The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Partnering Risk and IT Audit for Strong Defense

ISACA's North America CACS Conference features risk, assurance and privacy.


Rolling Meadows, IL, USA (04 February 2015)—Enterprises are increasingly involving internal audit in identifying and managing risks to achieve good corporate governance. Positioning audit and enterprise risk management (ERM) as a partnership can help build a sound system of internal control. ISACA’s North America Computer Audit, Control and Security (CACS) Conference will help business and IT leaders make the most of this partnership 16-18 March 2015 in Orlando, Florida, USA.


ISACA, a nonprofit global association serving more than 115,000 professionals, will offer 60 sessions in seven tracks for the conference: IS Audit & Assurance, Emerging Data Solutions, Security/Cybersecurity, Privacy, GRC, Career & Communications Management, and Forums/Megatrends. One session, titled “The ERM and Audit Partnership: Strategic Success or the Death Knell of Auditor Independence?” will be presented by Theodore Wolff, CISA, senior manager of Vanguard, and Theresa Grafenstine, CISA, CGEIT, CRISC, inspector general, US House of Representatives. The co-presenters will address:


  • The critical role and value of assurance and audit in supporting risk management’s three lines of defense
  • Strategic integration of audit and assurance activities into an enterprise risk program
  • Effective planning of audit and assurance activities based on an enterprise risk-management model
  • Recruiting and developing audit and assurance talent based on strategic talent requirements


“A key role of internal audit should be to understand the enterprise’s risk appetite and provide assurance that risks have been properly managed,” said Grafenstine. “Using appropriate risk responses improves the effectiveness of the internal control structure, which, in turn, helps achieve business objectives. At the conference in Orlando, we will explore how ERM and audit can work together toward these goals.”


Other sessions on auditing, assurance and risk management include:


  • Auditing DR/BCP, presented by John Gatto, CISA, CRISC, of Health Care Service Corp
  • Breaking Out of Risk Management Groundhog Day, presented by Jack Jones, CISA, CISM, CRISC, of CXOWARE, Inc.
  • Auditing Third Parties, presented by Sajay Rai, CISM, of Securely Yours LLC
  • Data Migration Quality and Risk Management, presented by Thomas McGovern of PricewaterhouseCoopers
  • Privacy Risk Management Strategy/Assessment, presented by Thomas Festing, CISA, CRISC, of the State of Ohio
  • The Adaptable IT Auditor, presented by Robert Eggebrecht, of BEW GLOBAL


Keynote speakers will address cybersecurity, workplace culture and Internet governance:  Marc Goodman, a global strategist, author and consultant; Conor Cunneen, an award-winning business humorist and motivational business speaker; and Beth Simone Noveck, founder and director of The Governance Lab and its MacArthur Research Network on Opening Governance.


Pre- and post-conference workshops will offer hands-on training, including a cybersecurity workshop, to help attendees prepare for the new Cybersecurity Fundamentals Certificate exam, and a COBIT 5 for Assurance workshop to provide an in-depth understanding of COBIT, the business framework.


Attendees can earn up to 39 continuing professional education (CPE) hours. Additional details, registration and hotel information on North America CACS can be found at


With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.


Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook: