If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2016 March Training Session - FULL DAY

When: March 2, 2016 - 0800-1630
Where: RTP HQ
Registration: Website
ISACA-RTC Members - $50 (Log in to register)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $75
All Others: $100
CPEs: Upto 8

Session I - PCI Assessment

EXECUTIVE SUMMARY: This session discusses the elements of the PCI Standards, the numerous compliance issues surrounding this area and the alternatives available to corporations.
·         Overview of the PCI DSS
·         Impact on companies
·         Achieving compliance
·         Elements of conducting a PCI Assessment
·         High-level assessment tips
·         Detailed audit protocol

Session II - Auditing Disaster Recovery / Business Resumption Planning

EXECUTIVE SUMMARY: This presentation will discuss the various components of a disaster recovery plan, the ten critical things the auditor should be considering when reviewing the plan, the different types of DR exercise approaches the auditor may encounter, and the detailed steps to follow when doing this type of audit.

·         The seven key categories within the DR plan that need to be in place and reviewed
·         The makeup of a DR Plan / Exercise
·         Audit focus points during the review
·         Risk identification and mitigation
·         Learn the benefits of doing a DR review
·         Know how Business Continuity and DR are interweaved

Session III - Crisis And Change Management - Internal Audit Involvement

EXECUTIVE SUMMARY: This session will review the implications and impacts of crisis management and organizational change management and what the internal auditor may need to do.
 •          Definition: Reputation Integrity & Crisis
•          Crisis Management Planning
•          Crisis Management Execution
•          Audit’s Role
•          Definition: Organizational Change Management
•          Impacts on the organization
•          What may be needed from Internal Audit

Session IV - Enterprise Risk Management And Internal Audit

EXECUTIVE SUMMARY: This session will review the risks associated with ERM, the interaction between ERM and Internal Audit, and how best to ensure there is alignment.
•          Definition of ERM
•          Risk Areas for ERM
•          The need for ERM
•          Obstacles for implementing ERM
•          How Internal Audit can help ERM
•          How ERM can help Internal Audit

Speaker: John Gatto

John Gatto was with Health Care Service Corporation (HCSC) in Chicago, IL from December, 2005 until his retirement in January, 2015. He was the Divisional Vice President, Audit Services and was responsible for all aspects of IT Audit for the five Blue
Cross Blue Shield Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC.

Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit. John has over 45 years of audit experience, most of it in the IT Audit arena. He is a CISA and CRISC and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations. In 2010 he was named “Educator of the Year” by the Chicago Chapter of the IIA.

In 2015, John has spoken at the Southeastern and Southwest  Intergovernmental Audit Forums, the ISACA CACS Conference and at the ISACA Chapters in South Carolina, Harrisburg, New Jersey and Central Florida.

Since retiring from HCSC, John is focusing on speaking at conferences for ISACA and  IIA chapters covering a range of topics such as PCI, BYOD, Disaster Recovery, etc.