2020 IT Audit in Civilian & DoD Environments Conference
February 12 @ 8:00 am - 4:30 pm ESTGWDC Member - $105, Other ISACA Member $135, Non-ISACA Member: $150
2020 IT Audit in Civilian & DoD Environments Conference | Overview
The ISACA GWDC is proud to host its 2020 IT Audit in Civilian & DoD Environments Conference on February 12th in Rosslyn, VA. IT audit and assurance continue to transform with the ever-changing environment. In the Federal Government, auditors are especially challenged with the ever-increasing use of technology such as artificial intelligence, robotic process automation, machine learning, and evolving business practices yet sometimes slow to adopt compliance rules. How does the profession maintain assurance in this evolving and ever-changing environment? Come to the Conference and find out tips and tricks from local experts.
The Conference features seasoned IT audit professionals from around the Washington DC area, sharing their knowledge on the latest leading practices, trends, and principles in IT audit and assurance. The Conference also features seven impactful topics relating to IT audit that may have an immediate impact on your everyday roles. Speakers will specifically cover IT audit areas relating to information security, risk management, and tools to optimize the value of IT audits.
Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn and Twitter for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.
2020 IT Audit in Civilian & DoD Environments Conference | Topics
1) Government Accountability Office’s (GAO) Assessing Data Reliability Framework, presented by Michele Fejfar and Kirsten Lauber
GAO’s recent guidance, Assessing Data Reliability (GAO-20-283G), outlines a process for determining whether data are sufficiently accurate and complete for the purposes of a specific audit. The guidance emphasizes making use of existing information, maximizing professional judgment, and involving the appropriate people, including management and stakeholders in key decisions. The GAO - Applied Research and Methods Team (Michele Fejfar and Kirsten Lauber) will give an overview of the process covered by the recently revised guidance to include consideration of whether and when to conduct an assessment, the extent of the assessment, possible steps to take, and the possible outcomes. The GAO - Applied Research and Methods Team will also cover additional considerations such as the kinds and levels of data covered, how data reliability is defined in an audit environment, how information system controls may be incorporated, and the timing and documentation of the assessment.
2) Securities and Exchange Commission’s (SEC) Information Technology Audit Program, presented by Kelli Brown-Barnes
The presentation will discuss the U.S. Securities and Exchange Commission’s Office of Inspector General’s efforts over the last five years establishing (as a smaller OIG) its Information Technology audit program. Specifically, Kelli Brown-Barnes plan to discuss some of the challenges SEC faced with staffing, contracting, interactions with the agency, etc. Further, Ms. Brown-Barnes will discuss lessons learned while working through the challenges the SEC faced while developing the program. Also, Ms. Brown-Barnes will highlight some key accomplishments made by the office, including how SEC planned and performed a multi-year portfolio of audits and evaluations related to IT programs and operations and IT security. Additionally, Ms. Brown-Barnes will discuss how our efforts with respect to our work has recognized that Information Security is an agency management and performance challenge area. Lastly, Ms. Brown-Barnes will close with a description of our vision for 2020 and beyond.
3) Cooperative Compliance, Enhancing Cybersecurity Foundational Minimums, presented by Nat Bongiovanni
Cybersecurity policies meant to protect sensitive information are often misunderstood, avoided, or circumvented by employees. Employees don’t like to be inconvenienced by the extra steps necessary for protection that, to them, seem unnecessary. This inconvenience can be compounded by a complex cybersecurity environment with multiple competing standards that look similar but have unique approaches, naming conventions, and acronyms. Nat Bongiovanni will discuss how to solve these challenges by creating cooperative compliance. Cooperative compliance starts by understanding the entire risk environment based on the NIST SP 800-171 Framework, a foundational minimum for confidentiality and integrity.
4) The Role of IT Auditors in an Integrated Financial Statement Audit, presented by Loren Schwartz and Steve Koons
IT auditors are an integral part of a financial statement audit and should be involved in all phases of the audit, including planning, carrying out, and reporting. The session will cover a financial statement audit using an integrated approach where IT auditors conducting the planning; testing; and, reporting phases, in coordination with their financial auditor's counterparts. The session will discuss the benefits of integrated financial statement audits, the role of IT auditors, and lessons learned to improve audit efficiency and effectiveness.
5) Taxonomy for IT Risk Management, presented by Soumya Chakraverty
We often hear IT auditors talk about ‘connecting the dots’ and ‘having a holistic picture’ of risk, but do not have a good idea of how to do so in a practical manner. Having a common risk language or taxonomy in place may not only help IT auditors to consistently define and identify risks, but also aggregate them across the organization. The presentation provides an insight into what a taxonomy is, its purpose, and value add for an IT audit. The presentation will also highlight leading practices for optimizing the development and use of a taxonomy, as well as some common pitfalls.
