2016/17 Monthly Education Sessions

SOCR – The fundamentals and latest updates for SOC reporting (earn 2 CPEs)

Date:Wednesday, 26 October 2016
Time:12:00 - 2:00PM
Cost: ISACA Members - $25; Future Members - $30; Students - $20 (Students - Please bring valid student ID)
Location: NYIT, 701 W Georgia St #1700 – Jordan room (NYIT is located at the intersection of Georgia & Granville)

Light lunch is included

Service Organization Control (SOC) reports are not just compliance tools: They are usually the single best description of internal processes and procedures that a service provider can provide its clients. While the understanding and adoption of SOC reports to build competitive advantage, assist clients with vendor oversight activities, enhance client communications, manage client support costs, satisfy contractual agreements and improve a service provider’s processes continue to grow, significant confusion about the different types of SOC reporting options available remains.

Join Kevin Teo as he explores how service providers, users of outsourced services and auditors can better understand the available options and important considerations when using SOC reports as part of their vendor management, governance, compliance and audit activities. This session will cover the following:

- SOC 1, SOC 2 and SOC 3 reports compared and contrasted
- Type I and Type II reports discussed
- AICPA SOC reporting changes in 2017
- Interpreting the results of a SOC examination
- Q&A

Kevin Teo leads Service Organization Controls Reporting, IT Risk Assurance, Information Risk Management, Information Security, Computer Assisted Audit Techniques (CAATs) and Data Analytics at Ernst & Young’s Risk Assurance practice for British Columbia. Kevin enjoys harnessing the power of technology to drive efficiency and gain deeper insights into everything he does. He has more than nine years of security, compliance, audit, consulting and technology experience working as both an external and internal auditor and has helped clients realize value through assessing the maturity and effectiveness of and implementing IT controls, governance frameworks and processes, transforming big data into strategic business information, performing IT, security and Service Organization Control audits, examining control procedures, performing Quality Assurance assessments, program rapid assessments, and reviewing system implementations from both an IT audit and project management perspective.

*  *  *  *  *  *  *  *  *  *

COBIT 5 Assessor for Security Course (Earn 16 CPEs)

Date: December 1 - 2, 2016
Time: 8:30am-5:00pm
Cost:$650 CAD (optional exam $350 USD extra)

Location: Deloitte, 2800-1055 Dunsmuir St, Vancouver, BC

COBIT 5 Assessor for Security course provides a basis for assessing an enterprise’s IT process capabilities against the COBIT 5 Process Assessment Model (PAM). The COBIT 5 Assessor course Evidence-based to enable a reliable, consistent and repeatable way to assess IT process capabilities, this model helps IT leaders gain C-level and board member buy-in for change and improvement initiatives. Assessment results provide a determination of process capability. They can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance. You can apply to become a COBIT Certified Assessor after taking this course and successfully passing the exam and the COBIT 5 Foundation exam. COBIT 5 Certified Assessors have demonstrated experience in planning, building, running and/or monitoring IT processes.

Participants are highly recommended to read: “The Assessor Guide: using COBIT 5” and “The Process Assessment Model (PAM): Using COBIT” available on

Target Audience:

Internal and external auditors
IT auditors
IT consultants
IT management
Cybersecurity & Information Security professionals

At the conclusion of this course, attendees will understand

How to perform a process capability assessment using the Assessor Guide: using COBIT 5
How to apply the Process Assessment Model (The PAM) in performing a process capability assessment Specifically:

To use the Process Reference Model, in particular to be able to use the 37 processes outlined in the PRM
To apply and analyze the measurement model in assessing process capability levels
To apply and analyze the capability dimension using generic criteria outlined in the PAM
How to identify and assess the roles and responsibilities in the process capability assessment process
How to perform and assess the 7 steps outlined in the Assessor Guide Specifically:

Initiate a process assessment
Scope an assessment, using the tools provided and the PAM for the selection of the appropriate processes
Plan and brief the teams
Collect and validate the data
Do a process attribute rating
Report the findings of the assessment
How to use the self-assessment guide

Course Outline

• Course Introduction
• COBIT 5.0 Overview, Principles, Goal Cascade recap
• Recap of Process Assessment Model ( PAM)
• Roles, responsibilities and Competencies
• Initiate an Assessment
• Scope an assessment
• Plan an assessment
• Brief to the team
• Data Collection
• Data Validation
• Process Attribute Rating
• Assessment Reporting
• Sample exam
• Exam (Optional)

Exam Details

· Objective testing
· 8 questions per paper with 10 marks available per question (80 questions)
· 40 marks or more required to pass (out of 80 available) - 50%
· 2 ½ hours duration ( Non-native English speaking delegates will receive additional 40 Minutes)
· Open book, Using COBIT 5 books only. (‘COBIT 5 Assessor Guide: Using COBIT 5’ and ‘Process Assessment Model: Using COBIT 5’ ).

More Information can be found here.

 Cancellations/Transfers & Refunds

All cancellations/transfers must be received in writing - please send an email to Telephone or verbal cancellations/transfers will not be accepted. Cancellations or transfers of registration at least 10 calendar days prior to the course will result in a full refund. Cancellations or transfers received less than 10 calendar days but more than 3 full* business days prior to the course are subject to an administration fee of $50 for full and half day courses, or $25 for executive breakfasts and luncheons, or hold on credit for use towards a future event.

Cancellation requests received less than 3 full business days prior to the course date (statutory holidays are not considered business days) will not be accepted and the full cost of the seminar will apply, with no credits or refunds. No-shows, registrants who register but do not show up for a seminar will also be responsible for the full cost of the seminar, with no refunds or credits. In such cases, substitution of attendee is permitted up to and including the day of the seminar.