17th annual iia and isaca spring training - … annual iia and isaca spring training ... the ancient...

17TH ANNUAL

IIA and ISACA Spring Training

APRIL 4-6, 2016 Suburban Collection Showplace

Novi, MI

1

If you are responsible for your company's internal auditing, information systems

security and integrity, accounting, finance, Sarbanes-Oxley compliance or other regulatory matters, or simply need continuing education, you will want to join us for

the 17th annual Detroit Spring Training event.

The Detroit Chapters of the IIA and ISACA are proud to co-sponsor the annual Spring

Training Event. Each year, the Spring Training Committee spends a considerable amount of time planning a comprehensive series of course offerings for our members

and guests. The 2016 event is no exception. A number of classes sell out each year so register early. Don't miss this opportunity to

network with your peers, enhance your skills, and learn about new products and services in the marketplace! Our goal is to provide a world-class caliber training event

tailored to your needs. Class size and materials are limited. To be fair and equitable to all, we operate on a

first-come first-serve basis, and maintain a wait list for all sold out courses. Therefore, registrants are required to attend the course(s) for which they registered unless they

receive prior written approval from the Committee Chair. Registrants attending unauthorized classes will not be awarded continuing education credits. We look forward to seeing you at the Spring Training event!

- The 2016 Spring Training Committee

Welcome

RETURNING THIS YEAR–VENDOR EXPO!

We have invited many audit and assurance vendors to set up displays during the training event giving you an opportunity to learn about products and partners that are in the marketplace, and their associated benefits for your organization.

A Special Thanks to our Platinum Sponsors who continue to

give generous support to this annual event!

Monday Lunch– TBD Tuesday Lunch – TBD

Wednesday Lunch – TBD

2

Special Thanks

To our 2015 Vendors

Platinum VENDORs

Accretive Solutions

Experis Finance

PwC

Gold Vendors KPMG

Orion Solutions Group

Plante Moran

Resources Global Professionals

3

2016 TRAINING PROGRAM

TRACK MON APRIL 4 TUES APRIL 5 WED APRIL 6

A Coaching for Enhanced

Performance

(Don Levonius)

Driving Change Without Running Others Over

(Don Levonius)

Leading with Integrity and Authenticity

(Don Levonius)

B Enterprise Risk Management

(Paul Zikmund)

Lessons from Real Fraud Examinations: Case Studies

(Paul Zikmund)

Internal Audit’s Role in Fraud Risk Management

(Paul Zikmund)

C

Emotional Intelligence: The Heart of Leadership

(Dr. Keith Levick)

Managers to Leaders

(Dr. Keith Levick)

Conflict Management

(Dr. Keith Levick)

D

Best Practices in Internal Auditing

(Dr. James Roth)

Assessing the Risk / Control Culture: Challenges and Proven Techniques

(Dr. James Roth)

E Advanced Auditing for In-Charge Auditors

(Kathleen Crawford)

F Using Risk Assessment to Build Individual Audit Programs

(Greg Duckert)

G Internal Audit University

(Dr. Hernan Murdock)

H Introduction to Incident Response

(Mary Siero)

I Virtualization Security & Audit

(John Tannahill)

Cloud Management and Security

(John Tannahill)

J

Is Your Data Really Secure?...13 Ways to Avoid

Cyber Data Leaks

(Ken Cutler)

Cyber Audits of Identity and Access Control Management

(Ken Cutler)

K Auditors Role in IT Governance

(Mitch Levine)

Auditing Disaster Recovery & Business Continuity Planning

(Mitch Levine)

L Safeguarding Critical Assets

(Sajay Rai)

Introduction to Information Security for IT Auditors

(Sajay Rai)

4

TRACK A-1 COACHING FOR ENHANCED PERFORMANCE

(DON LEVONIUS, MONDAY) 7 CPEs

Seminar Focus and Features

As a leader, one of your most important responsibilities is to provide ongoing and effective

performance feedback and coaching for employees. Yet, many leaders neglect to do so or resort

to ambiguous statements like “Great job!” or “You’ve got to do better.” Great leaders provide

specific and actionable feedback and actively coach employees in a way that enhances their self-

awareness, self-efficacy, and job performance. This hands-on seminar helps learners master

proven models and techniques and develop an action plan for applying them in an actual

workplace situation.

By the end of this seminar, learners will be able to:

Identify essential elements of effective feedback

Organize observations, thoughts, and feedback using several feedback models

Apply proven coaching techniques to enhance employee self-awareness, self-efficacy,

and job performance

Develop an action plan for providing feedback and coaching for an actual employee

Prerequisite: None

Learning Level: Basic

Field of Study: Auditing

5

TRACK A-2

DRIVING CHANGE WITHOUT RUNNING OTHERS OVER (DON LEVONIUS, TUESDAY)

7 CPEs


The ancient philosopher Heraclitus once said, “The only thing that is constant is change.” And

according to change guru John Kotter, “The rate of change is not going to slow down anytime

soon.” Change is both constant and pervasive. Whether your responsibilities require you to

influence incremental change or lead radical, transformational change, your success will be

determined by your ability to inspire others and convert their resistance and skepticism into

cooperation and commitment. This interactive seminar examines why most change initiatives fail

and introduces a systematic process that will help learners drive change in their own

organizations.

By the end of this seminar learners should be able to:

Describe why most change initiatives fail

Recognize common causes of resistance, as well as techniques for overcoming it

List and explain the stages of on an effective change initiative

Develop a customized action plan for driving change in their organization

Prerequisite: None



6

TRACK A-3

LEADING WITH INTEGRITY AND AUTHENTICITY (DON LEVONIUS, WEDNESDAY)

7 CPEs


Leadership is about collaborating with and influencing others. Great leaders are able to influence

not only their direct reports, but clients, colleagues, decision-makers, and others over whom

they have little or no formal authority. And while most leaders intuitively know right from

wrong, some seem more motivated by self-interest and achievement than by their obligation to

do the right thing. Do leaders have a moral duty to do what is right, despite the consequences?

Yes. Does ethical leadership often produce desired organizational results? Absolutely!

This seminar helps participants discover their purpose, discern the needs of others, identify win-

win solutions, exhibit grazia and sprezzatura in order to persuade others without being pushy,

and demonstrate how ethical behavior enables leaders.

Through the use of storytelling, videos, self-assessments, self-reflection, small group activities,

and ethical scenarios we will examine how collaboration, influence and ethical behavior enables

leaders.

