Please feel free to notify us of Bay Area compliance events. If we have sufficient notice, we are happy to support getting the word out to our clients and community. Just email Bay Area Compliance Events
Thursday, June 9, 2011
5:30 - 6:00
Doors open, Networking and Refreshments
6:00 - 8:00
Presentation and discussion
8:00 - 8:30
Venue: eBay- 2211 North 1st St.
San Jose, CA 95131
Click here for directions.
Attendance is free to SIM and itSMF members. For non-members, there is a $15 non-refundable registration fee.
Please click here to RSVP and submit registration fee if applicable.
Alternatively, RSVP to Steve Smith or Brenda Iniguez & pay any applicable registration fee at the door.
SIM members may contact Jeff Richards if they have any problems registering.
Private or Hybrid Cloud Security
IT Service Management Panel Discussion
Don't let an "Epsilon Cloud" style Security Breach happen to you!
To help you avoid being the next bad headline we have lined up a panel of experts including:
â˘ Mike Wilson, CISO, McKesson Corporation
â˘ Richard Sinn, Principal Security Architect, eBay
â˘ Pat Heim, recent CISO, Kaiser Permanente
â˘ John Millican, former CISO, Expedia
Interactive Session Description:
â˘ Enhance your security by following known ITSM/ITIL/CobiT/ISO processes and best practices in your current IT implementation, private, and/or hybrid cloud implementations
â˘ Benefit from the pragmatic experience and learned best practices of this Panel of experts who have many years' experience successfully implementing security processes
You will leave this session with useable advice you can implement when you return to work the following day.
SIM Attendance Rules:
This is an itSMF event so there will be a $15 charge for non-members.
We have a strict 'no solicitation' policy at our events.
About the Society for Information Management:
SIM is an association of senior IT executives, prominent academicians, selected consultants, and other IT thought leaders built on the foundation of local chapters, who come together to share and enhance their rich intellectual capital for the benefits of its members and their organizations. SIM was founded in 1968. SIM membership connects you to nearly 3,000 of the world's premier IT leaders for business solution exchange, timely education and professional development. About SIM SFBay Area
April 28, 2011
eBay Town Hall
2161 N. 1st St.
San Jose, CA 95131
-5:30-6pm Networking and Refreshments
-6:00-8:00pm Presentation & Interactive Sessions
Please click here to RSVP & register.
David Cannon ITIL V3 Author
Strategic Service Management
Defining and Realizing strategies for IT Service Providers
Some of the biggest strides and competitive positioning have been the result of IT. Yet, there are few organizations that can articulate their strategy for IT services. In the future there will be two types of IT service providers â those that have a clear strategy for meeting business outcomes, and those that are going out of business (or being outsourced or replaced by some type of âcloudâ).
This presentation outlines the processes and practices that IT executives need to use to clearly identify and measure their strategic value to the organization. These areas are not new or groundbreaking, but there are very few organizations using them effectively. David Cannon has just completed the update of the ITIL service strategy book and will be sharing his perspective on why this is the case, and what can be done to change the situation.
About the Speaker: David Cannon is the global director for Strategic Service Management in HP.
David is internationally recognized as a leader in IT Service Management. He has more than 20 years of experience in IT Service Management and is a Fellow of the Institute of Service Management.
He has provided training and consulting services to virtually every industry sector and at every level of management. He was a key figure in establishing the IT Service Management industry in South Africa and the USA. He was the founder of the itSMF South Africa, and a founder and director of the itSMF International in 1996. He was president of the itSMF USA in 2008 and is currently chairman of the itSMF International Executive Board.
David co-authored the Service Operation book for ITIL v3, and is the author for Service Strategy in the ITIL v3 update.
Click here for more information about itSMF SF Bay Area.
Click here for more information about SIM SF Bay Area.
May 12-15, 2010 ISACA Spring Training
Navarasu Dhanasekar is Senior Manager IT Services at SOAProjects. He has over 14 years of experience in information systems audit and assurance, enterprise and IT risk assessments, information security, ERP implementations, data analytics, internal audits, operational audits, financial audits and business process studies. His prior experience includes working in the Technology and Security Risk Services (TSRS) practice at E&Y. He holds a Bachelorâs Degree in Science and is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and BS7799 (Implementer).
Tuesday, April 27, 2010, 6:00 PM to 9:00 PM ASWA 103 April Member Meeting
Hosted by ASWA -
Biltmore Hotel and Suites -
2151 Laurelwood Rd, Santa Clara, CA
Speaker: MANPREET GROVER, CPA
Topic: FRAUD CONSIDERATIONS IN FINANCIAL STATEMENTS
Manpreet is a Managing Partner at SOAProjects, Inc., which is one of the fastest growing accounting firms in Northern California. The Business Journal recently ranked SOAProjects 10th out of the Bay Area's top 25 accounting firms. Manpreet has clients in the high tech, software, bio-tech and financial services industries.
Manpreet's presentation will cover the Fraud Triangle, Misappropriation of Assets and Fraud Audit Procedures. We look forward to having the opportunity to have Manpreet share her expertise in the challenging areas of fraud detection and prevention.
