CISA-certified and on the Move
Internal Auditor magazine recently named 20 individuals under the age of 30 as “the best and the brightest of the next generation of internal auditors.” Six of these 20 professionals hold the Certified Information System Auditor (CISA) designation. ISACA is proud to acknowledge these CISAs and their contributions to the industry:
- Hugo Alhinho, CISA, ITIL, an IT auditor at Shell International BV
- Jesse Cohen, CISA, CFE, CIA, CRMA, an international internal audit advisor at AutoZone Inc.
- Michael Cook, CISA, CRMA, ITIL, an IT auditor at State Street Corporation
- Matt Harrell, CISA, CFE, CIA, a senior auditor at AutoZone Inc.
- Michael Levy, CISA, CISSP, CRMA, a senior consultant at Deloitte & Touche LLP
- Hui Jink Teo, CISA, CIA, CPA, an internal audit lead at Hewlett-Packard
For more information about CISA and ISACA’s certification programs, visit the Certification page of the web site.
2012 CPE Audit Activities Begin This Month
The strength of ISACA certification programs rests in their ability to ensure that all certification holders maintain an adequate level of current knowledge and proficiency in the field. To facilitate these requirements, each year a random sample of certified individuals is selected for a continuing professional education (CPE) audit. If selected for the audit, you must provide written evidence of your previously reported CPE activities that meets the criteria described on the Qualifying Education Activities page of the ISACA web site.
The 2012 CPE audit began this month. Individuals selected for the 2012 CPE audit will be notified via email and postal mail. The deadline for returning supporting documentation is 15 August 2013.
Learn more on the Maintain Your Certification page of the ISACA web site. For questions, please contact the email address for the certification in question: CISAaudit@isaca.org, CISMaudit@isaca.org, CGEITaudit@isaca.org, or CRISCaudit@isaca.org.
Software License Management
By Sunil Bakshi, CISA, CISM, CGEIT, CRISC, AMIIB, ABCI, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Enterprises use numerous software products published by various software companies. These products are issued under a license—a type of contract. The publishing companies expect the license holders to adhere to the terms of the contract. Most license contracts are complex and may require thorough knowledge about the compliance terms. For example, some products that are hosted on a server require that a number of licenses be acquired based on the architecture of the host server. Changes to the hardware may require revisiting the license requirements. In many situations, enterprises are unaware of these provisions and may be noncompliant with the terms of contracts. The situation becomes complicated when the enterprise enters into license agreements with a number of publishers and needs to ensure compliance at all times.
If the publisher has to conduct an audit for compliance, it can have a disruptive and costly impact on the customer enterprise in addition to a damaging effect on the relationship with the publisher. Although it is legal, relationship discrepancies in regard to compliance are resolved in monetary terms.
To ensure software license compliance, enterprises should follow these control processes:
- Maintain an asset inventory of all software products and assign internal owners who understand the terms of the contract. If required, appoint expert services.
- Define, implement and monitor a process for ensuring implementation and purchasing of licenses.
- Perform periodic audits for license compliance. Auditors generally scan the environment to find the products installed, compare them against the entitlement (number of licenses available as per contract) and reconcile the results with the publisher’s record.
- Ensure the contractual requirements of proof of licenses.
Sunil Bakshi, CISA, CISM, CGEIT, CRISC, AMIIB, ABCI, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, is a consultant and trainer in IT governance and information security.
COSO Issues Updated Framework
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently released an updated version of its Internal Control—Integrated Framework. COSO has stated the Updated Framework will replace the 1992 version, and they have provided an article on how this transition will become effective. COSO has been noted as a framework to assist privately listed businesses in complying with section 404 of the US Sarbanes-Oxley Act. This framework originally gained broad acceptance in 1992 and is built on designing, implementing, conducting and assessing the effectiveness of internal controls.
The COSO Advisory Council, of which ISACA is a standing member, provided the COSO board guidance and insight for the update project. ISACA was represented on the council by former International President Kenneth Vanderwal; Vanderwal was supported by an ISACA working group of volunteers. Members of the COSO Advisory Council met on five separate occasions and had numerous conference calls and virtual communication over the life of the update project. COSO acknowledged the contributions of ISACA.
The 2013 framework retains the core definition of internal control and the five components of internal control (as defined in the original 1992 version). The framework was enhanced by expanding the financial reporting category of objectives to include other important forms of reporting, such as nonfinancial and internal reporting. In addition, the framework now considers many changes in the business and operating environments over the past several decades such as:
- Expectations for governance oversight
- Globalization of markets and operations
- Changes and greater complexities of business
- Demands and complexities in laws, rules, regulations and standards
- Expectations for competencies and accountabilities
- Use of, and reliance on, evolving technologies
- Expectations relating to preventing and detecting fraud
The COSO board is represented by the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA) and the Institute of Management Accountants (IMA).