By the end of this seminar learners will be able to:

Integrate collaborative problem solving to avoid imposing or compromising

Demonstrate the ability to be unpretentious and unflappable

Differentiate between knowing how, and articulating why

Establish leadership’s role in organizational ethics

Consider how ethical leadership affects organizational performance and profit

Explain how ethical leadership provides a viable value proposition for leaders seeking to

drive organizational effectiveness

Apply three specific goals for actively listening to others

Prerequisite: None



7

TRACK B-1

ENTERPRISE RISK MANAGEMENT (PAUL ZIKMUND – MONDAY)

7 CPEs


There are increasingly escalating demands on organizations to implement and strengthen their

enterprise-wide risk management processes. Risk managers must now look to further

strengthen their oversight process to better identify, assess and manage risks across the

enterprise.

Internal Audit’s core role in regard to ERM is to provide independent and objective assurance to

the Board and Executive Leadership on the effectiveness of the ERM program to help ensure key

business risks are being managed effectively and appropriately in line with the organizations risk

appetite.

Core internal auditing roles in regard to ERM:

• Giving assurance on risk management processes

• Giving assurance that risks are correctly evaluated

• Evaluating risk management processes

• Evaluating the reporting of key risks

• Reviewing the management of key risks

The workshop identifies the practices and benefits of a dynamic enterprise-wide risk

organization. Through interaction and hands-on exercises, participants learn practical

approaches that they can immediately apply to their specific organization. The workshop starts

with a definition of ERM and a discussion of the basic tenets of a sound ERM practice -

organization, reporting, measuring, monitoring, and culture — much of which in some form is

already in place. The workshop will address how auditors can leverage these existing practices

to develop a robust approach program to determine the effectiveness of their organization’s

overall ERM program.

Prerequisite: None



8

TRACK B-2 LESSONS FROM REAL FRAUD EXAMINATIONS: CASE STUDIES

(PAUL ZIKMUND – TUESDAY) 7 CPEs


Conducting investigations of fraud presents various risks to any organization. Organizations

must develop and implement effective policies and procedures to reach the appropriate

conclusions while reducing legal liability for the organization.

This interactive session is designed to provide participants with a roadmap for understanding the

key elements of conducting successful fraud investigations. Through the use of real-life case

studies, attendees will evaluate and manage allegations of real cases and learn the following:

Key steps of any investigation

Navigating risks and avoiding pitfalls of compliance investigations

Managing physical and electronic evidence

Presenting investigative results

Managing sensitive issues

Remediation of misconduct

Prerequisite: None



9

TRACK B-3 INTERNAL AUDIT’S ROLE IN FRAUD RISK MANAGEMENT

(PAUL ZIKMUND – WEDNESDAY) 7 CPEs


From the IIA: “Internal auditors support management's efforts to establish a culture that

embraces ethics, honesty, and integrity. They assist management with the evaluation of internal

controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.

Although it is management's responsibility to design internal controls to prevent, detect, and

mitigate fraud, the internal auditors are the appropriate resource for assessing the effectiveness

of what management has implemented. Therefore, depending on directives from management,

the board, audit committee, or other governing body, the internal auditors might play a variety

of consulting, assurance, collaborative, advisory, oversight, and investigative roles in an

organization's fraud management process.”

In this session attendees will learn more about how internal auditors can help their organizations

mitigate and manage the risk of fraud. The session goals and objectives include the following:

Implementing a Fraud Risk Management Strategy

Elements of a comprehensive framework

Achieving continued support from the C Suite

Resources to ensure successful implementation

Managing the expectations of senior management

Proper staffing of engagements

Laws and regulations impacting fraud risk management

Tools and techniques for fraud training

Effective use of data analytics and tools to achieve results

Prerequisite: None



10

TRACK C-1

EMOTIONAL INTELLIGENCE: THE HEART OF LEADERSHIP (DR. KEITH LEVICK, MONDAY)

7 CPEs


Research has shown that Emotional Intelligence (EI) contributes more to a person’s success in

life than raw intelligence (IQ). Leaders and employees with a high EI are the ones who make

the best decisions, manage people more effectively and contribute most to the overall success

of the organization. Emphasis is placed on the development of specific skills that strengthen EI.

This course is based upon active learning, with rich, interactive exercises and applied

experiences.

Learning Objectives:

At the end of this course, participants will be able to:

Define emotional intelligence (EI)

Recognize the role of EI in the workplace

Describe an EI model

Build an intuitive muscle

Better manage emotions

Improve social awareness

Practice and enhance social and empathy skills

Listen and respond with empathy

Outcome:

Improved and enhanced Emotional Intelligence resulting in increased customer satisfaction,

relationships, retention, and improved internal employee interactions.

Prerequisite: None



11

TRACK C-2

MANAGERS TO LEADERS (DR. KEITH LEVICK, TUESDAY)

7 CPEs Seminar Focus and Features

Managers manage; leaders inspire and motivate. This course focuses on the differences between

managing and leading while maintaining consistency in all areas of business operations. Team

building, communication, leadership style, and fostering a positive work environment are

addressed. Emphasis is placed upon building a variety of leadership skills.

This course is based upon active learning, with rich, interactive team based exercises, and applied

experiences.



Identify the differences between managers and leaders

Identify team leadership styles

Explore leader behavior

Recognize the elements of building positive relationships

Discover what motivates people and how to create a motivating climate

Identify levels of trust

Explore and understand common approaches to discipline

Practice a non-punitive approach to dealing with negative behavior

Outcome:

Enhanced leadership skills resulting in improved departmental functioning, communication, and

team interpersonal relationships.

Prerequisite: None Learning Level: Intermediate Field of Study: Auditing

12

TRACK C-3 CONFLICT MANAGEMENT

(DR. KEITH LEVICK, WEDNESDAY) 7 CPEs


Negative conflict in a business setting can be expensive, counter-productive, time consuming, and

labor intensive. Constructive conflict can bring about new ideas and problem solving methods.

This program focuses on providing the skills necessary to manage negative conflict and promote

positive working relationships.

This course is based upon active learning, with rich, interactive exercises, case studies, and

applied experiences.



Recognize how and why conflict exists

Realize conflict represents differences in opinions and beliefs

Identify personal conflict resolution styles

Identify blockers that hinder the resolution process

Demonstrate a five (5) step collaborative process

Manage emotions

Take the perspective of others

Deal with negative

Outcome:

Enhanced ability to resolve workplace conflicts resulting in less hostility, fewer disputes, and

higher productivity.

