The Minnesota ISACA chapter, in partnership with AuditServe and IP3, Inc., is pleased to offer two 2-day training programs, How to Perform an Integrated Audit and PCI Compliance, from April 6 - 9, 2009 at the Cambria Suites -Bloomington. Registration forms and further details are below.

When:

April 6 - 9, 2009

Apr. 6-7, 2009: How to Perform an Integrated Audit

Apr. 8-9, 2009: PCI Compliance

Time:

8:00am - 4:30am

Where:

Cambria Suites
2870 Metro Drive
Bloomington, MN 55425
Phone: 952-854-0300

Cost:

ISACA Members - $400 a session or $700 for both sessions
Non-Members - $500 a session or $900 for both sessions

Sign up for both sessions and save $100

MN ISACA now accepts VISA and MasterCard payments

How to Perform an Integrated Audit
April 6-7, 2009

15 CPEs

Most audit departments have embarked on the road of transforming their audits into Integrated Audits. However, most Integrated Audits are comprised of joining the Operations and IT Auditors into a single audit team with no change to the type of standalone audits that were performed in the past.

This seminar will provide a detailed framework of how to perform an Integrated Audit based on identifying the business process rules and mapping them to the key IT controls needed to support the business.

I. Introduction

The early years of integrated audits
Understand why organizations are not performing “real” integrated audits
Understanding the differences between application, operations and integrated audits
Components of Application Audits which are used in Integrated Audits

II. Understanding Business Process Rules

What is a Business Process?
What is Business Process Management?
What are Business Process Rules?
Process logic versus Decision logic
What is Workflow?

III. How to segment the business processes into Auditable entities

Definition of Audit Universe
Factors to determine Audit Priority
Risk factors which determine audit frequency
Traditional approaches for structuring audits
Examples of Auditable areas tied to processes
Auditable entity categories
Segmentation criteria for Integrated Audits
Identifying processes which apply to departments
Identifying shared processes with distributed business process rules

IV. Mapping Business Process rules to detective and preventive controls

Identifying job functions to interview
Conducting the business process walkthrough interview
Examples of mapping business process rules

V. Data Extracts

Designing extracts to understand the extent of exposure
Designing extracts to allow for the entire population to be reviewed and identifying exceptions in an automated manne
Evaluating data sources used to support the extracts

VI. Performing an audit of Data Interfaces

VII. Performing an effective Security Audit within the Integrated Audit

Security Request Handling
Access Recertification
Termination Handling & Job Transfers
Security Design/Access Review

VIII. Effective Planning techniques for Integrated Audits

IX. How to perform an effective “Integrated” Pre-Implementation Audit

X. Assessing Integrated Controls within a SAS 70 Review

XI. Implementing a Continuous Audit Monitoring Program for Integrated Audits

Continuous Risk Assessment
Factors which impacts the risk assessment
Design considerations
Frequency
Continuous Control Assessment
Structuring of Controls
Source of Controls
Control Selection and Testing Considerations
Test frequency

XII. Case Studies

Three case studies will presented during this seminar which will provide the attendee the understanding of how to identify business process rules, determine the controls to be tested, identify system design issues and design the data extracts required to support the audit.

Audience:

This seminar is designed for senior Financial, Operations & IT Auditors.

Prerequisites:

A basic understanding of general IT concepts.

About the Speaker:

Presented by Mitchell H. Levine, CISA.
Mitchell H. Levine is the founder of Audit Serve, Inc. which is an IT Audit & Systems consulting company. For the last 19 years at Audit Serve, Mr. Levine has split his time between traditional IT & Integrated Audit Consulting projects, PCI Implementations, SOX Implementation/Testing Projects and the implementation of defect tracking, compliance and software management systems. Over the past seven years Mr. Levine has presented over 25 seminars to nine different ISACA & IIA chapters. Mr. Levine also was the primary writer and editor of the Audit Vision Magazine which was published from 1991 – 1998. The magazine was transformed into the Audit Vision E-mail newsletter which is published monthly. Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus and the corporate financial systems.

PCI Compliance April 8-9, 2009 15 CPEs
As merchants, service providers and financial institutions, you must secure your cardholder data environment and sensitive authentication data, including network components, servers and applications credit card processing methods. The danger is that PCI can be manipulated so a company seems compliant without actually making their data stores more secure. This 2-day seminar addresses these issues.
*PCI Fundamentals* What is PCI DSS, why is it important, and what does it mean to me? PCI DSS 101 PCI DSS Updates, News, and Trends *PCI Break Down (Control Objectives and Associated Standards)* Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy	*Strategy* Strategy and Operations Business Justification / Return On Security Investment (ROSI) Assessment & Remediation PCI Program Management Case Study *Vendors, Tools, and Tips* Vendor Selection Tools and Techniques Additional Resources Wrap-Up and Q&A

Audience:

This seminar is targeted towards mid to senior level auditors and Information Technology personnel.

Prerequisites:

A basic understanding of concepts.

About the Speaker:

Mr. Timothy M. Virtue, CISSP, CISA, CCE, CFE, CIPP/G
Timothy M. Virtue, CISSP, CISA, CCE, CFE, CIPP/G is an accomplished information assurance and risk management professional. Mr. Virtue specializes in the strategic application of information risk management methodologies to operational business goals and objectives. Mr. Virtue has extensive experience with publicly traded global corporations, privately held businesses, government agencies, and non-profit organizations of all sizes. Mr. Virtue has authored and co-authored articles and books on a variety of information assurance related topics including his new book Payment Card Industry Data Security Standard Handbook – www.pcibook.com. He frequently speaks at industry events on various topics related data privacy, regulatory compliance, technology risk management, cyber crime and digital forensics.

Mr. Virtue is currently pursuing an Executive Master of Science in Information Systems from The George Washington University in Washington, D.C. Mr. Virtue holds a Graduate Certificate in Strategic Internet Management and a Bachelors of Science in Criminal Justice with a concentration in Security Management from Northeastern University in Boston, MA.

Chapter Contact:

Pete Stack
VP Education, Minnesota ISACA

Registration Instructions
Step 1:	Click Here to download the Registration Form
Step 2:	Complete the Registration Form
Step 3:	Submit by Email, or print and mail the completed form to our chapter office by Monday, March 30, 2009
	Fax Number:	651-290-2266
	Email Address:	lauriek@ewald.com
	Postal Address:	MN ISACA 1000 Westgate Dr, Ste 252 St. Paul, MN 55114
Step 4:	Wait for your registration confirmation. Registration confirmations will be done by phone or by Email within 48 hours.
Registration Questions:		Please contact Laurie Krueger at lauriek@ewald.com or by phone (651) 290-6283.
Cancellation Policy:		http://www.mnisaca.org/cancel.htm