ISACA Winnipeg Chapter Meeting
February 21, 2013
This luncheon, on February 21, 2013, will discuss how to evaluate your Technology Investments' implementation "readiness" thereby reducing your risks during implementation.
Why Should You Attend:
Changes to a company's information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational risk for every organization. To protect its IT investment and reduce operating risk, robust change management processes are critical. The need for a positive control environment and a very unforgiving attitude regarding unauthorized IT changes by management cannot be overemphasized. Insufficiently tested IT changes should also be an unacceptable practice.
Areas Covered in the Presentation:
Internal auditors play a valuable role in ensuring that IT investments are well-managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders.
Converting from old to new computer systems is an important, but often underestimated, aspect of IT projects. Implementing a new system usually requires a variety of system changes, production data conversion and migration, and new operational policies and procedures. Each of these areas poses significant risk to the organization during the actual system conversion. Consequently, conversion audit efforts typically focus on reviewing plans and results for:
- The overall implementation of the IT solution.
- The systems that are required to implement the IT solution.
- The operational changes required within the organization as part of the implementation
- The risk management practices in place to monitor and control risk.
When planning system conversion audits, auditors need a good understanding of the business requirements for the system, the project's risks, and how the proposed system will work.
To understand the solution, they must identify the various operational and system changes that will be implemented.
Also, because project information usually becomes available over time, some audit planning will have to be completed on an iterative basis.
February 21, 2013
Dan Swanson, President of Dan Swanson and Associates, Ltd., is a 26-year internal audit veteran, who was the Director of Professional Practices at the Global Office of the Institute of Internal Auditors (IIA). Prior and subsequent to the IIA, Swanson has been an independent management consultant for more than 15 years. He has completed audit projects for more than 30 different organizations, spending almost 10 years in government auditing, at the federal, provincial, and municipal levels, and the rest in the private sector, mainly in the financial services, transportation, and health sectors. Swanson has also completed close to 100 IT implementation readiness evaluations during his career.
Dan was also the Health Information Security Officer (HISO) for the Winnipeg Regional Health Authority for more than 4 years, helping to develop, implement and maintain the provincial Information Security Program supporting almost 40,000 users across Manitoba. As co-chair of Manitoba's Provincial Privacy and Security Advisory Committee (PSAC), Dan helped guide the development of the PSAC's agenda, raising awareness of critical issues to the senior leadership.
Swanson led the writing of the OCEG internal audit guide (OIAG) for use in auditing GRC programs and participated in the Security Exchange Commission (SEC) sponsored COSO small business task force efforts to provide guidance for small to medium public companies regarding internal control over financial reporting. The author of more than 200 articles on internal auditing and other management topics, Swanson is currently an independent management and audit consultant, and a freelance author. Dan published his first book in 2010, entitled SWANSON on Internal Auditing - Raising the Bar!