IIA NZ session: 12 noon
· IIA NZ Topic: Assurance over Agile development programmes
Presenters: Ronnie Chang and James Disney
The use of Agile methodologies is becoming more and more common. This requires auditors and those providing assurance to change the way we work as it can cause disruption. In this presentation we describe how we obtain assurance over the quality of the solutions and the delivery of benefits over the Education Payroll Development Programme. It will also provide some insights into the changes internal auditors need to embrace.
Ronnie joined Education Payroll Limited in November 2016 as Manager, Assurance & Controls, and works with a great assurance team.
Ronnie previously worked as an Auditor with the Department of Social Welfare, before he joined NZ TAB (now the NZ Racing Board) where he was promoted to Corporate Audit Manager. This was followed by a move into a Business Transformation management role. He was Chief Internal Auditor attached to the Ministry for the Environment between 2011 and 2016, and during that time the external audit controls rating of MfE went from "Needing Improvement" to "Good" and "Very Good". Ronnie is a member of IIA NZ, ISACA and holds his CISA.
James joined Education Payroll Limited in October 2017 as a Senior Risk and Assurance Advisor. Previously he was an internal auditor at Land Information New Zealand and an auditor with Audit New Zealand. James has a keen interest in project and controls assurance and is improving his understanding of Agile methodologies and the use of automated test and deployment platforms (DevOps) in assurance.
· Light refreshments will be served at approximately 12.45pm, followed by the ISACA session.
ISACA Topic: Basic to basics - Information Technology General Controls (ITGC)
We will take a look at the types of questions that should be answered in various areas in order to do a basic ITGC assessment:
· Information Systems and organisational governance environment
· Security Services Management;
· Change Management;
· Service Request and Incident Management;
· Continuity Management;
· Availability and Capacity Management; and
· Supplier Management
We will consider design and operating levels of effectiveness and how a basic ITGC can serve as a good starting point for a “reality check” and understanding where further audit, assurance or advisory services may be required.
Presenter: Bruce Edwards
Bruce has over 20 years information security, audit and training experience in the public and private sectors including life insurance, health insurance, government, university and utilities sectors and has performed both operational and advisory roles.
Bruce is currently Manager, Information Systems Audit and Assurance in Wellington, New Zealand and also currently serves as the current ISACA Wellington Chapter President. Before moving to New Zealand from the U.S.A. Bruce was the CISO at the University of Louisville, a position he held for nearly six years where he lead successful projects on eHealth security compliance, information security training and awareness, risk management and assessment, policy and standards redesign/adoption, business owner engagement, research facility security compliance and staff education, among many other efforts. Bruce holds the CISM, CISA, CRISC, CIA and Prince2 Practitioner certifications.