Thursday, May 13, 2010, SOAProjects sponsors The Association for Corporate Growth (ACG)
As the CEO of MetricStream, a Silicon Valley-based, governance, risk, compliance and quality Software Company that enables corporations to comply with rules, regulations and mandates such as Enterprise Risk Management and Sarbanes-Oxley, Ms. Archambeau has grown the company into a global market leader.Â MetricStream has been recognized for growth and innovation over the years and was recently named in the top 10 of the "Deloitte Technology Fast 50".Â Â In 2008 and 2009 MetricStream was named a global leader in Governance, Risk and Compliance by Forrester Research and Gartner. Ms. Archambeau has over 25 years of experience in technology leading organizations focused onÂ business to business as well as business to consumer.Â She is a recognized expert in marketing and co-authored, Marketing That Works: How Entrepreneurial Marketing Can Add Sustainable Profits to Any Sized Company.Â She has held Chief Marketing Officer roles for two public companies and as President of Blockbuster.com, launched the entertainment retailerâs online presence. (more)Â RSVP or for more information e-mail: firstname.lastname@example.org
Non Member Registration
Other/ACG Chapter Members Registration
ACGSV Member Registration (must login to register)
Fremont Hills Country Club
12889 Viscaino Place
Los Altos, CA
Tuesday, March 30, 2010, Going Public or Staying Private: Successful Capital Raising Strategies for Growth Companies
Startups typically become established as private entities using capital from the owners or outside investors, cash generated from the business, and bank loans. When the company's growth requires more capital than these sources can offer, CFOs need to consider the merits of raising money privately vs the public equity markets. This can be especially tricky when faced with a just recovering IPO investment climate.
Topics to include:
- What benchmarks indicate it may be time to go public? What business segments are most attractive to investors now? What are they looking for in terms of risk and return?
- What are the obvious and hidden costs of going public?
- How expensive are late stage private venture rounds? Should M&A be considered a viable exit? What are the merits of "dual tracking" an M&A/IPO exit strategy?
Tom Kellerman | Managing Partner and Co-Chair of the Emerging Business & Technology Practice,
Morgan, Lewis & Bockius
Ken Goldman | CFO of Fortinet
Peter Kelly | Co-Founder and CFO of OPENLANE
Eric A. McAfee | Chairman & CEO of AE Biofuels
Chris McCabe | Managing Director and Global Head of Clean Technology & Renewables at Piper Jaffray
Sorry we missed you at March 25-26, 2010, ISACA Silicon Valley 2-Day Spring Conference, Beyond Checkbox Compliance -- Audit and Accountability
The past year has taught us that regulatory compliance is not enough. The Heartland data breach occurred even though the company was PCI compliant, and the Madoff Ponzi scheme occurred even though Madoff's company was investigated multiple times by the SEC and other regulatory authorities. How do we move beyond checkbox compliance to truly address the risks?
Our 2-day 2010 Spring Conference, Beyond Checkbox Compliance â Audit and Accountability, will be held March 25-26, 2010 at the Computer History Museum in Mountain View. The conference will cover a mix of audit, security, governance and compliance tracks. Here is a sneak peek at some of the exciting presentations, panels and speakers at our upcoming conference.
Here's a highlight:
Session 4: GRC â Real World Use Case
Abstract:All industry GRC tools are in their adolescence, with obvious maturation ahead. An overall understanding of enterprise risk and the relationship to the organizationâs structure, data streams, financial, operational, and IT processes, and compliance requirements is important to ensure configuration that does not require extensive rebuilding or re-work in the future. How do we deliver necessary guidance and structure to prevent teams from travelling down unrecoverable and inefficient paths? What are the steps that best leverage each technology for its core strength, rather than treating GRC as a panacea?
Over the last several months, the industry has seen a dramatic shift from disparate compliance initiatives to shared enterprise initiatives. Key differentiators in recent projects are the collaborative efforts of stakeholders across business, finance and IT. Even more noteworthy are the evolving dashboards and risk models, taking into account metrics across a Unified Control Framework, and integrating risk ratings from the smallest device to the largest shareholder milestone.
This session will offer a real world use case, offering potential reasons for recent success, where lessons learned are now resulting in rapid GRC deployments.
Sample discussion will include specific examples from RSAâs latest product acquisition, ARCHER, and will demonstrate how this GRC is leveraging integrated technologies such as Application Securityâs DBProtect.
The case study will look at Policy, Baselines, Threat and Vulnerability Management and Exception Management, using multiple regulatory contexts and considering various domains of management.
â˘ History: Architecting of governance frameworks and related policies, risks, controls, and compliance
â˘ How GRC Applications integrate multiple risk frameworks
â˘ Samples of working with enterprise tool configuration and data population
â˘ Policy drafting and alignment both with and without GRC
â˘ Challenges and Solutions for the performance of risk assessments across the enterprise, including IT
â˘ Ability to leverage CMDB and data feeds to link assets and risks
â˘ Mapping compliance frameworks and requirements, including SOX, PCI, ISO 27001, HIPAA â whoâs getting it right?
â˘ Working across the enterprise to align objectives and normalize compliance requirements
â˘ And last, Is GRC an Auditing Tool?: How GRC is now Identifying and testing the effectiveness of operational and financial controls
Thursday, March 18, 2010, New Accounting Landscape for
Silicon Valley Bank and SOAProjects invite you to join us for a panel discussion about the impact of new accounting rules for revenue recognition, with emphasis on hardware and software technology companies.
Edwin Hormozian, Audit Partner, Deloitte & Touche LLP
Chris Smith, Accounting Advisory Partner, PricewaterhouseCoopers
Previn Waas, Audit Senior Manager, Deloitte & Touche LLP
Larry Vertin, Senior Director of Revenue, Network Appliance
Faisal Jeddy, Partner, SOAProjects, Inc.
Our expert panelists will answer key questions, such as:
- Who is most impacted by the new accounting rules for revenue recognition?
- What are some of the issues that early adopters are facing for these new rules?
- What resources are needed to implement the changes?
- What is Best Estimate of Selling Price and how will companies determine it?
- What will your audit teams look for?
This event is ideal for CFOs, Controllers, Revenue Managers and those in public accounting who will experience a significant change in how revenue is recognized for their companies and clients. Our panelists will provide hands-on knowledge of the accounting and reporting impact and how to get through the implementation of the new accounting rules.
