SC Midlands Chapter 54 of ISACA

SC Midlands Chapter 54 of ISACA

November 2013 Newsletter
In This Issue
New Chapter Members
COBIT Resources
ISACA International Webinars
Job Opportunities
Compliance Challenge
November Session
December Session
 

New Chapter Members:

 

LaVelton L. Baldwin, CISA

Deanna Michele Kilgore

Lorie Leigh Anderson

 

 

Transferred in Members:

Betsy Davis Rice, CISA

Karin Lee Young

 

We want to sincerely extend everyone a WARM welcome to the Chapter

 

We are now at 224 members total - WOW!

 

 
New COBIT Resources Available

 

The following COBIT 5 products have been released recently:

  • COBIT 5 for Risk creates an information risk view of COBIT 5, which serves as the information-risk-specific guidance related to COBIT 5 for ISACA's information risk constituents. The guide should be considered the risk-focused equivalent of COBIT 5 for Information Security within the COBIT 5 family of products.
  • Configuration Management: Using COBIT 5 provides practical guidance about implementing and managing configuration management using COBIT 5 as a foundation. It describes the most common risk, threats, controls and best practices to maximize benefits and reduce associated risk. A good portion of the book is dedicated to the configuration management database concept, including how to build an effective database, interaction with other IT processes, configuration item life-cycle management and security controls.

Information on current research projects is posted on the Current Projects page of the ISACA web site.

::

 

ISACA International Webinars, Events, and Deadlines

 

 

November

1 November

Deadline for changes to December certification exam registrations (US $50 processing fee applies)

6-8 November

North America Information Security and Risk Management (ISRM) Conference, Las Vegas, Nevada, USA

11-14 November

Training Week: Taking the Next Step: Advancing Your IT Auditing Skills, Dallas, Texas, USA

27 November

Final deadline to defer December CISA, CISM, CGEIT and CRISC exam fees (US $100 processing fee applies)


December

4 December

Virtual Conference:

Cloud Maturity-How to Solve Your Cloud Security Challenges

7-8 December

CISA Cram Course, Atlanta, Georgia, USA; Dallas, Texas, USA; Chicago, Illinois, USA; New York, New York, USA; and San Jose, California, USA  

9-12 December

Training Week: COBIT: Strategies for Implementing IT Governance, Fundamentals of IT Audit and Assurance, Governance of Enterprise IT Information Security Management, IT Risk Management, Taking the Next Step: Advancing Your IT Auditing Skills, Las Vegas, Nevada, USA

14 December

CISA, CISM, CGEIT and CRISC exam administration


January

15 January

Membership and Certification renewal deadline. To renew, log in and click on the Renew link from the ISACA home page

 

  
 JOB OPPORTUNITIES
  

FIRST FINANCIAL HOLDINGS, INC.

 

 

 

IT Audit Manager Position

 

Description

We are seeking an IT Audit professional who will be a key member of Internal Audit's management team. Reporting to the Director of Internal Audit, the IT Audit Manager will be Internal Audit's primary point-of-contact and relationship manager for all of the Bank's IT functions and auditable units. The Audit Manager will oversee the planning, execution, and reporting of IT audits including leading multiple audits simultaneously while managing one or more auditors. This individual will also provide primary input to the risk assessment and audit planning process for IT audit functions and will be responsible for managing this component of the audit plan and providing periodic progress reports. As the primary point-of-contact for his or her areas of responsibility, the Audit Manager's performance will be impacted by his or her ability to build strong relationships with key management in these areas, identify and address their most critical risk and control issues, and add value as a key source of internal control and risk management best practices. Location Columbia, SC

 

Requirements

The ideal candidate will have a Bachelor's degree in IT, accounting, finance or a related business field and more than 10 years of IT or IT Audit experience with financial institution experience highly preferred. Advanced degree and professional certification preferred. Candidates must have exceptional analytical and interpersonal skills, solid communication skills, people management experience, and ability to multi-task in a fast paced environment.

 

IT Audit Supervisor Position

 

Description

Reporting to the IT Audit Manager, the IT Audit Supervisor will have two primary areas of responsibility which include Internal Audit's technology and IT audits.

