Join the ISACA Middle Tennessee Chapter and Kraft CPA's session on Vendor Management on Tuesday, June 15, 2021 at 11:30AM CST.
Recent headlines like the SolarWinds supply-chain hack or the Microsoft Exchange Server data breach are sobering reminders of how high-trust in vendor and supplier relationships can leave many organizations vulnerable. Most companies perform some level of oversight for their high-risk and critical vendor relationships that usually consists of reviewing contracts, security questionnaires, and attestation reports. But are these activities enough to protect our networks and data?
In this presentation, we will address the key activities that should be performed by organizations to effectively mitigate today’s critical vendor and IT supply chain risks. Using our experience as consultants in a variety of industries, we’ll explore historical and common approaches to vendor management, what companies on the leading edge are doing to manage relationships, and how auditors can leverage their role to contribute to the organization’s risk mitigation strategy.
Speakers: Chris Zotti and Erica Hightower
Date/Time: Tuesday June 15, 2021 from 11:30 AM to 12:30 AM CST
Location/Delivery: Virtual. A Zoom Webinar Link will be sent to registrants via email on Monday, June 14th.
Program Level: Beginner
CPE Credits & Field of Study: Up to 1 hour of credit will be issued to attendees in the field of Information Technology. Attendees will submit answers to polling questions to validate their attendance.
Chapter Event Policy: See the Chapter website for complete details on the Chapter's event policies.
Chris Zotti, CPA, CISA, CHCO
Chris Zotti is a manager with the KraftCPAs risk assurance and advisory services (RAAS) practice, where he has been serving clients for seven years in many different industries with a focus on healthcare, technology, and finance. His primary responsibilities entail overseeing and performing a variety of client engagements, including outsourced and co-sourced internal audits, IT Sarbanes-Oxley (SOX) testing, System and Organization Control (SOC) 1 and SOC 2 reports, HIPAA Risk Analyses, HITRUST assessments, and network vulnerability and penetration testing. Chris is a graduate of the University of Tennessee at Knoxville and is a CPA, CISA, Certified Healthcare Compliance Officer (CHCO), and a HITRUST Certified CSF Practitioner.
Erica Hightower, CPA, CISA, CHCO
Erica Hightower is a Supervisor with the KraftCPAs Risk Assurance and Advisory Services (RAAS) practice, where she is responsible for planning, coordinating, and executing integrated internal audit engagements, consulting on internal controls, and evaluating the effectiveness and efficiency of business processes. She has been serving clients for six years in many different industries with a focus on banking, healthcare, and technology. Her experience includes internal audit, IT audit, Sarbanes-Oxley (SOX), System & Organization Controls (SOC) attestation engagements, and FFIEC IT regulatory audits for financial institutions. Erica is a graduate of Middle Tennessee State University and is a CPA, CISA, Certified Healthcare Compliance Officer (CHCO), and a HITRUST Certified CSF Practitioner.