For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
2020 IT Audit in Civilian & DoD Environments Conference
February 12, 2020 @ 8:00 am - 4:30 pm ESTGWDC Member - $105, Other ISACA Member $135, Non-ISACA Member: $150
2020 IT Audit in Civilian & DoD Environments Conference | Overview
The ISACA GWDC is proud to host its 2020 IT Audit in Civilian & DoD Environments Conference on February 12th in Rosslyn, VA. IT audit and assurance continue to transform with the ever-changing environment. In the Federal Government, auditors are especially challenged with the ever-increasing use of technology such as artificial intelligence, robotic process automation, machine learning, and evolving business practices yet sometimes slow to adopt compliance rules. How does the profession maintain assurance in this evolving and ever-changing environment? Come to the Conference and find out tips and tricks from local experts.
The Conference features seasoned IT audit professionals from around the Washington DC area, sharing their knowledge on the latest leading practices, trends, and principles in IT audit and assurance. The Conference also features seven impactful topics relating to IT audit that may have an immediate impact on your everyday roles. Speakers will specifically cover IT audit areas relating to information security, risk management, and tools to optimize the value of IT audits.
Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn and Twitter for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.
2020 IT Audit in Civilian & DoD Environments Conference | Topics
1) Oversight of DoD Cybersecurity and Cyberspace Operations: A look at What That Means and Its Impact in Today’s Changing Threat Landscape
The DoD spends billions of dollars annually on information technology, cybersecurity, and cyberspace operations. Cybersecurity is essential to the DoD and all facets of today's society in terms of our ability to do almost anything—get money out of an ATM, drive a car, fly a plane, or command and control our military forces. The DoD Office of Inspector General (DoD OIG) plays a critical role in providing oversight to the DoD's increasing reliance on cyberspace to meet mission requirements. This body of work supports the Department, and those responsible for securing systems, networks, data, and weapon systems to decrease the risk of missions and operations being compromised by malicious actors. The DoD OIG is responsible for providing independent oversight of Government programs and operations to detect and deter fraud, waste, and abuse in agency programs and operations, and promote the economy, efficiency, and effectiveness of the agency. This presentation provides insight about the DoD OIG’s oversight of the DoD's cybersecurity posture, use of cyberspace operations, and the impact our oversight has on national security.
2) Government Accountability Office’s (GAO) Assessing Data Reliability Framework
GAO’s recent guidance, Assessing Data Reliability (GAO-20-283G), outlines a process for determining whether data are sufficiently accurate and complete for the purposes of a specific audit. The guidance emphasizes making use of existing information, maximizing professional judgment, and involving the appropriate people, including management and stakeholders in key decisions. The GAO - Applied Research and Methods Team (Michele Fejfar and Kirsten Lauber) will give an overview of the process covered by the recently revised guidance to include consideration of whether and when to conduct an assessment, the extent of the assessment, possible steps to take, and the possible outcomes. The GAO - Applied Research and Methods Team will also cover additional considerations such as the kinds and levels of data covered, how data reliability is defined in an audit environment, how information system controls may be incorporated, and the timing and documentation of the assessment.
3) Securities and Exchange Commission’s (SEC) Information Technology Audit Program
The presentation will discuss the U.S. Securities and Exchange Commission’s Office of Inspector General’s efforts over the last five years establishing (as a smaller OIG) its Information Technology audit program. Specifically, Kelli Brown-Barnes plan to discuss some of the challenges SEC faced with staffing, contracting, interactions with the agency, etc. Further, Ms. Brown-Barnes will discuss lessons learned while working through the challenges the SEC faced while developing the program. Also, Ms. Brown-Barnes will highlight some key accomplishments made by the office, including how SEC planned and performed a multi-year portfolio of audits and evaluations related to IT programs and operations and IT security. Additionally, Ms. Brown-Barnes will discuss how our efforts with respect to our work has recognized that Information Security is an agency management and performance challenge area. Lastly, Ms. Brown-Barnes will close with a description of our vision for 2020 and beyond.
