To provide IT professionals a technical learning event presented by industry leaders. The program will provide participants the tools, best practices and information on how to overcome challenges and prepare for future trends, delivered with practical and pragmatic approaches to topics and concepts.
IT professionals with 3 to 5 years of IT experience who are responsible for the operational aspects of audit, security and risk within the organization; and those looking to earn CPE credit for certification. Experience of at least 1 year in an IT environment is encouraged.
Learning Objectives and Education Mission
ISACA is looking for innovative session proposals that not only speak to the technical issues, but provide context. Speakers should offer real-world cases, examples of actual tools and working papers used, including mapping to ISACA frameworks, successes and failures, and insight on emerging issues to help attendees stay ahead of the curve. Sessions should be designed to encourage interactive audience participation by including small group discussions, exercises and other activities to promote dialogue. ISACA is not looking for 90 minutes of lectures but rather innovative, energetic and engaging sessions. Proposals from a team or panel are welcome in order to share multiple perspectives on a topic.
The learning objectives must be clear and measurable. Learning objectives need to complete the following sentence: “After completing this session, the participant will be able to…”
Speakers are expected to have read and to be familiar with portions of COBIT, Val IT and Risk IT that are relevant to their presentations. Speakers should consider how presentation content supports CISA, CISM, CGEIT and CRISC knowledge objectives. The speaker must provide additional resources such as documents related to the topic, bibliographies, white papers, relevant articles, tools, guides, sample audit programs and other information that extends the learning beyond the session and adds value to the event. Content is at an intermediate or advance level; content of a basic or primer level is not appropriate for this conference.
Here are specific topics to consider:
- Fundamentals of Auditing Oracle Security
- Advanced Auditing of Oracle Security
- Configurable Controls of Oracle (Business Processes)
- Oracle – GRC Tools and Dashboards
- Database Auditing – General
- Introduction to Auditing ERPs (broad-based, multi-tier, architecture, control points)
- Continuous Monitoring and Auditing – Tools specific
- Performing an Operations Audit
- Data center operations
- Core business operations audits
Outsourcing and Offshoring
- When, Where, How and Why
- Managing the outsourced the IT function
- Risks involved – a legal perspective
- Industry Specific Content
- Health Care:
- Health Care Bill 1099 -
- HIPAA regulations
- High-tech privacy concerns
- Emerging Regulations
- Agency Examinations (GLBA, BASEL II)
- New FFIEC Authentication Guidance
IT Audit – Intermediate Competencies
IT audit professionals must know the key to good practice auditing, from how to set up a risk-based audit plan through performing value-added audits, to using state of the art tools and methods. These sessions are designed to provide the participants with the concepts, methodologies and techniques to help improve their knowledge, expertise and skills. Selected session proposals will provide participants with value-added tools such as audit programs, checklists, white papers and other reference material.
IT Risk-Based Audit Programs and Tools – Advanced
IT audit and assurance professional must have a clear understanding of the underlying business processes and techniques to assess the adequacy of controls within these processes. Through demonstration and discussion of audit programs, these sessions will help IT audit professionals identify technological risks to the business and operational environments, and how to use relevant business analysis as well as IT audit tools and techniques. Sessions are hands-on at an intermediate or advanced level. Each session combines process analysis and audit methodology with practical knowledge and examples, to clearly illustrate best practices needed by today’s IT assurance professional. We are seeking session proposals with value-added tools such as audit programs (especially mapped to COBIT), checklists, white papers and other reference materials including those posted at www.isaca.org/auditprograms.
Privacy and Data Protection Issues
These sessions will explore how the threats to privacy are evolving, how privacy can be protected, and how to balance the need to collect and secure information in a fast-paced environment where electronic information is exchanged. Concern over wireless/mobile communication, financial privacy, medical record confidentiality, background checks, and many sources of searchable Internet data test an enterprise’s data protection controls.
Top IT Audit and Security Issues
Cutting-edge IT and security issues will be discussed, along with recommendations and solutions. Topics include: social media, related risks and new audit/security solutions; mobile technology, internal controls and solutions; and cloud computing strategies. These sessions will support case study discussions detailing solutions to specific problems or issues. We are seeking session proposals that are designed for participants with 3 to 5 years of IT experience.
IT Risk and Exposure Management
These sessions presents topics essential to IT audit and security professionals to continue perform more advanced tasks and expand on their job responsibilities. Sessions cover a variety of topics including using COBIT and COSO to help understand, identify, and assess IT risks, and how to use internal control frameworks to mitigate such risks. These sessions presents the concepts of risk management and how to apply them for the benefit of the organization and its stakeholders. Sessions are designed to guide the IT professional to translate IT risk and issues into overall business risk and exposures that the organization’s management and audit and security committees can understand and address. The level of discussion is at an intermediate level, and assumes the participant has more than 3 years of IT experience and is familiar with information technology, terminology and concepts.
How to Submit a Proposal
Potential speakers must complete an official ISACA session proposal form for each proposed event and topic The session proposal form serves to document the speaker’s vision of the proposed session and how he/she intends to treat the various issues of the topic. The Conference Development Task Force can only make its speaker selections after a comprehensive review of the session proposal documentation and bona fides. It is important to include a full biographical sketch and detailed list of speaking engagements.
At the top of this page you will find a link to "Submit or Manage Your Paper" After clicking the link you will be prompted to log in.
If you cannot recall your credentials, click the Forgot Password? link.
Enter your email address and click Submit. You will receive an email notification from firstname.lastname@example.org that contains a link to reset your password. The reset link is valid for 60 minutes after being requested. To ensure you receive this email, please add email@example.com to your address book, contacts or trusted list. Click the link in the email or paste the entire URL into your browser and follow the instructions to make your changes. Should the link expire (exceeded the 60-minute window), you must request another reset password notification.
If you do not have an existing profile, please create an account.
**Special note to public relations firms and internal marketing departments submitting proposals on behalf of a potential speaker: You must provide the direct contact information for the speaker. The speaker must be aware of the submission and be able to accept the commitment of presenting at the event if selected. ISACA must be able to correspond with the speaker directly. ISACA understands third parties and other interested persons often need to be included in any communications and will endeavour to keep everyone informed.