Information technology |
AUDIT & SECURITY |
 | | 20 Questions que les administrateurs devraient poser sur la sécurité informatique | | (also available in English) | Il incombe aux administrateurs d’acquérir la conviction que les risques d’atteinte à l’intégrité des données, de non-disponibilité des systèmes d’information et d’exploitation, de non-respect de la confidentialité des données confidentielles et de non-observation des exigences des autorités de réglementation sont identifiés et atténués ou éliminés. Le présent document expose une série de questions que les conseils d’administration pourraient poser aux cadres supérieurs, ainsi que le contexte dans lequel il convient de les poser et d’évaluer les réponses. |
|
| |
 | | 2005 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. This conference delivers the interactive and practical training IT professionals need to expand their knowledge while maintaining their competitive edge. The conference features sessions on state-of-the-art practices and management strategies presented by leading IT audit, governance and security experts. |
|
| |
 | | 2006 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) – Toronto Chapter and the Information Systems Audit and Control Association (ISACA) – Toronto Chapter. The ideal conference for IT Audit professionals including Auditors, Chief Information Officers, Chief IT Security Officers. Chief Financial Officers with responsibility for the IT function and others with an interest in IT Audit Governance and Security matters. |
|
| |
 | | 2008 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. This two-day conference featured keynote addresses from top IT innovators and concurrent sessions in three distinct learning tracks (IT Audit, IT Governance & IT Security). |
|
| |
 | | 2009 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. This two-day conference featured keynote addresses from top IT innovators, concurrent sessions in audit, governance, security, and other topics including IFRS impact on systems and IT solutions. This event delivered the practical training IT and financial professionals need to expand their knowledge while maintaining their competitive edge. |
|
| |
 | | 2010 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors ( IIA) – Toronto Chapter and the Information Systems Audit and Control Association (ISACA) – Toronto Chapter This two-day conference featured keynote addresses from top IT innovators, concurrent sessions in audit, governance, security, and other topics including IFRS impact on systems and IT solutions. This event delivered the practical training IT and financial professionals need to expand their knowledge while maintaining their competitive edge. |
|
| |
 | | 2011 Canadian Conference on IT Audit, Governance and Security Conference | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. The Canadian Conference on IT Audit, Governance and Security is a two-day conference featuring keynote addresses from top IT innovators, concurrent sessions in audit, governance, security, and other topics including IFRS impact on systems and IT solutions. This event delivered the practical training IT and financial professionals need to expand their knowledge while maintaining their competitive edge. |
|
| |
 | | 2012 Canadian Conference on IT Audit, Governance and Security | March 26-27, 2012, Toronto, ON
This two-day conference featured keynote addresses and plenary sessions from top IT innovators combined with concurrent sessions on a variety of "hot topics", each of which encompassed different aspects of IT audit, governance, and security. This impressive, hand-picked program refocused the participants and their teams on the practical issues they need in order to expand their knowledge and enhance their competitive edge. |
|
| |
 | 2013 Canadian Conference on IT Audit, Governance and Security
OR
2013 Fundamentals of IT Audit - A Three-Day Workshop | (en anglais seulement)
March 26-28, 2013
The Westin Harbour Castle, Toronto, ON
Canadian Conference on IT Audit, Governance and Security
March 26-27, 2013 (optional workshop March 28: Introduction to COBIT 5)
This conference features plenary combined with concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance, and Security. This impressive, jam-packed program will refocus you and your team on the practical issues IT and senior financial professionals need in order to expand your knowledge and enhance your competitive edge.
OR
Fundamentals of IT Audit - A Three-Day Workshop
March 26-28, 2013
This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.
The conference and workshops are co-presented by the Canadian Institute of Chartered Accountants (CICA), the Institute of Internal Auditors (IIA) - Toronto Chapter and the Information Systems Audit and Control Association (ISACA) - Toronto Chapter.
|
|
| |
 | | Aligning IT with Organizational Goals | | Research indicates that over 80% of strategies fail – not because they are not great, but rather because they are not executed. This important session reveals best practices in translating organizational strategic intent into the aligned processes, projects, organizational design and accountabilities within the IT organization to ensure effective execution and the monitoring of those actions.