4) Cooperative Compliance, Enhancing Cybersecurity Foundational Minimums
Cybersecurity policies meant to protect sensitive information are often misunderstood, avoided, or circumvented by employees. Employees don’t like to be inconvenienced by the extra steps necessary for protection that to them seem unnecessary. This can be compounded by a complex cybersecurity environment with multiple competing standards that seem similar but have unique approaches, naming conventions, and acronyms. Nat Bongiovanni will discuss how to solve these challenges by creating cooperative compliance. Cooperative compliance starts by understanding the entire risk environment based on the NIST SP 800-171 Framework, a foundational minimum for confidentiality and integrity.
5) The Role of IT Auditors in an Integrated Financial Statement Audit
IT auditors are an integral part of a financial statement audit and risk inefficiency and ineffectiveness when they are siloed from financial auditors. IT auditors should be involved in all phases of the audit including planning, internal control, testing, and reporting. The session will cover a financial statement audit using an integrated approach in which IT auditors are in lockstep with the financial auditors, addressing practical ways to cut-down barriers, set expectations with auditees, and the related benefits.
6) Taxonomy for IT Risk Management
We often hear IT auditors talk about ‘connecting the dots’ and ‘having a holistic picture’ of risk, but do not have a good idea of how to do so in a practical manner. Having a common risk language or taxonomy in place may not only help IT auditors to consistently define and identify risks, but also aggregate them across the organization. The presentation provides an insight into what a taxonomy is, its purpose, and value add for an IT audit. The presentation will also highlight leading practices for optimizing the development and use of a taxonomy, as well as some common pitfalls.
7) How FINRA Internal Audit is using Tableau to Audit
This presentation illustrates how the Audit Team is using Data Analytics in Planning, Fieldwork, and Consulting projects. The visualization brings the auditors closer to the data and give them control over the analytics that they use in their projects. Also part of this presentation, we will discuss the approach and development of the visualizations; using live demos, we will show you how the audit team uses the complex Visualizations to understand the business, pick samples, and draw conclusions on the business processes.
Who Should Attend?
- Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to IT audits in civilian and DoD environments.
- Anyone that is already or anyone interested in getting involved with IT Audits.
2020 IT Audit in Civilian & DoD Environments Conference | Meet the Presenters
Sean J. Keaney
Deputy Assistant Inspector General for Audit in Cyberspace Operations Directorate, Department of Defense
As the Deputy Assistant Inspector General for Audit in the Cyberspace Operations Directorate at the Department of Defense, Office of Inspector General, Mr. Sean Keaney oversees the Directorate’s daily operations for the Assistant Inspector General and its portfolio of cybersecurity and security-related audits. Prior to becoming the Deputy Assistant Inspector General, Mr. Keaney was a Program Director for Audit in the Cyberspace Operations Directorate where he led a Division in planning, executing, and reporting information technology and cybersecurity audits primarily focused on the protection of electronic health records and controlled unclassified information maintained by contractors, DoD Intelligence Community systems and networks, and U.S. Cyber Command operations. Mr. Keaney is a certified ethical hacker and certified information systems auditor.
Mr. Keaney is the recipient of several awards, including the Meritorious Civilian Service Award, awarded in 2016, for his significant contributions to the Department of Defense, Office of Inspector. He also received the Council of Inspectors General for Integrity and Efficiency Award for Excellence in 1999 and 2005 for his major contributions and exceptional performance on two complex audits.
Assistant Director, GAO - Applied Research and Methods Team
Michele Fejfar joined GAO in 2000. She is an Assistant Director in the Social Science area in GAO’s Applied Research and Methods Team. She has helped lead several data reliability efforts within GAO, including the revision of the Assessing Data Reliability guidance issued in 2019. Michele serves as a data reliability contact both within and outside of GAO. In addition, she advises GAO teams on their research methods across numerous issue areas, particularly homeland security and justice.
Research Methodologist, GAO - Applied Research and Methods Team
Kirsten Lauber joined GAO in 2009, and serves as a Research Methodologist in GAO’s Applied Research and Methods team. She advises GAO research teams on a variety of quantitative and qualitative methods, particularly in the areas of education, workforce, retirement and tax research. Kirsten helped lead the revision of GAO’s recent guidance on Assessing Data Reliability guidance that was issued in 2019
Chief Technology Officer, NTT DATA Federal Services
Nat Bongiovanni is a US Navy veteran with over 35 years’ experience. Mr. Bongiovanni’s broad IT background allows him to view IT challenges through multiple lenses-- analyst, architect, manager, software developer and cybersecurity expert. He has spoken extensively on cybersecurity, software and policy development.. He recently spearheaded a team of cyber experts to develop a cybersecurity solution to protect network assets and data from internal vulnerabilities.