Prerequisite: None



13

TRACK D-1 BEST PRACTICES IN INTERNAL AUDITING

(DR. JAMES ROTH, MONDAY) 7 CPEs


This seminar presents a wealth of practices from world-class internal audit departments. You will

get their actual evaluation tools and related documents. You will also learn how they apply the

tools, and how to tailor their practices to your own organization. After the seminar, you will be

able to use these examples as models to create or enhance your own value-added practices.

Topics include:

Audit Department Structure and Annual Planning Process

Best Practice Principles and examples – intertwine with management; participative,

qualitative, strategy focused audit planning

How to Plan, Monitor, and Aggregate Results to Form an Entity-wide Opinion Based on

the organization’s strategy and COSO 2013

Value-Added Audit Methodologies

Best Practice Principles and Risk-Based Auditing

Practices That Enhance Audit Projects – Staff Skills Matrix, Best Practice Web Site and

Database, Use of Guest Auditors, Criteria for Evaluating Performance Measures

Trends and Innovations in Audit Reports

Emerging Practices

Assessing the risk management process

Advising and assessing the governance process(es) and organizational strategy

Auditing social media and mobile devices

Assessing the use of “big data”

Staffing, Work Environment, Marketing and Measuring

Staffing and Work Environment – Best Practice Principles

Competency Model for Staffing and Career Development

Career Planning Form

Marketing Internal Audit

Post-Audit Customer Survey and Audit Department Performance Metrics

How to Get There From Here: Transforming Internal Audit

Audit Department Customer Analysis

Creating a Shared Vision for the Future

Developing and Implementing the Internal Audit Strategic Plan

Discussion Guide for Customer Input

Audit Department Strategic Plan

Summary – Profile of a Value-Adding Internal Audit Department

Prerequisite: None

Learning Level: Intermediate


Continued on next page

14

TRACK D-2

ASSESSING THE RISK / CONTROL CULTURE: CHALLENGES AND PROVEN TECHNIQUES

(DR. JAMES ROTH, TUESDAY-WEDNESDAY) 15 CPEs


Through discussion and exercises you will:

Be exposed to the latest thinking and guidance on evaluating culture

Learn how eight leading organizations from various industries are evaluating the risk and

control culture

Share your techniques for evaluating culture with other attendees and get feedback from

your peers and Dr. Roth

Work through hands-on exercises in evaluating elements of culture

Proven evaluation tools from world-class audit departments

Examples of audit report comments on weaknesses in the culture

Topics covered during this two-day seminar include:

Why Evaluate the Risk Culture?

Risk culture is a growing concern for Internal Audit’s stakeholders

What our Standards and the real world say

Challenges, Potential Pitfalls, Keys to Success

Cultural trade-offs

Challenges: complexity and subjectivity of culture, resistance of key players, other

Keys to success

Approaches and Techniques

Overview of evaluation techniques and tips for scope, execution, reporting, and staffing

How nine audit departments – five in financial services, one each in healthcare,

manufacturing, travel, and public sector – are auditing culture

Audit Project Evaluation Techniques

Key to success and five essential principles for evaluating aspects of culture

Bringing cultural issues into the risk assessment

Guidelines for evaluating risk culture during audit projects

Guidelines for developing and administering audit project surveys and example from IIA

research

Entity-Wide Evaluation Techniques

Guidelines for entity-wide structured interviews and guides from IIA research

Guidelines for developing, advising, assessing and using entity-wide surveys

Advantages / disadvantages of each cultural evaluation technique

Reporting Cultural Issues

Guidelines and keys to success

Audit report techniques that lower the defensiveness of local management

Audit rating systems that include “management awareness of risk”

Prerequisite: Fundamentals of Internal Auditing or equivalent experience.



15

TRACK E ADVANCED AUDITING FOR IN-CHARGE AUDITORS

(KATHLEEN CRAWFORD, MONDAY-WEDNESDAY) 22 CPEs


In this three-day session you will learn all of the elements involved in leading traditional and

operational risk-based auditing from the unique perspective of the in-charge position. With

peers, attendees will review such concepts as audit program flexibility, risk assessment, priority

setting during fieldwork, and effective oral and written communications of audit findings. This

course covers preliminary fieldwork, audit program development, COSO, risk assessment, and

auditing the control environment in today's business climate.

What You Will Learn:

Managing Fieldwork

Auditing Concepts: The In-Charge's Perspective

The Changing Control Environment

Marketing and Selling Internal Audit

Preliminary Fieldwork and Program Development

Risk Assessment Strategies

Applying Project Management to Internal Audit

Fraud Awareness

Effective Communications

High-Profile Case Studies - Lessons Learned

Improving the Productivity of the Audit Process

Incorporating Best Practices throughout the Audit Department

Prerequisite: Internal Audit University or equivalent experience.



16

TRACK F

USING RISK ASSESSMENT TO BUILD INDIVIDUAL AUDIT PROGRAMS (GREG DUCKERT, MONDAY-WEDNESDAY)

22 CPEs


In this revealing three-day seminar you will learn how to use risk assessment - generally applied

to annual audit plans - to help build individual audit programs that will boost auditor productivity

and provide the control assurance required by Sarbanes-Oxley. You will explore the differences

between traditional, control-based risk assessment and a new, business risk-based approach

that addresses management's concerns at the individual audit level. This progressive risk-based

approach will demonstrate how assurance and consultative auditing can be performed

simultaneously to maximize your audit resources and generate high-impact outcomes.

Attendees will learn how to recognize primary risks critical to any organization and to evaluate if

there are appropriate controls in financial, information systems, compliance, and operational

audits. You will then investigate the innovative methodology in a practical, case-based work

session that will lead you step-by-step through the development of an individual audit program

that can be executed in your own organization. You are encouraged to bring an audit subject

and background information to use in this class exercise. Attend this timely seminar to learn

how to focus your audits on the business concerns of the audit committee, senior management

and the organization's operations.


Traditional Approaches to Risk Assessment

Information Sources Required to Truly Determine Risk

Maximizing Your Audits with Sound Data and Informed Judgment

A Business-Risk Approach to Value-Added Audit Programs

Focusing the Audit on Risk: A Multi-Level Approach

Risk Assessment in the Four Major Types of Audits

Maximizing Your Value: Talking Business Not Audit

Prerequisite: Internal Audit University or equivalent experience.