This session draws upon case studies and best practices from over 3,000 scorecards from around the world, and both the private and public sectors. The concepts is supported by audience / panel discussion based on presented examples. |
|
| |
 | | Application des techniques de vérification informatisée, 2e édition | | (also available in English) | Cette monographie s’adresse aux vérificateurs internes et externes des petites et des grandes entreprises, de même qu’aux chefs des finances, aux chefs de l’information et aux autres dirigeants et membres du personnel susceptibles de tirer parti des techniques de vérification informatisée (TVI) afin d’être plus efficaces dans l’exécution des appréciations des risques, des attestations et des vérifications de conformité. |
|
| |
 | | Audit Tools – Commonly Used Software Tips to Help You Become a More Effective Analytical Auditor | | Commonly available software products have a wealth of creative features and functionality available that can help auditors analyze data and trends, identify key areas of risk and controls, improve business efficiencies, verify process effectiveness and report results in an efficient and effective manner. This session reviews some of the neat tools available in commonly used software that can add to the "WOW" factor to your engagement and improve your audit engagement results. |
|
| |
 | | Auditing End User Controls | | Controls over end user computing tools continue to be a topic of discussion as organizations realize the extent to which they are relying on these "non-IT managed" tools for financial and operational activities. Organizations continue to struggle with appropriately identifying end user computing tools requiring controls and implementing controls for them. This has posed a challenge to auditors, internal and external, in being able to effectively and efficiently audit end to end processes and specific high risk processes, which make use of end user computing tools. The session discusses best practices related to end user computing controls and how to overcome challenges faced in auditing end user controls. |
|
| |
 | | Auditing IT Governance | Organizations require a structured approach for managing strategic alignment, value delivery, risks, performance, and resources along with other challenges. Auditing IT governance provides an assessment of existing IT objectives, management controls and performance monitoring that are intended to keep IT on track and avoid unexpected outcomes. This session covers: - Corporate and IT Governance – understanding them and their focus areas
- Auditing IT Governance – what, why and how
- COBIT – an example of a tool used to perform these audits
- Lessons learned
|
|
| |
 | | Auditing IT Projects | | This session will examine the value of auditing projects against best practice project management and system development lifecycle methodologies. In this presentation you will learn what it takes to plan and develop value-added and effective audit plans for IT projects throughout their lifecycle. |
|
| |
 | | Auditing Wireless Networks – How Vulnerable Are You? | | Do you really want to wait for a breach of security to discover just how vulnerable your wireless network is? With the global explosion of wireless technology, it is even more crucial to protect the integrity of your organizations information from unauthorized access. But, how do you know what the right controls are? How can you be sure that you have controls that can provide assurance that your network is as secure as possible and still allow for the unobstructed flow of information? In this session you can explore developments in IT auditing that will allow you to answer these questions and address some of the major emerging risks in managing wireless networks. |
|
| |
 | | Best Practices for Maximizing IT Value and Effectiveness | | The global economic environment is tough today and when the going gets tough only the tough get going. Building a value-add IT function is critical to the success of today's organizations. Having IT as a business enabler and strategic advantage requires an efficient and effective IT that maximizes its value by aligning its resources and activities to support strategic organizational goals and objectives. How can IT Governance help?
This session explores: how Boards can successfully support IT's role and mandate as an enabler through effective governance; how IT projects and initiatives can contribute to successful corporate goals, objectives, and strategies; and how to measure and monitor IT's performance in terms of those measures that matter most to the Board. |
|
| |
 | | Business Continuity and Pandemic Awareness in an Interconnected World | | Global crises appear to be happening more frequently. With our global market place and technological dependencies how do we ensure the impacts have limited interruptions to our local business? In this session you will be presented with practical actions that you can take to ensure the appropriateness of their business continuity programs regardless of their global footprint. |
|
| |
 | | Business-Managed Technology – How to Balance End-User Flexibility with Risk Management and Governance | | In today's corporate IT environment, IT and business leaders need to strike a fine balance between meeting business needs and managing technology risks. Business leaders may not necessarily understand all the security risks that come along with the flexibility of end user solutions. IT leaders may not necessarily understand the business realities linked with limiting business units' flexibility to address current business needs. This session covers the risk and control considerations from both sides. |
|
| |
 | | BYOD – How Do You Manage the Security Issues? | | Given the proliferation of smart phone and tablet based technology, organizations will either "adopt" or "tolerate" policies for "Bring Your Own Device" (BYOD). This leaves the IT organization with less control over the devices and related supporting services. Organizations need to seek new secure methods to allow personal devices to connect to the corporate infrastructure.
During this session we discuss: challenges and risks presented by allowing employee-owned devices in the enterprise; Mobile Device Management and what does this mean for my organization; strategies for addressing the risks associated with BYOD; and maintaining regulatory compliance. |
|
| |
 | | Cloud Computing – Are You Up in the Cloud on Governance Issues? | | Cloud computing offers the advantage of flexibility, scalability and the ability to quickly roll out new functionalities to support business units. However, it also increases governance risk issues related to security, privacy, availability, continuity, and public confidence. In this session, we will review governance practices to deal with management oversight concerns for data reliability, transaction integrity and data security. |
|
| |
 | | Cloud Computing – Understanding the Value, Risks and Related Audit Issues | | Cloud computing is an emerging IT service delivery model that enables convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned with minimal effort or service provider interaction. Leading Canadian information and communication technology service providers are developing and launching their Cloud products to capture a share of the Canadian Cloud market that is projected to reach $1 billion in 2012. This session discusses the business advantages of cloud computing, related risks and audit implications from a service provider's perspective. |
|
| |
 | |
| |
 | | Continuous IT Auditing | | Continuous Audit is an effective and efficient way to extend audit coverage between traditional audits. Learn how Continuous IT Audit has evolved at RBC, its value to the business, regulators, external auditors and other stakeholders. |
|
| |
 | | Control Framework for Auditing Software Development Lifecycle – Focus on Security | | Embedding security into the Software Development Lifecycle is crucial to mitigating threats against custom developed software. While the software security community has made advances in tools and processes, the governance community still lacks a comprehensive technical auditing framework to assess an SDLC against industry best practices. By leveraging community efforts in the Open Software Assurance Maturity Model, the speakers have successfully deployed an auditing framework to assess the security maturity of an SDLC. This session explores this auditing approach using real-life experiences. |
|
| |
 | | Critical Elements of Effective Data Governance | | Data governance is very much in fashion as businesses focus on the need for agile data to quickly respond to the market and meet increasingly stringent regulatory requirements. This session examines the risks associated with data governance and discusses the controls and tools required to address those risks. |
|
| |
 | | Cyber Crime – What Is It Now? Where Is It Coming From? How Do We Respond | | People used to hack for money; now they hack to infiltrate someone's system – perhaps yours? They stay inside the system and steal from you on an on-going basis. Learn how to protect yourself and your company from these security breaches. Discussion during the session includes Malware, stuxnet, fraud, on-line viruses, and the process control tools you need to protect your systems. |
|
| |
 | | Data Governance and Integrity | | Data Governance is a hot topic at the executive table as organizations try to deal with the exponential growth of data and ever increasing regulatory and legal implications. Implementing a successful data governance program, however, can be significantly challenging. In this session you will be introduced to leading practice design and implementation of data governance organizational competencies. These are the building blocks to unlock the hidden value of data, mitigate data risks and break down the cultural and technical barriers that have been preventing success. |
|
| |
 | | Disaster Recovery Planning – The Times are Indeed Getting Complicated | | Gulf oil spills, erupting volcanoes, floods in Australia, deep freeze in the UK… Are you ready for what comes next? This session addresses the ever-increasing importance of developing, implementing and maintaining up-to-date Disaster Recovery Plans to ensure IT systems and those members of the organization who are charged with maintaining IT systems are prepared for the unexpected. |
|
| |
 | | e-Discovery – Making It Work for You! | | The sheer volume and volatility of electronic information and the protection of privacy and privileged information is much more difficult in today’s electronic world. This session explores the concept of electronic discovery in today’s business environment across Canada. We also discuss ways organizations can be better prepared to manage electronic information – from the day the information is created or received until its destruction, through its daily use and in extraordinary circumstances like litigation and investigation. Finally, we walk through some steps and key consideration points you should be aware of in the event you have to deal with an electronic discovery order. |
|
| |
 | | Getting Logical with Your Access Controls | | Rapid changes and continual enhancements to technology are making it more critical than ever to strenghten traditional access controls. This session focuses on the current state and future trends of logical access controls. |
|
| |
 | | Going Viral: Emerging Threats to Critical Human Infrastructure | | Have you considered the potential impact on people and businesses if a pandemic such as SARS or H1N1 affects a critical number of your staff? Can your operation continue if key human resources or facilities are quarantined or become unavailable? This session explores emerging public health threats to an organization’s most vital resource – people, and includes strategies to prepare for and reduce the impact of such threats. Learn about the basics of emergency management, critical success factors of an emergency response plan, and key community resources and partnerships that organizations need to properly plan to prevent or respond to pandemic threats. |
|
| |
 | | How to Audit a Project and Add Value – An IFRS Case Study | | The approach to auditing a project is vastly different from how operations are audited. Learn about the role of internal audit in a project, why internal audits participation is important, how projects benefit from internal audit's input, and when internal audit should be engaged during a project. The presentation incorporates an IFRS project currently in progress as a case study to illustrate a best practice for internal audit participation. As well, several scenarios is presented on "projects gone wrong" with follow-up discussion on prevention techniques. |
|
| |
 | | How to Spot a Lemon Before You Buy It – The Importance of Due Diligence | | IT due diligence can be just as important as financial due diligence to ensure a successful M&A transaction. A deal's success is usually measured by a company's ability to increase shareholders' value. Since technology is increasingly becoming a driver or enabler for company operations to generate services and products, it should not be overlooked when negotiating a purchase price, or when estimating the costs associated with generating synergistic values that are expected from the transaction.
This session outlines how to perform effective IT due diligence to understand technology risks that impact operations, manage potential growth constraints, and help you drive maximum value from your investment. |
|
| |
 | | Identity Theft – Avoidance and Recovery | | Identity theft is the fastest-growing non-violent crime in North America and one that can impact your personal life, finances and reputation. The protection against identity theft is a shared responsibility between individuals and companies who have responsibility over personal information. This session provides an overview of how best to protect your organization, your employees and your customers from the ever growing threat of identity theft. |
|
| |
 | | Information Technology Assurance Framework (ITAF™) | | ITAF – ISACA's new Information Technology Assurance Framework provides IT audit and assurance professionals with a single portal through which the professional can access relevant standards, guidelines and related tools and techniques.
This presentation provides an overview of ITAF, its taxonomy, the various components of ITAF and illustrates how ITAF can be used in addressing IT audit and assurance assignments. It compares ITAF with CobiT and illustrates how the two can be used to complement each other in the performance of IT audit and assurance work. |
|
| |
 | | Informed Decision-making – Business Intelligence & Analytics | | This session deals with the practical side of Business Intelligence and Analytics, the hardware, software, storage and infrastructure required for data warehousing and business analytics initiatives. The discussion addresses how to minimize the cost and time of deployment, and how to leverage these analytical tools to turn information into insight in order to make sound business decisions. |
|
| |
 | | Into the Cloud, Out of the Fog | | Turning over control of IT infrastructure and data (to a cloud provider) is an inherently uncomfortable situation for senior corporate managers – and it goes against the culture of many large corporate organizations. It's no surprise therefore that a research survey of North American and European businesses found that 50% of respondents cited their chief reason for not moving to cloud computing was security concerns. In a separate global study of IT risk, 77% of respondents said adopting cloud computing makes privacy more difficult.
This cloud computing session explores key trends that have a significant impact on the role and importance of information security; key information security implications and potential business impact; and considerations for developing an information security framework. |
|
| |
 | | IS Outsourcing Used to Be Easy – What Happened? | | As outsourcing models continue to evolve to meet changing business requirements, it is important that your audits continue to focus on the key elements of IS auditing. Learn how to conduct effective IS outsourcing audit reviews. |
|
| |
 | | Is Your Board Dealing with IT Governance? | | IT Governance can be defined as "The oversight responsibility for the strategic and tactical management of the planning, delivery and support, and monitoring and evaluation of the information technology environment."
This session will help you deal with common governance issues found at the Board level including: limited awareness of IT issues, risks and undertakings; lack of alignment of IT initiatives with organization strategy; undefined or unclear responsibilities and/or accountabilities; and a lack of timely and effective reporting to the Board on identified IT issues. |
|
| |
 | | Is Your IT Audit Plan Risk Based? | | During these tough economic times, every department in an organization is forced to show that it is providing value to the organization, including IT internal audit departments. IT auditors are reviewing their audit scope to ensure that the key risks facing the organization are being addressed. Various methods and techniques are used to determine enterprise risks, and the IT scope is derived from those enterprise risks. This session explores how you ensure that your annual IT audit plan has good coverage and that it is risk-based. |
|
| |
 | | Is Your IT House in Order? Audit Implications of Your IFRS Implementation | | Most major business transformation projects have a significant IT component, the execution of which can often become the key bottleneck on the critical path to success. Moreover, without appropriate project structure, processes, tools and oversight, the IT activities can become a burdensome cost embarrassment. They can also ultimately constrain the project's ability to achieve its intended business case and objectives.
Many IFRS initiatives fall into the category of being dependent on the execution of significant IT changes. A better approach to project design and the use of project audit can intercept the risks and challenges before they become major issues. This presentation introduces some of the lessons learned in structuring, planning and executing such projects as well as leading techniques and what to expect from well timed project audits. |
|
| |
 | |
| |
 | |
| |
 | |
| |
 | | Managing an IT Outsourcing Relationship – Governance Lessons Learned from the Trenches - Panel Discussion | | Organizations have increasingly embraced outsourcing to reduce costs and be able to focus on core competencies. Establishing appropriate mechanisms for risk management, governance and obtaining assurance is crucial to ensuring success. This panel explores what makes an outsourcing relationship successful and how an organization can address outsourcing governance. You will benefit from the insights and real-life stories shared by the experienced panelists and take away implementable practical solutions. |
|
| |
 | | Managing Your IT Function – Better, Faster & More Economically | | In today's challenging economic environment, the IT function plays a strategic role in any organization. An effectively managed IT function can increase business efficiency and drive the competitiveness of the company while helping manage costs.
IT leaders understand and demonstrate the real value of the IT function by deploying strong IT governance, enhancing business alignment and third party partnerships, taking advantage of new technologies, and measuring and reporting on IT performance.
Michael Cole, Executive Vice-President and Chief Information Officer of BCE, describes how he is able to drive his IT function better, faster, and more economically. |
|
| |
 | | Managing Your Online Presence – A Strategic Imperative! | | Drawing on the Potash Corp. experience, this session investigates the importance of a company's online presence and how to build it. Speakers explore the essential links between corporate goals and objectives, communications, web strategy, and the use of social and other online media to engage stakeholders and manage risk, particularly reputation risk. They share their process for understanding and meeting stakeholder needs and applying best practice standards for proactive content development.
Different approaches to corporate website development and management is discussed. Web security, disaster recovery, and business continuity issues is also covered. |
|
| |
 | | Meeting Continuous Disclosure Obligations – IT Opportunities and Risks | | Meeting continuous disclosure obligations and other reporting requirements demand significant effort, and IT systems play a key role. The panel explores IT opportunities and risks and the importance of effective IT controls in meeting those obligations and supporting the CEO and CFO Certification process. Timeliness, accuracy, and reliability of the information that is collected and distributed are closely connected to IT effectiveness. Major categories of IT controls and strategies for compliance with acceptable control frameworks such as COBIT are covered. The identification, documentation, and testing of key controls are also discussed by the panel. |
|
| |
 | | Mobile Computing: The Future is Now! | | Mobile devices have evolved over the last decade from specialized computing platforms, accessible to early adopters, into a pervasive computing platform that is capable of supporting converged hardware, video, social media, cloud and web services for enterprises and consumers. This session discusses the rapid evolution of the mobile platform, the information management and security challenges that it imposes and the innovative solutions and business models that are emerging to manage this risk. |
|
| |
 | | Offshoring & Outsourcing – Ensuring the Benefits Outweigh the Costs | | All in the name of service – Offshoring and outsourcing are important for everyone.
