Navigate Up



 Apr. 2014 Chapter Luncheon

4/15/2014 11:30 AM
4/15/2014 1:00 PM
The Plaza Club, 900 Fort Street Mall, 20th Floor |
Topic: Aaron Brown, Partner, Technology Risk, Deloitte & Touche LLP
Speaker: ​Cloud Risk Assessment and 3rd Party Assurances from Cloud Providers
Date/Time: Tuesday, April 15, 2014, 11:30AM – 1:00PM
Location: The Plaza Club, 900 Fort Street Mall, 20th Floor
RSVP deadline: Friday, April 4th
***Please note that the pricing has changed: $35 for members, $40 non-members, $15 students/retirees
Please use this Google Form to register, or email your RSVP to Kathy So-Nagai ( with subject line “IIA April 2014 Luncheon Registration”
Topic Overview
The focus of this presentation will be to provide Internal Audit personnel and IT personnel a description of how to perform a Cloud Risk Assessment of an existing or potential cloud service that their organization consumes.  A discussion of common 3rd Party Assurances, (e.g. SOC, ISO, PCI) will lay out the benefits and the shortfalls of those assurances.  Additionally we will discuss the use of specific cloud security and control frameworks (CSA Cloud Computing Matrix and ISACA Cloud Audit Program Objectives) to address some of the shortfalls in the common assurances.  This presentation will include an overview of how IT Security and Internal Audit personnel can perform an evaluation of the Cloud Service provider controls.
About the Speaker:
Mr. Brown specializes is management of large internal controls attestation and readiness engagements for Sarbanes-Oxley compliance, Service Organization Controls (SOC) Reports in the software industry. Aaron has over 16 years’ experience in financial systems auditing under Sarbanes-Oxley, business process controls, information technology controls design and implementation, and application security. He has over 7 years’ experience with internal controls attestation and readiness for several cloud provider clients, including Microsoft, Amazon Web Services, and others in the areas of software-as-a-service, platform-as-a-service, and infrastructure-as-a-service.  He also teaches Cloud Computing Audit offered in cooperation with the Information Systems Audit and Control Association
Certified Public Accountant (CPA)
Certified in Cloud Security Knowledge (CCSK)
Certified Information Systems Auditor (CISA)
Certified Information Technology Professional (CITP)
Certified in the Governance of Enterprise IT (CGEIT)