17

TRACK G

INTERNAL AUDIT UNIVERSITY (DR. HERNAN MURDOCK, MONDAY-WEDNESDAY)

22 CPEs


In this intensive three-day seminar, attendees will master fundamental operational auditing

techniques and learn how to use a risk-based approach to enhance your audits of the

purchasing, marketing, human resources, information technology (IT), management,

finance/treasury and accounting functions.

Participants will explore the objectives of major business operation areas and learn how to

identify the key risks threatening them. You will find out how to make your audits more efficient

and effective and how to use data analytics to gain an in-depth understanding of business

processes. You will cover such critical areas as the impact of SOX, ERM and GRC on the

organization, uncovering fraud schemes that threaten business operations, and the role of IA in

helping management build strong risk management and strategic planning processes. You will

leave this high-impact seminar with the skills necessary to go beyond outputs and to examine

the organization’s ability to achieve the necessary outcomes.


Operational Auditing

Components of Operational Audits

Auditing the Purchasing Function

Auditing the Marketing and Sales Function

Auditing the Human Resources Function

Auditing the Finance, Treasury and Accounting Functions

Auditing IT

Auditing the Management Function

The Future of Operational Auditing

Prerequisite: None


Field: Auditing

18

TRACK H INTRODUCTION TO INCIDENT RESPONSE

(MARY SIERO, MONDAY-WEDNESDAY) 22 CPEs


While preventative controls remain a critical component of an effective information security

program, the ability to detect and respond to security incidents continues to increase in

importance. The number of breaches reported each year, combined with evidence of

increasingly sophisticated attacks, only serves to emphasize the need for organizations to have

staff members skilled in managing information security incidents.

This seminar is designed to provide the knowledge and experience you need in order to develop

critical incident response policies and procedures, as well as identify technologies that can help

you effectively manage security incidents. Through both discussion and hands-on exercises you

will gain specialized knowledge of security incident response.

Upon completion of this course, participants will receive a CD that contains tools and resources

used during the course.


Incident Response Fundamentals

Policies, Procedures and Training

Supporting Technologies and Incident Reporting

Prerequisite: This course is geared to individuals with a general familiarity and working

knowledge of information technology, including those with two or more years of experience and

training in IT Audit, Information Security, and/or Information Technology.



19

TRACK I-1

VIRTUALIZATION SECURITY & AUDIT (JOHN TANNAHILL, MONDAY)

7 CPEs


This one-day session will focus on the audit and security issues related to the use of Virtual

Machine environments

Key Learning Objectives:

Understand VMware Virtual Machine architecture and security components (VMware vSphere)

Understand VMware ESXi and vCenter security and control features

Understand audit objectives for the ESXi and vCenter environments

Topics to be covered include:

1. VM Concepts (based on VMware technology)

VMware ESXi and vCenter Server Overviews

Security Architecture and Design Issues

Threats & Vulnerabilities and Audit & Control Objectives

2. VMware ESXi Server Audit

Security Configuration Standards and Security Management

Configuration and Patch Management

Host Level Management Security

User Account and Administrator Access Controls

Logging & Monitoring

VM Files and Settings

Guest VM Configuration

Guest to Host Isolation Controls

Network and Firewall Security

3. VMware vCenter Audit

Architecture & Design

Auditing Management Server Configuration and Components

Inventory Control Areas

Controls over Administrative Users (Data Center Administrator, VM Administrator etc.)

Roles (e.g. System and Sample Roles) and Objects

Permissions and Permission Privileges Group Management

Security Monitoring

4. Security and Audit Tools & Techniques

Note: This session will include discussion of other VM Technologies in the Concepts session,

including Microsoft Hyper-V and Linux KVM

Prerequisite: None



20

TRACK I-2 CLOUD MANAGEMENT AND SECURITY

(JOHN TANNAHILL, TUESDAY-WEDNESDAY) 15 CPEs


This two-day session will focus on the audit and security issues related to managing and securing

Cloud Computing environments.

Key Learning Objectives

Understand Cloud architectures and security & control components

Understand Cloud Service Models

Understand key risk and control issues with the different Cloud deployment models

Technical Concepts

Cloud Risk Assessment, and Governance and Operation Controls

Case Study: Development of Audit Objectives and Audit Program Steps using CSA Cloud

Controls Matrix

Topics covered include:

1. Cloud Computing Concepts

Overview of Cloud architectures

NIST Cloud Definitions

2. Cloud Service Models

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Other Service Models such as Security as a Service.

3. Cloud Deployment Models

Public Cloud

Community Cloud

Private Cloud

Hybrid Cloud

Example Deployments

4. Security and Control Issues

Key Risk, Governance and Security Issues

Control Requirements with focus on CSA’s Cloud Controls Matrix and key mappings

NIST; ENISA; Cloud Security Alliance Security and Audit Resources

5. Audit Tools & Techniques

Use of SOC Reports

Example Audit Programs

Prerequisite: None



21

TRACK J-1 IS YOUR DATA REALLY SECURE?...13 WAYS

TO AVOID CYBER DATA LEAKS (KEN CUTLER, MONDAY)

7 CPEs


Information is the most valuable asset, the lifeblood, of any organization - private industry,

government, non-profit. Data leakage through a myriad of Cyber-related conduits has become

the number one security issue, regardless of an organization's size, industry, or geographic

location. Valuable data is leaking out in every direction, often totally undetected, until it’s too

late, by the victimized organizations. Some Cyber leaks are accidental, others are overt and

targeted.

Key CyberSecurity risk assessment questions include:

What is your data worth to someone else?

What are the legal implications if the security of proprietary or personal data is

compromised?

We will heighten your awareness by pinpointing "A Dirty Baker’s Dozen”: 13 common

CyberSecurity Leakage Exposures and How to Avoid Them. CyberSecurity data leakage risk

areas covered range from paper documents to web-enabled applications. In this workshop, we

will discuss:

Identifying and categorizing common avenues of Cyberdata leakage and associated risks

Reported examples of real Cyber attacks, leaks, and investigations

Top down CyberSecurity safeguards and IT Audit Practices to protect information

confidentiality and privacy

Sources of additional information and tools

Prerequisite: A basic management understanding of IT, Information Security, and Audit

terminology and concepts is assumed.