Managing Information Technology, or providing payroll, procurement, or financial services, outsourcers are tasked with protecting other people's data. Consideration should be given to managing the risks inherent with offshoring and outsourcing related to the Confidentiality, Integrity, Availability, Privacy, and Security of the data stored and transmitted off site.
This session discusses the benefits of offshoring and outsourcing, and the potential costs of moving your processes to an outside company or country. Learn how to better manage your risks, how to audit your offshore controls, deal with legacy arrangements, and more. |
|
| |
 | |
| |
 | | Planning Successful Offshore Audits | | Increasingly, corporations are required to plan and execute portions of their audits offshore with their IT service providers in order to provide assurance on controls. This session will focus on the recipient of the audit illustrating how to ensure that the audit is an effective one. The session will also provide an overview of how to plan these types of audits from the auditors' perspective. |
|
| |
 | | Recent and Emerging Technologies plus Future Trends – What are the Risks? | | The consumerization of technology is blurring the lines of traditional enterprise and consumer technology. Social Networking, Apps, Unified Communications, Mobile Payments, Presence Awareness are some of the IT offerings that are combining enterprise and personal profiles to offer targeted enterprise services to employees and clients. This session provides an overview of emerging technology trends, the benefits, expected evolution over 3-5 years and risk mitigation strategies to reduce the exposure for enterprises. |
|
| |
 | | Safe Spreadsheets and Good End-User Computing Practices | | Good end-user computing practices can help companies harness the power of low-cost and flexible tools while managing the risks of significant errors. The widespread corporate use of spreadsheets has increased recently with the blend of aging applications and pressing business requirements (eg, IFRS conversion). This session provides guidelines to effectively develop safe spreadsheets and end-user computing tools so that the risk of significant errors to companies’ operations and financial reporting is minimized. |
|
| |
 | | Selecting Your IT Solution – Build, Buy or Partner? | | With the advent of SaaS and cloud computing solutions, the options available as IT solutions for businesses are vast. Which solution is best for your business depends on many factors, such as your timeframe for deployment, the type of business function supported, the amount of resourcing (financial, personnel and IT) that you have available, among many others. Should you buy? Should you build? Should you partner? This session explores the advantages and potential shortcomings of each of these options. |
|
| |
 | | SOX 404 – Transformation from Prescriptive to Principle & Risk Based Approach | | With the evolution of SOX 404 legislation there has been a definitive migration from a prescribed approach for management certification to one based on key principles and risks unique to your organization. Increased emphasis on managements judgment has provided an opportunity to focus attention on what matters most while still adhering to 404 legislation. Proper understanding and discernment, valid and living risk assessments and the implementation of sustainable processes/ approaches for living with 404 are predominant factors for success. This session considers these concepts in further depth while exploring current trends and possible future directions. |
|
| |
 | | Technology Trends and Vision | | What's next? That's a simple question to ask, but it's not so simple to answer. Companies are constantly looking around the corner to see what's coming, and what the future will hold for our businesses and our lives. In this session, we take a look toward the future of technology which is as important for business and government leaders as it is for IT. You will see that technology trends are not isolated and are intimately intertwined with business and societal trends. We specifically look at eight trends, their impact on organizations, the risks they present and business benefits that they drive. |
|
| |
 | | The Bleeding Edge – New Technology and Security Solutions | | This session covers a survey of the promise, myth and reality of emerging classes of security technology as well as a model for applying these technologies to the real and emerging security issues facing the enterprise. We look at technologies meant to enable and defend the enterprise as those very borders expand to encompass new models of work, new sources of data and business processes that span multiple enterprise boundaries. |
|
| |
 | | The Inside Job – Managing the Increasing Risk of Insider Fraud | | The risk of insider fraud is higher now than ever. Because of the recession, firms have experienced tougher economic conditions over the last couple of years and are increasingly more sensitive to financial loss and loss of credibility in the market. Learn which tools can help you detect and prevent insider fraud at your company or clients. |
|
| |
 | | The Potential Costs of Low Tech Hacking | | In this session you will learn about how low tech hackers could exploit vulnerabilities at your organization and obtain sensitive information. Some techniques that are discussed include: social engineering; physical security weaknesses; surveillance; wireless and non user computer IP's. The presentation will provide you with information related to the risks and vulnerabilities of low tech hacking, and countermeasures you can take to protect yourself against them. |
|
| |
 | | Value for Money Audits | | This session aims to bring clarity to the subject of value for money audits and to help you understand a range of techniques for assessing the economy, efficiency and effectiveness of their business areas, functions, services and projects they serve. |
|
| |
 | |
| |
