| |
||
| September, 2003 | The
Monthly Newspaper of the NYSSCPA |
Vol.
8, No. 9 |
Application Security in Audit and Assurance Services
An essential component of internal control—application security—is critical for compliance with the Sarbanes-Oxley Act and SAS 94, and effective internal control is now a requirement for compliance. Internal control relates specifically to the controls in the computer applications that generate financial statements and other accounting information. Though the COSO Integrated Framework has become the de facto standard, different frameworks can be used to design effective application security and evaluate it. Learn about these other frameworks and standards, including ISO 17799, COBIT and NIST special publications, by attending the Oct. 16 continuing professional education evening presentation organized by the New York State Society of CPAs’ Technology Assurance Committee.
Topics covered during the session will include:
-
The definition of application security
-
A survey of critical financial applications requiring security, and control requirements of SAS 94, focusing on the “controls placed in operation” and “controls operating effectively”
-
Risk analysis and assessment of IT applications, with scoring and ALE approach to be covered
-
Methodologies to manage and control risk in IT applications and AICPA Trust Services, including Systrust, Cobit, ISO 17799
-
Review of specific control areas, including confidentiality, data integrity and availability; segregation of duties; change management, and system development life cycle. Applications also will be reviewed using the input, process and output control approach.
Date: Thursday,
Oct. 16
Time: 5:30 p.m. to 6:00 p.m.: registration, networking,
free sandwiches and soft drinks; 6:00 p.m. to 8:30 p.m.: CPE session
Presenter: Fredric P. Greene, CPA, CISSP Greene Security
and Audit
Location: NYSSCPA headquarters, 530 Fifth Ave. (between
44th and 45th streets), fifth floor, New York City
About the Presenter
Fredric P. Greene has extensive audit and security experience with systems, networks and applications. He has worked in some of the world’s most intensive technology environments as an employee of the New York Stock Exchange and as a consultant for KPMG. His consulting experience has been in the banking, financial services and manufacturing industries. A graduate of the University of Pennsylvania, Wharton School, Mr. Greene also has certifications in Cisco and Microsoft technology. He can be reached at fg@greenesecurity.com
Additional Information
This NYSSCPA/Foundation for Accounting Education CPE evening technical session is $45 for NYSSCPA members and $50 for nonmembers to qualify for three hours of CPE credit. A $25 additional walk-in fee will be charged to those who register at the door.
At the session you will get the chance to network with the profession’s and the industry’s IT leaders. Advance registration is recommended because seating is limited.
For additional information, contact Gary E. Carpenter at 315-487-4567 or gcarpenter-cit@worldnet.att.net or Bruce H. Nearon at 973-403-6955 or bnearon@jhcohn.com.
For more information on the Technology Assurance Committee, visit www.nysscpa.org, click on the Find Committees tab on the left-hand side of the page and then scroll down to the Technology Assurance Committee link.
Registration
To register: contact FAE at 212-719-8383 or 800-537-3635 or visit the Society’s website at www.nysscpa.org (you will need your Society member number to register). Go to the Technology Assurance Committee homepage and select “10/16/03-Application Security in Audit and Assurance Services” located under the Evening Technical Session banner.
Acknowledgments
J.H. Cohn LLP and Carpenter Information Technologies, Inc., helped provide the funding and resources for the sandwiches and soft drinks, marketing and publicity, and administration of this event.
