability to quickly roll out new functionalities to support business units. However, it also increases governance risk issues related to security, privacy, availability, continuity, and public confidence. In this session, we will review governance practices to deal with management oversight concerns for data reliability, transaction integrity and data security.

This product was originally issued by a CPA Canada legacy body.

 
Cloud Computing – Understanding the Value, Risks and Related Audit Issues
Cloud Computing – Understanding the Value, Risks and Related Audit Issues
Cloud computing is an emerging IT service delivery model that enables convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned with minimal effort or service provider interaction. Leading Canadian information and communication technology service providers are developing and launching their Cloud products to capture a share of the Canadian Cloud market that is projected to reach $1 billion in 2012. This session discusses the business advantages of cloud computing, related risks and audit implications from a service provider's perspective.

This product was originally issued by a CPA Canada legacy body.

 
COBIT 5 – What's New?
COBIT 5 – What's New?
ISACA recently released its COBIT 5 framework with significant updates to its content and processes. Building on the previous versions, COBIT 5 integrates several other components like VAL IT and RISK IT. This session will provide a high level overview of the major changes in COBIT 5 compared to COBIT 4.1. Existing users will gain insights into planning their transition and non-users will receive an overview of this latest IT framework.
 
Continuous Auditing and Monitoring of IT – An Essential Part of an Auditor's Toolkit to Help Keep Pace with Ever-Changing IT Environments
Continuous Auditing and Monitoring of IT – An Essential Part of an Auditor's Toolkit to Help Keep Pace with Ever-Changing IT Environments
The pace of change in Information Technology continues to accelerate. With the global marketplace and technological dependencies, how do we ensure the audit approach and audit technologies are appropriate and keeping pace? In this session, participants will be presented with an understanding of Continuous Auditing and Monitoring of IT and the effectiveness of using automated tools.

This product was originally issued by a CPA Canada legacy body.

 
Continuous IT Auditing
Continuous IT Auditing
Continuous Audit is an effective and efficient way to extend audit coverage between traditional audits. Learn how Continuous IT Audit has evolved at RBC, its value to the business, regulators, external auditors and other stakeholders.

This product was originally issued by a CPA Canada legacy body.

 
Control Framework for Auditing Software Development Lifecycle – Focus on Security
Control Framework for Auditing Software Development Lifecycle – Focus on Security
Embedding security into the Software Development Lifecycle is crucial to mitigating threats against custom developed software. While the software security community has made advances in tools and processes, the governance community still lacks a comprehensive technical auditing framework to assess an SDLC against industry best practices. By leveraging community efforts in the Open Software Assurance Maturity Model, the speakers have successfully deployed an auditing framework to assess the security maturity of an SDLC. This session explores this auditing approach using real-life experiences.

This product was originally issued by a CPA Canada legacy body.

 
CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2)
CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2)
(aussi disponible en français)
CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2) is a practical resource for practitioners engaged to audit and report on the privacy and security of a service organization’s systems.

Take your guides with you on your eReader, laptop, smartphone or tablet. SOC Guides are available in convenient and searchable eBook format!

 
CPA Canada Guide, Service Organizations - Applying CSAE 3416, Reporting on Controls at a Service Organization (SOC 1)
CPA Canada Guide, Service Organizations - Applying CSAE 3416, Reporting on Controls at a Service Organization (SOC 1)
(aussi disponible en français)

A practical resource for practitioners engaged to audit and report on a service organization’s controls, The CPA Canada Guide, Service Organizations – Applying CSAE 3416, Reporting on Controls at a Service Organization (SOC 1), will assist practitioners performing engagements under the Canadian Standard on Assurance Engagements (CSAE 3416).

Take your guides with you on your eReader, laptop, smartphone or tablet. SOC Guides are available in convenient and searchable eBook format!

 
Critical Elements of Effective Data Governance
Critical Elements of Effective Data Governance
Data governance is very much in fashion as businesses focus on the need for agile data to quickly respond to the market and meet increasingly stringent regulatory requirements. This session examines the risks associated with data governance and discusses the controls and tools required to address those risks.

This product was originally issued by a CPA Canada legacy body.

 
Cyber Crime – What Is It Now? Where Is It Coming From? How Do We Respond
Cyber Crime – What Is It Now? Where Is It Coming From? How Do We Respond
People used to hack for money; now they hack to infiltrate someone's system – perhaps yours? They stay inside the system and steal from you on an on-going basis. Learn how to protect yourself and your company from these security breaches. Discussion during the session includes Malware, stuxnet, fraud, on-line viruses, and the process control tools you need to protect your systems.

This product was originally issued by a CPA Canada legacy body.

 
Data Governance and Integrity
Data Governance and Integrity
Data Governance is a hot topic at the executive table as organizations try to deal with the exponential growth of data and ever increasing regulatory and legal implications. Implementing a successful data governance program, however, can be significantly challenging. In this session you will be introduced to leading practice design and implementation of data governance organizational competencies. These are the building blocks to unlock the hidden value of data, mitigate data risks and break down the cultural and technical barriers that have been preventing success.

This product was originally issued by a CPA Canada legacy body.

 
Disaster Recovery Planning – The Times are Indeed Getting Complicated
Disaster Recovery Planning – The Times are Indeed Getting Complicated
Gulf oil spills, erupting volcanoes, floods in Australia, deep freeze in the UK… Are you ready for what comes next? This session addresses the ever-increasing importance of developing, implementing and maintaining up-to-date Disaster Recovery Plans to ensure IT systems and those members of the organization who are charged with maintaining IT systems are prepared for the unexpected.

This product was originally issued by a CPA Canada legacy body.

 
Does Cloud Computing Really Matter?
Does Cloud Computing Really Matter?
After enterprise resources planning systems in the late 90s and the advent of internet based commerce at the beginning of this decade, cloud computing is the new hype. The idea of cloud computing has exploded onto the technology world stage as more and more businesses openly embrace its benefits. Similar to ERPs, cloud computing’s impact extends well beyond the IT department. Many parties claim that “cloud computing” can help enterprises meet the increased requirements of lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency, dynamic provisioning and utility-like pay-as-you-go services. However, many IT professionals are citing the increased risks associated with trusting information assets in the cloud as something that must be clearly understood and managed by relevant stakeholders. This brief session, discusses the following with real life examples wherever feasible:
  • Introduction to cloud computing: Definition, Models, Benefits
  • Risks and Risk management: Risks, Risk management and compliance strategies
  • Assurance challenges
  • Implementation and governance
  • Simulation: Create a virtual data centre
  • Looking forward…

This product was originally issued by a CPA Canada legacy body.

 
Données interactives – Intégrer XBRL aux systèmes d’information comptable
Données interactives – Intégrer XBRL aux systèmes d’information comptable
(also available in English)

La publication Données interactives examine l’utilisation d’XBRL, analyse son utilité pour rationaliser et automatiser le processus d’information financière, décrit les étapes de sa mise en œuvre et traite des pièges courants à éviter.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
e-Discovery – Making It Work for You!
e-Discovery – Making It Work for You!
The sheer volume and volatility of electronic information and the protection of privacy and privileged information is much more difficult in today’s electronic world. This session explores the concept of electronic discovery in today’s business environment across Canada. We also discuss ways organizations can be better prepared to manage electronic information – from the day the information is created or received until its destruction, through its daily use and in extraordinary circumstances like litigation and investigation. Finally, we walk through some steps and key consideration points you should be aware of in the event you have to deal with an electronic discovery order.

This product was originally issued by a CPA Canada legacy body.

 
ERP Solutions – Independent Assessment
ERP Solutions – Independent Assessment
An ERP (Enterprise Resource Planning) system automates business processes across most, if not all, departments within an organization of any size or industry. Our definition of ERP encompasses accounting systems, which can automate business processes across departments within a smaller company. ERP also spans industries whether it be financial, distribution, manufacturing, public sector, construction, retail or professional services. This session positions ERP systems by size of company and industry, and will include ERP trends. We will also discuss key differentiators of the most widely used ERP systems.

This product was originally issued by a CPA Canada legacy body.

 
Getting Logical with Your Access Controls
Getting Logical with Your Access Controls
Rapid changes and continual enhancements to technology are making it more critical than ever to strenghten traditional access controls. This session focuses on the current state and future trends of logical access controls.

This product was originally issued by a CPA Canada legacy body.

 
Going Viral: Emerging Threats to Critical Human Infrastructure
Going Viral: Emerging Threats to Critical Human Infrastructure
Have you considered the potential impact on people and businesses if a pandemic such as SARS or H1N1 affects a critical number of your staff? Can your operation continue if key human resources or facilities are quarantined or become unavailable? This session explores emerging public health threats to an organization’s most vital resource – people, and includes strategies to prepare for and reduce the impact of such threats. Learn about the basics of emergency management, critical success factors of an emergency response plan, and key community resources and partnerships that organizations need to properly plan to prevent or respond to pandemic threats.

This product was originally issued by a CPA Canada legacy body.

 
Guide de CPA Canada Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2)
Guide de CPA Canada Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2)
(also available in English)

Le guide de CPA Canada intitulé Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2) se veut un outil pratique pour les professionnels en exercice qui se voient confier la mission de délivrer, après audit, un rapport sur les contrôles exercés par une société de services sur son système en ce qui a trait à la sécurité et à la protection des renseignements personnels.

