Auditing Privacy Companies - Implementing Internal Controls

Why Should You Attend:

With the growth of social media networking and use of computer systems in storing confidential data, non-compliance with privacy laws in various countries has led to record penalties. Management and auditors of organizations using cloud computing or other technologies to store confidential data/personal information of individuals have an obligation in terms of legislation to ensure the confidentiality as long as the data remains within their sphere of responsibility. Failure to do so can have major implications in terms of both reputational risk and even long-term survival of an organization. Internal audits play a vital role in ensuring corporate compliance and ongoing effectiveness of appropriate control structures.

This training will explain the methods to comply with current data privacy regulations. It will help the attendees in understanding and implementing an effective control structure and internal audit program within the organization. It will also discuss the auditor’s role in evaluating privacy control structures and the use of continuous monitoring in order to comply with privacy legislation.

Areas Covered in the Webinar:

This webinar will discuss the following topics:

• Current privacy legislation.
• Designing an effective control structure.
• The effect on risk of developments within information technology.
• The auditor's role in evaluating privacy control structures.
• Implementing an effective audit program.
• The use of continuous monitoring.

Who Will Benefit:

This webinar will be beneficial for the following personnel involved in the governance of organizations as required by national and international legislation:

• Internal Auditors
• External auditors
• Senior management
• Who assist the Board to demonstrate adequacy of governance procedures and internal control structures

Instructor Profile:

Richard Cascarino, is the Principal of Richard Cascarino & Associates, a highly successful audit training and consultancy company based in Colorado and Johannesburg. He is a regular speaker at National and International conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. Richard is a Past President of the Institute of Internal Auditors in South Africa and also a member of ISACA and the Association of Certified Fraud Examiners.

Richard was a member of the Audit Committee of the Department of Public Enterprises in South Africa and chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health). He is the author of the "Auditor's Guide to IT Auditing" and the newly released “Corporate Fraud and Internal Control: A Framework for Prevention” both published by Wiley Publishing which is also used by universities worldwide.

Topic Background:

With the explosion of computer systems holding information of a private/confidential nature, the design and implementation of control structures in order to achieve privacy objectives have become critical in limiting the opportunities for corporate losses due to lawsuits and loss of trust. Recent notable cases of loss of confidential data have not only been due to employee carelessness but also hacktivist attacks. A Ponemon Institute and Symantec study showed that in 2011, 37% of cases involving data breaches were due to malicious attacks. Around 1.1 million identities were exposed per data breach, according to the Internet Security Threat Report Volume 17 released by Symantec in April 2012.

Follow us :