@ISACA Volume 24: 23 November 2011 

@ISACA Relevant, Timely News

2012 Conference Dates and Locations Announced

ISACA has announced the dates and locations of its 2012 conferences. In several locations we will be colocating our conferences, offering two great events in one great location and providing more session options, expanded exhibit halls, increased networking opportunities and other benefits—even more ways to meet your professional development needs.

Here is the 2012 schedule:

  • North America CACS 2012, 6-10 May 2012, Orlando, Florida USA
  • World Congress: INSIGHTS 2012, 25-27 June 2012, San Francisco, California USA
  • EuroCACSSM/ISRM (co-located), 10-12 September 2012, Munich, Germany
  • Oceania CACSSM, 10-12 September 2012, Wellington, New Zealand
  • Latin America CACSSM/ISRM (co-located), 1-3 October 2012, Bogota, Colombia
  • North America ISRM/ITGRC (co-located), 14-16 November 2012, Las Vegas, Nevada, USA

Over the next few months, ISACA will work with members of the volunteer conference task forces, your peers, to develop the 2012 events. For the latest information on the program content, speakers, registration, call for papers and sponsorship opportunities, visit the Conferences page of the ISACA web site regularly.


SAS 70: Background on the Reason for Change
By Connie Spinelli, CISA, CFE, CIA, CMA, CPA

Now that we have the US Sarbanes-Oxley Act under our belt, let’s talk about Service Organization Control (SOC) reporting. For service auditor reports for periods ending on or after 15 June 2011, service organization auditors are required to use the guidance contained in the American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Reporting on Controls at a Service Organization instead of the guidance contained in Statement on Auditing Standards No. 70 (SAS 70) Service Organizations. Reports issued under SSAE are SOC 1 reports, “Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting.”

As the title denotes, a SOC 1 report under SSAE 16 focuses solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements. The reports are limited to controls related to financial statement assertions of the user organization and are meant to be used by user auditors to plan and perform audits of their entities’ financial statements, just as the SAS 70 report was intended to be.

Like SAS 70 reports, Type 1 and Type 2 options are still available; there are no preestablished reporting criteria that define the wording of control objectives or control activities. Use of these reports is still restricted to the management of the service organization, user entities and user auditors. Other than increased focus on risk management and service organization management ownership (analogous of moving from Public Company Accounting Oversight Board Auditing Standard No. 2 [PCAOB AS 2] to PCAOB AS 5) not much has changed.

The SAS 70 report is still the authoritative guidance for user organization auditors until the new SAS for user auditors is released. Guidance for user auditors will remain an auditing standard, unlike the guidance for service organization auditors, which was changed from an auditing standard to an SSAE.

Access the full article on the KnowledgeLeader web site.

Editor’s Note: © 2011 Protiviti Inc. All rights reserved. This article was reprinted with permission from Protiviti’s KnowledgeLeader, a subscription-based web site that provides audit programs, checklists, tools, resources and best practices to help internal auditors and risk management professionals save time, manage risk and add value. ISACA members receive a discount on an annual subscription to the service.


ISACA Works to GAIN New Student Members

The new 2012 student membership recruitment campaign has begun. If you are interested in helping students and using your professional influence to guide them in their careers, you may be interested in these new developments.

Over the past few months, ISACA has launched:

  • A new Student Membership page on the ISACA web site
  • A new web-enabled process for students to join, which will replace paper applications, as much as possible, and which can be accessed on the Become a Student Member page
  • A pilot student representative program—Student Representatives Growing an ISACA Network (GAIN) Program—that offers complimentary student membership and a chance for student recruiters who are recommended by their academic advocates to win prizes
  • A Twitter hashtag (#ISACAU) for discussions that pertain to student and academic relations

We encourage you to contact your chapter leaders (see the Local Chapter Information page) about this opportunity and to volunteer to assist your chapter with student member recruitment. If you have any questions, please direct them to Maggie English at menglish@isaca.org or Sharon Colwell at scolwell@isaca.org.


CISA Certification Opens the Door to Career Success
Anil Kumar Babladi, CISA, CRISC, Shares His Experiences as a CISA

Anil Kumar BabladiAnil Kumar Babladi, senior technology auditor for the National Bank of Abu Dhabi (UAE), initially thought of the Certified Information Systems Auditor (CISA) designation as just another certification to pursue, but as he prepared for the CISA exam, his perception changed dramatically. “I realized that, if one gets certified as a CISA, he would know every corner of IT operations,” Babladi explained. “To earn the CISA certification, one must be able to decipher almost every challenge that IT has to throw; hence, I pursued it,” he continued.

According to Babladi, “Professionally, life took a complete turn for the best” after he earned the CISA designation. In his experience, “Immediately after you get the CISA certification, you have the ability to choose the company you want to work for, not the other way around.” He believes, “CISA certification is a red carpet to a whole world of opportunities.”

Babladi found that auditing for the presence of IT general controls and application controls became easier after earning the CISA designation, and issues and technologies about which he is unaware can be dissected because of his knowledge as a CISA. “I have been an IT guy all along,” Babladi remarked, “but I did not learn as much about IT controls in my first 10 years in the profession as I have in the last 6, since preparing for and earning the CISA.”

For Babladi, one of the best parts of being a CISA is the recognition it helps him to attain. “Your seniors respect you for the knowledge you possess,” he explained. “Your manager prefers you over people with other certifications to perform IT audits, and your peers tend to speak to you with care.” In his experience, auditees seem to question less and listen more.

“People tend to buy certified products in life because they are tried and tested products,” Babladi explained, and he believes the same holds true for certified professionals. “Every operation in every industry uses information technology—who else but an IT auditor should review those operations? Who else but a certified IT auditor—a CISA—should to do it?”


Volunteer With ISACA

ISACA relies on its volunteer leaders to ensure the continuation of the high-quality resources members have come to expect from the association.

ISACA is currently accepting applications to participate on its volunteer bodies during the 2012-13 term. Volunteers help ensure successful certification programs, comprehensive professional conferences, timely educational programs, insightful research, thorough and appropriate online resources, representative professional standards, and financially sound infrastructures. Volunteering with ISACA has several benefits, including:

  • A role in the future of the association
  • Influence on professional issues
  • Networking opportunities with peers from around the world
  • Enhancement of leadership and professional skills
  • Participation in a forum for sharing expertise and learning from others

The selection of volunteers is based upon the identified needs of the volunteer bodies, the relevant experience and professional background of the candidates, and the need to reflect the perspectives of ISACA constituents. All appointments are for a 1-year term and are ratified by the ISACA Board of Directors.

To apply to be an ISACA volunteer, visit the Volunteering page of the ISACA web site to complete the online application. The Invitation to Participate brochure can be downloaded online and is also included with volume 6 of the ISACA Journal, which mailed this month. The deadline for applying is 16 February 2012.


New Publications on Mobile Payments and Lotus Domino Server Available

ISACA has recently released the following valuable resources:

  • Mobile Payments: Risk, Security and Assurance Issues—This white paper discusses the mobile payments ecosystem; examines the technologies and services involved; and identifies the associated security, risk and privacy concerns. Attention is also given to the governance, audit and assurance aspects of mobile payment technology and services. This and other white papers are available as complimentary PDFs on the White Papers page of the ISACA web site.
  • Lotus® Domino® Server Audit/Assurance Program—This and other audit/assurance programs are available as complimentary Word documents for ISACA members on the Audit Programs page.

Information on current research projects is posted on the Current Projects page.



ISACA has entered into a formal memorandum of understanding (MOU) with the Institute for Development and Research in Banking Technology (IDRBT), a nonprofit corporation established by the Reserve Bank of India. The MOU creates a formal basis for cooperation for joint activities that will benefit the Indian banking and finance industry and other organizations in India that have an interest in IT governance, information systems audit, information security and information systems risk management.

ISACA and IDRBT have a significant level of shared interest in promoting industry best practices and hope to develop resources that will assist stakeholders in understanding and implementing those practices. Potential activities include special access for ISACA members to IDRBT-sponsored events and products and joint activities between ISACA and IDRBT chapters in India. Ken Vander Wal, 2011-12 ISACA international president, signed the MOU during his visit to India in September 2011.



Read More Articles in Our Archives