Thursday, March 18, 2010
7:30 a.m. Registration, Continental Breakfast and Networking
8:00 â 10:00 a.m. Panel and Q&A
Silicon Valley Bank
3005 Tasman Drive
Santa Clara, CA
RSVP by Tuesday, March 16, to Carrie Hicks at 408.654.6225 or email@example.com. There is no charge for this event and is open to our clients, contacts and friends
Thursday, February 18, 2010, ISACA Silicon Valley Monthly Meeting,
And Membership Drive Presentation: âEmerging technology, audit, compliance and control: An immovable object meets an unstoppable forceâ
In todayâs rapidly changing technology climate, it is essential that the audit, control and compliance community keep pace with whatâs going on in the evolving infrastructures they audit and support and on developing trends that are being aggressively pitched to their C-level executives and business units. Sean will cover three emerging areas that are changing the face of information technology: anywhere access, cloud computing and the consumerization of IT and frame discussions around audit and compliance for the three of them. Engage in a collaborative dialogue around some of these initiatives in your organization and your peerâs organizations to become part of the decision making process in your organization and get on the train instead of getting run over by it.
Speaker Sean Lewis, CISA, CISM, CGEIT is presently serving as Regional Security Advisor for Microsoft North America, focusing on relationship management with CSO/CISOs at some of Microsoftâs largest and most strategic customers and partners. Sean has held a number of technical leadership positions in global organizations, including as Security Architect for Microsoft Consulting Servicesâ Security Center of Excellence and Lead Consultant for the Southwestern United States in Verisignâs Global Security Consulting practice. Sean has more than 6 years of experience in the Information Security industry geographically oriented in Southern California, previously holding positions such as Information Security Manager for a large healthcare provider (Sharp Healthcare) and Principal Network Architect for a large B2B/B2G clearinghouse. At Sharp, Seanâs workload was divided between administrative components such as policy development, regulatory compliance roadmap construction and strategic oversight of information security program implementation and technical components such as penetration testing, security architecture and information assurance certification and accreditation of numerous third party devices for use in a high security patient care environment. Seanâs current interests include biomedical equipment hardening and security profiling, risk tree mapping and utilization of information assurance and security engineering practices in the private sector. Sean also served as the Technical Advisory Board member for Network Vigilance Incorporated, providing guidance and oversight and specializing in network security research and threat mitigation technology.
February 15, 2010 in San Francisco, LES USA and Canada
LES USA and Canada is pleased to be working with INFORMEX, the leading meeting place for buyers and sellers of high-value chemistry, to present the PDS 100 course, Commercializing Technology through the Power of IP Licensing, February 15, 2010 in San Francisco. The course will take place immediately preceding the Informex conference, which begins Tuesday, February 16.
The PDS 100 program, presented by two experienced instructors, will provide an overview of the key elements in technology commercialization, including the forms of IP protection, how to determine reasonable royalty rates and deal terms, the most effective valuation methods, finding a partner for your technology, negotiation best practices, and managing risk. Using a case study and hands-on activities, this program is designed for people with little or no prior licensing experience.
Instructors for the February course are:
Brad DeSandro, Patent Attorney, Quarles & Brady LLP
Kaushik Raha, Director, Business Risk Services, SOAProjects Inc.
For more details on the course, visit www.leseducation.org.
January 13th, 2010, IIA San Jose Chapter, New Revenue Recognition Rules
Date - Wednesday, January 13th, 2010
Time - 11:30 AM to 2:00 PM
Venue - Santa Clara Biltmore, 2151 Laurelwood Rd.(Montague Expy at 101), Santa Clara
January 14, 2010, OWASP Bay Area Chapter Meetup
Date - Thursday, January 14, 2010
Time - 4:00 â 8:00pm
Venue - Santa Clara Hilton, Tahoe Room, 4949 Great America Parkway, Santa Clara, CA 95054
RSVP to firstname.lastname@example.org
January 19, 2010, ISSA Silicon Valley Chapter Monthly Meeting
Topic - Security Trends 2010
Date - Tuesday, January 19, 2010
Venue - Sun Auditorium, Sun Microsystems Santa Clara Campus, Bldg 3
February 18th, 2010, San Franciso Bay Area InfraGard Chapter - Winter 2010 Quarterly Meeting
Topic - Introduction & overview to the new DoD Cyber Command and why it is important to national security and your company
Date - Thursday, Feb 18, 2010
Time - 9AM - Noon
Venue - HP,3000 Hanover St., Palo Alto, CA 94304-1112
Leveraging New Smart Document Technology to Maximize Audit & Compliance Performance in 2010, Join us for a Webinar on December 22nd
REPLAY WEBINAR NOW
Speaker:Dr. David Yavin, Ph.D., President, KCS North America
Dr. David Yavin,
An accomplished entrepreneur and executive with over 15 years' experience in enterprise software/services and related fields, Dr. Yavin was the co-founder and CEO of DYS Analytics (now Permessa). Prior to joining KCS, he worked with early stage companies providing strategy consulting, business development and fund raising. Through his efforts, he has helped several Israeli tech companies expand into the US market. Earlier in his career, Dr. Yavin was a professor of Mathematics. He holds a Ph.D. from MIT in the fields of Topology and Combinatorics.
5 Reasons why you will want to attend this webinar:
1. Youâre challenged with managing the wide range of information associated with your audit and compliance-related projects - regulations, risks, controls, audit findings, evidence etc., and would like a simpler solution.
2. You spend too much time chasing auditees and process owners to get responses to findings or updates to controls.
3. Your company wastes money through unintended and/or unnecessary duplication of testing efforts in complying with multiple regulations and/or initiatives.
4. You wish there was an easier way to manage, track, report, schedule and execute your Risk Assessment and audit plan.
5. Your current existing audit/compliance tools arenât fully utilized or simply inefficient or ineffective.
If any of the above describe you or your company, you will absolutely want to join us for this complimentary webinar where you will see how companies are eliminating these and other issues and how you can too.
The Problem - Dedicated point solutions in the market target specific aspects of Governance Risk and Compliance (GRC) like Internal Audit, SOX, HIPAA, etc. But each one has a unique and often prohibitively complex user interface and users are loath to leave their natural working environment causing most of these solutions to end up unused and the compliance challenges unresolved.
The Solution - KCS Generica Pro brings end-to-end GRC management into your natural working environment. Create, connect and link risks, controls, findings, responses, action plans, etc., all within your native applications, including MicrosoftÂŽ Office (Word, Excel, PowerPoint), PDFs, Microsoft OutlookÂŽ and Lotus NotesÂŽ.
Register Early! SOAProjects recognizes the need to develop and expand existing IT Audit methodologies, such as CobiT, ValIT, ITIL and areas of COSO to include Environtal, Product, Office and Building compliance reviews.
The Association of Certified Green Technology Auditorsâ˘ (The ACGTA) is a global professional audit association representing individuals who areaddressing Sustainability, Alternative Energy and Climate Change risks within the corporate business and industry sectors. The organization's network of Global professionals is growing daily on the LinkedIn.com community forum. As the world seeks to become sustainable, combat Climate Change and embrace the emerging Alternative Energy economy, the organization will be formally releasing its website and trademarked professional programs in early in 2010. You can connect with the ACGTA at the following link: http://www.linkedin.com/
Thursday, December 17, 2009, ISACA Silicon Valley Monthly Meeting (Special Holiday Edition)
Presentation: Practical Security Guidance from Symantec
Since our audience will be much broader than our typical IT audit executives and consultants, our exciting, highly knowledgeable, and entertaining speaker from Symantec will tailor this presentation to cover relevant security details to educate the typical audience, along with anyone else who has ever used a computer or cell phone.
Speaker Dale "Dr. Z" Zabriskie currently serves as Principal Technologist for Symantec Corporationâs Global Solutions organization. As an evangelist for the company, Dale engages C-level executives in discussions focusing on Symantecâs technology, strategy and vision as a global leader in infrastructure software. His ability to relate both technically and conceptually in an authoritative yet entertaining style is born out of his 30 years of career experience in technology, regulatory compliance, research and development, manufacturing, and sales. Dale regularly conducts corporate presentations and internal training throughout the Americas, Europe and Asia Pacific.
Entertainment: Dance Attack
This holiday season will be extra special if youâre there to catch these amazing dancers. The Bay Area is fortunate to have some of the top dancers in the world and many of the dancers you see on TV and Broadway shows got their start right here. See tomorrowâs future stars in action. These amazing school age kids always put on quite a show of creative choreography, color, and skill. And theyâll be there with their parents and siblings, so feel free to invite your family and friends to attend as well and eliminate worrying that you need to miss this month to spend time attending family events. We hope youâll register to attend as soon as possible as seating is limited.
December 11, 2009 (Friday), IMA Peninsula Chapter and the San Jose Chapter of ACFE, are hosting their Joint Conference. "2009 Fraud and Compliance Forum" All registrations are processed through http://www.acfesanjose.org/confregistration.html
Location - Ebay Conference Center; 2211 North First Street, San Jose, CA 95131
2009 Fraud and Compliance Forum is dedicated to offering the most dynamic and inclusive conference to keep you abreast of the latest advances in your profession. Experience state-of-the-art practices and strategies and discuss the latest developments, emerging technologies in the industry and practices as well as approaches to complex issues. Whether you are an experienced professional searching for answers to complex issues, or are new to the field and need to address more basic challenges, 2009 Fraud and Compliance Forum will provide you with the knowledge and skills to meet your professional future with confidence and assurance.
Explore the wide variety of sessions designed to meet your needs your way. Note the phenominal line up of speaker on the conference agenda http://www.acfesanjose.org/confschedule.html
SOAProjects is a recognized Consulting and CPA firm (2008 Bay Area rank - 11), specialized to provide advisory services in the fields of technical accounting, IT consulting, internal audit and SOX compliance, business process optimization, contract risk management, channel management, license compliance, royalty audits, distribution audits, FCPA compliance and fraud investigations. The Company's head-office is based in Mountain View, California with other offices located in Irvine, New York, Atlanta, Canada, Israel, China, Hong Kong, Japan, Singapore, United Kingdom, India and Vietnam.Our differentiator in the market is to offer our clients the highest quality service through highly experienced and knowledgeable professionals at highly competitive rates. Our clients range from multi-billion dollar public companies to pre-revenue start-ups.
More ideas for GRC Training... have you heard about OCEG and Red Book (V2)?
December 14-15, 2009 8AM-5PM, GRC Strategy & Red Book 2.0 Bootcamp, San Jose, California <Download Bootcamp Brochure> Join Corporate Integrity, LLC, one of the contributors to the OCEG Red Book 2.0, in a two-day basic training exercise in GRC Strategy and Red Book 2. Attendees will receive value in understanding GRC and defining a GRC strategy that aligns to OCEG™ Red Book 2. This bootcamp is authorized and endorsed by OCEG. The objective of this bootcamp is to provide attendees with the knowledge and hands-on practice necessary to efficiently design a GRC program based on Red Book 2. Attendees will learn about defining a GRC Strategy aligned with Red Book 2 through lectures and practical group interaction, discussions, and exercises.
December 16, 2009 8AM-5PM, Developing Your GRC Technology Enablement/Improvement Bootcamp, San Jose, California
< Download Bootcamp Brochure> GRC IT Blueprint & Roadmap, in a one-day basic training exercise in developing GRC IT technology architecture and strategy. Attendees will receive value in understanding technology enablement of GRC and developing a GRC technology strategy that delivers sustainability, consistency, accountability, efficiency (cost-savings), and transparency across the organizationćŻ risk and compliance initiatives. This bootcamp is authorized and endorsed by OCEG
More on Red Book 2 and Principled Performance?
