ISACA Greater Washington, D.C. Chapter
Serving ISACA GWDC Members since 1974
Below are upcoming chapter conferences, seminars, review courses, and other events. Prior chapter events can also be viewed.
For information on our event policies, see https://isaca-gwdc.org/event-policies/.
The ISACA GWDC is proud to host our annual IT Audit Conference 2022 with a focus on DOD and Civilian environments on February 22nd. IT audit and assurance continue to transform with the ever-changing environment. In the Federal Government, auditors are especially challenged with the ever-increasing use of technology such as artificial intelligence, robotic process automation, machine learning, and evolving business practices yet sometimes slow to adopt compliance rules. How does the profession maintain assurance in this evolving and ever-changing environment? Come to our IT Audit Conference 2022 and find out tips and tricks from local experts.
Please register by February 20, 2022
Who Should Attend?
Technology enablement professionals, IT advisory or audit professionals, Business executives, Cybersecurity professionals, students or professionals interested in IT Audit.
Up to 4 hours of Continuing Professional Education (CPE) credit can be earned for this event. See the CPE Information section below for additional information.
Topics of the IT Audit Virtual Conference
Update from GAO on the new Cybersecurity Audit Methodology Manual
Presented by Jennifer Franks, United States Government Accountability Office (GAO)
GAO has designated information security as a government-wide high-risk area since 1997. The Federal Information Security Modernization Act of 2014 requires federal agencies to apply National Institute of Standards and Technology (NIST) security standards in implementing their information security programs. Currently, Federal Information Systems Control Audit Manual (FISCAM) serves as GAO's methodology for performing audits to determine the adequacy of information security for federal systems. Since FISCAM was last revised in 2009, NIST has issued new guidelines to reflect advances in cybersecurity in areas such as security risk management and cloud computing. Come learn how GAO will be updating FISCAM for financial audits, and the creation of a new cybersecurity audit methodology manual for our cybersecurity audits. This new cybersecurity methodology will provide relevant and current guidance to the audit community that reflects changes that have occurred in IT-related auditing requirements, standards, and guidance.
DoD Office of the Under Secretary of Defense (Comptroller) (OUSD) Financial Improvement and Audit Readiness (FIAR) IT Initiatives
Presented by James Davila, DoD OUSD(C) FIAR Office, Bradley Keith and Bobbi Markley
As the largest federal agency, the Department of Defense (DoD) represents slightly more than half the entire federal budget - $770 billion in FY 2022. As required by the CFO Act of 1990, the DoD underwent its first full Agency-wide financial statement audit in 2018. While that sounds simple enough, DoD audit equates to 26 individual stand-alone financial statement audits conducted by eight Independent Public Accountants, and one consolidated audit conducted by the DoD Office of Inspector General of the Defense Agencies and Field Activities. In addition, the Department’s Service Organizations represent 29 Statement on Standards for Attestation Engagements (SSAE) No. 18 Examinations that are separate from the financial statement audits.
For the third consecutive year, the DoD received a Disclaimer of Opinion, with just 30% of audits resulting in an Unmodified Opinion. Roughly half of the deficiencies noted by the auditors related to IT controls. In fact, the financial statement audits are identifying testing exceptions that should not be possible for systems with an Authority to Operate.
During the course of this discussion, we will provide a summary of the total number of IT NFRs identified by the DoD auditors, the exception conditions leading to the issuance of the IT NFRs, the NIST (and other) criteria being cited by the auditors, and how improved self-assessment procedures can assist the DoD prevent similar findings in the future.
Department of Defense (DoD) Financial Statement Audit Results for Fiscal Year 2021
Presented by Jennifer Hansome (DoD Office of Inspector General) and Brian Royer (DoD Office of Inspector General)
The DoD Financial Statement Audit effort is the largest ongoing financial statement audit in the world. The DoD OIG performs audit procedures and oversees independent public accounting firms performing audit procedures on several DoD Components and Agencies. Join us for a discussion of the role that information technology takes in the auditability of the Department of Defense’s Financial Statements. We will also walkthrough the results & key takeaways from the FY21 audits.
Auditing the Cloud
Presented by Sushila Nair, NTT DATA Services
The cloud has changed the way we govern and design security. The shared responsibility model poses challenges whilst when leveraged correctly also provides great benefits. This session will highlight the tools you should leverage to deliver and simplify cloud audits. It will also cover the CCAK which is the new ISACA cloud audit qualification developed in conjunction with the Cloud Security Alliance.
Meet the Presenters
Director, Government Accountability Office’s Information Technology and Cybersecurity
Jennifer R. Franks is an Director in GAO’s Information Technology and Cybersecurity team. She leads audit teams that perform agency-specific reviews in the areas of cybersecurity, and IT management and operations. Her work primarily focuses on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality, integrity, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. Ms. Franks has led reviews at the Internal Revenue Service, Department of Veterans Affairs, Office of Personnel Management, National Aeronautics and Space Administration, Nuclear Regulatory Commission, Centers for Disease Control and Prevention, and Department of Agriculture, among others. Further, at GAO, she is a certified adjunct faculty member and facilitates Diversity, Equity & Inclusion courses, such as—Navigating Unwritten Rules; The Power of the Unconscious Bias; Open-Minded & Mindfulness; Recognizing Ageism in the Workplace; and Workplace Civility. Ms. Franks received a B.S. in Computer Information Systems from Hampton University, and a M.S. in Information Security Policy and Management from Carnegie Mellon University.