Les guides CSS sont aussi disponibles en version électronique! Ce format pratique permettant la recherche plein texte peut être téléchargé sur votre liseuse électronique, votre portable, votre téléphone intelligent ou votre tablette.

 
Harvesting Good Intelligence from Big Data
Harvesting Good Intelligence from Big Data
A day does not go by where you are not reading about big data and the opportunities to exploit it. Today, businesses and users are flush with data. Learn what others are doing with "Big Data" to better understand their existing business, how to use it to better manage their business and make better business decisions, and what are the key challenges to users, systems and data governance.
 
How to Audit a Project and Add Value – An IFRS Case Study
How to Audit a Project and Add Value – An IFRS Case Study
The approach to auditing a project is vastly different from how operations are audited. Learn about the role of internal audit in a project, why internal audits participation is important, how projects benefit from internal audit's input, and when internal audit should be engaged during a project. The presentation incorporates an IFRS project currently in progress as a case study to illustrate a best practice for internal audit participation. As well, several scenarios is presented on "projects gone wrong" with follow-up discussion on prevention techniques.

This product was originally issued by a CPA Canada legacy body.

 
How to Better Engage the CFO in IT Activities — Aligning CFO and CIO Priorities
How to Better Engage the CFO in IT Activities — Aligning CFO and CIO Priorities
Enterprises today are facing unprecedented uncertainty requiring a new level of agility to adapt quickly to changes in the business environment. Although IT cost savings are still a key focus for the CFO, business agility requires a new focus, urgency and cooperation between the CFO and CIO for setting priorities and alignment of IT strategies to business strategies for achieving sustainable revenue growth, profitability and competitiveness.
 
How to Spot a Lemon Before You Buy It – The Importance of Due Diligence
How to Spot a Lemon Before You Buy It – The Importance of Due Diligence
IT due diligence can be just as important as financial due diligence to ensure a successful M&A transaction. A deal's success is usually measured by a company's ability to increase shareholders' value. Since technology is increasingly becoming a driver or enabler for company operations to generate services and products, it should not be overlooked when negotiating a purchase price, or when estimating the costs associated with generating synergistic values that are expected from the transaction. This session outlines how to perform effective IT due diligence to understand technology risks that impact operations, manage potential growth constraints, and help you drive maximum value from your investment.

This product was originally issued by a CPA Canada legacy body.

 
Identity Theft – Avoidance and Recovery
Identity Theft – Avoidance and Recovery
Identity theft is the fastest-growing non-violent crime in North America and one that can impact your personal life, finances and reputation. The protection against identity theft is a shared responsibility between individuals and companies who have responsibility over personal information. This session provides an overview of how best to protect your organization, your employees and your customers from the ever growing threat of identity theft.

This product was originally issued by a CPA Canada legacy body.

 
Implementing Green Computing into Your IS Strategy
Implementing Green Computing into Your IS Strategy
Around the world, organizations are faced with the need to cut back on their use of resources, reduce greenhouse gas emissions, and find ways to hedge against escalating and volatile energy prices. IT infrastructure and data centres are commonly recognized as some of the largest consumers of power around the world, and are a significant source of greenhouse gas emissions. Many IT organizations have already begun to develop initiatives to reduce their energy use, but have yet to develop a green IT strategy or to embed green thinking in their day-to-day activities. Companies can reduce their energy use and carbon emissions in a variety of ways, including server virtualization, load balancing and efficient data-centre floors. They can also achieve such reductions through green strategies beyond the hardware level – such as in software development and desktop maintenance programs.

This product was originally issued by a CPA Canada legacy body.

 
Information Technology Assurance Framework (ITAF™)
Information Technology Assurance Framework (ITAF™)
ITAF – ISACA's new Information Technology Assurance Framework provides IT audit and assurance professionals with a single portal through which the professional can access relevant standards, guidelines and related tools and techniques. This presentation provides an overview of ITAF, its taxonomy, the various components of ITAF and illustrates how ITAF can be used in addressing IT audit and assurance assignments. It compares ITAF with CobiT and illustrates how the two can be used to complement each other in the performance of IT audit and assurance work.

This product was originally issued by a CPA Canada legacy body.

 
Information Technology Control Guidelines, 3rd Edition
Information Technology Control Guidelines, 3rd Edition
(aussi disponible en français)

Information Technology Control Guidelines provides a practical means of identifying, understanding, assessing and implementing information technology controls in all types of enterprises.

This product was originally issued by a CPA Canada legacy body.