Although various standards and guidance frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG Red Book (v2) and its GRC Capability Model? is the only one that provides comprehensive and detailed practices for an integrated and collaborative approach to GRC. These practices address the many elements that make up a complete GRC business architecture. Applying the elements of the GRC Capability Model? and the practices within them enable an organization to:
- Achieve business objectives
- Enhance organizational culture
- Increase stakeholder confidence
- Prepare and protect the organization
- Prevent, detect and reduce adversity
- Motivate and inspire desired conduct
- Improve responsiveness and efficiency
- Optimize economic and social value
The GRC Capability Model describes key elements of an effective GRC architecture that integrate the principles of good corporate governance, risk management, compliance, ethics and internal control. It provides a comprehensive guide for anyone implementing and managing a GRC system or some aspect of that system. The OCEG GRC Capability Model? is broken into eight components:
- CULTURE & CONTEXT. Understand the current culture and the internal and external business contexts in which the organization operates, so that the GRC system can address current realities and identify opportunities to affect the context to be more congruent with desired organizational outcomes.
- ORGANIZE & OVERSEE. Organize and oversee the GRC system so that it is integrated with and when appropriate modifies, the existing operating model of the business and assign to management specific responsibility, decision-making authority, and accountability to achieve system goals.
- ASSESS & ALIGN. Asses risks and optimize the organizational risk profile with a portfolio of initiatives, tactics, and activities.
- PREVENT & PROMOTE. Promote and motivate desirable conduct, and prevent undesirable events and activities, using a mix of controls and incentives.
- DETECT & DISCERN. Detect actual and potential undesirable conduct, events, GRC system weaknesses, and stakeholder concerns using a broad network of information gathering and analysis techniques.
- RESPOND & RESOLVE. Respond to and recover from noncompliance and unethical conduct events, or GRC system failures, so that the organization resolves each immediate issue and prevent or resolve similar issues more effectively and efficiently in the future.
- MONITOR & MEASURE. Monitor, measure and modify the GRC system on a periodic and ongoing basis to ensure it contributes to business objectives while being effective, efficient and responsive to the changing environment.
- INFORM & INTEGRATE. Capture, document and manage GRC information so that it efficiently and accurately flows up, down and across the extended enterprise, and to external stakeholders.
April 23, 2009 - 2009 Joint Conference - IIA San Jose & San Francisco Chapters,Â "A New Economic Reality"
âThe Internal Auditor of the Futureâ
Organizations are facing unprecedented risks today that provide
the Internal Audit profession the opportunity to step forward and
demonstrate leadership in risk management, control and
governance. Patty will discuss trends and expectations for the
profession and the evolutionary role of the future Internal
Patty Miller, Chairman of the Global Board of IIA
âThe New Economy: Trends and Scenariosâ
All eyes are focused on the economy these days. But itâs
important to look ahead â the downturn and the overall business
environment will continue to evolve. Dwight will share near and
mid-term economic and business environment scenarios to
provide a perspective and frame of reference for risk
management in FY10 and beyond.
Dwight Allen, Director and Global Economist, Deloitte &
Panel Discussion- âBalancing internal audit responsibilities
Budget cuts and personnel reductions are a fact of life for many
internal audit organizations and professional service firms. The
panel will discuss the various strategies that can be applied to
strike the balance between internal audit charter and available
Tom Austin (moderator), VP Head of Global Internal Audit,
John Beeler, SVP Internal Audit, Salesforce.com
John Peters, Director of Internal Audit, Silicon Valley Bank
Philip Roush, VP Internal Control Services, Cisco Systems,
Panel Discussion- âSharpening your internal audit skills:
Career Success in the New Economyâ
Compliance, finance and technology executives from four well
known Bay Area companies will share their perspectives about
career growth and development for the IA professional and the
skills required to succeed in the new economy.
Chris Cimino (moderator), Partner, KPMG and President of IIA San Francisco Chapter
Mike Byron, VP & Corporate Controller, NVIDIA Corp.
Joe Cooney, VP Internal Audit, Juniper Networks and
President of the San Jose IIA Chapter
Michael Sullivan, VP, Information Security Officer of United
Julia Wyckoff, VP, Chief Internal Auditor at Gap Inc.
March 19th, 2009 IMA and ASWA proudly invite you to a joint meeting and Panel Discussion:
Business And Personal Strategies During Challenging Times: Recommendations from Female Executives in a moderated Forum
March 19th, 2009 - Registration 6:30 PM, with dinner and panel discussion to follow. Venue is The Domain Hotel 1085 East El Camino Real, Sunnyvale, CA 94087 <Print the session handout here>
This session provides three (3) Continuing Professional Education Hours
Business And Personal Strategies During Challenging Times- An in-depth discussion and recommendations from three female executives in a moderated forum.
We all see the catastrophic economic meltdown and expect a long winter ahead. Many of us have lost jobs and hopes for career growth. What should we do?
Amidst endless chatter of gloom and doom, it is critical for business owners and financial managers to stay the course. Companies must continue to look for more than a survival strategy, to include real plans to achieve growth.Â It is a time to revise our business plans and redefine processes. This same strategy applies to all working professionals who run their careers as a business. They should re-evaluate, re-plan and redefine current daily tasks to be more competitive.Â We must position ourselves not only to win when the market turns around, but to even turn the market ourselves. What we do today defines what we become tomorrow. Transformation carries through each day with the simple decision to do things differently and strategically.
By attending this session you will learn:
From a business strategy perspective
- Understand the need of new laws and technologies that must be staffed, developed, and managed across the next two years.