  • Technology: Working with the IT Audit Manager and Director of Internal Audit, the IT Audit Supervisor will be responsible for the initial design and implementation of an automated workpaper system. The IT Audit Supervisor will also be responsible for daily operation and maintenance of the system as well as the associated reporting for the Audit Committee, Director of Internal Audit, Management, and other stakeholders. The IT Audit Supervisor will also assist the Internal Audit Department with technology needs to facilitate execution of audits across the teams.
  • IT Audits: The IT Audit Supervisor will be responsible for planning, execution, and reporting of assigned IT audits including coordination with any outsourced resources and mentoring any junior staff and performing first-level review of workpapers to ensure compliance with established requirements. Location Columbia, SC

 

Requirements

The ideal candidate will have a Bachelor's degree in IT, accounting, finance or a related business field and at least 7 years of IT Audit experience with financial institution experience highly preferred. Experience with automated workpaper system implementation and maintenance is preferred. Advanced degree and professional certification preferred. Candidates must have exceptional analytical and interpersonal skills, solid communication skills, and ability to multi-task in a fast paced environment.

 

 

Audit Manager Position

 

Description

We are seeking an Audit professional who will be a key member of Internal Audit's management team. Reporting to the Director of Internal Audit, the Audit Manager will be Internal Audit's primary point-of-contact and relationship manager for assigned areas of responsibility. For assigned areas, the Audit Manager will oversee the planning, execution, and reporting of audits including leading multiple audits simultaneously while managing a team of two or more auditors, including any outsourced providers. This individual will also provide primary input to the risk assessment and audit planning process for audits within their assigned areas of responsibility and will be responsible for managing this component of the audit plan and providing periodic progress reports. As the primary point-of-contact for his or her areas of responsibility, the Audit Manager's performance will be impacted by his or her ability to build strong relationships with key management in these areas, identify and address their most critical risk and control issues, and add value as a key source of internal control and risk management best practices. Location Columbia, SC

 

Requirements

The ideal candidate will have a Bachelor's degree in accounting, finance or a related business field and more than 10 years of Audit experience with financial institution experience highly preferred. Advanced degree and professional certification preferred. Candidates must have exceptional analytical and interpersonal skills, solid communication skills, people management experience, and ability to multi-task in a fast paced environment

 

Audit Supervisor Positions

 

Description

Reporting to the Audit Manager, Audit Supervisors will have primary responsibility for in-charging audits which includes the planning, execution, and reporting of assigned audits. Audit Supervisors will coordinate and provide supervision to team members during audit execution. Audit Supervisors will perform first-level reviews of the work of others, including any external and junior staff, to ensure compliance with established requirements. Audit Supervisors will also be responsible for building strong relationships with Bank management and staff within assigned areas of responsibility. Location Columbia, SC

 

Requirements

The ideal candidate will have a Bachelor's degree in accounting, finance or a related business field and at least 7 years of Audit experience with financial institution experience highly preferred. Professional certification preferred. Candidates must have exceptional analytical and interpersonal skills, solid communication skills, and ability to multi-task in a fast paced environment

 

 

 

Contact
Resumes should be provided to Anita O'Dell at 700 Gervais Street, Columbia, SC 29201 or via email at
Anita.ODell@scbtonline.com .
 
  

Monthly Puzzle

 

Password Security

 

Y

F

I

T

N

I

O

P

E

R

A

H

S

B

E

E

J

V

H

Y

T

E

Q

Y

A

S

Q

Z

U

S

S

S

A

L

L

M

M

V

Z

U

E

Y

B

Z

Q

O

Q

A

U

T

H

E

N

T

I

C

A

T

I

O

N

S

G

M

V

M

M

U

Y

W

T

G

G

R

U

L

S

N

W

I

V

E

K

X

Y

C

O

F

W

A

E

I

E

C

Y

E

E

K

R

W

Z

D

S

D

I

R

U

H

Y

P

F

R

M

V

O

G

L

K

I

E

K

A

E

X

H

R

W

M

Y

F

R

L

C

E

R

T

F

U

O

D

S

L

D

V

M

L

E

I

W

J

I

E

F

E

H

I

S

P

Y

E

A

U

E

P

M

F

O

S

N

Y

Z

R

U

O

B

H

E

N

B

Z

M

S

C

I

R

J

Z

C

E

D

Q

K

E

Y

Z

D

R

F

F

C

L

A

I

S

I

B

E

H

K

T

O

L

H

V

B

C

V

Z

X

L

R

O

V

W

F

I

K

Q

S

E

H

W

P

T

P

N

I

Q

L

M

J

E

R

N

N

M

U

N

Z

D

D

P

S

S

D

W

C

R

O

U

Q

X

E

S

O

T

A

N

W

G

E

O

U

P

L

J

E

P

W

R

K

H

S

O

C

F

A

R

L

X

B

A

U

S

A

F

O

R

G

O

T

P

A

S

S

W

O

R

D

O

G

R

G

T

U

S

J

G

N

A

V

Q

K

G

M

L

I

L

G

V

C

L

C

H

S

G

S

B

T

W

D

C

F

L

X

M

X

X

Q

P

L

K

Y

O

R

S

I

W

G

Z

M

V

C

S

K

A

W

X

Z

B

K

P

E

G

O

V

P

K

O

Y

U

I

P

X

A

K

G

T

H

B

L

R

B

D

L

U

N

F

H

R

V

C

H

T

A

G

S

V

S

P

B

I

L

V

F

F

Z

T

A

N

D

G

K

F

I

R

W

D

A

P

L

L

Q

P

Z

S

H

Y

K

Q

R

 

   

AUTHENTICATION

RESET

UNLOCKED

CONFIRM

SELF HELP

USER NAME

FORGOT PASSWORD

SELF SERVICE

VERIFY

GUESSING

SERVICE DESK

WINDOWS PASSWORD

LOCKED OUT

SHAREPOINT

YOU ARE IN CONTROL

 

 

 

 

 

 

 

 

 

 

Join Our Mailing List
From the President

 

 

There is still time to sign up and attend our Nov. 15th class.   The speaker is Danny Goldberg, whom we had back in January and was extremely engaging and knowledgeable. The topic this time is Optimized Interviewing: A one-day course on Optimizing the Effectiveness of Your Process Interviews.

 

The December class will be held on the 13th and will cover Data Breaches within the Health care arena and Health Care fraud. The announcement is on our website, so register now if you haven't already and we look forward to closing out the calendar year with this topic. We are also planning a COBIT 5 Foundations class to be held early next year (possibly February) so be on lookout for that.

  

Recruit 5 new members and get an iPad mini free. For each new member recruited, you are entered into a monthly drawing, but recruit 5 and you are guaranteed the prize. See the ISACA website for further details.   Individuals joining ISACA now will pay the same rate but get 14 months of membership through 31 December 2014.

 

According to the latest IT Skills and Certifications Pay Index™ (ITSCPI) report from Foote Partners LLC, individuals who have attained ISACA certification ranked among the highest on its pay performance index. The average pay premiums for 289 IT certifications were surveyed and CISM and CGEIT tied with other certifications as the fourth highest-paying certification for the second quarter of 2013. CISA and CRISC tied as the fifth highest-paying certification. In addition, CGEIT's market value increased by 10 percent during the quarter ending 1 July 2013.

 

For our chapter, we are implementing a new approach to the management of our seminars and monthly events.   During this transition, Sue Rusher will provide oversight to an education committee.  She will train each of these individuals in a more narrow set of tasks.  Additionally, each of the committee members will be cross-trained in the main efforts needed to run an event; finding and contracting the speaker, logistics of the facility, meal planning, advertising, and class follow-up.  Please contact Sue or myself if you are interested in being part of this exciting and important committee.

 

   

Tom Hart

2013 - 2014 President

 
 

               

  

 

 

SC Midlands ISACA presents:

"Optimized Interviewing: A One Day course on Optimizing the Effectiveness of Your Process Interviews" 

 

Speaker: Danny Goldberg, CPA, CIA, CISA, CGEIT, CCSA

                              

 

8 CPEs

DATE:                        Friday, November 15, 2013

LOCATION:                    BCBSSC Tower Auditorium

                        2501 Faraway Drive, Columbia, SC 29223

                                Free Parking in White Spaces Only!
 

 

TIME:                           

Registration and Breakfast          7:30 am

Class:                                       8:00 am to noon        
Lunch:                                       Noon to 1:00 pm
Class                                         1:00 pm to 4:00 pm

 

Pre-Registration and payment required at http://www.scisaca.org/ Click on future events, and locate this date. Checks and credit cards accepted for pre-registration and payment.