OUSD(C) FIAR Office, Department of Defense
Mr. James Davila has over thirty years of accounting and finance experience in the DoD. He joined the OUSD(C) FIAR Office in Oct 2015 as a staff accountant after serving with DFAS for fifteen years. Mr. Davila currently oversees service provider relationships to ensure DoD maximizes the use of SSAE No. 18s, including 19 service providers (eight DoD and eleven non-DoD) including cloud providers, totaling 49 SSAE 18 SOC 1 reports. He also leads the IT audit engagement for more than 40 Other Defense Organizations supporting the DoD-wide consolidated audit, and oversees tracking and reporting on about 300 IT audit relevant systems in response to Congressional, GAO, DoD IG and DoD senior leader inquiries. He leads multiple Councils and working groups to address high priority enterprise-wide access control deficiencies and is the Office of the Under Secretary of Defense, Comptroller, lead for the Identity, Credential and Access Management (ICAM) initiative.
Mr. Davila has received numerous financial management recognition awards and is recognized as a leader in the DoD’s field of accounting. He is a member of the Washington Chapter of the American Society of Military Comptrollers and the Virginia Society of Certified Public Accountants.
Army Financial Statements Division, Department of Defense Office of Inspector General
Ms. Jennifer Hansome is a Project Manager in the Army Financial Statements Division in the OIG Financial Management and Reporting Directorate Indianapolis Field Office. Ms. Hansome has led and managed teams in completing oversight projects including the Army General Fund and Working Capital Fund financial statement audits, and multiple system and organization control (SOC1) engagements, with an area of emphasis on the Army’s information technology systems. Ms. Hansome also led and performed other audits including valuation of Army inventory, a review of the Army’s Logistics Modernization Program system architecture, and a congressionally requested project on DoD-wide Enterprise Resource Planning systems. Ms. Hansome holds a Certified Public Accounting license and Bachelors’ of Science Degree in Managerial Accounting from the University of Indianapolis.
Financial Management and Reporting Directorate, Department of Defense Office of Inspector General
Mr. Brian Royer is a Team Leader in the OIG Financial Management and Reporting Directorate in Alexandria, Virginia. Mr. Royer has led teams in completing oversight of Information Technology projects including Defense Civilian Pay System, Defense Information Systems Agency, and Other Tier 3/4 Agency IT Audits. Mr. Royer also led performance audits including auditing Complementary User Entity Controls (CUECs) listed in multiple system and organization control reports (SOC1). Mr. Royer is a Project Management Professional (PMP), and holds a Master’s in Business Administration and a Bachelors’ of Science Degree in Accounting from Indiana University of Pennsylvania.
Vice President of Security Services, Chief Digital Officer, NTT DATA Services
Sushila has over 25 years of experience in computing infrastructure, business and security, including a decade as a chief information security officer. She has worked in diverse areas across telecommunications and cybersecurity, from risk analysis to credit card fraud to serving as a legal expert witness. An experienced cybersecurity thought leader, she has published numerous articles in the computing press, and presented in global technical events. She plays an active role in supporting best practices and skills development within NTT DATA as well as across the cybersecurity community.
She has published numerous articles in the computing press on risk and security, and has spoken at Segurinfo, Microsoft TechED, TechMentor, The Windows Show, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines.
Bradley Keith CPA, CISA, CGEIT, CDFM, PMP
Mr. Keith is a Director with Guidehouse LLP. He has over 25 years of experience providing IT and business process control audit, audit readiness, and assessment experience for commercial and government clients. For the last 10 years, Mr. Keith has been assisting the Department of Defense with preparing for financial statement audits and SSAE No. 18 examination engagements. In these roles, he has contributed to the following:
- Assisted the GAO in updating the Federal Information System Controls Audit Manual (FISCAM).
- Assisted OUSD(C) in preparing the Financial Improvement and Audit Readiness (FIAR) Guidance, the succeeding DoD Internal Control Over Financial Reporting and DoD Financial Statement Audit Guides, and policy memos directing actions to advance financial statement audit and SSAE No. 18 success.
- Assisted OUSD(C) and DoD CIO develop a Financial Management Systems overlay for the Risk Management Framework systems assessment and authorization process.
-Assists OUSD(C) in evaluating IT Notifications of Findings and Recommendations (NFRs) and associated Corrective Action Plans.
- Assists in reviewing DoD, Federal Agency, and Commercial SSAE No. 18 reports for compliance with DoD requirements.
- Assists DoD Service Organizations prepare for and perform SSAE No. 18 Examinations.
- Assists OUSD(C) in the Financial Management System functional sponsor role for Identity, Credentialing, and Access Managements (ICAM) solutions.
He looks forward to sharing the results of some of these activities with this group and along with some ideas where system accreditation and internal controls testing efforts can be modified to improve audit results.
Managing Consultant, Guidehouse
Ms. Markley is a Managing Consultant with Guidehouse LLP. She has over 30 years’ experience providing solutions for public and private sector clients in the defense, financial, automotive, manufacturing, and utilities industries. She is former SAP ERP system integrator with deep knowledge of operational and technology controls and specialist skills in internal controls, risk and governance, information security/protection, program/project management, regulatory compliance and software quality assurance. She currently supports numerous initiatives under the Office of the Under Secretary of Defense, Comptroller, and leads the development of the second-generation Risk Management Framework (RMF) Financial Management (FM) Overlay.
Any presentations made available by the presenters will be emailed to the event participants.
Sponsor this Event:
If your organization is interested in being an event sponsor, visit the Chapter Sponsorship page and review the prospectus of sponsorship opportunities. The page also provides instructions on becoming an event or annual sponsor.
Cancellation and Refund Policy:
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
Earn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org
CPE Distribution and Evaluation Survey:
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit.
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at email@example.com.