 
Informed Decision-making – Business Intelligence & Analytics
Informed Decision-making – Business Intelligence & Analytics
This session deals with the practical side of Business Intelligence and Analytics, the hardware, software, storage and infrastructure required for data warehousing and business analytics initiatives. The discussion addresses how to minimize the cost and time of deployment, and how to leverage these analytical tools to turn information into insight in order to make sound business decisions.

This product was originally issued by a CPA Canada legacy body.

 
Integrated Business Audit with IT Audit
Integrated Business Audit with IT Audit
In todays world, organizations are using an integrated audit approach for a more "holistic approach". While not new, this approach can be rewarding, yet time consuming, due to the complexity of the environment. Hear some of the challenges and benefits of integrated auditing at Toronto Hydro Corporation, including the use of tools such as ACL to generate anomalies/red flags for further investigation.

This product was originally issued by a CPA Canada legacy body.

 
Interactive Data - Building XBRL into Accounting Information Systems
Interactive Data - Building XBRL into Accounting Information Systems
(aussi disponible en français)
A comprehensive research study, Interactive Data - Building XBRL into Accounting Information Systems explores the implementation and business process implications of using Extensible Business Reporting Language (XBRL) at different levels in an organization's information structure.

This product was originally issued by a CPA Canada legacy body.

 
Into the Cloud, Out of the Fog
Into the Cloud, Out of the Fog
Turning over control of IT infrastructure and data (to a cloud provider) is an inherently uncomfortable situation for senior corporate managers – and it goes against the culture of many large corporate organizations. It's no surprise therefore that a research survey of North American and European businesses found that 50% of respondents cited their chief reason for not moving to cloud computing was security concerns. In a separate global study of IT risk, 77% of respondents said adopting cloud computing makes privacy more difficult. This cloud computing session explores key trends that have a significant impact on the role and importance of information security; key information security implications and potential business impact; and considerations for developing an information security framework.

This product was originally issued by a CPA Canada legacy body.

 
Is Your Board Dealing with IT Governance?
Is Your Board Dealing with IT Governance?
IT Governance can be defined as "The oversight responsibility for the strategic and tactical management of the planning, delivery and support, and monitoring and evaluation of the information technology environment." This session will help you deal with common governance issues found at the Board level including: limited awareness of IT issues, risks and undertakings; lack of alignment of IT initiatives with organization strategy; undefined or unclear responsibilities and/or accountabilities; and a lack of timely and effective reporting to the Board on identified IT issues.

This product was originally issued by a CPA Canada legacy body.

 
Is Your IT Audit Plan Risk Based?
Is Your IT Audit Plan Risk Based?
During these tough economic times, every department in an organization is forced to show that it is providing value to the organization, including IT internal audit departments. IT auditors are reviewing their audit scope to ensure that the key risks facing the organization are being addressed. Various methods and techniques are used to determine enterprise risks, and the IT scope is derived from those enterprise risks. This session explores how you ensure that your annual IT audit plan has good coverage and that it is risk-based.

This product was originally issued by a CPA Canada legacy body.

 
Is Your IT House in Order? Audit Implications of Your IFRS Implementation
Is Your IT House in Order? Audit Implications of Your IFRS Implementation
Most major business transformation projects have a significant IT component, the execution of which can often become the key bottleneck on the critical path to success. Moreover, without appropriate project structure, processes, tools and oversight, the IT activities can become a burdensome cost embarrassment. They can also ultimately constrain the project's ability to achieve its intended business case and objectives. Many IFRS initiatives fall into the category of being dependent on the execution of significant IT changes. A better approach to project design and the use of project audit can intercept the risks and challenges before they become major issues. This presentation introduces some of the lessons learned in structuring, planning and executing such projects as well as leading techniques and what to expect from well timed project audits.

This product was originally issued by a CPA Canada legacy body.

 
Keynote Address at the 2011 IT Audit, Governance and Security Conference
Keynote Address at the 2011 IT Audit, Governance and Security Conference
Keynote address by Duncan Stewart, Director, Deloitte Canada Research, Technology, Media & Telecommunications, Life Sciences and GreenTech, and Jordan Prokopy, Consultant, Deloitte Canada.

This product was originally issued by a CPA Canada legacy body.

 
Knowing Your Cyber Risks/Threats and Mitigating Them
Knowing Your Cyber Risks/Threats and Mitigating Them
Senior management and board of directors have a fiduciary responsibility to oversee all facets of risk, including cyber risk. Cyber risk, in addition to being an IT risk can impact the business' revenues, expenses, strategy, brand and reputation. At this session, you will learn how a leading Canadian information technology service provider takes an enterprise risk approach to obtain a comprehensive understanding of the related exposures, how the risks are communicated to key stakeholders and how they are mitigated.
 