Managing Partner, Cotton & Company
Prior to joining Cotton & Company, Steve served at the U.S. Government Accountability Office and the Office of Inspector General at the Board of Governors of the Federal Reserve System. He has worked on numerous complex audit and evaluation engagements, including those related to the Emergency Economic Stabilization Act of 2008 and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. He held key leadership positions on complex financial statement audits including the first-ever audits of the: Troubled Asset Relief Program (FY 2009), U.S. Navy’s Schedule of Budgetary Activity (FY 2015), U.S. Marine Corp’s full-scope financial statements (FY 2017), and Defense Health Program (DHP) focusing on the Air Force Medical Service/Air Force Surgeon General (FY 2018). In 2019, Steve assumed responsibility for Cotton & Company’s Department of Defense audit activities, including serving as engagement partner for the audit of the U.S. Transportation Command’s Transportation Working Capital Fund and continues to support the Marine Corps and DHP audits.
Assurance Practice Leader, Cotton & Company
Loren has more than 25 years of diversified information system audit, financial and operational audit, privacy, and risk management consulting experience. Loren’s experience includes directing and participating in a wide range of system reviews, Federal Information Security Management Act (FISMA) audits, financial statement audits, process re-engineering improvement projects, and audits of internal management controls of automated information systems. He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations and his industry experience includes both commercial and governmental clients. He is a Certified Public Accountant (CPA), a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA).
Managing Consultant, RiskPro Solutions
Soumya is a senior risk and compliance professional and specializes in enterprise, operational and technology risk and controls. He has extensive experience in banking and financial services and specializes in the areas of SOX, regulatory compliance, technology controls, and risk automation. He provides strategic consulting to organizational leaders to help enhance risk maturity and improve compliance. A regular public speaker, he has also published articles on GRC implementation and operational risk.
Parmanand (Sat) Jagerdeo
Audit Technology Director, Financial Industry Regulatory Authority (FINRA)
Sat Jagerdeo joined FINRA in June 2000 to perform CAATS and develop their internal audit management system. Prior to FINRA, Sat was the SAS Programmer at Apache Medical Systems, Inc., in McLean, Virginia. Sat received his MS in Management Information Systems from George Washington University and my BS in Software Engineering from George Mason University in Fairfax, Virginia and holds a Certified Information System Auditor (CISA) certification.
Associate Director, Financial Industry Regulatory Authority (FINRA)
Stephanie joined FINRA in 2008 as a contractor with Experis, and made the transition to become a FINRA employee in February 2012. Prior to Experis, she was part of BB&T’s Regional Management Team in Annapolis and at First Virginia Banks, Inc. as an Audit Manager/AVP. Stephanie has a Bachelor of Business Administration in Accounting from Loyola University and is a Certified Public Accountant. She is also a Certified Financial Services Auditor, is certified in Risk Management Assurance and is a Certified Investments and Derivatives Auditor.
Audit Manager, SEC - Office of Inspector General
Kelli Brown-Barnes is an Audit Manager in the U.S. Securities and Exchange Commission’s (SEC) Office of Inspector General’s (OIG)Office of Audits. Ms. Brown-Barnes primarily oversees the information technology related audits and evaluations conducted by the SEC OIG. Prior to joining the SEC OIG, Ms. Brown-Barnes served as an Automated Review Policy Specialist in the SEC’s Division of Trading and Markets for nine years conducting inspections of Self-Regulatory and Clearing Organizations. Ms. Brown-Barnes is a graduate of Bowie State University, where she received both her Bachelor’s degree in Business Administration and a Master's degree in Administrative Management.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
Cancellation: If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by February 10, 2020. A $15 cancellation fee is charged.
To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.
SPONSOR THIS EVENT
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in-person event