- Importance and key factors of cloud technology, environmental audit, green accounting, data center and virtualization, thin client technologies that will be required because they actually satisfy requirements to lower GHG emissions, organizational hiring and firing evaluation for assurance of fair practice in compensation and staffing.
- Define and discuss the need for effective financial management in down cycles.
- The art of effective balance sheet management and the important role it plays in obtaining financing in tight credit markets
- Learn the key elements of conservative working capital management and the tools required to measure liquidity and solvency
- The points of view through which stakeholders, investors, and creditors view different types of businesses during economic downturns and what can be done to shore up confidence
From a personal strategy perspective
- Understand who we are today. Log your activities for a whole week and classify your activities into short- term and long-term.
- Log your time again one week per month, map your actual activities to your goal, measure the results and make it part of your routine.
Define yourself, start the transformation process today, and you will become the new person you are wishing to be in the near future.
Susan Finch is a founding director of The Winters Group, a finance and economic consulting firm which provides outsourced CFO, Controllership and Management Accounting services to established and start up businesses. Additionally she is a founding member of Forensic Financial Associates, LLC, a firm which provides business valuations, litigation consultation, and mergers and acquisitions. With over 25 years of experience in corporate finance and management, and over ten years of experience as a financial and economic consultant, Susan is also a Certified Forensic Financial Analyst as awarded by the National Association of Certified Valuation Analysts, and testifies as an expert witness on matters pertaining to economic loss analysis as it pertains to breach of contract and tort cases. Susan earned a Bachelor's Degree in Economics and a Master of Science Degree in Applied Economics and Finance from the University of California, Santa Cruz. She also earned an MBA in Finance and Accounting from Regis University and is a member of the Board of Councilors for the Social Sciences Division of the University of California, Santa Cruz
Elizabeth Xu is the Senior Vice President of Product Development and World Wide Support for Vitria Technology. She currently is responsible for Vitria's Product Development, Product Management, World Wide Customer Support, Education and IT Operation. Elizabeth started her career as a Software Engineer at IBM. She was promoted to project manager and then manager within two years of service. She launched the IBM Asian American Network with three IBM Asian Executive sponsors. IBM provided her with solid management skills and leadership training. Elizabeth joined Vitria in 2000 as an Engineering Manager. She has been promoted to Sr. Manager, Director, Senior Director, VP of Engineering and Sr. VP of Product Development in the last 8 years, her responsibilities expanded from Engineering to Professional Services, Customer Support, Education, Product Management and IT. Since she became the VP of Engineering, Elizabeth has been devoted to developing and growing leaders at Vitria through a weekly leadership training program. In the last few years, Elizabeth has expanded her efforts in elevating leadership skills in the Asian community by teaching in-depth leadership classes as well as making presentations to different Asian community organizations and alumni groups. Her well-received presentation" Ten Steps to a Successful Career" provides building blocks for individuals who pursue meaningful careers. Elizabeth holds a Ph.D in Atmospheric Science and an M.S..in Computer Sciences from the University of Nevada, Reno. She has earned an M.S. in Atmospheric Science and B.S. in Space Physics from Peking University
Robin Basham Directs the Enterprise Technology Governance Risk and Compliance, and Green Initiatives practice at SOAProjects, implementing a 4 Point GRC and assuring alignment with Federal, National and International regulatory requirements. With expertise in ERP applications, data center control analysis, regulatory requirements, IT best practice, Sarbanes-Oxley Section 302 and 404 attestation, Security, and Business Continuity, Robin supplies policy, tools and strategy to mitigate risk associated with business interruption. Robin maintains active involvement in the advancement of audit methodology by way of technical committee and advisory role with OMG, OASIS, ITGI, ITSMF and acts as a liaison for ISACA, working to address Control Objectives for Sustainable Business. Prior to joining SOAProjects, Robin founded Phoenix Business & Systems Process, where she established strategy, tools, program, and process architecture, producing audit evidence for more than a dozen fortune five hundred companies. Robinâs teams prior and since joining SOAProjects have earn 100% audit success, with attestation to non-qualified controls by four of the âbig four. Robinâs facility in providing open source compliance models allow clients to collaboratively develop long term SOX 404 solutions, while monitoring corrective action plans with remediation across all significant gaps before audit deadlines.
Tania Adams, Deloitte, has over 10 years of experience in business process analysis, financial management and system operations and maintenance. She specializes in Governance, Risk, and Compliance (GRC) solutions as well as the design and implementation of business process controls, data integrity, and security for ERP and Custom Application Systems. She has designed and developed business process controls and security for a variety of ERP and Custom Application Systems. Tania was the co-founder and co-led the Deloitte Segregation of Duties Center of Excellence (SOD COE). The SOD COE developed processes and tools to deliver SOD services for ERP and non-ERP systems to our clients. Tania has assisted clients to meet compliance related requirements for Sarbanes Oxley Section 404. Her system experience includes SAP, Oracle, PeopleSoft, JDE and Custom Applications.
Moderating the Panel - Sudha Chadalavada has over 15 years of experience in auditing and finance and currently employed at Nanometrics as SEC Reporting Manger and the chapter president of IMA Silicon Valley. During her tenure as the chapter president of Silicon Valley Chapter of ISACA, Sudha has conducted three major bay area conferences. The Joint conference with IIA San Jose chapter founded by Sudha Chadalavada is conducted during the fall for four years which gathers close to 200 attendees. Sudha has revived the ISACA Silicon Valley chapterâs Spring Conference and also is the founder of Silicon Valley Chapterâs winter conference that completed its two yearâs anniversary this January. Sudhaâs one of the long standing vision is to conduct a joint conference with multiple bay area associations to congregate professionals from various backgrounds and careers to inter-exchange ideas, views and knowledge.
Contact: Sudha@pacbell.net or call at (408) 410-6148.
For more information, please register at
Too Bad We Just Missed You...
... Get your event listed early by contacting
2009 WINTER CONFERENCE -
FEBRUARY 25, 26 & 27, EBAY TOWN HALL, SAN JOSE
Location - eBay Town Hall -
2161 North First Street -
San Jose, CA 95131
Click here for directions
Joanne McNabb, the Chief Privacy Officer of the State of California (http://www.oispp.ca.gov/default.asp), will discuss new updates to the breach notification act, and new information protection requirements coming out of Sacramento.
Brijen Joshi, CA and CISA, is a Senior Audit Manager, IT Applications, with Juniper Networks where he is currently responsible for designing controls in their new CRM and ERP implementations. His presentation is titled, 'Designing Controls for a new ERP implementation'.Â Mr. Joshi has over 16 years of combined experience in ERP implementations, Financial Audit and IT Risk Advisory. Before joining Juniper, Mr. Joshi worked with PricewaterhouseCoopers and Ernst & Young in various capacities ranging from Financial Auditor, ERP Consulting to IT Risk Advisory.
Abe Smith, President at MSH Consultants, Inc, will present on "High Tech Crimes and Working with Law Enforcement".Â Prior to his current position, Mr. Smith was a Consultant at Checkpoint, CISO at Bay Area CSO Council, and CISO at Xilinx.Â He has been in the Information Technology industry for 26 years, has been a consultant for 18 years, and has focused fulltime in the Information Security area since 1994.Â He has built Information Security organizations from scratch for Pacific Bell Network Integration (now a part of ATT), Synopsys, and Xilinx.Â He has consulted and evangelized Information Security internationally, and taught CheckPoint firewall technology to many of his clients.
Eddie Borrero, CISSP, MCSE, CCNP (etc.), is the acting-CISO at Robert Half. Mr. Borrero's topic is "Securing More with Less - Surviving the Downturn" and he will discuss real case studies he's seen at work.Â Mr. Borrero has over 10 years of industry experience designing and implementing technology and security solutions in all areas of information technology.
Trey Ford, CISSP, MSSE, SSNA, PCI Qualified Data Security Professional, is the Director of Solutions Architecture at WhiteHat Security, and will be presenting, "Making a Living the Black Hat Way - Logic Attacks".Â Mr. Ford provides strategic guidance to WhiteHat customers and prospects on their website security programs. He also spearheads WhiteHat's participation in the PCI Standards Council.Â Prior to WhiteHat, he was the Compliance Practice Lead at FishNet Security, an information security services provider based in Kansas City. Mr. Ford also founded and operated Eclectix, a technology consultancy. He has been tapped as an industry resource for publications such as SC Magazine and The Tech Herald.
Jonathan Cran, CISSP, will be teaching "Penetration Testing 101: Becoming the Attacker".Â This course will provide the student with an opportunity to learn the ways of a malicious attacker. During the course, the student will be exposed to methods and techniques which are used to exploit a network and obtain access to data. The student will learn how these methods and techniques can be applied in real-life situations, whether during an audit, or as part of a penetration test.Â The course will be tailored to the ISACA audience, and will provide the student with advice and insight on how to best utilize the techniques to secure information assets. Without understanding the threat, how can you protect against it?Â
The course will cover the following topics:
- Methodologies & Practice - Determining scope and what to attack
- Threat Modeling & Threat Trees - Focusing and explaining an attack
- Reconnaissance - How to gather targets
- Enumeration - How to determine weaknesses in targets
- Exploitation - How to exploit weaknesses in targets
- User-Exploitation - How to exploit weaknesses in human targets
- Post-Exploitation - What can be done after targets have been exploited?
Mr. Cran is a security consultant and senior penetration tester with the Boston-based infosec firm, Rapid7. He has been with Rapid7 for two years and specializes in network penetration testing and web application assessment. In previous lives, he was a .NET developer, network administrator, and farmer (short-lived).Â He is an active member of the security community and involved in a number of local security groups. In his spare time, he enjoys producing music and replacing his work with small shell scripts. He runs a blog at http://www.0x0e.org.
Mark S. Kadrich, CISSP, will be teaching our all-day Incident Response Class.Â Mr. Kadrich is presently President and CEO of The Security Consortium, whose mission is to provide security testing, research, counsel, and leadership to their customers.Â His book Endpoint Security (Addison Wesley) is available now.Â Prior to TSC, Mr. Kadrich held senior positions at Symantec, Sygate Technologies and Counterpane Internet Security.
Robin Basham M.Ed, M.IT, CISA, ITSM, will be teaching our COBIT Awareness course.Â Ms. Basham is SOAProjects Director, Enterprise Governance Risk & Compliance, is recognized as an ICT Enterprise and GRC expert. She currently assists SOAProjects clients in Green Tech initiatives. Ms. Basham's Certifications include ITIL, CobiT, Networking, Java Enterprise, Information Audit and Security and most is recently a CGEIT candidate. Technical Advisory, Executive leadership and Steering Committees include ISACA, OASIS, OMG, and AWC. She is also a founding member for Control Objectives for Sustainable Business, COSB. Ms. Basham created Facilitated Compliance Management software and is the sole owner of Phoenix Business and Systems Process.
SOAProjects provides an interactive learning experience where participants learn about COBITÂŽ IT control framework and how COBITÂŽ addresses IT Challenges. This half day session provides an overview of the COBITÂŽ Framework, some detail of COBITÂŽ Components and a brief summary of COBITÂŽ Resources. This course will assist the learner to identify if CobiT Foundation certification is an appropriate path for their needs and how to become a CobiT Practitioner. It is an introduction level course and assumes no previous knowledge. SOAProjects also offers onsite 2 day CobiT Foundation and Intermediate and Advanced Governance trainings.
