The Audit Findings
A Monthly Newsletter for Members of the Omaha Chapter of the Information Systems Audit and Control Association
Message from the President
As many of you might know Commercial Federal will be Bank of the West starting Monday,
December 2. As a result of these changes our current President Dennis Pickard has accepted a
position with DST Systems in Kansas City. This should be a great opportunity for Dennis and we
thank him for his time and effort with the chapter and wish him the best of luck!
To fill this vacancy, I will be stepping into the Presidnet role to finish out the remainder of the
2005-2006 ISACA year. Donna White (Mutual of Omaha) and Barb Keuchel (FNBO) have
graciously stepped forward to help out in the Vice President and Newsletter Editor duties. I would
also like to note that we are looking for volunteers, if anyone is interested in volunteering for either
the Web Site Content or Newsletter positions please contact one of the chapter officers.
A quick reminder, the next meeting will be January 24th featuring Tony Grey of Imperva. He will be
speaking on web applications and database level security. Registration information is available on
Have a happy holidays and see you at the January ISACA meeting!
Upcoming Chapter Events!!!
January – Chapter Meeting February - Chapter Meeting
Date – January 24, 2006 Date – February 28, 2006
Place – Scott Conference Center Place – Scott Conference Center
Time – Lunch: 11:30 AM-12:00 PM Time – Lunch: 11:30 AM-12:00 PM
Presentation: 12:00 PM - 1:00 PM Presentation: 12:00 PM - 1:00 PM
Cost - ISACA Members $15 and Non-members $20 Cost - ISACA Members $15 and Non-members $20
RSVP – January 10, 2006 RSVP – February 7, 2006
Topic – Web Application & Database Level Security Topic – Host Virtualization (& paravirtualization) Xen,
Speaker – Tony Grey, Imperva SuSE 9.3 pro, Magic & Mystery.
Speaker: Mike Hoesing, First National Bank
CISA and CISM Exam Highlights
The December exam administration closed with more than 13,500 CISA and 1,300 CISM registrants. For those taking
the CISA exam, this is the last exam that will use the current CISA job practice areas and the 2005 CISA study materials.
Please visit http://www.isaca.org/cisacontentareasfor detailed information.
The study materials for the June 2006 CISA exam are now available. Chapters with the resources to provide preparation
training are encouraged to do so and should use the materials already provided by ISACA.
Registration for the June 2006 CISA and CISM exams began the week of
24 October. To view additional details and a series of frequently asked questions, please visit http://www.isaca.org/cisaor
Additionally, candidates may view or print a copy of the CISA or CISM Bulletin of Information for the June 2006 exams
at http://www.isaca.org/cisaboiand http://www.isaca.org/cismboi.
Since the June 2005 exam results were released at the end of July, thousands of new CISAs have been certified. Exam
passers have five years to apply for certification. For those who passed the exam in 2000, the deadline to apply for
certification is 31 December 2005. Those who passed the exam in 2001 will receive reminders of their 31 December
2006 CISA Study Materials
The 2006 CISA study materials are based on the new 2006 CISA job practice analysis and have been significantly enhanced with
current IS audit practitioner issues. The new CISA job practice analysis areas include:
• The IS audit process
• IT governance
• Systems and infrastructure life cycle management
• IT delivery and support
Online CISA Examination Review Course at Creighton University
• Protection of information assets
• Business continuity and disaster recovery
The studymay know, Creighton University launched anCISA Questions, Answers & Explanations Manual 2006; CISA Questions, a
As you materials include the CISA Review Manual 2006; online CISA examination review course in Spring 2005. We had
modest success in attracting candidates from overseas and also from several other states in the USA. An improved
Answers & Explanations Manual 2006 Supplement; and the CISA Questions, Answers & Explanations CD-ROM 2006. These
publications are availableis now available for registration. Since this is a self-paced course, there is no registration deadline,
version of the course at www.isaca.org/cisabooks.
although sooner you enroll, more time you have to prepare for the examination.