 

Pricing:

 

Regular Registration: October 21, 2013 - November 8, 2013

$150 - SC Midlands ISACA Members

$175 - Non-Members

  

Late Registration: November 9, 2013 - November 14, 2013

$175 - SC Midlands ISACA Members

$200 - Non-Members

 

What you will learn:

 

Interviewing is a very important skill in any discovery process. To effectively communicate and ease the concerns of the customer is as an important as an effective process. This one-day course will take attendees through the entire interview process, learning best practices for each step and how to manage different personality types.

 

Objectives

  • Overview of best practices in process interviewing, including personality types and interview preparation.
  • Learn the step-by-step interview process and learn best practices for each step.
  • Learn how to listen actively and read physical cues.

 

Agenda

Introductions

Stories and Background

Types of Information Obtained from Process Interviews

  1. What an Interview is Not
  2. Direct versus Indirect Information
  3. What are We Looking for

 

Planning/Preparing for an Audit Interview

  1. Objectives
  2. Questions and Information Requests
  3. Participants
  4. Meeting
  5. Location
  6. Time
  7. Handouts

 

Conducting and Controlling Audit Interviews

  1. Types of Questions to Ask
  2. Physical Settings
  3. Small Talk and Knowing the Room
  4. Interview Tone

 

Managing Different Personality Types

Handling Challenging Interviewees

Active Listening

Physical Listening


Danny M. Goldberg leads the Professional Development Practice at Sunera. Prior to joining Sunera in January 2011, Danny founded SOFT GRC, an advisory services and professional development firm. Danny has over 15 years of audit experience, including five as a CAE/Audit Director at two diverse companies.

 

Prior to founding SOFT GRC, Danny was the Director of SOX Compliance and Corporate Audit at Dr Pepper Snapple Group, where he led the Year-One SOX Compliance efforts. Prior to his tenure at Dr Pepper, Danny was the Chief Audit Executive at Tyler Technologies, a publicly traded technology company, where he built the internal audit function from the ground up.

 

Danny has also served on the board of directors of a non-profit organization and the audit committee of the Dallas Independent School District. Danny currently serves as the Chairman of the North Texas Leadership Council of the American Lung Association and is the IIA Dallas Chapter Programs Committee Co-Chairman for the 2011-2012 year.

 

Danny is accredited as the professional commentator on the publication BNA Tax and Accounting Portfolio, Internal Auditing: Fundamental Principles (Accounting Policy and Practice Series), which is authored by renowned audit scholars Curtis C. Verschoor and Mort A. Dittenhofer - co-author of Sawyer's Internal Auditing.

 

He has also published numerous articles in trade magazines in 2011, including:

* The Audit Report (Executive Search, Winter 2011)

* ISACA Journal (General Auditing for the IT Auditor: An Overview, May 2011)

* The Audit Report (11 Hot Topics for 2011, March 2011)

* Dallas Business Journal (The Yes Man Phenomenon, January 2011)

 

Danny is a well-known speaker across the nation at numerous IIA and ISACA sponsored events. He has been recognized as a top speaker at several events during 2011-2013, including:

  • Sixth Best Speaker out of 116 at 2013 IIA International Conference
  • Eighth rated speaker out of 120 - 2012 IIA International Conference
  • "Top Rated" (Excellent/Outstanding) Speaker - 20th Annual American Society for Quality (ASQ) Audit Division Conference (out of 44 presenters)
  • Top 10 Presentation - 2011 IIA Midwest Regional (36 total concurrent sessions, 3.75 overall rating out of 4.0)
  • Top 3 Ranked Speaker - Michigan CPA's Healthcare Conference 2011 (29 total speakers)
  • Top 3 Ranked Speaker - ArkSarBen IIA 2011 District Conference (24 total sessions)
  • * 3.58/4.00 Rating - 2011 ACFE Annual North American Conference

 

SC Midlands Chapter of ISACA Presents:

 

 

Data Breaches in Healthcare

 Presented by Ryan Boggs, CISA, CRISC, Dixon Hughes Goodman LLP

 

 

 Health Care Fraud & Compliance

Presented by Tommy Mills, ACFE, BlueCross BlueShield of South Carolina

 

 

 

  DATE:                       Friday, December 13, 2013

LOCATION:              BCBSSC Tower Auditorium

                    2501 Faraway Drive, Columbia, SC 29223

                                 Free Parking in white spaces only!

 

CPEs:                          3

 

TIME:                        

Registration:                8:30 am (Breakfast served)

 

Seminar:                      9:00 - 12 noon

 

 

 

 Pre-Registration and payment required at http://www.scisaca.org/Click on future events, and locate this date. Checks and credit cards accepted for pre-registration.

