Assuring IT Regulatory Compliance

Duration 60 Mins
Level Intermediate
Webinar ID IQW15C6586

  • Forces impacting IT governance
  • Forces influencing information security governance
  • Principles and practices for performing IT regulatory compliance audits
  • Sound strategic and tactical information risk considerations
 

Overview of the webinar

Governments and governmental agencies enact governance related laws and regulations to ensure that entity managers refrain from participating in corrupt, fraudulent, or unethical behavior. Governments and governmental agencies also enact laws and regulations to provide for stakeholder confidence that management will perform its fiduciary responsibilities. This fiduciary relationship between stakeholders and management typically requires that the organization’s management safeguard assets entrusted to it for use by the entity in generating revenues or paying expenses. To sustain compliance with this legal objective; there is an expectation that an enterprise’s management will provide accurate and complete information about the firm’s past and current performance, as well as their assessments of any confirmed future economic events that may/will affect the organization’s financial status and its present financial position.
Government laws and regulations usually require an entity’s management to design, implement, and maintain a system of controls. However, controls existence and effectiveness verification are commonly an external and internal statutory audit responsibility. Auditors that conduct these entity compliance attestation engagements focus on examining, reviewing, or performing agreed-upon procedures regarding a subject matter; or an assertion about a subject matter, and reporting evidentially-supported results.
Separately or jointly, government-sponsored laws and regulations can impose practice audit requirements that affect compliance attestation service efforts. Where laws and regulations promote managements' accountability of entity assets to stakeholders, information technology (IT) legal compliance audit area, and/or ambit may include government and governmental agency mandates. Alternatively, operationally perceived noncompliance risk can determine an engagement or the entity’s audit committee can direct IT audit coverage to assess expected compliance by the entity's management. Nevertheless, professional IT auditors must evaluate potential irregularities and illegal acts during the entire IT assurance process, even when directed by the audit committee to focus on a particular IT auditable unit -- within the engagement's audit area.
 

Who should attend?

  • Audit committee members
  • Risk management managers
  • External auditors
  • Internal auditors
  • Chief Executive Officers
  • Chief Information Officers
  • Compliance managers
  • Chief Information Security Officers
  • Information technology professionals
  • Control Self-Assessment personnel

Why should you attend?

Enactment of laws continues, and the regulatory environment has become more complicated due to unacceptable conduct remediation. Consequently, entities continue to be compelled to demonstrate compliance with legal mandates through documented assurance assessments.
The migration from manual to technology generated information has resulted in verdicts and judgments where liability, guilt, or innocence occurred solely or mainly on electronically encoded evidence. Reliance on technology created information as evidence raises issues and challenges from a management perspective that need appropriate controls through effective governance and audit.
Governance reflects how an enterprise achieves its stated mission. Deploying a governance framework may inhibit managerial noncompliance; but, it is not an absolute deterrent. As long as multiple regulatory agencies have government supported agendas, variances can exist that induce comprehensive legal compliance reviews of organizations. Primary to numerous decrees control is a thorough analysis of what is required and ensuring quality documentation supporting an entity's legal compliance efforts.
 

Faculty - Dr.Robert E. Davis

Dr. Robert E. Davis, MBA, DBA, CISA, CICA (an invited Golden Key and Delta Mu Delta member) obtained a Bachelor of Business Administration degree in Accounting and Business Law and a Master of Business Administration degree in Management Information Systems from Temple and West Chester University; respectively. In addition, during his twenty years of involvement in education, Robert acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Robert also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls. Robert was awarded the Doctor of Business Administration degree specializing in Information Systems Management by Walden University. 

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions.
 

For group or any booking support, contact: