|20 Questions Directors Should Ask About Information Technology Security|
|(aussi disponible en français)|
Directors are expected to satisfy themselves that risks potentially jeopardizing the integrity of information, the availability of information and operational systems, the confidentiality of sensitive data, and compliance with regulatory bodies, are identified and reduced or eliminated. This booklet provides questions for Boards to ask senior management as well as the context needed to ask the questions and assess responses.
This product was originally issued by a CPA Canada legacy body.
|20 Questions que les administrateurs devraient poser sur la sécurité informatique|
|(also available in English)|
Il incombe aux administrateurs d’acquérir la conviction que les risques d’atteinte à l’intégrité des données, de non-disponibilité des systèmes d’information et d’exploitation, de non-respect de la confidentialité des données confidentielles et de non-observation des exigences des autorités de réglementation sont identifiés et atténués ou éliminés. Le présent document expose une série de questions que les conseils d’administration pourraient poser aux cadres supérieurs, ainsi que le contexte dans lequel il convient de les poser et d’évaluer les réponses.
Ce produit a été initialement publié par l’une des organisations d’origine de CPA Canada.
|2016 Commodity Tax Symposium|
|(en anglais seulement) |
October 24-25, 2016
(plus optional post-symposium workshops October 26, 2016)
Metro Toronto Convention Centre (North Building), Toronto, ON
Stay up-to-date on critical commodity tax issues and network with peers from government, industry and practice at Canada’s largest and longest-running indirect tax event.
|Conference on IT Audit, Governance and Security 2016|
Fundamentals of IT Audit – A Three-Day Workshop 2016
|(en anglais seulement) Archive Event |
Note: As this event is now over, information is for reference purposes only.
March 21-22, 2016
Hyatt Regency Toronto, Toronto, ON
The conference and workshops are offered in collaboration with the Chartered Professional Accountants of Canada (CPA Canada), the Information Systems Audit and Control Association (ISACA) - Toronto Chapter, the Institute of Internal Auditors (IIA) - Toronto Chapter, and the American Institute of Certified Public Accountants (AICPA).
2016 Conference on IT Audit, Governance and Security
March 21-22, 2016 (optional Post-Conference Workshop March 23)
This conference features plenary as well as concurrent sessions from top IT industry and professional services leaders on a variety of “hot topics”, each of which encompasses different aspects of IT Audit, Governance and Security. This impressive, jam-packed program will refocus you and your team on the practical information IT and senior financial professionals need in order to expand your knowledge and sharpen your competitive edge.
2016 Fundamentals of IT Audit – A Three-Day Workshop
March 21-23, 2016
This three-day workshop is designed to provide new IT assurance-and-control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as learn many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.
|Date and Time Functions: Theory and Application|
Learn how dates and times are manifested in Excel and receive a free eBook with registration.
Presenter and Excel guru Ken Puls reviews how to optimize the use of dates and times in Excel, beginning with an understanding of the underlying logic behind dates. From there the course works through the process of extracting key components from a date, to building and formatting dates on the fly. Ken demonstrates the various date and time functions and reviews how to calculate with dates and times using a set of entertaining scenarios.
Come away with a solid understanding of how to use the built-in date and time functions in Microsoft Excel and how to use them in your own work to perform complex calculations when managing payroll, holiday hours, and large project schedules.
|Excel Certificate Program|
The Microsoft Excel Certificate Program is a practical and flexible online education program consisting of 10 in-depth courses, covering core Excel knowledge relevant in business and finance. This comprehensive program will provide all the required information and tools to become an Intermediate Excel User.
Excel guru Ken Puls teaches core topics in a way that allows participants to work through relevant examples and explanations of the concepts. Follow along with extensive course resources, eBooks, and examples to enhance your learning experience — and they are yours to keep!
|Excel Tables and Tabular Data|
Start creating good tabular data sets in Excel and receive a free eBook with registration.
The very nature of a spreadsheet is built around tables and tabular data, and many of Excel’s built-in tools are designed specifically to work with tabular record sets. To this end, it is vitally important to be able to understand how to create good data sources that Excel can easily consume.
