IT Governance, Audit & Information Security

PrintBrochureLinkedIn
IT Governance, Audit & Information Security

Incorporating the ISACA Auckland Chapter Annual Conference

Documentation for this event is available. Enter your access code.

About

The current financial environment that the world finds itself in means that it is more imperative than ever to ensure the maximum value is being derived from all elements of the business.

Bright*Star, in conjunction with the Auckland Chapter of ISACA, have put together an intensive one day conference designed to ensure your IT shop is aligned with business objectives and organisational goals. You’ll be able to customise your conference experience with streams on Audit, Governance and Security. And you’ll be able to network with some of the best IT Assurance and Governance professionals and practitioners the country has to offer.  

With thought leading presentations and case studies from:

Audit NZ | Government Communications Security Bureau | Ports of Auckland | Ernst & Young
Westpac | Air New Zealand | Office of the Privacy Commissioner | and more!

PLUS! Our International Keynote Address
IT Audit and Governance in a Post-Recession World, presented by Mark Toomey, Managing Director, INFONOMICS

Agenda

Day 1

8.30

Registration & Coffee

9.00

Opening remarks from the Chair

Chandan Ohri, Partner - Information Risk Management, KPMG; President, ISACA – AUCKLAND CHAPTER

9.10

KEYNOTE INTERNATIONAL ADDRESS: IT Audit and Governance in a Post-Recession World

As the global economy recovers from one of the worst recessions to hit us in nearly a century, more than ever it is critical to deliver as much value as possible from technology-enabled investments. The new environment is extremely sensitive to risk, but at the same time must invest in new opportunities to harness growth and value. This value can be attained through sound governance and management of information technology as a key enabler of business performance.
• The changing responsibilities of business leaders as they come to terms with the fact that deriving value from IT is increasingly a question of how it is used in enabling the business
• The implications of this change for IT Audit, and how it is used in enabling business value
• The risks and opportunities that the new environment presents

Mark Toomey, Author of ‘Waltzing with the Elephant’ and Principal, INFONOMICS PTY LTD

Please visit the website below for Mark's presentation

http://www.infonomics.com.au/PresGAPRW.htm

10.00

Missing in Action: The IT Risk Assessment

Why do most New Zealand organisations completely fail to take IT risk into account when doing their regular risk reviews and assessments? Does the senior management team put it in the “too hard” basket? Or is it seen as solely an IT problem instead of an organisation-wide risk issue? This session will explain:
• Why most organisations fail to undertake strong IT risk assessment procedures
• Risk assessment as a starting point for audit and governance good practice
• Risk as a platform for opportunity and threat management in support of achieving business strategy

Chris Roberts, Senior Advisor, GOVERNMENT COMMUNICATIONS SECURITY BUREAU

10.50

Morning tea

11.20

Theme: Governance - Resolving your IT Governance Dilemma: A “leg up” to get started

Getting started on the journey towards improved IT Governance can be half the battle. Tools, methodologies, frameworks can see too much time spent planning and not enough in execution.
This session will outline techniques to -
• Kick-start the journey
• Raise awareness and gain support
• Highlight elements from the frameworks that support quick wins
• Outline lessons learned “in the field”

Liz Wickham, Executive Director – Technology and Security Risk, ERNST & YOUNG
Kevin Maloney, Director, THE POINT GROUP

11.20

Theme: Audit - Defining and Planning the Scope of your IT Audit

One of the areas that an IT audit can fall down is that the scope is incorrectly defined. By focussing too heavily on the supply-side issues of an IT audit, rather than the demand, you lose sight of the real aim of an audit – to ensure your IT investments deliver value for money to the business. This session will investigate.
• The risks associated with an ill-defined IT Audit
• Projecting future demands on IT usage to develop your investments with forethought
• Thoughts on a well structured and defined IT audit

Vaughan Harrison, Senior Manager, ERNST AND YOUNG

12.05

Theme: Governance - CASE STUDY: How do I Improve my IT Governance?

Many IT governance initiatives have been focused on achieving compliance – driven by external mandates. While compliance is important, business value will be lost if the “right things” are not effectively governed and managed.
So where to start?
This session will help you understand the key steps for getting beyond the “tech speak”. Come away with an understanding of the three things that will help you, your Board and key stakeholders sleep peacefully at night.

Jeremy Bendall, Partner, EFFECTIVE GOVERNANCE NZ LTD

12.05

Theme: Security Linking Information Security with Information Risk Management

To be truly successful, information security must have robust internal controls, backed by strong metrics. As information security continues to evolve into a critical function, we will examine how internal controls and processes can be embedded in your organisation.
• Sound policy as a base for information security
• Benchmarking your policies with an internal security audit
• What metrics can you employ to give you an accurate dashboard of your progress?

Tony Krzyzewski, Director, KAON TECHNOLOGIES
Jackie Krzyzewski, Director, KAON TECHNOLOGIES

12.50

Lunch

1.40

Theme: Security An Organisational Model for Information Security Assessment

As the importance of information and the supporting technology has increased, so too has the imperative to ensure its security. A comprehensive and effective security assessment framework is thus vital to both corporate governance and management of security spending and investment. However, there is little evidence that such a framework is either available or widely adopted. In this session, a conceptual model for security assessment is presented together with an indication of its application – which extends beyond the regular jurisdiction of the COBIT model.

Jeremy McKissack, Manager Information Security, WESTPAC

1.40

Theme: Governance - CASE STUDY: IT Governance in Action

IT Governance principles look good in a book or website. Getting them off the page and into your organisation can be a very different proposition. Gain insight into how the Ports of Auckland have approached the initial transformation and continual improvement of their IT Department and IT governance, including:
• Leadership challenges encountered and key success factors
• Performance measurement and stepping stones along the journey
• Activities to continually improve IT governance activities.
• What’s ahead in longer term plans

Richard Raj, Manager Group Project Office & IT Services, PORTS OF AUCKLAND

2.25

Theme: Audit - IT Risk Management and the IT Auditor

The ability to aggressively take strategic and commercial risk and yet manage the associated operational risks is a critical skill for success in business today. While the management of risk exposures is reasonably well entrenched in business processes, the management of IT infrastructure and channel related risks - even where that infrastructure supports critical supply and market activity - is less developed. Often unrecognised by the executive team, it is beholden on the IT team and in particular the IT Auditor to understand IT risk and the effectiveness of the associated controls, put in place the right programmes and to - most critically - communicate.

Shahvez David CISA, Director, SJD CONSULTING
Geraint Bermingham, Director, NAVIGATUS RISK CONSULTING

2.25

Theme: Governance - Involving the Board in your IT Governance

IT Governance, like all other areas of corporate governance, is ultimately the responsibility of the board. However members of the board often pay scant attention to current and future use of IT compared with other governance fields. This can often lead to IT governance not being aligned with overall business direction, leading to inefficiencies and lost value.
• Are boards instinctively technophobic?
• Reframing the questions from IT towards the acceptable use of IT
• Involving the board in IT risk assessment

Basil Wood, Principal Consultant, PARAGON CONSULTING GROUP LTD

3.10

Afternoon tea

3.30

PANEL DISCUSSION: IT Audit: The Auditee’s View (Panel)

Security Audits must be undertaken with an overarching view of the needs to the audited business. An audit that that doesn’t cover specific pain points the organisation may have, is less likely to be acted on and implemented. This Panel brings together IT and Audit Managers from a variety of organisations to discuss their experiences with IT audit.
• To what degree could we (and did we) address the issues the IT audit raised?
• Ensuring your auditor works well within your team and overcomes organisational barriers
• What would we do differently next time?
• What were our expectations coming in to the audit and how were they met?

Mike Clarke, CIO, SKYCITY ENTERTAINMENT GROUP
Ed Overy, Group General Manager – IT, AIR NEW ZEALAND
Richard Raj, Manager – Group Project Office & IT Services, PORTS OF AUCKLAND
Jeremy McKissack, Manager – Information Security, WESTPAC
Facilitated by: Chandan Ohri, Partner - Information Risk Management, KPMG; President, ISACA – AUCKLAND CHAPTER

4.15

Address from the Privacy Commissioner’s Office

The IT Audit, Security and Governance professional’s role also encompasses the protection of the interests of parties external to the organisation. When employing new technologies, you need to be constantly aware of how they will impact on the privacy rights of staff, customers, suppliers and the general public.
• Developing security and IT governance policies around social networking
• How to stay legally compliant and secure in the privacy arena
• Issues on what information can go into the public domain
• The IT security and governance professionals role as the guardian of data

Katrine Evans, Assistant Commissioner, OFFICE OF THE PRIVACY COMMISSION

5.00

Summary Remarks from the Chair and Close of Conference followed by Networking Drinks

Sponsors

Find out more about sponsorship opportunities for this event:

Please select a point of contact