 | | Value-for-Money Project Audits | | Auditing of IT projects is now a generally accepted engagement type in major internal audit departments. Many IT auditors, however, focus primarily on general controls and application controls when auditing an IT project and not on the value-for-money of project spending. This session looks at how auditors, most of whom have the necessary financial expertise, can broaden their scope by also examining the financial aspects of project management. |
|
| |
 | | Web Vulnerabilities | | This session covers the most current web vulnerabilities affecting corporate networks today. Leveraging the SANS Top 20, the session also focuses in on: the most current issues affecting business today, with a specific focus on the most common application, network, and web vulnerabilities observed in the wild today; how the two most common web attacks are exploited, SQL injection and cross-site scripting; why so many web applications are being created with vulnerabilities right out of the gate; methods to mitigate some common mistakes in web development; real-world issues facing business as a result of these vulnerabilities, plans of attack and preventative maintenance with a specific focus on whitelisting – one of the most effective and over-looked tools in our security arsenal today. |
|
| |
 | | When Failure is Not an Option: Public Sector Shared Services | | IT services are 7/24 critical for any organization, but especially for shared service enterprises supporting patient care, education, policing and other vital public services. Failure is not an option: lives are at stake, and careers too. You will learn about the range of public sector shared services that have been established and gain practical insights into the unique IT interconnection, governance, audit and security issues these enterprises face. |
|
| |
 | | Why Should Auditors Care About Privacy Management Controls? | | Learn about the value of Privacy Management Controls and how audit can play a key role in identifying privacy risks. Experience has shown that organizations, regardless of size and mandate, do need to manage privacy breach risks like any other business risks. In todays digital economy, organizations find that personal information about their customers, employees and partners are more susceptible to a wide range of privacy breaches with potentially significant business implications. This session explores these issues and how to identify privacy breach risks and implications. |
|
| |
MANAGEMENT |
 | |
| |
| 2013 Canadian Conference on IT Audit, Governance and Security
OR
2013 Fundamentals of IT Audit - A Three-Day Workshop | (en anglais seulement)
March 26-28, 2013
The Westin Harbour Castle, Toronto, ON
Canadian Conference on IT Audit, Governance and Security
March 26-27, 2013 (optional workshop March 28: Introduction to COBIT 5)
This conference features plenary combined with concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance, and Security. This impressive, jam-packed program will refocus you and your team on the practical issues IT and senior financial professionals need in order to expand your knowledge and enhance your competitive edge.
OR
Fundamentals of IT Audit - A Three-Day Workshop
March 26-28, 2013
This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.
The conference and workshops are co-presented by the Canadian Institute of Chartered Accountants (CICA), the Institute of Internal Auditors (IIA) - Toronto Chapter and the Information Systems Audit and Control Association (ISACA) - Toronto Chapter.
|
|
| |
 | |
| |
 | |
| |
 | | The Evolving CA Website – Online Communication Strategies | | In this session, you'll learn how to develop the right online communications strategy for your practice. How does one get more eyeballs on the evolving CA website? You'll learn how to select the right online tools to strengthen your relationships with clients and engage prospective clients to build your practice. Discover what social media offer you and best practices for using them. |
|
| |
RISK & CONTROL |
 | | 20 Questions Directors Should Ask About Information Technology Security | | (aussi disponible en français) | Directors are expected to satisfy themselves that risks potentially jeopardizing the integrity of information, the availability of information and operational systems, the confidentiality of sensitive data, and compliance with regulatory bodies, are identified and reduced or eliminated. This booklet provides questions for Boards to ask senior management as well as the context needed to ask the questions and assess responses. |
|
| |
 | |
| |
 | |
| |
 | | 2011 Business and Industry Conference | | November 29-30, 2011, Toronto, ON
The successful senior financial officer in today’s Canadian corporation depends on a combination of technical expertise, soft skills, strategic finesse, and professional judgment. This two-day event offered a comprehensive blend of sessions that address the most relevant and current topics with insight on what’s coming next. Join your peers from other Canadian companies to discuss common challenges, explore parallel opportunities, and build your professional network. |
|
| |
| 2013 Canadian Conference on IT Audit, Governance and Security
OR
2013 Fundamentals of IT Audit - A Three-Day Workshop | (en anglais seulement)
March 26-28, 2013
The Westin Harbour Castle, Toronto, ON
Canadian Conference on IT Audit, Governance and Security
March 26-27, 2013 (optional workshop March 28: Introduction to COBIT 5)
This conference features plenary combined with concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance, and Security. This impressive, jam-packed program will refocus you and your team on the practical issues IT and senior financial professionals need in order to expand your knowledge and enhance your competitive edge.
OR
Fundamentals of IT Audit - A Three-Day Workshop
March 26-28, 2013
This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.
The conference and workshops are co-presented by the Canadian Institute of Chartered Accountants (CICA), the Institute of Internal Auditors (IIA) - Toronto Chapter and the Information Systems Audit and Control Association (ISACA) - Toronto Chapter.