La gestion du contrôle de l'informatique, 3e édition (GCI)
La gestion du contrôle de l'informatique, 3e édition (GCI)
(also available in English)

La troisième édition de Normes de contrôle interne dans un cadre informatique, dont on a largement salué les qualités, a non seulement changé de titre, mais elle reflète aussi l'évolution considérable des technologies de l'information au cours des douze dernières années, soit depuis la publication de la deuxième édition.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Les éléments probants électroniques
Les éléments probants électroniques
(also available in English)
Ce nouveau rapport de recherche pourra vous aider à régler les multiples questions que suscite l'utilisation des éléments probants électroniques en vue d'étayer le contenu du rapport de vérification.

Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.

 
Managing an IT Outsourcing Relationship – Governance Lessons Learned from the Trenches - Panel Discussion
Managing an IT Outsourcing Relationship – Governance Lessons Learned from the Trenches - Panel Discussion
Organizations have increasingly embraced outsourcing to reduce costs and be able to focus on core competencies. Establishing appropriate mechanisms for risk management, governance and obtaining assurance is crucial to ensuring success. This panel explores what makes an outsourcing relationship successful and how an organization can address outsourcing governance. You will benefit from the insights and real-life stories shared by the experienced panelists and take away implementable practical solutions.

This product was originally issued by a CPA Canada legacy body.

 
Managing Your IT Function – Better, Faster & More Economically
Managing Your IT Function – Better, Faster & More Economically
In today's challenging economic environment, the IT function plays a strategic role in any organization. An effectively managed IT function can increase business efficiency and drive the competitiveness of the company while helping manage costs. IT leaders understand and demonstrate the real value of the IT function by deploying strong IT governance, enhancing business alignment and third party partnerships, taking advantage of new technologies, and measuring and reporting on IT performance. Michael Cole, Executive Vice-President and Chief Information Officer of BCE, describes how he is able to drive his IT function better, faster, and more economically.

This product was originally issued by a CPA Canada legacy body.

 
Managing Your Online Presence – A Strategic Imperative!
Managing Your Online Presence – A Strategic Imperative!
Drawing on the Potash Corp. experience, this session investigates the importance of a company's online presence and how to build it. Speakers explore the essential links between corporate goals and objectives, communications, web strategy, and the use of social and other online media to engage stakeholders and manage risk, particularly reputation risk. They share their process for understanding and meeting stakeholder needs and applying best practice standards for proactive content development. Different approaches to corporate website development and management is discussed. Web security, disaster recovery, and business continuity issues is also covered.

This product was originally issued by a CPA Canada legacy body.

 
Meeting Continuous Disclosure Obligations – IT Opportunities and Risks
Meeting Continuous Disclosure Obligations – IT Opportunities and Risks
Meeting continuous disclosure obligations and other reporting requirements demand significant effort, and IT systems play a key role. The panel explores IT opportunities and risks and the importance of effective IT controls in meeting those obligations and supporting the CEO and CFO Certification process. Timeliness, accuracy, and reliability of the information that is collected and distributed are closely connected to IT effectiveness. Major categories of IT controls and strategies for compliance with acceptable control frameworks such as COBIT are covered. The identification, documentation, and testing of key controls are also discussed by the panel.

This product was originally issued by a CPA Canada legacy body.

 
Mobile Computing: The Future is Now!
Mobile Computing: The Future is Now!
Mobile devices have evolved over the last decade from specialized computing platforms, accessible to early adopters, into a pervasive computing platform that is capable of supporting converged hardware, video, social media, cloud and web services for enterprises and consumers. This session discusses the rapid evolution of the mobile platform, the information management and security challenges that it imposes and the innovative solutions and business models that are emerging to manage this risk.

This product was originally issued by a CPA Canada legacy body.

 
Next Gen Technology – Gadgets + The Cloud
Next Gen Technology – Gadgets + The Cloud
This session highlights technology gadgets, from tablets to smartphones, for today's CA in public practice. It will also demystify cloud computing and discuss new software worth knowing about. Learn how technology can help your practice in the 21st Century.

This product was originally issued by a CPA Canada legacy body.

 
Offshoring & Outsourcing – Ensuring the Benefits Outweigh the Costs
Offshoring & Outsourcing – Ensuring the Benefits Outweigh the Costs
All in the name of service – Offshoring and outsourcing are important for everyone. Managing Information Technology, or providing payroll, procurement, or financial services, outsourcers are tasked with protecting other people's data. Consideration should be given to managing the risks inherent with offshoring and outsourcing related to the Confidentiality, Integrity, Availability, Privacy, and Security of the data stored and transmitted off site. This session discusses the benefits of offshoring and outsourcing, and the potential costs of moving your processes to an outside company or country. Learn how to better manage your risks, how to audit your offshore controls, deal with legacy arrangements, and more.

