Transition from SAS-70 to the New SSAE-16

Technology is omnipresent. Technology is helping businesses work faster, smarter and become more innovative. But the same technology is introducing more security risks. Organizations are deploying security technologies to mitigate the security risks and implement continuous monitoring of these risks. Audit departments within organizations are planning to conduct more technology audits than ever before. They are looking to automate their audits. They are looking for newer, smarter audit tools. But before we go any further to identify any new tools, let’s look at the same continuous monitoring tools already deployed within the organizations, which could help the auditors as well.
The session will discuss the following areas:
•Asset Inventory
•Security Information Event Management
•Identity and Access Management
•Network Security
•Mobile Device Management

The Foreign Corrupt Practices Act (FCPA) was enacted in 1977 making it illegal to make payments to foreign government officials for the purpose of obtaining or keeping business. The anti-bribery provisions of the FCPA require maintenance of accurate books and records as well as an adequate system of internal controls. Please join this webinar to gain an overview of the FCPA, discuss recent enforcement trends throughout the years, and understand how the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) considers a company’s existing compliance program when assessing penalties. The webinar will cover common methodologies and frameworks for identifying possible gaps in existing compliance programs, common pitfalls and considerations when assessing and remediating anti-bribery and anti-corruption compliance gaps, highlighting areas where internal audit practitioners can contribute to a company's anti-corruption monitoring efforts.

Business transformation in the 21 st century has organizations extending their value chain into
customer decision making, as they design and deliver “digital services” using advanced
information technology. Such transformations need organizations to run at a faster speed to
explore new value creating opportunities and still keep running their daily operations at regular
speed. So, organizations may need two different organizational structures and governance models
to manage both faster and regular speeds to isolate risks, including strategic (e.g. brand reputation),
compliance (e.g. data security and integrity), operational and technical risks that surface when
working with many unproven technologies, external partners, and evolving customer expectations.
This presentation will look at strategies to address these risks.

Dr. Raj Aggarwal is back to address an important topic on the alignment of internal audit and the board. As a board member, Dr. Aggarwal gets to see both sides, internal audit interaction with the board, and the board expectations of the internal audit function.
Dr. Aggarwal will expand on the recent article of Board Matters in IIA’s Internal Auditor magazine and share his experiences related to the exchanges of the board and the internal audit.
This webinar is designed not only for the CAEs but all members of the internal audit function and the Board of Directors for both private and public companies.

12.00 Noon (eastern) to 1.00 pm (eastern)
One CPE Credit
Presenter: Taras Shalay
In this webinar, Taras will introduce the different coverages available under the cyber insurance and de-mystify the various coverages and terms. In addition, Taras will discuss how the cyber insurance can play a key role in managing the overall cyber risk within an organization.
By the end of this webinar, participants should be able to:
• Explain the various terms associated with cyber insurance
• Understand whether a given policy addresses their cyber risks
• Examine their own cyber risk policy
Bio: Taras Shalay
With 10 years of underwriting and brokerage experience in Professional Liability, Executive Lines and Cyber Liability, Taras has a unique specialization in the insurance industry.
Taras’ extensive Cyber Liability experience allows him to easily explain the complexities of a Cyber Liability policy, as well as the various different coverage’s available to his clients that may or may not fit their insurance needs. Taras’ main focus is to identify the key exposures for his clients and provide the best available solutions in this quick changing market environment.
Taras also has a decade of experience with Directors’ & Officers Liability, Employment Practices Liability, Fiduciary Liability, Crime, and Errors and Omissions.
Taras Shalay is a 2006 graduate of Western Michigan University with a Master’s degree in Economics, where he was also awarded with graduate student of the year in his department.