|
|
| |
 | |
| |
 | |
| |
 | | What CFO's Should Know About Privacy | | Privacy is a business challenge and different from security. In this session you will learn about a "practitioner view" of privacy and why it can have a positive or negative impact on an organization regardless of the organization size or creed. The session also will cover a series of industry best practices that are widely available to help you further your knowledge of privacy and apply that knowledge to the specific needs of your organization. The session will conclude by discussing the enabling role of technology to manage privacy and why IT solutions for security do not necessarily work for privacy, and wraps up with two case studies. |
|
| |
SYSTEM SELECTION & IMPLEMENTATION |
| | 2005 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. This conference delivers the interactive and practical training IT professionals need to expand their knowledge while maintaining their competitive edge. The conference features sessions on state-of-the-art practices and management strategies presented by leading IT audit, governance and security experts. |
|
| |
| | 2006 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) – Toronto Chapter and the Information Systems Audit and Control Association (ISACA) – Toronto Chapter. The ideal conference for IT Audit professionals including Auditors, Chief Information Officers, Chief IT Security Officers. Chief Financial Officers with responsibility for the IT function and others with an interest in IT Audit Governance and Security matters. |
|
| |
 | | 2006 National IT Conference and Showcase for Accountants | | The 2006 National IT Conference and Showcase for Accountants benefits CAs and other IT decision makers and influencers in public practice, industry and government, as well as, public accountants in mid-sized and large CA firms, and senior executives in mid-sized and large enterprises in various industries. The Showcase brought together the most important IT vendors, solution providers and suppliers, with these IT decision makers — the de facto IT decision makers for thousands of small and medium-sized businesses across Canada. |
|
| |
| | 2008 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. This two-day conference featured keynote addresses from top IT innovators and concurrent sessions in three distinct learning tracks (IT Audit, IT Governance & IT Security). |
|
| |
 | | 2008 CICA IT Solutions Conference and Showcase | | This two day conference and showcase is a unique opportunity to learn about the latest advancements in IT solutions and to help you determine whats best for your business. You will hear from a variety of experts, including vendors and developers, solution providers, independent industry experts and your peers. This conference is ideal for CA's and other IT decision makers and influencers in public practice, industry and government who want to understand the latest advancements and maximize the value of their IT investment. |
|
| |
| | 2009 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors (IIA) — Toronto Chapter and the Information Systems Audit and Control Association (ISACA) — Toronto Chapter. This two-day conference featured keynote addresses from top IT innovators, concurrent sessions in audit, governance, security, and other topics including IFRS impact on systems and IT solutions. This event delivered the practical training IT and financial professionals need to expand their knowledge while maintaining their competitive edge. |
|
| |
| | 2010 Canadian Conference on IT Audit, Governance and Security | | Co-presented by the Canadian Institute of Chartered Accountants, the Institute of Internal Auditors ( IIA) – Toronto Chapter and the Information Systems Audit and Control Association (ISACA) – Toronto Chapter This two-day conference featured keynote addresses from top IT innovators, concurrent sessions in audit, governance, security, and other topics including IFRS impact on systems and IT solutions. This event delivered the practical training IT and financial professionals need to expand their knowledge while maintaining their competitive edge. |
|
| |
| 2013 Canadian Conference on IT Audit, Governance and Security
OR
2013 Fundamentals of IT Audit - A Three-Day Workshop | (en anglais seulement)
March 26-28, 2013
The Westin Harbour Castle, Toronto, ON
Canadian Conference on IT Audit, Governance and Security
March 26-27, 2013 (optional workshop March 28: Introduction to COBIT 5)
This conference features plenary combined with concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance, and Security. This impressive, jam-packed program will refocus you and your team on the practical issues IT and senior financial professionals need in order to expand your knowledge and enhance your competitive edge.
OR
Fundamentals of IT Audit - A Three-Day Workshop
March 26-28, 2013
This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.
The conference and workshops are co-presented by the Canadian Institute of Chartered Accountants (CICA), the Institute of Internal Auditors (IIA) - Toronto Chapter and the Information Systems Audit and Control Association (ISACA) - Toronto Chapter.
|
|
| |
 | | Auditing IT Disaster Recovery Planning | | Disasters continue to make the headlines, but while more and more companies are creating disaster recovery plans, will they be effective? An estimated 80% of untested disaster recovery plans, even professionally developed plans, fail when implemented in a crisis. Understand the components of an effective disaster recovery plan; how to evaluate it against the Canadian standard – CSA Z1600-08; and how to successfully implement that evaluation. |
|
| |
 | | Does Cloud Computing Really Matter? | After enterprise resources planning systems in the late 90s and the advent of internet based commerce at the beginning of this decade, cloud computing is the new hype. The idea of cloud computing has exploded onto the technology world stage as more and more businesses openly embrace its benefits. Similar to ERPs, cloud computing’s impact extends well beyond the IT department. Many parties claim that “cloud computing” can help enterprises meet the increased requirements of lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency, dynamic provisioning and utility-like pay-as-you-go services. However, many IT professionals are citing the increased risks associated with trusting information assets in the cloud as something that must be clearly understood and managed by relevant stakeholders. This brief session, discusses the following with real life examples wherever feasible: - Introduction to cloud computing: Definition, Models, Benefits
- Risks and Risk management: Risks, Risk management and compliance strategies
- Assurance challenges
- Implementation and governance
- Simulation: Create a virtual data centre
- Looking forward…
|
|
| |