This product was originally issued by a CPA Canada legacy body.

 
On Cloud Nine? Opportunities & Risks of Cloud Computing
On Cloud Nine? Opportunities & Risks of Cloud Computing
This session aims to provide a balanced perspective on "cloud" that explores the business case for cloud computing along with the governance, security, and assurance challenges that cloud brings to the enterprise.

This product was originally issued by a CPA Canada legacy body.

 
Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI Standards
Payment Security – How Organizations Can Achieve Compliance Through Security for the PCI Standards
Attendees at this session will hear how taking a true risk based approach to security will also attain PCI compliance, make it sustainable and achieve its real intent. It will also demonstrate how Internal Audit can play a pro-active role as a partner on PCI compliance and derive a return on their investment for their organization.
 
Planning Successful Offshore Audits
Planning Successful Offshore Audits
Increasingly, corporations are required to plan and execute portions of their audits offshore with their IT service providers in order to provide assurance on controls. This session will focus on the recipient of the audit illustrating how to ensure that the audit is an effective one. The session will also provide an overview of how to plan these types of audits from the auditors' perspective.

This product was originally issued by a CPA Canada legacy body.

 
Recent and Emerging Technologies plus Future Trends – What are the Risks?
Recent and Emerging Technologies plus Future Trends – What are the Risks?
The consumerization of technology is blurring the lines of traditional enterprise and consumer technology. Social Networking, Apps, Unified Communications, Mobile Payments, Presence Awareness are some of the IT offerings that are combining enterprise and personal profiles to offer targeted enterprise services to employees and clients. This session provides an overview of emerging technology trends, the benefits, expected evolution over 3-5 years and risk mitigation strategies to reduce the exposure for enterprises.

This product was originally issued by a CPA Canada legacy body.

 
Reviewing Offshore Vendor Security Against ISO Standards
Reviewing Offshore Vendor Security Against ISO Standards
Auditing a third party vendor site can be a difficult task, and assessing the security of overseas sites presents a number of challenges, as well as some interesting findings, not normally present during a typical audit. Having conducted ISO audits across Asia, Europe, and North America, the speakers share their experiences and explain how to conduct overseas site audits on time and on budget.

This product was originally issued by a CPA Canada legacy body.

 
Rise of the Cloud — Leveraging the Cloud for Value
Rise of the Cloud — Leveraging the Cloud for Value
Organizations are continuously under pressure to make more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity. However, many organizations are reluctant to trust cloud service providers with critical information.

The purpose of this session is to understand potential risks and controls for cloud based solutions. We will explore good practices from business requirements gathering to design, implementation, and security assessment of cloud based solutions. The participants will receive a copy of RiskView's Cloud Security & Risk Assessment toolkit.
 
Safe Spreadsheets and Good End-User Computing Practices
Safe Spreadsheets and Good End-User Computing Practices
Good end-user computing practices can help companies harness the power of low-cost and flexible tools while managing the risks of significant errors. The widespread corporate use of spreadsheets has increased recently with the blend of aging applications and pressing business requirements (eg, IFRS conversion). This session provides guidelines to effectively develop safe spreadsheets and end-user computing tools so that the risk of significant errors to companies’ operations and financial reporting is minimized.

This product was originally issued by a CPA Canada legacy body.

 
Selecting Your IT Solution – Build, Buy or Partner?
Selecting Your IT Solution – Build, Buy or Partner?
With the advent of SaaS and cloud computing solutions, the options available as IT solutions for businesses are vast. Which solution is best for your business depends on many factors, such as your timeframe for deployment, the type of business function supported, the amount of resourcing (financial, personnel and IT) that you have available, among many others. Should you buy? Should you build? Should you partner? This session explores the advantages and potential shortcomings of each of these options.

This product was originally issued by a CPA Canada legacy body.

 
Shadow-IT – Do You Really Know What's Going On?
Shadow-IT – Do You Really Know What's Going On?
"Shadow-IT" or "business managed technology" are recent terms that have replaced "End User Computing". These terms refer to the business directly buying, subscribing or developing applications or services, without the involvement of enterprise IT, causing potentially newer risk exposures. Though the issue is not new, the scope, extent, nature and level of risks have grown in recent years to be of concern to internal and external stakeholders including regulators. Organizations are therefore trying to size the issue, experiment different solution approaches and figuring out the roles of various functional groups. After a primer on the issue and the risks, this session aims to discuss best practices for establishing a sustaining a set of controls and governance practices in organizations of different sizes.
 
