The Wellington ISACA and IIA lunchtime education sessions for 2009 are being held jointly on the last Friday of each month.

Format

12.00 – 12.45 ISACA Session

12.45 – 13.15 Networking Lunch

13.15 – 14.00 IIA Session

Registrations

For catering purposes please register your interest, also any special dietary requirements with Alannah Grainger, IIANZ alannah.grainger@iianz.org.nz by Monday 23 March. We would really appreciate your assistance in RSVPing on time to ensure catering
quantity is adequate.

Cost

There is a single charge of $15 for a member or $20 for a non member to attend one or both of the sessions. This includes the networking lunch.

Venue

Level 16, Deloitte House, 10 Brandon St, Wellington

ISACA Session (12:00 – 12:45)

Identifying Security Requirements Using SABA Business Attribute Profiling

Identifying security requirements is often an arduous and thankless task. Security is perceived as a barrier to business, which the business is obliged to comply. Underlying this perception is a long history of security controls being identified and mandated without engagement with the business explaining the controls are there to
protect.

The SABSA (Sherwood Applied Business Security Architecture) provides a framework and methodology for applying information security at an Enterprise level. One of the many tools it provides is the Business Attributes Profile, a template for helping businesses to think about and engage with security in the business context rather than a
technical one.

Andrew will introduce the SABSA Business Attributes Profile and explore some ways in which it can be used to bridge the gap between business and IT.

Presenter Andrew Stephen

Andrew Stephen has been working in the Information Technology industry for almost 20 years. For the past decade his focus has been on security and security architecture at both business and technical layers.

As a consultant in the Wellington market Andrew works with many of New Zealand's largest and most influential organisations, including New Zealand Post, Telecom New Zealand and a number of Government departments and agencies. This gives him an insight into many of the challenges facing businesses from small operations to large
enterprises.

IIANZ Lunchtime Session (13:15 – 14:00)

KPMG Fraud Survey 2008 and Better Practice in Fraud Risk Management

Fraud continues to be a serious risk to business, with employees still instigating a large percentage of the major frauds against organisations. KPMG’s eighth biennial Fraud Survey revealed that almost half (49%) of the New Zealand respondents had experienced at least one fraud during the survey period. The rate of fraud per
respondent in New Zealand is higher than the survey average of 45% and that has been the case now for three consecutive surveys.

Poor internal control remains the major factor allowing fraud to occur. Conversely, internal control is the most common method by which respondents detected their largest fraud. Interestingly 55% of businesses believe that fraud is a problem for business generally, whilst only 18% believe that it is a problem for their organisation.

Sasha will talk through the results of the 2008 survey, our typical New Zealand fraudster, and provide insight into what New Zealand organisations are doing to mitigate the risk of fraud. and explore some ways in which it can be used to bridge the gap between business and IT.

Presenter Sacha Jones

Sacha joined KPMG New Zealand 3 years ago after spending 4 years with KPMG UK. Sasha’s Forensic experience in the UK and New Zealand includes SOX implementation review, control reviews, Expert Witness reports, due diligence, investigations, personal injury claims, and preparation of Expert Joint Statements for Court. The majority of
Sasha's time has been spent on fraud risk management assignments for a wide variety of New Zealand public and private sector businesses.
 

Sasha has also been involved in investigation, forensic review work and dispute quantification work during her time in New Zealand.

• 851 reads
• Calendar