Who Should Attend?
- Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to IT audits in civilian and DoD environments.
- Anyone that is already or anyone interested in getting involved with IT Audits.
- 8:00 AM to 8:30 AM - Breakfast and Networking
- 8:30 AM to 12:15 PM - Morning Sessions
- 12:15 PM to 1:00 PM - Lunch and Networking
- 1:00 PM to 4:30 PM - Afternoon Sessions
2020 IT Audit in Civilian & DoD Environments Conference | Meet the Presenters
Assistant Director, GAO - Applied Research and Methods Team
Michele Fejfar joined GAO in 2000. She is an Assistant Director in the Social Science area in GAO’s Applied Research and Methods Team. She has helped lead several data reliability efforts within GAO, including the revision of the Assessing Data Reliability guidance issued in 2019. Michele serves as a data reliability contact both within and outside of GAO. In addition, she advises GAO teams on their research methods across numerous issue areas, particularly homeland security and justice.
Research Methodologist, GAO - Applied Research and Methods Team
Kirsten Lauber joined GAO in 2009, and serves as a Research Methodologist in GAO’s Applied Research and Methods team. She advises GAO research teams on a variety of quantitative and qualitative methods, particularly in the areas of education, workforce, retirement and tax research. Kirsten helped lead the revision of GAO’s recent guidance on Assessing Data Reliability guidance that was issued in 2019
Audit Manager, SEC - Office of Inspector General
Kelli Brown-Barnes is an Audit Manager in the U.S. Securities and Exchange Commission’s (SEC) Office of Inspector General’s (OIG)Office of Audits. Ms. Brown-Barnes primarily oversees the information technology related audits and evaluations conducted by the SEC OIG. Prior to joining the SEC OIG, Ms. Brown-Barnes served as an Automated Review Policy Specialist in the SEC’s Division of Trading and Markets for nine years conducting inspections of Self-Regulatory and Clearing Organizations. Ms. Brown-Barnes is a graduate of Bowie State University, where she received both her Bachelor’s degree in Business Administration and a Master's degree in Administrative Management.
Chief Technology Officer, NTT DATA Federal Services
Nat Bongiovanni is a US Navy veteran with over 35 years’ experience. Mr. Bongiovanni’s broad IT background allows him to view IT challenges through multiple lenses-- analyst, architect, manager, software developer and cybersecurity expert. He has spoken extensively on cybersecurity, software and policy development.. He recently spearheaded a team of cyber experts to develop a cybersecurity solution to protect network assets and data from internal vulnerabilities.
Partner, Cotton & Company
Prior to joining Cotton & Company, Steve served at the U.S. Government Accountability Office and the Office of Inspector General at the Board of Governors of the Federal Reserve System. He has worked on numerous complex audit and evaluation engagements, including those related to the Emergency Economic Stabilization Act of 2008 and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. He held key leadership positions on complex financial statement audits including the first-ever audits of the: Troubled Asset Relief Program (FY 2009), U.S. Navy’s Schedule of Budgetary Activity (FY 2015), U.S. Marine Corp’s full-scope financial statements (FY 2017), and Defense Health Program (DHP) focusing on the Air Force Medical Service/Air Force Surgeon General (FY 2018). In 2019, Steve assumed responsibility for Cotton & Company’s Department of Defense audit activities, including serving as engagement partner for the audit of the U.S. Transportation Command’s Transportation Working Capital Fund and continues to support the Marine Corps and DHP audits.
Partner, Cotton & Company
Loren has more than 20 years of diversified information system audit, financial and operational audit, privacy, and risk management consulting experience. Loren’s experience includes directing and participating in a wide range of system reviews, Federal Information Security Management Act (FISMA) audits, financial statement audits, process re-engineering improvement projects, and audits of internal management controls of automated information systems. He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations and his industry experience includes both commercial and governmental clients. He is a Certified Public Accountant (CPA), a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA), and is a Board Member at Ronald McDonald House Charities® of Greater Washington, DC.
Managing Consultant, RiskPro Solutions
Soumya is a senior risk and compliance professional and specializes in enterprise, operational and technology risk and controls. He has extensive experience in banking and financial services and specializes in the areas of SOX, regulatory compliance, technology controls, and risk automation. He provides strategic consulting to organizational leaders to help enhance risk maturity and improve compliance. A regular public speaker, he has also published articles on GRC implementation and operational risk.
Speaker #6 - TBD
Title - TBD
Bio - TBD
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
Cancellation: If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by February 10, 2020. A $15 cancellation fee is charged.
To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.
SPONSOR THIS EVENT
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in-person event
Kenneth joined ISACA in 2013 and presently serves as the GWDC Communications Director. Kenneth is a Principal Architect for Unisys Federal. He holds the CISM, CISA, PMP, CIPP/G, and AWS CCP.