Bryan Kissinger and Tracy Stiba, both of PricewaterhouseCoopers, will be teaching the SAS 70 course.Â Dr. Kissinger is the author of "Alignment of IT and the Business", and spoke to us at our 2007 Joint Fall Conference (see http://www.isaca-sv.org/FallJointConferenceBrochure2007.pdf, p.5).Â
We have confirmation from three attorneys to present the Mock Fraud
JANUARY 22nd and 23rd Knowledge Synergized 2009 Conference
Knowledge Synergized is dedicated to offering the most dynamic and inclusive conference to keep you abreast of the latest advances in your profession. Experience and discuss; state-of-the-art practices, strategies, and developments in emerging technologies in the industry and practices as well as approaches to complex issues.
Conference educational sponsors include
- Association of Certified Fraud Examiners (ACFE)
- California Society of Certified Public Accountants (CalCPA)
- The Institute of Management Accountants (IMA)
- The Information Systems Security Association (ISSA)
- American Society of Women Accountants (ASWA)
Audit: This track features sessions on new and emerging techniques, methodologies and best practices in External Audit, Internal Audit and IT Audit.
Information Security: This track include sessions on the latest information security topics, provides insight into security risk management, methodologies and protection measures.
Finance: This track offers comprehensive coverage of topics relevant to finance professional including Income taxes, cost and budgeting as well as FASB and SEC updates.
Fraud: This track provides opportunities for you to gain valuable anti-fraud knowledge and techniques and insights into todayâs fraud profession.
Leadership: This track provides solid leadership tools and techniques and helps you in a significant way to influence people to get work done.
Unmatched Networking Opportunities
Knowledge Synergized offers unparalleled networking opportunities. From receptions, networking breaks, through discussion lunches and the evening social, you will have plenty of time to share the best practices and learn from other industry professionals and network with an unmatched group of experienced peers and increase your personal ROI and influence.
Continuing Professional Education
Knowledge Synergized offers sessions that would meet your CPE requirements. This two day multi-track event provides fourteen CPE hours at the most affordable cost.
SOAProjects is represented by Jay Swaninathan, Alan Chipman and Robin Basham
Jay Swaminathan is a manager in the IT practice of SOAProjects. Jay as part SOAProjectsâ Oracle practice collaborates with his clients to efficiently leverage Oracle applications. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young.
Robin Basham leads the Enterprise Technology Governance Risk and Compliance practice. Moving beyond Financial controls and SOX 404, Robinâs teams implement a 4 Point GRC. These solutions streamline and reduce the total number of enterprise key controls while assuring alignment with Federal...
Alan Chipman, Senior Director of IT Consulting and Risk Management, joined SOAProjects after nineteen years with PricewaterhouseCoopers, is known throughout the Bay Area for having built IT Audit practices in the Portland and San Jose offices of PwC from 1993 - 2008. At SOAProjects, Alan leads technical specialists providing IT and business process risk management and consulting services.Â <more>
Thursday, January 15th, ISACA SILICON VALLEY 2009 Winter Gathering & Awards Ceremony
ISACA-Silicon Valley Chapter Members are invited to a FREE* January Monthly Meeting at a very special place: the Computer History Museum in Mountain View. Attendees will enjoy a lecture on the history and future of InfoSec, a docent-led tour of the museum, the 2008 Awards Ceremony, a wine-tasting competition, and opportunities to network.
Where is Information Security Going? The field of information security we know today was ignited by the development of radio just over a century ago. Radio was just too wonderful to forgo but it bypassed every information security technique in use at the time, except cryptography. As a result, cryptography became the centerpiece of information security and emerged from the 20th century as far the best developed and most reliable part of the field. A similar phenomenon occurred with multi-user computing. This time the solution was not so clear and computer security has had a central place in information security since the 1960s. Today such concepts as utility computing and cloud computing threaten to upset the apple cart again by giving rise to a groundswell of computational outsourcing and moving most corporate computing outside the data owner's firewall.
Dr. Whitfield Diffie is best known for discovering the concept of public key cryptography, which underlies the security of internet commerce and all modern secure communication systems. After leaving Stanford University in the late 1970s, Diffie became Manager of Secure Systems Research for Bell-Northern Research, the joint laboratory of Northern Telecom and Bell Canada. In 1991, he moved to Sun Microsystems, where he is now Vice-President, Sun Fellow, and Chief Security Officer.
Meeting Details http://www.isaca-sv.org/monthlymeeting/200901.pdf
December 18, 2008, ISACA Sillicon Valley
SOAProjects will be attending ISACA Sillicon Valley Meeting on Thursday, December 18, 2008.Â They have two presentations from security heavyweights Symantec and McAfee:
1)Â The Underground Economy: The Symantec Report on the Underground Economy-
examines activity on underground economy servers observed by Symantec between July 1, 2007 and June 30, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
2) Putting Security into Your Virtual World:Â As virtualization technology grows in popularity, the big question about security is buzzing: "How will this technology affect my existing security posture?" Taking a one-size-fits-all approach is definitely not the answer. Find out the best way to start securing your Virtualization environment during this talk. Many may think that technology alone is the answer; but it isn't! There are key considerations on this journey and each should be taken seriously: people, process and technology.
1) Zulfikar Ramzan is currently an Architect and Technical Director with the Symantec Security Technology and Response group. In this role, Zulfikar is at the forefront of identifying sophisticated computer security threats and trends.
2) Roman Hustad is a Principal Consultant and Trainer at Foundstone, a division of McAfee. His responsibilities include security code review, software architecture and design reviews, secure software development life cycle design and implementation, and threat modeling for Fortune 500 and government clients....
Here are some additional announcments for those who don't mind travel, or like to get their training on line.