In this webinar, former Disney loss prevention and investigations leader Don Levonius shares what he learned about using internal controls to prevent fraud, mitigate risk, and protect the magic at the happiest place on earth. Disney, an extremely complex control environment, not only uses internal controls to achieve impressive operational and financial results, “The Mouse” also uses controls to protect intangible assets, promote ethical behavior, ensure business continuity, and mitigate the impact of tragedies.
By the end of this webinar, participants should be able to:
•Discuss how one of the most trusted brands in the world manages reputation risk
•Describe why monitoring an ineffective control is like weighing yourself on a broken scale
•Examine the relationship between unethical employee behavior and the failure of weak controls
•Explain what business continuity looks like when catastrophic risk becomes reality
The views expressed in this webinar are the recollections and opinions of the presenter and are offered in accordance with fair use doctrine. His stories are compiled from “common knowledge” and published media reports, which may or may not be factually accurate. They are presented as hypothetical situations and are included for illustrative teaching purposes only. The presenter is not responsible for errors or omissions. This webinar is not sanctioned, authorized, or endorsed by the Walt Disney Company or its affiliates.

The use of Information Technology in business has become so ubiquitous that just about every audit has an IT component. Operational and business process auditors must embrace technological advances rather than resist them in order to perform audits in an effective and efficient manner. This webinar will provide all auditors with a foundational understanding of application controls and data reliability.

When we first had Pete and Bill present on the topic of Forensics, we had feedback from our members that we should bring them back and focus on specific modern technologies. Well, we heard and brought them back. Bill and Pete are going to provide an overview of some of the latest and up and coming technologies being employed by investigators. This seminar will cover topics including: cell phone data recovery and analysis, social media geo-fencing, and artificial intelligence engines that analyze non-structured data (photos, video, etc...). We will also discuss how data locations are shifting towards cloud based applications and how investigators are finding and making use of this information.

Enforcement of the EU General Data Protection Regulation (GDPR) will begin on May 25, 2018. It effects and applies to all companies processing and holding the personal data of individuals residing in the European Union, regardless of the company’s location. The law was passed in 2016 and we are presently in a “transition period” which, by some accounts, has been ignored or unrecognized by many organizations. If your organization handles personal data for residents of the EU now is the time to prepare.

During this webinar you will learn about the regulation’s requirements and penalties. Further, the information offered will help you update or create appropriate audit/risk assessments to determine your organization’s readiness.

One of the most critical and complex issues companies face today is providing the right leadership and level of attention to growing risks related to cyber security. While Internal Audit plays a critical role in this area, challenges in planning, execution and communication can detract from providing what the board needs. In this webinar Taylor will take you into the board room to better understand the critical role played on both sides – the Board committees such as Audit and Risk, and Internal Audit. You will walk away with new insights to help your team be more successful.

Risk Culture in an organization is dependent on the ‘tone at the top’. Management plays a pivotal role in molding the risk culture. Risk management is a part of the IT Governance framework in the organization. No business can function without taking into consideration the internal and external risk factors; in fact risk can be adverse, risk can be positive when it turns opportunity into profit.
As a part of internal audit function, an auditor will see enterprise risk corresponding to the business objectives, mission and long term and short term policies of the organization. But it is observed that the greatest impediment in the compliance to risk standards set by management is the absence of a risk centric culture which has to be woven into the fabric of the organization right from the induction stage when a new employee enters the organization, to defining his roles and responsibilities to including risk compliance into the KPI and building an awareness and training culture where risk is always on agenda to be discussed.
In this presentation, I wish to bring the experiences of our audience under a single platform and discussing certain modes of assessing and building a risk conscious culture whether we belong to industry or we are on the assurance side. We shall emphasize culture as a vehicle to ride our risk initiatives and bring in effectiveness and compliance.

The use of web enabled devices has profoundly changed the world we live in. The average American now spends upwards of 10 hours per day in front of some form of electronic medium. More and more, the smart phone is becoming the device of choice to communicate, get news/information, and share social information on a real time basis. This is how people navigate through today's world and has had a significant behavioral impact as a result.

Internal Auditors can benefit greatly from understanding how to best integrate this new wealth of information in their audits and investigations. The future of both audits and investigations will need to rely more on technology but cannot neglect the impact and role of the “human element”. Points of particular interest include:
•social media searches to identify where someone has been and plans to be,
•location enabled services identifying where someone's phone (and presumably they) have been,
•devices and apps measuring and sharing individual’s mobility and activity,
•the trend towards this data going directly to the public cloud, and
•the emergence of the "internet of things".