The course information is available at http://cpd.creighton.edu. When you go to the site, please select CISA. This is a
COBIT 4.0 and Val IT FAQs Available
self-paced course, so you decide your pace in completing the course. You may visit any parts of the site as®many times as
ISACA has recently posted on its web attempts to the diagnostic tests and post-tests.
you wish and you can make multiple site frequently asked questions (FAQs) pertaining to the new COBIT 4.0 and Val
IT™ publications. The FAQs are a quick and easy way to get some basic information about these important new
documents from the ITcourse formatInstitute® (ITGI). The follow are available in full at http://www.isaca.org/cobitand
If you wish to see the Governance and structure, please FAQs these steps:
http://www.isaca.org/val_it. Some excerpts follow.
1. Go to http://courses.creighton.edu
2. Type in you NetID as CISA001
3. Enter your password as creighton (all lower case).
Once you get to the site, be sure to look at Chapter One. This is a very limited view of the course. Nevertheless it will
provide you some insight as to how the course is structured. It will also show if the technology you are using permits you
to easily access the course content. ISACA Contacts 2005
President – Jason Coyle, ConAgra Foods, firstname.lastname@example.org
Once you Vice President –guest site, please feel free to register at http://cpd.creighton.edu. Select CISA as your course.
have viewed the Donna White/Barb Keuchel, Mutual of Omaha/FNBO, email@example.com
Sec/Treasurer – Doug Wendt, OCC, firstname.lastname@example.org
I should note three other points. - Stephen Aikins, Commercial Federal Bank, Test and Post Test. One
Chapter AuditorFirst, the course currently includes Diagnostic email@example.com test will be
added in each chapter, calledContent – Jason Coyle, ConAgra Foods,understanding of a term, an object, or a concept.
Web Site Definitional Test, which will test your firstname.lastname@example.org
Second, beginning this year, I have beenJerry Sterkel, Americanof the Quality email@example.com screen and
Membership Coordinator – working as a member Agrisurance, Assurance Team of ISACA, to
select from proposed multiple-choice itemsDr. Vasant Raval, Creighton University, firstname.lastname@example.org exercise that
CISA/CISM Coordinator – for inclusion in the CISA Review Manual. This is an extensive
gives me the insights to make Editor – Donnaeven more effective for your success in the CISA examinations. Third, for
Newsletter the course site White, Mutual of Omaha, email@example.com
the Omaha-based participants, I do conduct face-to-face meetings (usually two) closer to the examination date.
If you have any questions, or need additional information, please email me at firstname.lastname@example.org
Thank you for interest in the CISA online course.
Just a reminder that local Audit and I/T opportunities can be found at careerlink.
Navigate to, For Job Seekers, Find Jobs in Omaha by Career Field, Finance/Accounting, Audit.
Infotec – Midwest Information Technology Expo and Conference
Date: April 3 – 5, 2006
Location: Qwest Center, Omaha
For more information, contact Infotec at Infotec 2005 Conference April 5 to 7, 2005 Omaha Nebraska
ISACA Training Update
ISACA Training Week
5-9 December 2005
Scottsdale, Arizona, USA
27 February-3 March 2006
Anaheim, California, USA
(tentative) COBIT User Convention
1-2 December 2005
3-7 April 2006
Orlando, Florida, USA
This two-day event is designed for users of COBIT and will feature case studies and
5-9 June 2006 facilitated discussion groups. COBIT users, joined by Erik Guldentops, chair of the ITGI
Philadelphia, Pennsylvania, USA COBIT Steering Committee, and Gary Hardy, a member of the COBIT Steering
(tentative) Committee, will present implementation strategies, lead discussions, answer questions and
provide COBIT updates. The event is structured to provide case study presentations on day
one, and problem solving, question and answer opportunities, user feedback, and future
ISACA Training Week events solutions on day two. A preconference workshop, Implementing COBIT for IT Management
provide in-depth coverage of the and Governance, will also be offered, and is limited to the first 20 registrants. For more
latest strategies and practices for information, please visit www.isaca.org/cobituserconvention.
business, managerial, operational,
auditing and security challenges
associated with information
technology and information systems.
