Navigate Up



 Annual IT Conference (including COBIT)

3/21/2014 8:30 AM
3/21/2014 4:30 PM
Melville Marriott |  
Annual IT Conference (with COBIT)
 Friday, March 21, 2014
Full Day - Breakfast and lunch,  8 CPE/CPDs
8:30 -4:30
Member: $170
Non-Members: $220
Students: $30​​


​​Friday, March 21, 2014 – Melville Marriott

All Day Technology Conference (8 CPE/CPD Credits)


Almost every day we read about threats to privacy and the security of our information.  This year’s Annual Technology Conference promises to provide you with the essential skills to help you do something about it.  Whether you are looking to sharpen your privacy breach and incident response skills or enhance your ability to assess critical technology controls to prevent or minimize the impact of these breaches, you’ll head from leading practitioners about how internal auditors are helping their stakeholders manage these 21st century risks.


Our speakers include:

·        a former New York State Deputy Secretary for Public Safety who currently serves as a consultant on terrorism issues for FOX National, NBC National and Local, ABC News and News 12 Long Island;

·        a widely recognized author and authority on cyber risk who is also a Managing Director at PWC;

·        a recognized authority on security and privacy issues, including the use of encryption who has developed a reputation within our chapter for his ability to translate complex technical risk challenges into business issues that our members can act upon;

·        a former Internal Audit Director turned academic who has both practiced and researched on the challenges facing Audit Directors in providing and training financial and operational auditors to conduct IT Audit services; and

·           a well-regarded practitioner and accounting thought leader.





The revelations regarding the extent of government monitoring of electronic communications has created a multi-faceted problem;  how to balance Constitutional protections with the realities of the modern, internet enabled world.  The complexity and challenge of intelligence gathering has increased simply as a function of the volume and speed of communications.  Potential enemies utilize these technologies to plan and organize their efforts.  How can the U.S. balance freedom and the Constitution while protecting the nation from the ‘digital pearl harbor’ that many have speculated about?   



Managing privacy at the breach point is critical, and this is where companies often make strategic errors that result in increased cost, increased reputation exposure, and even civil and criminal litigation. But managing privacy and risk impact in the event of a breach of privacy requires cooperation from employees, management, the board of directors, insurers, and third party vendors. In addition, privacy at the point of breach is likely to involve corporate customers whose data may have become compromised and whose contract terms may have been breached. It is vital to prepare for the moment of adversity by building and managing a successful privacy program so that a breach of intellectual property, trade secrets or regulated data is a complication and not a disaster. This session will examine key areas to focus on regarding privacy when it matters most--when it has been compromised. 





Recent revelations regarding the surveillance of electronic communications and increasing regulatory constraints have led many organizations to consider encryption as a means of assuring privacy.  This presentation will provide a basic overview of encryption technologies, various standards for encryption and provide an IT auditors view on evaluating encryption solutions and implementations.




While some organizations consider IT auditing a separate function within an internal audit group,  there is value in cross training all auditors in IT audit functions so that every operational audit incorporates a component of IT general and application control assessment. This session will include a discussion of the advantages of expanding the scope of IT auditing beyond a specialized function. The presenter will discuss ways to integrate IT auditing into the processes of assessing IT internal control risks at an operational level.  The discussion also includes training issues and an understanding of how to differentiate functions so that an organization maximizes its audit coverage of IT control issues.




The presentation will build upon general attendee understanding of COSO 2013 Principles and will focus on information technology considerations that may need further elaboration or supplementation to what was provided in the COSO documents.  One of the major enhancements to COSO was the integration of IT-related risks and control issues.  Specifically the presentation will review these developments and provide IT-related challenges that internal auditors should consider when implementing the framework.  We will then walk-thru each of the 17 principles and provide examples of how IT should be considered.  We will also discuss how IT Auditors can leverage the guidance in developing an IT audit work program that is more effectively aligned with other Internal Audit activities.



About Our Speakers



Michael A.L. Balboni


Senator Balboni currently provides management and strategic direction and business development for a wide array of clients within the Redland Strategies Company. His homeland security practice is based in New York City. The former Senator specializes in providing extensive experience in a broad range of homeland security and government relation’s issues. He sits at the intersection between government relations, crisis management, media strategy and homeland security.  Previously the Senator was appointed Deputy Secretary for Public Safety in January 2007. In this role, the Senator was the Senior Homeland Security and Law Enforcement official for the State of New York.  Senator Balboni represented the seventh Senate District, located in Nassau County from December 1996 to December 1997 and was named

Chairman of the Committee on Veterans, Homeland Security and Military Affairs.


