Leadership
About our Chapter
Academic Relations
Meetings & Events
Newsletters
Employment
Review Courses
Conferences
Links and Resources
Bylaws
ISACA Membership
ISACA Certification
 
 
 
 

MONTHLY MEETING TOPIC AND SPEAKERS
(Meeting Date: April 17, 2008)

"SAS 70 - Auditing Service/Outsource Organizations" - (Panel Discussion)

Moderated by Ken Baylor - President, ISACA - Silicon Valley Chapter

Panelists:
Jerry Meyers - Associate Director - Protiviti
Alan Miller - Senior Manager - PayPal
Todd Bishop - Senior Manager - PwC
Nicolas Lidzborski - Senior Security Engineer - Qualys
"SAS 70 - Auditing Service/Outsource Organizations"

Outsourcing of business and information technology services is becoming increasingly common in today?s global marketplace. How do user organizations and their auditors gain assurance that adequate controls are in place at their service providers? How can service organizations best position themselves to meet the audit requirements of current and future customers? How do organizations monitor and evaluate the internal controls of third-party outsourcers as part of their SOX 404 project?

This session is intended for those individuals working for an organization that have a SAS 70 performed or receive a SAS 70 report from one of their outsourcing partners. We will discuss the requirements of SOX 404, the considerations that organizations should make for outsourcers, and the SAS 70 report relevance to the organization's internal control structure.
By attending this panel discussion you will learn:
  • History and understanding of SAS 70 requirements and reports
  • Procedures relating to performing a SAS 70 project from the service organization and the service auditor perspective, and
  • Procedures relating to the evaluation of the SAS 70 report from the receiving user organization, including the user organization?s internal audit function and the external auditor.
Ken Baylor Ken Baylor - is a security advisor to Silicon Valley firms. Previously, he served as Symantec's Chief Information Security Officer (CISO), and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). As CISO, he was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and global protection of electronic and digital assets. He also worked closely with internal products groups on security capabilities in Symantec products, and headed-up the Information Security department. Ken Baylor has 15 years of experience leading global IT and security teams. Prior to joining Symantec, Dr. Baylor led a number of strategic initiatives within McAfee, where he was recognized as an expert in Intrusion Prevention Systems and Risk Management. He was active in developing strategic alliances and creating the Service Provider program. Dr Baylor holds bachelors and doctorate degrees in Science from the National University of Ireland, a law degree from University of Wolverhampton, England and an MBA from the University of Texas.
Jerry Meyers Jerry Meyers Jerry is a Associate Director in Protiviti's Santa Clara office Technology Risk Practice. His background includes extensive experience in information technology risk assessments focusing on access and data-integrity control issues, Unix, AS/400 and application level security reviews, and assessments of IT policies and procedures. Jerry specializes in IT Audit Services (ITAS) which relates to the co-sourcing or outsourcing of IT Audit professionals as a part of an internal audit relationship. He actively participates in teaching at both the local and national levels and is an IT Audit leader for the Bay area. Jerry is an active member ISACA currently serving on the CISA Review Board for ISACA Global.
Jerry has over twelve years of total technology experience including more than ten years in internal / external technology audit and controls assessment. This includes 3 years with Arthur Andersen, 2 years at Deloitte & Touch?, and over 4 years with Protiviti. Before joining public accounting, he worked for over a year with Hughes Supply (now Home Depot Supply) as an Internal IT Auditor, and two years as a database administrator for both USAir and the Sanford Airport Authority.
Alan Miller Alan Miller Senior Manager is a member of PayPal's Technology Audit Liaison team where he has headed up their SAS 70 program for the past two years. He has more than 20 years of experience in high tech companies like Broadcom, IBM, Lockheed Martin, and Motorola; with 10 of those years being in the regulatory field with companies like Ventritex, St. Jude Medical, and PayPal. Alan has been involved with compliance activity for class III medical devices, ISO-9001, SAS 70, SOX, PCI, and various domestic and foreign government IT audits.
Todd Bishop Todd Bishop Senior Manager, Systems and Process Assurance (SPA) Todd is a Senior Manager in PricewaterhouseCoopers' Systems and Process Assurance practice, which specializes in internal controls and assessing and managing business and technology risks. Todd has been with PwC for over eight years providing internal control-related attestation and consulting services. He has spent the majority of his time serving national insurance clients and has been responsible for numerous engagements involving internal controls over financial reporting, including Sarbanes-Oxley, the NAIC Model Audit Rule, Statement on Auditing Standards (SAS) No. 70, internal audit co/outsourcing and external auditing.
In addition to assessing financial reporting risk at his clients, Todd has led teams through the execution of numerous operational, compliance and IT risk assessments and audits, including reviews at large, complex organizations. He has extensive experience assessing IT and business process risks and controls across various computer platforms, security systems and technologies.
Todd has served on PwC's national SAS No. 70 task force for over two years. As a subject matter specialist in this area, he has helped to define PwC's related audit policies, provide guidance to engagement teams and clients, develop templates and practice aids to assist engagement teams.
Nicolas Nicolas Lidzborski is a Senior Security Engineer in Qualys in charge of Operations's Security. He holds a Master of Science in Computer Science and Electrical Engineering from Telecom SudParis. His background includes distributed systems, network services architecture and security. Since 2003, he has framed and managed Qualys internal and SAS 70 audits. His interests include information security, service oriented network architectures and cryptography.
 
 
© ISACA - Silicon Valley Chapter.