The document summarizes a one-day workshop on risk IT management hosted by Deloitte on April 15, 2010 in Vancouver. The workshop will explore how the Risk IT Framework and Practitioner Guide developed by ISACA can help organizations manage IT risks. It will provide an overview of IT risk management principles and examine how to implement risk management using the Risk IT process model. The workshop is intended for professionals involved in IT governance, risk management, information security and assurance. Space is limited and early registration is encouraged.

1. Risk IT - Special One Day Workshop
-by Brian Barnier of ValueBridge Advisors
Date: April 15, 2010 (8:00 AM – 4:30 PM) light breakfast, lunch, snacks & beverages included
Location: Deloitte, 2800 Floor – 1055 Dunsmuir Street, Vancouver
Cost: $299 for ISACA members or $349 for others. GST will be added.
Invited Audience:
CIOs, CxOs, Senior Management, IT Governance, IT Management, Business Continuity, Information
Security Management, Risk Management, and IT Assurance professionals.
Overview:
Effective management of business risk has become an essential component of IT governance. Leading the
drive to help enterprises mitigate risks, ISACA has developed
The Risk IT Framework: Based on COBIT (free download for members)
The Risk IT Practitioner Guide: Based on COBIT (free download for members)
The purpose of this intermediate level workshop is to help those responsible for risk management or
assurance:
Understand how the Risk IT Framework can help them manage IT risk; and
Explore how practical guidance and techniques in the Practitioner Guide can help them implement IT
risk management.
Seating is limited to 25 to ensure maximum class interaction and personal attention so register early.
Facilities, food and beverage - courtesy of Deloitte.
Printed workshop material will be provided – courtesy of KPMG
Prerequisites:
Participants should be familiar with the risk assessment and management process.
Workshop Outline:
This one day work shop
Explores the elements of IT risk management - the principles, who is responsible for IT risk, how to
build awareness, and how to communicate risk scenarios, the business impact and key risk
indicators;
Introduces the Risk IT framework and the process model that includes risk governance, risk
evaluation and risk response;
Explains how the framework relates to COBIT and how it can help to achieve best practices in IT risk
management;
Examines the implementation and operational issues of the framework;
Explores how to integrate IT risk management into an enterprise wide risk management program,
establish and maintain a common risk view and make risk-aware business decisions; and
Elaborates on how to maintain an operational risk profile, assess and respond to risk, as well as how
to collect event data, monitor risk and report exposures and opportunities.
Workshop Objectives:
Participants will understand and learn:
The nature of IT risk and apply it to their own organization;
The key principles of IT risk management;
How the Risk IT process model can help to manage IT risk;

2. How to implement IT risk management using the practical guidance and techniques in the Risk IT
Practitioners Guide; and
How to apply risk management principles through practical case studies.
Instructor Biography:
Brian Barnier brings a unique perspective to business-IT management. With a split career between “the
business” and IT, he works to bridge two sets of needs to get greater business benefits from IT. He also
has a unique vantage point because of his experience in practical projects, best practices committees,
research and teaching professional education across industries and countries. His research on “what works”
in risk management with a co-author at MIT Sloan CISR has been published in several publications, most
recently the ISACA Journal. In 2009, he presented to over 1000 people in live events and nearly as many
in webinars. In addition to writing widely in various business and IT management publications, he serves
on the editorial board for EDPACS. He is currently with ValueBridge Advisors and previously was with IBM,
Lucent and AT&T.
Brian is a member of the ISACA’s IT Enterprise Risk Management Task Force that created the Risk IT
Framework. He chairs the ISACA IT-GRC Conference Program Committee; writes for the ISACA Journal,
COBIT Focus, and chapter newsletters; and serves on ISACA’s CACS Task Force, IT Governance Forum Core
Faculty and Professional Influence and Advocacy Committee.
Registration:
To register for this event, please have your contact information and membership number ready before
calling the ICABC Professional Development Department at 604-681-3264 or email pdreg@ica.bc.ca. Please
note that the course fee must be paid in full at the time of registration by VISA, MC, or AMEX.
We will accept cancellations up to 14 days before the session. A $25 administration fee will apply. No
refund after April 1st.
About ISACA:
Founded in 1867, ISACA has more than 86,000 members in more than 160 countries. ISACA (www.isaca.org)
is a pace-setting global organization for information governance, control, security and audit professionals. Its
IS auditing and IS control standards are followed by practitioners worldwide. Its research pinpoints
professional issues challenging its constituents. Its Certified Information Systems Auditor (CISA) certification
is recognized globally and has been earned by more than 70,000 professionals since inception. The Certified
Information Security Manager (CISM) certification uniquely targets the information security management
audience and has been earned by more than 12,500 professionals. The Certified in the Governance of
Enterprise IT (CGEIT) designation promotes the advancement of professionals who wish to be recognized for
their IT governance-related experience and knowledge and has been earned by more than 4,000
professionals. The new Certified in Risk and Information Systems Control (CRISC) designation is for IT
professionals who identify and manage risks through the development, implementation and maintenance of
information systems controls. ISACA also publishes a leading technical journal in the information control
field, the ISACA Journal. It hosts a series of international conferences focusing on both technical and
managerial topics pertinent to the IS assurance, control, security and IT governance professions. Together,
ISACA and its affiliated IT Governance Institute (ITGI) lead the information technology control community
and serve its practitioners by providing the elements needed by IT professionals in an ever-changing
worldwide environment.
Please visit our chapter web-site: www.isaca-vancouver.org