Don Ulsch

Don Ulsch is Managing Director, Cybercrime and Breach Response, at PricewaterhouseCoopers LLP.  A widely recognized authority on cyber risk, Don is the author of "THREAT! Managing Risk in a Hostile World" (The IIA Research Foundation, July 2008), and the upcoming book, "CyberThreat! How to Manage the Growing Risk of Cyber Attacks" (John Wiley & Sons, Inc., 2014). He advises clients and investigates cyber breaches for many companies, from banks and defense companies to retail and healthcare organizations. Don also works closely with federal agencies on the cyber threat. He has appeared on Fox News and other broadcast media outlets, and has been quoted in many publications, and academic and national security and defense studies.  Don has spoken at conferences held by the Institute of Internal Auditors in Rome, Italy, Athens, Greece, and throughout the United States. He recently participated in a law panel at RSA 2014, titled "Is Liberty Reserve the New Face of Cyber Crime?"


John Rostern, CRISC, QSA

John is the Regional Vice President of Audit & Advisory Services for the East Region of Coalfire Systems.  He has more than 32 years of diverse experience in IT audit, information security and technology and leads a practice delivering governance and risk based compliance services in areas such as HIPAA, GLBA, and PCI DSS. His areas of expertise include IT audit, technology risk assessment & management, IT strategic planning & governance, architecture, information security, operations, applications development, telecommunications, networking, data center design and business continuity planning.

John is a subject matter expert in the areas of data loss prevention, intrusion detection, encryption and incident response and has published articles on a variety of topics related to technology related risk.




Roger Mayer, DBA, CPA, CIA, CRMA

Dr. Mayer is an assistant professor of accounting at the SUNY College at Old Westbury where he teaches advanced accounting and auditing at both the graduate and undergraduate level. He has over 15 year experience in internal auditing including seven years at the level of director of internal audit (NYC Health and Hospital Corporation and Lenox Hill Hospital).


Dr. Mayer has presented at over 20 professional and research symposiums including sessions sponsored by ACL, HFMA, and the American Accounting Association. He has published numerous articles and has participated as chair or content expert on 10 separate completed dissertations. He was co-chair of the HFMA Audit and Compliance Manhattan group in 2010 and 2011.




Joel currently serves on the Chapter’s Board of Governors.  Prior to starting his niche IT Audit, Governance and Information Security Management practice in 2001, Joel was a Technology Risk Partner in Arthur Andersen’s Business Risk Consulting and Assurance Practice, and was a Manager at Price Waterhouse.  His industry experience includes Vice President and Audit Manager at The Chase Manhattan Bank and senior IT auditor positions at two insurance companies.  Joel is an Adjunct Professor in the School of Business at The State University of New York – College at Old Westbury.  Joel writes a monthly technology column for the New York State Society’s Trusted Professional newspaper and is an Editorial Board member of “The CPA Journal.”  He currently chairs the AICPA’s CITP Specialist Credential Committee, and formerly served on the AICPA’s IT Executive Committee.





cid:image001.png@01CC94BE.BCFF0B30Friday, March 21, 2014

All-Day Program

Check-in and breakfast begin at 8:30 a.m. Program begins at 9:00 a.m.  Lunch will be served at approximately 12:30 p.m.  Dress is business casual.

How to Register:

Please use the following on-line registration link:


If you are having trouble with the link, notify Ron Goldman at or call Ron at 516-918-7166 

For making payments offline,

You should register on-line (above) and in the payment section, select “check” or "other."  If not registering online, contact us at or call Bob McNair at (631) 344-5921 at least 24 hours before to reserve your seat.  Then complete and enclose this registration form along with your check made payable to the IIA Long Island Chapter and mail to: Institute of Internal Auditors LI P.O. Box 442, Smithtown, New York 11787 or bring it the day of the seminar.


First Name(s)

Last Name(s)

IIA Member

$170 Each

Non Member

$220 Each

No. of Prepaid Subscriptions






























Company Name:              ________________________________________

Address:                              _________________________________________

Phone #:                             _________________________________________

E-Mail Address:               _________________________________________

Directions to the Melville Marriott:

From New York City: Take the Long Island Expressway (Rte. 495) to Exit 49 South.  Take the Ramp (right) onto the South Service Road.  Turn left (North) onto Old Walt Whitman Road (Walt Whitman Road)

From Eastern L.I.:  Take the Long Island Expressway (Rte. 495) to Exit 49 North.  Take the Ramp (right) onto the North Service Road.  Turn right (North) onto Old Walt Whitman Road (Walt Whitman Road).

The Melville Marriott phone number in case of weather emergency:  (631) 423-1600​