In this course we begin by discussing the key features of good tabular data sets in Excel, and explain some of the common pitfalls that cause confusion and prevent using Excel’s powerful tools. From there we will walk through some of Excel’s useful tools including sorting, filtering, extracting unique records and duplicate removal.
The course ends with a deep dive into Excel’s new Table feature, showing how incredibly easy it is to create attractive and functional tables that can be mined for deeper meaning.
Learn everything you need to know about creating solid data tables for later use in Excel; essential knowledge that will open up the road to Excel’s most powerful features and will benefit you in your daily work.
|Excel: Designing Dynamic Financial Spreadsheet Models|
Start creating customized, dynamic spreadsheet models in Excel and receive a free eBook with registration.
Financial and business professionals are required to build dynamic models for tasks such as taxation, capital budgeting, and sales forecasting and analysis, and Excel has powerful tools in place to help with these responsibilities.
This video course will give you the background, techniques, best practices, and confidence to dive into Excel and start creating your own dynamic spreadsheet models customized and tailored to your specific business requirements.
|Excel: Designing Stable Spreadsheet Models|
Discover Excel's amazing power tool and receive a free eBook with registration.
Since every business has its own idiosyncrasies, it is virtually impossible to provide a "one size fits all" model set. To this end, this course focuses on teaching the approaches and concepts to help you build and tailor your own models. Join Excel guru Ken Puls on this powerful course and learn how to enforce data integrity and reduce user errors as well as to protect your model. While it’s true that the concepts taught in this course are primarily geared towards controllers and business analysts, they are equally portable to public practice accountants as well. The concepts taught in this course will help you build your own templates that serve your business needs, whatever they may be.
|Formatting Tools: Adding Eye Catching Elements|
How many times have you put a financial report in front of someone and watched their eyes glaze over as they stare at the endless rows and columns?
If you’re like many of us, it’s not an uncommon sight.
Explore different techniques to add colour to your reports, from vibrant professional looking diagrams, to workflow charts and elaborate equations; Excel can be used to create these and more. Many of the techniques in this course can also be used across Microsoft programs.
Discover how to build dynamic conditional formats to highlight cells based on defined rules, add collapsible outline groupings to your rows and columns, and define customized views to control who sees what.
This course is loaded with techniques to help you engage your reader so that you can do more than just present numbers; you can deliver the message.
|Formulas and Functions: An Introduction to the Power of Excel|
Excel guru Ken Puls reviews the basics of Excel formula and function libraries and opens up a whole new world of possibilities for your spreadsheets. Excel is rife with tools which, in the right hands, can be extremely powerful.
This course is focused on starting at the very beginning level of formulas, taking Excel from a static sheet of paper into a dynamic calculator with simple formulas to sum up columns and rows. Based on clear and relevant examples, from there we progress through more complex scenarios, illustrating the points you need to know in order to build an inventory analysis, income forecast, cash flow, and balance sheet.
|Formulas and Functions: Logic and Lookups|
Become a master of Excel functions and receive a free eBook with registration.
Take Excel from a tool that simply reports historical results and configure it to respond dynamically to changes in scenarios and turn your spreadsheets into business intelligence tools.
This course begins with looking at logic functions, from the essential IF() function through a variety of others which can be leveraged at key times. Explore reference functions that allow you to pull information from different worksheet cells as required.
Next dive into lookup functions in Excel, including the incredible VLOOKUP() function. Built to extract data from tabular data sets, this function is one of the most important Excel functions to master. VLOOKUP() contains everything that a function could possibly throw at you. By the time you complete this course you will feel comfortable working with the most powerful lookup and logic functions and will know how to utilize them in real world.
|Guide de CPA Canada Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2)|
|(also available in English)|
Le guide de CPA Canada intitulé Rapport sur les contrôles d’une société de services pertinents pour la sécurité, l’accessibilité, l’intégrité du traitement, la confidentialité ou la protection des renseignements personnels (CSS 2) se veut un outil pratique pour les professionnels en exercice qui se voient confier la mission de délivrer, après audit, un rapport sur les contrôles exercés par une société de services sur son système en ce qui a trait à la sécurité et à la protection des renseignements personnels.
Les guides CSS sont aussi disponibles en version électronique! Ce format pratique permettant la recherche plein texte peut être téléchargé sur votre liseuse électronique, votre portable, votre téléphone intelligent ou votre tablette.
|Introduction to Data Visualizations: Turning Data into Information|
How many times, after presenting the statements you have worked so hard on, do your audiences eyes glaze over? It is awful, but it highlights something really important… often the way we present our work is not ideal. The logical step is to reach to data visualizations, which makes most people jump straight into charting.
In this video course, Ken Puls will cover how to create and manipulate charts to convey an effective story from our data. Other data visualization techniques that can add incredible value to your work will also be discussed. Those include icon sets, data bars, colour scales, sparklines, and conditional formatting.
|Introduction to Excel: Beginning the Journey to Spreadsheet Mastery|
Begin your journey to spreadsheet mastery with Excel guru, Ken Puls and discover the essential and basic tools needed to further develop your learning in Excel.
Excel can be an intimidating program to use, particularly if you rarely use it or have been barely exposed to it. This course will quickly bring you up to speed on any requisite knowledge you are missing before you jump into more difficult courses in this series.
This course starts at square one, giving you an overview of the Excel 2010 user interface, and will review areas you need to understand long before you start working with formulas and other power techniques covered in later courses. Your Excel journey starts here!
|Introduction to PivotTables in Excel|
Discover Excel's amazing power tool and receive a free eBook with registration.
Join Excel guru Ken Puls as he shares his expertise on how to crack open the door to the power of PivotTables. This course will show you how unbelievably easy it is to create a PivotTable, how quickly they work, and how easy it is to both flip your data into alternate views and slice and dice it for deeper mining.
PivotTables are one of Excel’s hidden gems and people who use PivotTables love them, and live by them. Discover how to build intelligent, flexible summary tables to streamline reporting on frequently changing data. Easily determine your business's highest sales revenue or the lowest sales item for a specific quarter within the same PivotTable without moving around to different spreadsheets or workbooks.
|Is Cloud Ready for Enterprise Deployment?|
|Organizations are continuously under pressure to make more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity for agile and elastic computing with a lower capital cost. However, many organizations are reluctant to trust cloud service providers with critical information.|
The purpose of this session is to understand potential opportunities of cloud computing while managing the enterprise risks. It explores good practices from business requirements gathering to design, implementation, and security of cloud based solutions.
|James Bond in Your Midst - Battling Corporate Espionage|
|Although the Cold War between countries no longer exists, a new battle ground is emerging in the global marketplace with the rise in industrial espionage due to a more competitive environment. With an increased pressure to gain competitive advantages and the advances in information technology, companies must setup protective measures to address risks such as emerging hacking techniques, electronic surveillance systems, and the rise of social engineering. Billions of dollars have been lost to foreign and domestic competitors targeting economic intelligence for technologies and corporate trade secrets. Is your company in a position to defend this risk? This session will focus on the various forms of corporate espionage and methods to protect your business.|
|Knowing Your Cyber Risks/Threats and Mitigating Them|
|Senior management and board of directors have a fiduciary responsibility to oversee all facets of risk, including cyber risk. Cyber risk, in addition to being an IT risk can impact the business' revenues, expenses, strategy, brand and reputation. At this session, you will learn how a leading Canadian information technology service provider takes an enterprise risk approach to obtain a comprehensive understanding of the related exposures, how the risks are communicated to key stakeholders and how they are mitigated.|
|Math and Finance Functions Formulas for Business Decision Makers|
An accountant’s job is to add value to a company as a business decision maker. In order to do so, you need to be able to apply business logic and evaluate decisions on a financial basis. Your primary tool for accomplishing this goal is Microsoft Excel.