 

 

Pricing*:

Early Bird:  now until November 22, 2013

Member - $45

Non-Member - $55

  

Regular Registration: November 23, 2013 - December 6, 2013

Member - $55

Non-Member - $65

  

Late Registration: December 7, 2013 - December 12, 2013

Member - $65 

Non-Member - $75

 

 

    

What you will learn:

   

 Data Breaches in Healthcare

 

Presented by Ryan Boggs, CISA, CRISC
, Dixon Hughes Goodman LLP

 

 

As an experienced provider of HIPAA/HITECH and Meaningful Use consulting services, Dixon Hughes Goodman has assisted healthcare organizations of all sizes complete IT risk assessments, conduct network penetration tests and vulnerability assessments, and develop IT controls designed to ensure the protection of patient privacy. Their presentation will focus on conveying to conference attendees the most common issues they see within IT departments that lead to the breach of patient ePHI data. They have taken significant efforts to identify the most common issues they discover in healthcare IT departments and continue to enhance their consulting services to addresses these problems first.

 

   

 

Data breaches continue to occur regularly, in spite of increased awareness and investment by healthcare IT departments. Yet, research into the causalities of these breaches does not indicate complex or highly sophisticated attacks. Instead, the most damaging breaches of data privacy are caused by simple activities that exploit common, and often easily remediated, vulnerabilities surrounding user awareness, IT governance, and data access. After briefly describing the differences between compliance and effective data security, they intend to leverage their experience in providing IT personnel in attendance with concrete ideas for IT governance and network security that can be incorporated into their environment. They plan to present the issues in a "Top 10" format and provide printed materials that can be consulted in the future.

 

Health Care Fraud & Compliance 

Presented by Tommy Mills, CFE, AHFI, Director of Corporate Compliance and Special Investigations Unit, BlueCross BlueShield of South Carolina

 

Tommy's presentation is an overview of the process of fighting healthcare fraud in an ever changing environment. He'll discuss the challenges and motivation the Special Investigations Unit faces in fulfilling the responsibilities of preventing, detecting and investigating fraud. His presentation outlines the tools and methods the SIU utilizes in this endeavor. It will also reveal how fraud fighting has evolved into a comprehensive effort incorporating other disciplines in the organization to maximize available resources. Tommy will emphasize the importance of training employees to be vigilant at all times. The corporate culture is of vital importance for an ethical environment, but senior management's commitment to support and sustain it is necessary.

 

 

Ryan Boggs is a manager within the IT Advisory Group of Dixon Hughes Goodman LLP, which provides technology-related risk and advisory services to clients across the Southern U.S. Based in Greenville, SC, Ryan works with numerous healthcare organizations to implement and assess HIPAA, HITECH, and Meaningful Use compliance. His experience includes providing assistance to internal audit functions, performing technology risk and controls assessments, assessing compliance requirements of Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act (HIPAA), business process analysis, Service Organization Controls (SOC) reporting, and assisting clients with managing risk associated with large IT systems and infrastructure transformations. Ryan is a graduate of The Citadel and holds the Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC) certifications.

 

Tommy Mills is the Director of Corporate Compliance and Special Investigations Unit (SIU) at BlueCross BlueShield of South Carolina (BCBSSC). He started his career at BCBSSC almost twenty five years ago as Manager of Investigations. He is certified by the Association of Certified Fraud Examiners (ACFE) and accredited by the National Healthcare Anti-Fraud Association. His responsibilities include preventing, detecting and investigation fraud perpetrated against BCBSSC by providers, members, vendors and employees across all commercial lines of business including State, FEHBP and Medicare Advantage; coordinating and investigating all internal investigations for the corporation; administering compliance and ethics training for the corporation; conflict of interest reviews and investigations; OFAC review and tracking. Tommy has developed relationships with SIU management at the BCBS Association, other BlueCross BlueShield plans, other companies, federal, state and local law enforcement and prosecutors; insurance regulators.

 

Prior to his BCBSSC career, Tommy was a Forensic Investigator with the Richland County, SC Sheriff's Department. During his eight year law enforcement career he was a fingerprint expert, photographer, crime scene technician, narcotics analyst, arson investigator, expert witness, sniper/spotter as a Special Operations Response Team (SORT) team member. Tommy graduated from the University of South Carolina with a BS Criminal Justice degree.