 | | ERP Solutions – Independent Assessment | | An ERP (Enterprise Resource Planning) system automates business processes across most, if not all, departments within an organization of any size or industry. Our definition of ERP encompasses accounting systems, which can automate business processes across departments within a smaller company. ERP also spans industries whether it be financial, distribution, manufacturing, public sector, construction, retail or professional services. This session positions ERP systems by size of company and industry, and will include ERP trends. We will also discuss key differentiators of the most widely used ERP systems. |
|
| |
 | | Evaluation of Disaster Recovery Plans to Ensure Ongoing Operation of Time Sensitive Applications | | With the recent increase of natural disasters, global economic breakdowns, and recovery failures of renowned companies around the world, a greater emphasis is now placed on the effectiveness and viable assurance of existing Disaster Recovery Plans. An estimated 80% of untested Disaster Recovery Plans, even professionally developed plans, fail when implemented in a crisis. Understand the components of an effective evaluation of your disaster recovery plan and how to implement that evaluation effectively. |
|
| |
| | Getting Logical with Your Access Controls | | Rapid changes and continual enhancements to technology are making it more critical than ever to strenghten traditional access controls. This session focuses on the current state and future trends of logical access controls. |
|
| |
 | | Implementing Green Computing into Your IS Strategy | | Around the world, organizations are faced with the need to cut back on their use of resources, reduce greenhouse gas emissions, and find ways to hedge against escalating and volatile energy prices. IT infrastructure and data centres are commonly recognized as some of the largest consumers of power around the world, and are a significant source of greenhouse gas emissions. Many IT organizations have already begun to develop initiatives to reduce their energy use, but have yet to develop a green IT strategy or to embed green thinking in their day-to-day activities. Companies can reduce their energy use and carbon emissions in a variety of ways, including server virtualization, load balancing and efficient data-centre floors. They can also achieve such reductions through green strategies beyond the hardware level – such as in software development and desktop maintenance programs. |
|
| |
 | | Integrated Business Audit with IT Audit | | In todays world, organizations are using an integrated audit approach for a more "holistic approach". While not new, this approach can be rewarding, yet time consuming, due to the complexity of the environment. Hear some of the challenges and benefits of integrated auditing at Toronto Hydro Corporation, including the use of tools such as ACL to generate anomalies/red flags for further investigation. |
|
| |
| | IS Outsourcing Used to Be Easy – What Happened? | | As outsourcing models continue to evolve to meet changing business requirements, it is important that your audits continue to focus on the key elements of IS auditing. Learn how to conduct effective IS outsourcing audit reviews. |
|
| |
 | | Next Gen Technology – Gadgets + The Cloud | | This session highlights technology gadgets, from tablets to smartphones, for today's CA in public practice. It will also demystify cloud computing and discuss new software worth knowing about. Learn how technology can help your practice in the 21st Century. |
|
| |
 | | Outsourcing Part 1 – Key Components of the Contracts | Many organizations view IT Outsourcing as an integral part of their strategic objective to control operating costs, mitigate risk, and enhance shareholder value. To be successful, the IT Outsourcing activity should be well-defined and articulated in terms of setting out acceptable levels of performance and key responsibilities between both parties. This session focuses on the key components for developing an effective IT Outsourcing contract including: - Scope of service, duration and terms
- Rights and responsibilities of both parties
- Fee consideration and performance measurements
- Ownership of intellectual capital
- Controls, audits and privacy requirements
- Dispute resolution processes and termination provisions
- Business continuity plans and insurance
|
|
| |
 | | Practical Implementation of Cryptology | | Would you ever send confidential information to a client or a business associate on a postcard for everyone to see as it goes from post office to post office, or from letter carrier to neighbour or office staff? If your answer is "No" then why do we continue to communicate with postcards (aka emails) in the electronic age? During this session, we explore the security risks associated with typical information use, such as email communications and storage of information in a secure manner. What are some of the risks of using our everyday business tools? What can we do to better protect ourselves and our business? |
|
| |
 | | Reviewing Offshore Vendor Security Against ISO Standards | | Auditing a third party vendor site can be a difficult task, and assessing the security of overseas sites presents a number of challenges, as well as some interesting findings, not normally present during a typical audit. Having conducted ISO audits across Asia, Europe, and North America, the speakers share their experiences and explain how to conduct overseas site audits on time and on budget. |
|
| |
 | | Systems Selection and Implementation in a Time of Fiscal Constraint | Replacing software is a major undertaking for any organization. Yet less than one-third of projects are completed on time and on budget. Many projects are severely "challenged" or cancelled outright. The statistics suggest that organizations need to pay more attention to setting realistic expectations and to their approach for selecting and implementing software. This session will explore: - What is essential in difficult financial times, and what can wait
- What to expect if youre looking at an enterprise-wide solution for the first time, including the new reality about system costs and implementation complexity
- What's involved in a typical project – phases, timelines and costs
A list of the best practices to strive for and red flags to know when project risk is increasing will also be presented. |
|
| |
 | | The IT Selection and Implementation Process – Best Practices | Replacing software is a major undertaking for any organization. Yet less than one-third of projects are completed on time and on budget. Many projects are severely challenged or cancelled outright. The statistics suggest that organizations need to pay more attention to setting realistic expectations and to their approach for selecting and implementing software – before they commit to spending significant sums of money. This session explores: - What to expect if youre looking at an enterprise-wide solution for the first time, including the new reality about system costs and implementation complexity.
- What's involved in a typical project – phases, timelines and costs.
- Key roles your company, the vendor and external advisors play in avoiding the pitfalls.
- A list of the best practices to strive for and red flags to know when project risk is increasing will also be addressed.
|
|
| |