Strategies for Securing the Cloud
Strategies for Securing the Cloud
Service models including applications, platforms, and infrastructure are some of the areas where an organization can leverage the benefits of the cloud. However benefits come with their fair share of security risks. Network dependency; complexities of hybrid systems; reliability; and cross border legal implications increase the complexities in adapting to the cloud. Infrastructure, security framework and the type of cloud configuration can significantly influence security from a privacy, compliance and legal stand point. In addition, evolving risks, new threats, financial budget constraints and a lack of skilled and experienced personnel create significant challenges to mitigate these risks. Are you up to the challenge?

This session will explore current strategies and best practices on how to secure the "CLOUD"
 
Systems Selection and Implementation in a Time of Fiscal Constraint
Systems Selection and Implementation in a Time of Fiscal Constraint
Replacing software is a major undertaking for any organization. Yet less than one-third of projects are completed on time and on budget. Many projects are severely "challenged" or cancelled outright. The statistics suggest that organizations need to pay more attention to setting realistic expectations and to their approach for selecting and implementing software. This session will explore:
  • What is essential in difficult financial times, and what can wait
  • What to expect if youre looking at an enterprise-wide solution for the first time, including the new reality about system costs and implementation complexity
  • What's involved in a typical project – phases, timelines and costs
A list of the best practices to strive for and red flags to know when project risk is increasing will also be presented.

This product was originally issued by a CPA Canada legacy body.

 
Technology Trends and Vision
Technology Trends and Vision
What's next? That's a simple question to ask, but it's not so simple to answer. Companies are constantly looking around the corner to see what's coming, and what the future will hold for our businesses and our lives. In this session, we take a look toward the future of technology which is as important for business and government leaders as it is for IT. You will see that technology trends are not isolated and are intimately intertwined with business and societal trends. We specifically look at eight trends, their impact on organizations, the risks they present and business benefits that they drive.

This product was originally issued by a CPA Canada legacy body.

 
The Bleeding Edge – New Technology and Security Solutions
The Bleeding Edge – New Technology and Security Solutions
This session covers a survey of the promise, myth and reality of emerging classes of security technology as well as a model for applying these technologies to the real and emerging security issues facing the enterprise. We look at technologies meant to enable and defend the enterprise as those very borders expand to encompass new models of work, new sources of data and business processes that span multiple enterprise boundaries.

This product was originally issued by a CPA Canada legacy body.

 
The Evolving CA Website – Online Communication Strategies
The Evolving CA Website – Online Communication Strategies
In this session, you'll learn how to develop the right online communications strategy for your practice. How does one get more eyeballs on the evolving CA website? You'll learn how to select the right online tools to strengthen your relationships with clients and engage prospective clients to build your practice. Discover what social media offer you and best practices for using them.

This product was originally issued by a CPA Canada legacy body.

 
The Inside Job – Managing the Increasing Risk of Insider Fraud
The Inside Job – Managing the Increasing Risk of Insider Fraud
The risk of insider fraud is higher now than ever. Because of the recession, firms have experienced tougher economic conditions over the last couple of years and are increasingly more sensitive to financial loss and loss of credibility in the market. Learn which tools can help you detect and prevent insider fraud at your company or clients.

This product was originally issued by a CPA Canada legacy body.

 
The Potential Costs of Low Tech Hacking
The Potential Costs of Low Tech Hacking
In this session you will learn about how low tech hackers could exploit vulnerabilities at your organization and obtain sensitive information. Some techniques that are discussed include: social engineering; physical security weaknesses; surveillance; wireless and non user computer IP's. The presentation will provide you with information related to the risks and vulnerabilities of low tech hacking, and countermeasures you can take to protect yourself against them.

This product was originally issued by a CPA Canada legacy body.

 
Value for Money Audits
Value for Money Audits
This session aims to bring clarity to the subject of value for money audits and to help you understand a range of techniques for assessing the economy, efficiency and effectiveness of their business areas, functions, services and projects they serve.

This product was originally issued by a CPA Canada legacy body.

 
Value-For-Money for IT – Are You Operating Economically, Efficiently and Effectively?
Value-For-Money for IT – Are You Operating Economically, Efficiently and Effectively?
Value is about achieving the most by using appropriate, but not excessive, IT resources. This session defines the Value-For-Money proposition and demonstrates an approach that you can use for evaluating the value of your IT operations and projects.

This product was originally issued by a CPA Canada legacy body.

 
Value-for-Money Project Audits
Value-for-Money Project Audits
Auditing of IT projects is now a generally accepted engagement type in major internal audit departments. Many IT auditors, however, focus primarily on general controls and application controls when auditing an IT project and not on the value-for-money of project spending. This session looks at how auditors, most of whom have the necessary financial expertise, can broaden their scope by also examining the financial aspects of project management.

