This presentation will provide a brief discussion on auditing technical projects for success. Mr. Gilbride will share federal guidance (GAO) and practical experience in the use of Cost Estimating and Scheduling practices for IT modernization projects and programs
In this session, you will learn about the different types of cloud services and deployment models, understand the cloud shared responsibility model, recognize key risks and controls based on the cloud service type, how to evaluate a SOC report, and additional considerations from an audit perspective.
11:30 AM – 12:30 PM
The value of an IT auditor when integrating controls during a systems implementation or modernization effort.
Getting controls “right” during systems implementation or modernization efforts is commonly less expensive than designing them post-implementation. Integrators have a tendency to focus on functionality topics rather than controls – perhaps spending more time on users desired business process requirements and screen designs, for example, than on security issues. Increasing demands of new regulations for access and security controls provide an opportunity for organizations installing or upgrading ERP systems to design and implement good controls from the onset. This enables the controls to be better monitored and sustained throughout the life of the system. Not doing so has proved expensive: “Going live” before appropriate internal controls are in place negatively impacts business performance and creates unnecessary costs to retrofit controls into the new system. This situation may also cause the organization to report significant control deficiencies and/or material weaknesses. The end result could be adverse audit opinions on the adequacy of their internal controls and financial statements. A proper IT audit lens and methodology that focuses on key control areas helps reduce the risk of failed control environment associated with these systems efforts.
Stephen Gilbride Director IT Audits, the Library of Congress Office of the Inspector General CIA, CISA, CRISC, CGFM, CEH
Mr. Gilbride has been the Director of IT Audits for over 6 years at the Library of Congress Office of the Inspector General. Prior to that he has worked for Accenture Federal Services as a Senior Manager of Internal Audit, Information Technology. He has also worked for Kearney & Company in the DC area as a Senior Manager of Information Technology Audits for Federal clients.
Mr. Gilbride has a technology engineering background, having spent twenty years with Nortel Networks in various roles and living in multiple countries designing, delivering, and providing sales support for network hardware and software products.
Scott Riggenbach Assistant Director IT Audits, NASA Office Inspector General
Scott Riggenbach has been a member of the NASA Office Inspector General team for the last 17 years based at the Kennedy Space Center in Florida. Prior to that he started his career doing IT audits at Arthur Andersen in Atlanta, GA and a small startup auditing firm in the DC area. Mr. Riggenbach is an Assistant Director within NASA OIG’s Mission Support Directorate and is responsible for leading the majority of the IT audits for the organization. Scott graduated from Ohio University in Athens, Ohio and currently resides in Viera, FL with his wife and two children.
Chris Reeves IT Specialist, NASA Office Inspector General
Chris Reeves has worked for the NASA OIG since 2007. Prior to joining the NASA OIG team Chris spent 10 years serving as an IT specialist in the US Navy. While in the Navy he was responsible for shipboard communications, information systems administration, and cyber hygiene. He served at the Space and Naval Warfare Information Technology Center, the Defense Information Systems Agency, and the USS Crommelin, a guided missile frigate based in Pearl Harbor. Chris has led and been involved in a wide range of information technology audits while with the NASA OIG. He has a bachelors in Information Technology Management, lives in Galveston, TX and has two young daughters, Reagan and Avery.
Linda Hargrove IT Specialist, NASA Office Inspector General
With more than three decades of experience in the IT ecosystem, Linda Hargrove has managed, led, and supported complex IT projects for major aerospace programs. Her entire career has been working in data and computing systems at Kennedy Space Center, FL. Linda is proud to be working at NASA OIG —providing impactful IT oversight by strengthening cybersecurity. Over the years, her work has garnered various awards, including NASA’s coveted Space Flight Awareness Launch Honoree Award. Linda holds bachelor and master’s degrees, with honors, from Rollins College in Winter Park, Florida and has taught ‘Computer Systems Analysis & Design’ and ‘Communicating with Technology’ at the collegiate level.
Shar Qureshi Senior Manager, Digital Controls – Cloud Risk, Deloitte
Shar is a Senior Manager in Deloitte’s Risk and Financial Advisory Digital Controls – Cloud Risk offering. He has been working in financial services and the tech industry for over 19 years. For the past 6 years, he has been giving all his attention to controls advisory, assurance and security engagements focusing primarily on AWS.
He is a technologist and brings a unique combination of audit/assurance and deep technical understanding of cloud. He has provided guidance to many organizations cross-industry on matters related to governance, risk management, compliance and security as organizations navigate their digital transformation.
He is an invited speaker and has had the pleasure to present at AWS Re:Inforce, industry roundtables, conferences and workshops. He has facilitated numerous cloud audit related courses through many of Deloitte’s partnerships and alliances. He is responsible for leading the upskilling, cloud fluency, learning and development initiatives for Deloitte assurance specialists.
Twinkle Patel Advisory Manager, Deloitte
Twinkle Patel is a Manager within Deloitte’s Risk and Financial Advisory Digital Controls – Cloud Risk Offering with over 5 years of experience specializing in Technology Risk. For the past 3 years, she has been giving all her attention to performing cloud assessments and audits to help companies navigate the cloud environments securely and quickly, specifically for the Microsoft Azure (Azure) cloud platform.
Previously, Twinkle has worked on Assurance projects, supporting external financial statement audits, SOC1 engagements, and audits in the federal government that are aligned to NIST 800-53 and 800-37. Currently, she is working on internal audits and projects with a focus on IT security and cloud computing related technologies in the consumer and retail industry.
In addition to supporting financial audits, Twinkle has focused on leveraging her knowledge of IT controls and risk to help serve companies in an advisory capacity, specializing in risk and control assessments, pre and post implementation reviews. Twinkle is also currently serving as the project manager on an internal audit project for another publicly listed retail and healthcare company.
Geoffery (Geoff) Weber Principal, KPMG – Federal Practice
Geoff Weber is a Principal in KPMG’s Federal Practice. His experience spans more than 30 years leading information technology audits and advisory services in the Federal Industry. He currently leads teams assessing technology controls and risks for Federal Audit and Advisory clients. This includes topics such as IT controls, IT transformation, ERP/GRC system advisory services, technology integration, information security and privacy, and IT audit and assurance. Geoff began his career in 1991 as a member of the civil service at the Department of Defense and joined KPMG’s Federal Practice in 1998. He earned a BS in Accounting and an MBA from George Mason University and holds CISA and CISM certifications.
Virtual Meeting Information
This event will be presented through Zoom.
Prior to the event, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.
Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
The ISACA Greater Washington, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.
If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.
Cancellation and Refund Policy
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.
Earn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org
CPE Distribution and Evaluation Survey
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.
Learning Objective: After this conference, attendees will have a better understanding of current trends and practices in IT Audit.
Advance Preparation: None
Program Knowledge Level: Basic
Delivery Method: Group Internet Based
Field of Study: Information Technology – Technical