In this video course, explore the mathematical, statistical, and financial functions that apply to accountancy and financial management. Starting with calculation of basic statistics, through forecasting and generating a Net Present Value schedule, this course works through key functions that every accountant needs to know.
|Mobile Security and PCI|
|Mobile payments have the potential for tremendous expansion and increased convenience that brings with it the promise of growth in the payment industry. Many organizations and technologies are currently vying to become leaders in this field. All of these will have to overcome concerns about security on their way to achieving end user confidence and acceptance. Ultimately any organization venturing into this area will need to be sure their solutions will work with compliance frameworks such as PCI. This presentation examines these challenges from the perspective of organizations wishing to exploit mobile payments in the current regulatory environment with a view to how this may change.|
|Practical Implementation of the 2013 COSO Internal Control Framework|
|The objective of this session is to provide a concise understanding of the requirements of the 2013 Updated COSO and how it differs from the existing 1992 COSO Internal Control Framework. The session will also demonstrate how to transition to the new COSO with the least amount of disruption to the business of the entity as well as its current Internal Control Program.|
|Rise of the Cloud — Leveraging the Cloud for Value|
|Organizations are continuously under pressure to make more efficient use of their IT resources while enhancing their compliance with regulatory and legal requirements. Cloud computing and its various flavours offer an enormous opportunity. However, many organizations are reluctant to trust cloud service providers with critical information.
The purpose of this session is to understand potential risks and controls for cloud based solutions. We will explore good practices from business requirements gathering to design, implementation, and security assessment of cloud based solutions. The participants will receive a copy of RiskView's Cloud Security & Risk Assessment toolkit.
|Shadow-IT - The Sequel: IT Risk Transformation and Lines of Defense|
|As a sequel to last year's primer on the Shadow-IT issue and the risks, this session aims to broaden the discussion to other emerging drivers of IT related business risks and the impact of "IT risk transformation" that organizations are experiencing. Traditional IT risk management processes (risk identification, assessments and management) while still relevant in many respects, is proving to be inadequate in the face of unexpected risk exposures caused by organizations' extended boundaries and emerging IT risks (e.g. BYOD, social media, cloud computing, cyber security, shadow-IT). Organizations in the regulated industries experience regulatory pressures forcing this transformation. This session provides an overview of how organizations can address this challenge and plan for their risk transformation journey, the nature of changes required to the organization, roles and responsibilities, processes and tools. Discussed are concepts such as: three/six lines of defense, key risk indicators, risk appetite, risk tolerance and risk reporting.|
|Shadow-IT – Do You Really Know What's Going On?|
|"Shadow-IT" or "business managed technology" are recent terms that have replaced "End User Computing". These terms refer to the business directly buying, subscribing or developing applications or services, without the involvement of enterprise IT, causing potentially newer risk exposures. Though the issue is not new, the scope, extent, nature and level of risks have grown in recent years to be of concern to internal and external stakeholders including regulators. Organizations are therefore trying to size the issue, experiment different solution approaches and figuring out the roles of various functional groups. After a primer on the issue and the risks, this session aims to discuss best practices for establishing a sustaining a set of controls and governance practices in organizations of different sizes.|
|Social Media Risks and Governance|
|Social media is quickly becoming the new way people receive information and stay up to date with latest trends and events - such as; advertisements, endorsements, recommendations, gossip, and news. Whether it is through Twitter, Facebook, LinkedIn, on-line blogs, or many of the other emerging tools - all of these social media forums offer great potential for connecting with friends, peers, and customers. Many use these forums as a way to voice their opinions, rally support, or simply to make a statement.|
One of the biggest impacts of the social media evolution is that instead of the conversations being between only a few individuals, the conversations are now broadcast to the masses at lightning speed. Effective methods of monitoring and responding to cyber chatter are necessary to protect organizations from reputational risk. This session explores social media risks, myths, and leading practices for risk mitigation. It provides some examples of social media mistakes, discuss questions organizations should be asking, and provide some examples of how social media can be used as a tool to support audit or investigation work.
|Strategies for Securing the Cloud|
|Service models including applications, platforms, and infrastructure are some of the areas where an organization can leverage the benefits of the cloud. However benefits come with their fair share of security risks. Network dependency; complexities of hybrid systems; reliability; and cross border legal implications increase the complexities in adapting to the cloud. Infrastructure, security framework and the type of cloud configuration can significantly influence security from a privacy, compliance and legal stand point. In addition, evolving risks, new threats, financial budget constraints and a lack of skilled and experienced personnel create significant challenges to mitigate these risks. Are you up to the challenge?