Level: Intermediate


22

TRACK J-2

CYBER AUDITS OF IDENTITY AND ACCESS CONTROL MANAGEMENT (KEN CUTLER, TUESDAY-WEDNESDAY)

15 CPEs


The road to reliable internal control and CyberSecurity compliance can be very treacherous, full

of potholes and rocks…and many forks to ponder. Compliance requirements come from all

directions, shapes, and sizes…not to mention heightened attention to the protection of payment

card data, personally identifiable information (PII), identity theft, and security breach disclosure

legislation. Logical access controls represent the single most significant security safeguard to

protect valuable data from unauthorized access…and the most common area of important audit

findings by internal and external auditors.

In this widely applicable workshop, we will provide a framework for consistent and effective

auditing of logical access controls. Case studies will be used to demonstrate real examples of

common access controls and data collection methods for operating systems, database servers,

and other software environments, emphasizing free and/or low‐cost audit software procedures.

Attendees will receive sample work programs and checklists that can be used to perform

effective logical access audits in any context.

In this seminar, we will discuss:

Assessing common risks and regulatory compliance requirements associated with

identity and access control management

Identifying the key building blocks of logical access controls: identification and

authentication, access

Authorization, privileged authority, system integrity, audit logs

Locating technical and administrative access controls in today’s complex IT application

environments: network, operating systems, database management systems, directory

services, single sign‐on

Dealing with software bugs, patch management, and change control issues that can

undermine effective access controls

Defining the audit work program: Tools and techniques for reviewing access controls in

prominent system software and application environments

Sources of industry best practice CyberSecurity and CyberAudit frameworks and

checklists

Prerequisites: Understanding of risk management processes and basic information security

concepts



23

TRACK K-1 AUDITORS ROLE IN IT GOVERNANCE

(MITCH LEVINE, MONDAY) 7 CPEs


This seminar is intended to provide attendees with the base level knowledge required to

perform IT Governance audits. This seminar is designed for IT, Integrated and Operation

Auditors along with compliance personnel at all levels.

Topics include:

Introduction to Governance, Risk and Compliance

Alternative approaches for the set-up of IT compliance functions

IT Governance Responsibilities

Introduction to the key areas of IT Governance

Understanding how IT Governance audits have evolved

Recommended Audit Scope for the key areas of IT Governance audits

Understanding the Core Components of IT Governance Organization

o Small organizational approaches

o Mid-Size organizational approaches o Multi-national & large organizations o Private versus public sectors

Evaluating the adequacy of the IT Governance organizational structure

Assessment of IT Governance core areas

o Risk Assessment processes

Enterprise

Application

Project

o Monitoring IT Controls

o Implementation of the Data Classification standard

o Data Retention and Records Management

o IT Policies, standards and procedures

o GBLA Assessments

o Entity Level Control Assessments

o IT Compliance with laws, regulations and contracts

Management reporting relating to IT Governance

How to audit compliance functions

Audit Report approaches for IT Governance Audits

Case Study

A case study will provide the understanding of how to assess the IT Governance structure, risk

management and compliance functions.

Prerequisite: A basic understanding of information security and IT controls.



24

TRACK K-2

AUDITING DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING

(MITCH LEVINE, TUESDAY-WEDNESDAY) 15 CPEs


This seminar provides the base level knowledge required to perform a Disaster Recovery and

Business Continuity audit.

I. Introduction

Overview of Business Continuity and Disaster Recovery Plans

Traditional types of audits covering Business Continuity and Disaster Recovery

II. Business Impact Analysis (BIA)

Understanding Recovery Point Objects (RPO) and Recovery Time Objectives (RTO) and

how they are used to validate backup and recovery strategies

Alternative methods for establishing the BIA

Approaches to auditing the BIA

III. Risk Assessment

Alternative methods for establishing the Risk Assessment

Approaches to auditing the Risk Assessment

IV. Backup Strategies

Alternative methods for data backups including backup, replication and clustering

Approaches to auditing the data backups

V Business Continuity/Disaster Recovery Plans

Understanding the different types of Business Continuity strategies

Purpose and administrative component of plans

Alternative methods used within the industry

Business level plan development and deployment including IT Plan components, such as

onsite disaster recovery, migration to the offsite DR site, operating at the DR Site and

return from DR site to the production site

VI. Disaster Recovery/Business Continuity Testing

Alternative methods and approaches to conducting DR / Business Continuity Tests

VII. Other types of Business Continuity Plans

Pandemic Plans

Case studies will provide an understanding of how to audit the Business Continuity strategy,

Offsite Disaster Recovery Testing and evaluating backup strategies to ensure they meet RPOs &

RTOs and the project initiatives used to create the RPOs and RTOs.

Prerequisite: None



25

TRACK L-1 SAFEGUARDING CRITICAL ASSETS

(SAJAY RAI, MONDAY) 7 CPEs


This one day session will introduce the challenges faced by most organizations in safeguarding

the critical assets. The session will provide ways an organization can approach the protection of

critical assets.

Before lunch, we will introduce the concepts of Outside In and Inside Out. We will also lay the

foundations on how the organizations are managing the safeguarding of their critical assets. We

will identify an approach which will discuss topics like Data Classification and Data Loss

Prevention (DLP). A 3-12 month action plan will be discussed which can be adopted by an

organization to safeguard critical assets.

Then we will focus on the action items an organization must take in the first three months and

will walk the audience through each of the steps with practical examples. Some of the topics

will include:

Data Classification Policy and examples

Process of classifying data (and examples on how to classify data)

Process of labeling classified data (Example of SharePoint for Microsoft classified

documents)

Discussion of role of a data owner

Example of a classification tool

Then we will focus on protecting the data which has been classified. The session will discuss the

examples of how a DLP solution can assist in protecting and monitoring the classified data.

After lunch, the focus will shift towards emerging technology risks and discuss the role an

auditor can play within their organization. Some of the topics will be:

Managing Social Media risks

Managing Smart Device and BYOD risks

Managing Third Party Service Provider risks

Prerequisite: None



26

TRACK L-2 INTRODUCTION TO INFORMATION SECURITY FOR IT AUDITORS

(SAJAY RAI, TUESDAY-WEDNESDAY) 15 CPEs


This two day session will provide an introduction to information security concepts and is geared

for IT auditors who are new to their role or experienced auditors who are joining the IT audit

group.

Topics to be covered include:

Cyber Security Fundamentals

Risk Management

Network Security tools and technologies

Intrusion Detection and Prevention

Virtualized, Shared and Distributed Computing

Application Security and Penetration Testing

Cyber Incident Response Management

Cloud Security

This session will provide practical take-aways for each of the topics and will discuss experiences

of the speaker in terms of what works and what does not.