You may have heard the terms Deep and Dark web, but do you understand what they mean? There is a lot of confusion over these terms, this webinar will help give you a good understanding of the different layers of the world wide web.

Richard Cozart, Technology administrator for IIA Detroit Chapter and Senior Security Architect at Securely Yours LLC will explain the secrets of deep dark web. He will clarify the terminology and will provide information on how to access it and what is generally available within the deep dark web.

Values-free leadership is an oxymoron, and leadership without authenticity is a misnomer. Integrity is the heart of leadership and authenticity is its soul. True leaders are not only ethical and transparent, they engage and influence others on a deeper, more personal level. By applying the ethical theories of notable moral philosophers and contemporary thought leaders, participants test proven ethical principles of authentic leadership.

Is that activity you’re seeing a malicious user? Is it someone who made a mistake? Is it coming from an account whose credentials were compromised? Is it command and control traffic? How confident are you? As security programs are maturing, attention is turning to threats emanating from inside the network. Doug Copley will discuss seven profiles of highly risky users, outline how your organization can reduce insider risk, and present a real-world case study of how a software organization protected themselves.

Do you want evidence that risk in your organization is not increasing?
Do you want to address audit committee concerns about how you monitor risk within your internal audit or risk department at an enterprise or group level?
Do you want to show that internal audit is integrating analytics to focus your audit efforts on emerging or high risk activities?
Then this webinar may contain information you will find useful. The webinar discusses how analytics have monitored GL transactions to help internal audit and risk functions:
•Ensure business behaviors are not changing
•Provide visibility to executives on the impact of GL policy changes
•Get ahead of whistle blower calls
•Distinguish significant versus insignificant GL activity

Randy will describe a few of the hundreds of cyberattacks he and his partners have helped clients respond to. He will describe the wider cyber-threat environment that generates such attacks. Randy will discuss the best-practice defenses businesses and other entities deploy to reduce the risk that they will be victims of cyberattacks and the tools “compromise-ready” organizations use to minimize the effects of attacks when they occur. Randy will also describe the steps business managers and internal auditors must take to respond to data security incidents.

It takes just one misstep, one careless quote in the news media or one misguided post on social media to damage the reputation of an entire company and its executives. The key to managing a crisis is to have a plan in place beforehand—and that includes the critical issue of communications, both internally and externally. At this webinar, our experts will talk about crisis communications and how to mitigate the damage when your organization’s worst nightmare comes true. We’ll show you how to craft key messages, how to choose the right spokesperson, how to respond to the media and take control of an interview. We’ll help you determine if and how you should respond to the media, and we’ll explore the critical top ten list for handling crisis communications within your organization. This webinar will not only provide valuable information to the internal auditors but also
•discuss how internal auditors can prepare the organizations and executives they work with to prepare for and respond to the media in a crisis,
•the importance of developing a crisis communications plan and key steps to take before and after a crisis hits. This should be information they can use to audit the readiness and effectiveness of their organizations crisis communications preparation.

Physical Security is often ignored but continues to be a key component of the overall information security strategy. This webinar will be centered on Physical Security Governance and the ability to take a holistic view of security components and apply them to the policies and procedures established within business units. This ensures that security exists to mitigate risk. Through the use of metrics we can then measure risk and once the information has been attained, then and only then can a proper security program be developed with security risk at its center point. The use of metrics will ensure also that there are checks and balances allowing an audit or assessment to succeed. Finally security governance will make sure that you have the proper people, processes, and technology in place to protect the business and take a risk-based approach to ensuring you have the proper level of protection.

Matt Neely is the Director of Strategic Initiatives at SecureState. His main focus is helping clients understand and address security risks to foster business innovation. Matt has over 15 years of experience working in the physical and cybersecurity industry focused on risk management, penetration testing, and incident response. He is also the author of the book Wireless Reconnaissance in Penetration Testing.

Pierre Bourgiex is the VP Business Development at SecureState. He has over 14 years of experience in security with a variety of companies such as, Tyco Integrated Security, ADT and Hysecurity. His primary focus is on creating, implementing and improving the mindset and strategy of an organization