This session will explore current strategies and best practices on how to secure the "CLOUD"
|Text and Information Functions: It's Not All About the Numbers|
Many people look at Excel purely as a calculator. The reality, though, is that Excel is about a great deal more than just numbers. It is a full application development environment to create full financial models and decision-making tools.
As with all tools, in order to get the most out of it, you need to understand all aspects of the program and, sadly, text functions are often dismissed or overlooked by people. The reality is that these functions are essential tools when manipulating data and working with other model components.
In this course we explore the 5 most useful text functions, as well as many other complementary functions.
|The Evolution of Protecting Your Network - Adapt or Else....|
|The traditional approach to protecting a network is no longer enough. Firewalls, anti-virus protection, intrusion detection systems and other security devices are critical cornerstones of network defence, but they alone are not enough. The cyber threat is real and agile. This presentation covers the basic building blocks of cyber security, the multitude of threats faced by the network every day, the shift to a risk-based approach to cyber security and the importance of building cyber situational awareness in order to be proactive rather than reactive. In addition, some of the processes and tools used to detect, prevent, and remediate the malware on the network are discussed.|
|The Insider Threat - Lessons from the Front Line|
|This session covers the key elements in building "Security in Depth" to address the Insider Threat using real world scenarios ranging from data loss prevention to malicious actions from disgruntled internal, vendors and business partner employees. Provided are system security engineering pointers and identify industry tools that can be used to start addressing potential insider threats that your organization may be facing.|
|Three Unique Challenges for IT ERM|
|Many organizations are encountering challenges when implementing an ERM process for their IT department. There are unique complexities in designing an IT risk process since there are multiple layers of IT risk. How do you separate and manage IT strategic risk, implementation risk, and the risk presented to other areas of the organization that rely on IT's services? Who owns these risks and how do you determine how large the impact is across the enterprise for any given IT risk? This session will discuss these questions and provide you with a practical approach to identify, assess, and manage your IT risks within the ERM framework.|
|What Does it Take to be an Effective IT Auditor — in the Brave New World?|
|Practitioners need a combination of technical and people skills to forge a career in auditing technology. Organizations are investing substantial sums in their computer systems, databases, and supply chains to compete and leverage customer relationships. At the same time, they are beginning to recognize that IT auditors can assist them in understanding the constantly shifting risks of the information age.
IT auditors focus on the governance of IT systems and processes with audits ranging from business continuity to development processes, to information security. To be effective, IT auditors must acquire the right hard and soft skills.
Most IT auditors know about the hard skills required to meet professional requirements. In addition to addressing different sources of key knowledge (the hard skills) that IT auditors should be familiar with, this session will focus on the key attributes that successful IT auditors must have in their repertoire to be effective (the soft skills) - in the brave new world
|Writing for Action|
|Today, IT auditors not only need to understand and assess complex IT systems, business processes, security, risk and compliance issues, to be successful they also need to be able to communicate and report their observations and recommendations in a clear, concise and direct manner to their targeted audience.
Unfortunately, good report writing doesn't just happen. It is a process that involves several steps - and lots of practice.
Whether you are experienced or a novice, writing reports to the Audit Committee, Senior Management, your supervisor, your peers, or preparing staff memos or emails, - this session will help you develop a systematic approach for writing effectively for Action!
|You Can't Do It All! Segregation of Non-compatible IT Duties — What Every IT Auditor Should Know|
|Segregation of Duties (SoD) in IT plays a major role in reducing IT risk in the areas of fraud, undetected errors, sabotage, and programing inefficiencies. This session addresses some of the key roles and functions that need to be segregated including:
- IT duties vs. user departments
- database administration (DBA) vs. rest of IT functions
- application development and maintenance vs. application operations
- new application development vs. application maintenance
- information security vs. IT functions
- IT organizational structure for IT activities
- auditing for SoD|