Prerequisite: None



27

ABOUT THE INSTRUCTORS….

Kathleen M. Crawford is a Senior Consultant for MISTI and President of Crawford Consulting &

Communications LLC. Previously, she was an Internal Auditor for Vinfen Corporation, where she

assisted management in the standardization of operations, developing policies and procedures and

improving processes. A member of the IIA, she is a past President of the Greater Boston Chapter of

the IIA and a member of the ACFE.

Ken Cutler, CISSP, CISM, CISA is a Senior Teaching Fellow with CPEi, specializing in Technical

Audits of IT Security and related IT controls. He is the President and Principal Consultant for Ken

Cutler & Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array

of Information Security and IT Audit management and technical professional services. He is also the

Director – Q/ISP (Qualified Information Security Professional) programs for Security University.

An internationally recognized consultant and trainer in the Information Security and IT audit fields, he

is certified and has conducted courses for: Certified Information Systems Security Professional

(CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor

(CISA) and CompTIA Security+. In cooperation with Security University, he recently was featured in

two full length training videos on CISSP and Security+.

Ken was formerly Vice‐President of Information Security for MIS Training Institute (MISTI), Chief

Information Officer of Moore McCormack Resources, a Fortune 500 company. He also directed

company‐wide IS programs for American Express Travel Related Services, Martin Marietta Data

Systems, and Midlantic Banks, Inc.

Ken has been a long‐time active participant in international government and industry security

standards initiatives, including: The President’s Commission on Critical Infrastructure Protection,

Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation

Criteria (ITSEC), US Federal Criteria, and Department of Defense (DOD) Information Assurance

Certification Initiative.

He is a prolific author on information security topics. His publications include: Commercial

International Security Requirements (CISR), a commercial alternative to military security standards

for system security design criteria, NIST SP 800‐41, “Guidelines on Firewalls and Firewall Policy”, of

which he was co‐author, and various works on security architecture, disaster recovery planning,

wireless security, vulnerability testing, firewalls, single sign‐on, and the Payment Card Industry Data

Security Standard (PCI DSS).

He has been frequently quoted in popular trade publications, including Computerworld, Information

Security Magazine, Infoworld, Information Week, CIO Bulletin, and Healthcare Information Security

Newsletter, and has been interviewed in radio programs My Technology Lawyer and Talk America.

Ken received his Bachelor of Science degree in Business Administration and Computer Science

degree from SUNY Empire State College.

Greg Duckert, CPA, CIA, CISA, CMA is the Founder of Virtual Governance Institute. He has held

audit director positions in the manufacturing, construction and healthcare industries, assuming

responsibilities for financial, operational and information systems auditing functions. His expertise

includes risk assessment, data-centric ERM and continuous auditing.

28


Keith Levick, Ph.D, CEO The CEO of Goren and Associates, Dr. Levick has over 25 years of experience

in training, professional coaching, and consulting. As a psychologist, he has spent many of his clinical

years in private practice. In 1987, he began to transfer his clinical expertise into the field of business

management.

For the past 20 years Dr. Levick has coached managers and executives in a variety of industries in the

area of personal and professional productivity, change management and interpersonal skills. He has

coached many executives in their transition from the world of management into the world of leadership.

He has developed many award winning leadership training programs and workshops that are being used

by Fortune 500 organizations nationwide. Some of his clients include Chrysler, GM, Daimler, Monroe

Bank & Trust, MGM Detroit Grand Casino, X-Ray Industries, and many other Fortune 500 companies.

As an executive coach, Dr. Levick is a firm believer in the value of coaching. “With high impact effective

coaching, people are able to remove some of the blinders to see what is possible. Coaching can help

executives and leaders to discover their core habits that are working and those that are not; only then

can they reach their highest potential.”

Dr. Levick has written and lectured extensively in the area of the psychology of leadership. As a

professional and key-note speaker, he lectures on a variety of business and health-related issues around

the country. Dr. Levick was a regular guest for 15 years on a local ABC-TV talk show, Kelly & Company.

Currently, he serves as a local expert for a NBC and an ABC affiliate television station in the Detroit area.

Dr. Levick served on the Executive Board for the American Heart Association where he collaborated in the

development of several health-related programs and continues to be a consultant. Dr. Levick is the

founder of the Center for Childhood Weight Management, a unique pediatric obesity program. He is an

Adjunct Professor at Lawrence Technological University and South University. Dr. Levick is also the

author of two books and numerous professional articles; and is the Associate Publisher of a national

magazine Customer Care News.

He received his Bachelor of Science (1973), Master of Social Work (1976), and Doctorate in Counseling

(1992) from Wayne State University.

Mitchell Levine is the founder of Audit Serve, Inc. which is an IT Audit & Systems consulting company.

For the last 25 years at Audit Serve, Mr. Levine has split his time between traditional IT & Integrated

Audit consulting projects, Restructuring IT Departments, PCI Implementations, and performing pre- and

post-implementation reviews of system migrations. Mr. Levine spends 220+ days per year consulting

which is the basis for the material which is included in the seminars.

Over the past seven years Mr. Levine has presented over 75 seminars to nineteen different ISACA & IIA

chapters. Mr. Levine also was the primary writer and editor of Audit Vision which is published bi-monthly

and has a subscription base of over 3,500 audit & security professionals.

Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his

duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus

and the corporate financial systems.

29


Don Levonius, M.A. is a Principal Consultant, Victory Performance Consulting LLC. As a consultant,

trainer, and national public speaker, Don Levonius draws on over 17 years of progressive leadership

experience, including 13 years with The Disney Company and 4 years with the Institute of Internal

Auditors. He taught organizational communication for the University of Central Florida, is a leadership

development instructor with Valencia State College, and holds master’s degrees in human resource

development and business & organizational security management. Don is also an author for the

Association of Talent Development.

After years of leading security and investigations for major retail chains and Disney theme parks, Don

was asked to help create and lead Disney Security Training Institute in an effort to help combat the

emerging threat of terrorism following the horrific attacks in 2001. Under his leadership, Disney security

training was transformed to become an international benchmark for private and public sector security

organizations.

Don was later promoted to lead operations and guest service training for 23 Walt Disney World Resort

hotels (25,000 guest rooms), 200 retail and dining locations, and Disney Transport (monorails,

watercraft, and buses). He subsequently became a senior leader of Disney University, the company’s

corporate university.