This product was originally issued by a CPA Canada legacy body.

 
Web Vulnerabilities
Web Vulnerabilities
This session covers the most current web vulnerabilities affecting corporate networks today. Leveraging the SANS Top 20, the session also focuses in on: the most current issues affecting business today, with a specific focus on the most common application, network, and web vulnerabilities observed in the wild today; how the two most common web attacks are exploited, SQL injection and cross-site scripting; why so many web applications are being created with vulnerabilities right out of the gate; methods to mitigate some common mistakes in web development; real-world issues facing business as a result of these vulnerabilities, plans of attack and preventative maintenance with a specific focus on whitelisting – one of the most effective and over-looked tools in our security arsenal today.

This product was originally issued by a CPA Canada legacy body.

 
What CFO's Should Know About Privacy
What CFO's Should Know About Privacy
Privacy is a business challenge and different from security. In this session you will learn about a "practitioner view" of privacy and why it can have a positive or negative impact on an organization regardless of the organization size or creed. The session also will cover a series of industry best practices that are widely available to help you further your knowledge of privacy and apply that knowledge to the specific needs of your organization. The session will conclude by discussing the enabling role of technology to manage privacy and why IT solutions for security do not necessarily work for privacy, and wraps up with two case studies.

This product was originally issued by a CPA Canada legacy body.

 
What Does it Take to be an Effective IT Auditor — in the Brave New World?
What Does it Take to be an Effective IT Auditor — in the Brave New World?
Practitioners need a combination of technical and people skills to forge a career in auditing technology. Organizations are investing substantial sums in their computer systems, databases, and supply chains to compete and leverage customer relationships. At the same time, they are beginning to recognize that IT auditors can assist them in understanding the constantly shifting risks of the information age.

IT auditors focus on the governance of IT systems and processes with audits ranging from business continuity to development processes, to information security. To be effective, IT auditors must acquire the right hard and soft skills.

Most IT auditors know about the hard skills required to meet professional requirements. In addition to addressing different sources of key knowledge (the hard skills) that IT auditors should be familiar with, this session will focus on the key attributes that successful IT auditors must have in their repertoire to be effective (the soft skills) - in the brave new world
 
When Failure is Not an Option: Public Sector Shared Services
When Failure is Not an Option: Public Sector Shared Services
IT services are 7/24 critical for any organization, but especially for shared service enterprises supporting patient care, education, policing and other vital public services. Failure is not an option: lives are at stake, and careers too. You will learn about the range of public sector shared services that have been established and gain practical insights into the unique IT interconnection, governance, audit and security issues these enterprises face.

This product was originally issued by a CPA Canada legacy body.

 
Why Should Auditors Care About Privacy Management Controls?
Why Should Auditors Care About Privacy Management Controls?
Learn about the value of Privacy Management Controls and how audit can play a key role in identifying privacy risks. Experience has shown that organizations, regardless of size and mandate, do need to manage privacy breach risks like any other business risks. In todays digital economy, organizations find that personal information about their customers, employees and partners are more susceptible to a wide range of privacy breaches with potentially significant business implications. This session explores these issues and how to identify privacy breach risks and implications.

This product was originally issued by a CPA Canada legacy body.

 
Writing for Action
Writing for Action
Today, IT auditors not only need to understand and assess complex IT systems, business processes, security, risk and compliance issues, to be successful they also need to be able to communicate and report their observations and recommendations in a clear, concise and direct manner to their targeted audience.

Unfortunately, good report writing doesn't just happen. It is a process that involves several steps - and lots of practice.

Whether you are experienced or a novice, writing reports to the Audit Committee, Senior Management, your supervisor, your peers, or preparing staff memos or emails, - this session will help you develop a systematic approach for writing effectively for Action!
 
You Can't Do It All! Segregation of Non-compatible IT Duties — What Every IT Auditor Should Know
You Can't Do It All! Segregation of Non-compatible IT Duties — What Every IT Auditor Should Know
Segregation of Duties (SoD) in IT plays a major role in reducing IT risk in the areas of fraud, undetected errors, sabotage, and programing inefficiencies. This session addresses some of the key roles and functions that need to be segregated including: - IT duties vs. user departments - database administration (DBA) vs. rest of IT functions - application development and maintenance vs. application operations - new application development vs. application maintenance - information security vs. IT functions - IT organizational structure for IT activities - auditing for SoD
 

View Terms and conditions | Privacy policy | Shipping and store policies | AODA

Help Desk: Mon-Fri, 9am-5pm ET | 1-866-256-6842 | Contact us

© 2001-2014, CPA Canada | EYEP. All rights reserved.