A great networking opportunity, North America CACS
these events offer important industry 7-11 May 2006
topics led by world-renowned Orlando, Florida, USA
presenters, and continuing North America CACS is well known for addressing the complex issues facing professionals
professional education hours. responsible for information assurance, security and governance. Industry experts from
around the world will be on hand to provide solutions and practical approaches to enable and
equip attendees to meet the challenges ahead. For more information, please visit
Topics for upcoming events include www.isaca.org/nacacs.
Fundamentals for IT Auditing, IT
Audit Practices, and Information
Security Management. For more 2006 ISACA Conferences
information and additional dates and • 30 July-2 August 2006—International Conference, Adelaide, South Australia
locations as they become available, • 28 August-1 September 2006—ISACA Training Week, Ottawa, Ontario, Canada
please visit http://www.isaca.org/ • 9-13 October 2006—ISACA Training Week, Budapest, Hungary (tentative)
trainingweek. • 6-10 November 2006—ISACA Training Week, Dallas, Texas, USA
• 4-8 December 2006—ISACA Training Week, Orlando, Florida, USA
2005-2006 Conference/Training Week Calendar
COBIT® User ISACA Information ISACA EuroCACSSM ISACA North America ISACA
Convention Training Security Training Training CACSSM Training
Week Conference Week Week Week
1-2 5-9 20-21 27 February- 19-22 3-7 7-11 5-9
Dates December December February 3 March March April May June
2005 2005 2006 2006 2006 2006 2006 2006
Orlando, Scottsdale, Panama City, Anaheim, London, Zurich, Orlando, Philadelphia,
Florida, Arizona, Panama California, England, Switzerland Florida, Pennsylvania,
USA USA USA USA USA
(tentative) UK (tentative)
CPE 13 38 14 38 41 38 TBD 38
ISACA Research Update
Aligning COBIT, ITIL and ISO 17799 for Business Benefit
This management briefing is the result of a joint study initiated by ITGI and the UK Office of Government
Commerce (OGC), in response to the growing significance of best practices to the IT industry and the need for
senior business and IT managers to better understand the value of IT best practices and how to implement them.
COBIT can be used at the highest level, providing an overall control framework based on an IT process model that
generically suits every organization. There is also a need for detailed standardized practitioner processes. The COBIT
framework can be mapped to specific practices and standards, such as ITIL and ISO 17799, which cover specific
areas and thus provide a hierarchy of guidance materials.
The publication is a complimentary download, available at http://www.isaca.org/research.
Security Audit and Control Features SAP® R/3® , 2nd Edition
Current best practices and future trends in ERP issues have been updated from the first edition published in 2002.
This practical how-to technical and risk management reference guide enables auditors and risk professionals (IT and
non-IT) to evaluate risks and controls in existing ERP implementations and facilitates the design and building of
better practice controls into system upgrades and enhancements. The series of technical and risk management
reference guides deals with the world’s three major ERP systems: SAP R/3 Audit, Oracle® Applications and
The publication will be available in the ISACA Bookstore by the end of the year. The remaining two in the series
will be updated in 2006.
Information Security Governance, 2nd Edition
With increased networking and a growing realization of the value of information assets, information security is
recognized as one of the most important issues to address for all IT users.
This updated publication helps explain information security in business terms and comes complete with tools and
techniques to help boards and executive managers uncover security-related problems.
It will be available in print and as an e-book in the ISACA Bookstore by the end of the year.
Enterprise Value: Governance of IT Investments Series
Val IT is a governance framework that includes generally accepted guiding principles and supporting processes
related to the evaluation and selection of IT-enabled business investments. It also provides benchmarking capability
and allows enterprises to exchange experiences on best practices for value management. The Val IT framework is
based on the COBIT framework.
To obtain a return on investment, the Val IT principles are applied to management processes, including value
governance, portfolio management and investment management. The Val IT framework will be supported by
publications and operational tools.
The first series, Enterprise Value: Governance of IT Investments, is scheduled for release by the end of 2005 and
will contain three publications:
• Val IT Framework
• Val IT Business Case
• Val IT ING Case Study
For more information, please visit http://www.isaca.org/val_it.