In 2009, Don left Disney, founded Victory Performance Consulting (VPC), and began providing learning

solutions for a number of organizations including General Electric, NBC Universal, the Florida Attorney

General’s Office and The Institute of Internal Auditors (IIA). The IIA subsequently hired Don full-time to

manage and direct development of its curriculum and learning strategies and delivery of over 200

leadership development seminars annually.

Today Don leads the VPC team in serving a growing list of clients, including: ASIS International,

Association of Certified Fraud Examiners, CoreNet Global, Florida Attorney General’s Office, Florida

Crime Prevention Association, Just$ave Foods, Land O’Lakes, Inc., Lowes Foods, Society for Human

Resource Management, Institute of Internal Auditors, YRC Worldwide, and others.

Dr. Hernan Murdock, CIA, CRMA is a Senior Consultant with MISTI. Prior to MISTI, he was the

Director of Training at Control Solutions International and a Senior Project Manager leading audit and

consulting projects for clients in the manufacturing, transportation, high-tech education, insurance and

power generation industries. He authored the books 10 Key Techniques to Improve Team Productivity

and Using Surveys in Internal Auditing, and articles on whistleblowing programs, international auditing,

mentoring programs, fraud, deception, corporate social responsibility and behavioral profiling.

Sajay Rai CPA, CISSP, CISM has more than 30 years of experience in information technology,

specializing in information technology processes, IT architecture, security, business continuity, disaster

recovery, privacy, IT audit and information risk. Mr. Rai is the Founder and CEO of Securely Yours LLC.

Securely Yours LLC is focused on delivering innovative solutions through delivery channels like Software-

as-a-Service, Managed Services and traditional IT consulting. Mr. Rai’s clients are in the financial,

manufacturing, retail, healthcare, federal and state agencies and utility industry.

Prior to starting Securely Yours LLC, Mr. Rai was a Partner with Ernst & Young LLP for 10 years and was

responsible for the information advisory practice in the Detroit Metro area. He also served as the

national leader of EY’s Information Security and Business Continuity practices. Mr. Rai’s clients included

General Motors, Blue Cross Blue Shield of Michigan, Yazaki North America, Tecumseh and Federal Mogul.

He also served as a member of his firm’s Partners Advisory Council.

30


Sajay Rai continued

Mr. Rai also worked with IBM for 13 years, most recently serving as an executive of the national

Business Continuity and Contingency consulting practice. He was instrumental in starting the company’s

Information Security consulting practice and managing its information technology consulting practice in

Latin America.

Mr. Rai co-authored a recently published book, “Defending the Digital Frontier – A Security Agenda”,

which guides business and IT executives on how to develop an effective and efficient information

security program within their enterprise. He also co-authored Institute of Internal Auditors’ publications

of “Sawyer’s Internal Audit Handbook 6th Edition” and the publication of IIA’s Global Technology Audit

Guide (GTAG) No. 9 on the topic of Identity and Access Management.

Mr. Rai is a member of IIA’s Professional Issues Committee (PIC). He also serves on the board of ISACA

Detroit Chapter, IIA’s Detroit Chapter, Society of Information Management (SIM) Detroit Chapter and as

a member of Walsh College’s Accounting Advisory and Technology Committees. Mr. Rai is a regular

speaker at industry conferences on information security, business continuity, disaster recovery,

technology strategy and is frequently quoted in magazines and newspapers. He has also served as

expert witness in litigation cases in the area of information technology and information security.

He holds a Master’s degree in Information Management from Washington University of St. Louis, and a

Bachelors degree in Computer Science from Fontbonne College of St. Louis.

James Roth, PhD, CIA, CCSA, CRMA is president of AuditTrends, LLC, a training firm devoted to

identifying and communicating the best of current internal audit practice. Dr. Roth has three decades of

progressive internal audit and teaching experience. His publications include nine AuditTrends seminars

and sixteen major works for the IIA International, including:

Vision University (the IIA’s executive training program for CAEs)

Best Practices: Value-Added Approaches of Four Innovative Internal Auditing Departments

Adding Value: Seven Roads to Success

Best Practices: Evaluating the Corporate Culture

In 2008 the IIA gave Dr. Roth the Bradford Cadmus Memorial Award, which was “established…to honor

individuals making the greatest contribution to the advancement of the internal audit profession.”

Energetic and motivating, Jim is one of the highest rated speakers on internal auditing.

Mary G. Siero, CISSP, CISM, CRISC is an executive level Information Technology Consultant with

experience in several industries in both IT and business departments. Her diverse background has

provided her with a unique perspective about IT's role and the value it can bring to the businesses it

supports. Ms. Siero has over 30 years' experience in engineering and technology from industries such as

Gaming and Hospitality, Healthcare, Consumer Products, Manufacturing and Education. Over her career,

Ms. Siero has developed and managed IT security, risk, compliance and operational environments for

multiple organizations. She was honored as the CISO of the Year and has provided testimony for the

State of Nevada Information Technology Board regarding The Current and Future Cyber Threat. She is a

frequent speaker at national conferences on the topics of IT security and risk management and is the

author of several journal articles and "Safeguarding Your Organization's Data: A Call to Action"

published in 2013.

31


John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing in information

security and audit services. His current focus is on information security management and control in

large information systems environments and networks. His specific areas of technical expertise

include UNIX and Windows operating system security, network security, and Oracle and Microsoft

SQL Server security. John is a frequent speaker in Canada, Europe and the US on the subject of

information security and audit.

John is a member of the Toronto ISACA Chapter and has spoken at many ISACA Conferences and

Chapter Events including ISACA Training Weeks; North America CACS; EuroCACS; Asia-Pacific CACS;

International and Network and Information Security Conferences. He is the 2008 Recipient of the

ISACA John Kuyer Best Speaker/Best Conference Contributor Award.

Paul E. Zikmund serves as Deputy Chief Compliance Officer, Bunge in White Plains, NY where he

manages programs and controls designed to promote an organizational culture committed to

integrity, ethical conduct, and compliance with the law. He manages and conducts investigations of

compliance matters, fraud and ethics violations. Paul assists with the development and

implementation of tools and techniques to mitigate enterprise fraud & compliance risk, manages the

company’s third party risk management program, and administers compliance training and

awareness programs.

Prior to joining Bunge, Paul worked as the Senior Director Forensic Audit at Tyco International in

Princeton, NJ and the Director Litigation Support Services at Amper, Politziner, & Mattia, LLP, in

Philadelphia, PA where he was responsible for developing, implementing, and administering fraud

risk management services to Tyco and to clients. He possesses nearly 28 years of experience in this

field and has effectively managed global compliance and forensic audit teams at various Fortune 500

companies.

Paul is a Certified Fraud Examiner, Certified Ethics and Compliance Management professional, and a

Master Analyst in Financial Forensics. He received a Bachelor of Science degree in the Administration

of Justice and a Certificate of Accountancy from The University of Pittsburgh. He continued his

education with a Masters of Business Administration at the University of Connecticut, a Masters of

Accountancy at Auburn University and a Masters of Business Ethics and Compliance at the New

England College of Finance. Paul has authored various articles relating to fraud detection,

prevention, and investigation. He speaks regularly at seminars and conferences on the topic of

ethics, compliance, and fraud risk management. He also teaches graduate level fraud and forensic

accounting, white collar crime, and auditing courses at Rider University in New Jersey, LaSalle

University in Pennsylvania, and Carlow University in Pennsylvania.

32

REGISTRATION INFORMATION Participation is limited so registration will be accepted on a first-come, first-served basis. Pricing

has been established to provide the maximum educational benefit for the lowest cost.

Therefore, we will not be offering discounts from the established prices for early registration,

membership affiliation or groups. Dress code for the training is business casual.

Morning refreshments will be provided from 7:30 – 8:30 AM, and general sessions will be from

8:30 AM – 4:30 PM each day. Lunch will be provided daily with vegetarian options.

Due to circumstances outside of our control, we may find it necessary to reschedule or cancel

sessions, or change instructors. We will give registrants advance notice of such changes, if

possible.

Payment and Cancellation Policy

Please note all times are stated in Eastern Standard Time (EST). All reservations must be made

online at www.isaca-det.org or https://chapters.theiia.org/detroit. Telephone, fax, and mail-in

registrations will not be accepted.

All payments must be received by midnight 3/22/16. Payments may be made at the time of

registration using Visa, MasterCard, Discover or American Express, or check payments may be

mailed to the address listed below.

Cancellations may be made online until midnight on Tuesday 3/22/16 without penalty. Any

cancellation received after Tuesday midnight 3/22/16, and before Monday midnight 3/28/16 will

be charged a non-refundable service fee based on the CPEs of the registered course being

cancelled. No refunds will be given for registrations that are cancelled after midnight 3/28/16.

CPEs

Non-Refundable

Service Fee

7 $25

15 $50

22 $75

Payments (payable to: IIA Detroit) should be mailed to the address below. Please do not remit

payment to the ISACA Detroit Chapter. Training or registration questions should be sent to

[email protected].

IIA - ISACA Spring Training

Geralyn Jarmoluk – Administrator

78850 McKay Rd

Romeo, MI 48065

Hotel Information

The Spring Training Committee has arranged for a discounted group rate of $119 per night at

the Hyatt Place Hotel at the Suburban Collection Showplace. Reservations may be made by

calling the Hyatt Place at 1-800-233-1234 and requesting Group code ‘G-IIA5’ or by logging

on to http://novi.place.hyatt.com. Once arrival and departure dates have been entered, click on

‘special rates’ and enter the Group Code ‘G-IIA5’ in the Group Code Box. Make sure to make

your reservation by 3/4/2016 to receive the discounted rate.

http://www.isaca-det.org/

https://chapters.theiia.org/detroit

mailto:[email protected]

http://novi.place.hyatt.com/

33

TRACK INFORMATION

Track Session Dates Fee

A-1 Coaching for Enhanced Performance

(7 CPEs) 4/4 $275

A-2 Driving Change Without Running Others Over

(7 CPEs) 4/5 $275

A-3 Leading with Integrity and Authenticity

(7 CPEs) 4/6 $275

B-1 Enterprise Risk Management

(7 CPEs) 4/4 $275

B-2 Lessons from Real Fraud Examinations: Case Studies

(7 CPEs) 4/5 $275

B-3 Internal Audit’s Role in Fraud Risk Management

(7 CPEs) 4/6 $275

C-1 Emotional Intelligence: The Heart of Leadership

(7 CPEs) 4/4 $275

C-2 Managers to Leaders

(7 CPEs) 4/5 $275

C-3 Conflict Management

(7 CPEs) 4/6 $275

D-1 Best Practices in Internal Auditing

(7 CPEs) 4/4 $275

D-2 Assessing the Risk / Control Culture: Challenges and Proven Techniques

(15 CPEs) 4/5 – 4/6 $550

E Advanced Auditing for In-Charge Auditors

(22 CPEs) 4/4 – 4/6 $825

F Using Risk Assessment to Build Individual Audit Programs

(22 CPEs) 4/4 – 4/6 $825

G Internal Audit University

(22 CPEs) 4/4 – 4/6 $825

H Introduction to Incident Response

(22 CPEs) 4/4 – 4/6 $825

I-1 Virtualization Security & Audit

(7 CPEs) 4/4 $275

I-2 Cloud Management and Security

(15 CPEs) 4/5 – 4/6 $550

J-1 Is Your Data Really Secure?...13 Ways to Avoid Cyber Data Leaks

(7 CPEs) 4/4 $275

J-2 Cyber Audits of Identity and Access Control Management

(15 CPEs) 4/5 – 4/6 $550

K-1 Auditors Role in IT Governance

(7 CPEs) 4/4 $275

K-2 Auditing Disaster Recovery & Business Continuity Planning

(15 CPEs) 4/5 – 4/6 $550

L-1 Safeguarding Critical Assets

(7 CPEs) 4/4 $275

L-2 Introduction to Information Security for IT Auditors

(15 CPEs) 4/5 – 4/6 $550

34

Spring Training Location

Suburban Collection Showplace 46100 Grand River Ave

Novi, MI 48374

From the West

Take I-96 East to Beck Road (exit #160), turn right and head south on Beck Road for 0.4 miles.

Turn left onto Grand River Avenue and head east for .5 miles. Turn left into Suburban

Collection Showplace. Park in the lot on the right as you enter the complex.

From the East

Take I-96 West to Novi Road (exit #162), turn left and head south on Novi Road. Follow Novi

Road 0.4 miles to Grand River. Turn right and head west on Grand River 1.25 miles. Turn right

into Suburban Collection Showplace. Park in the lot on the right as you enter the complex.

17th annual iia and isaca spring training - … annual iia and isaca spring training ... the ancient...

Documents