Septemeber 10, 2008

From the President


Hello All!!!

Our meeting for this month will be on Wed September 10th  from 7:30am to 2pm.  This will include our regular monthly meeting from 8am to 9am then continue on until 11:30am –Noon.  Lunch will be served after the seminar.  When registering please note if you will attend the meeting portion or the seminar.    Please RSVP by Tues Sept 9th to secure your reservation.

If you are in need of CPE please be sure to review the “Need CPE Opportunities” at the bottom of this email. 

We do not have a speaker lined up for December 2008.  If you know anyone who might be interested or if you yourself would be interested in speaking we welcome the opportunity to learn.   Remember you do get CPE for presenting.  Also, if you have ideas for meeting topics please feel free to contact me with your ideas.  Your help would be greatly appreciated.


Thank you and hope to see you there!

Susan Ross
434-5780 \ 818-7092


Meeting Details


CPE:  1





Wednesday, April 11, 2007

" Audit IT Outsourced Environments?"





The Crescent Club

7:30am - 8:00 am  -Breakfast/Chapter  Business

6075 Poplar Ave.

8:00 am - 9:00 am  - Speaker

Memphis, TN

 9:15am – 12pm Continue with Seminar





$15.00  members (meeting only)

Norm Kelson, Managing Director of The Kelson Group

$50.00 Seminar (includes meeting)


$75 Non Members




About the Topic


" IT Outsourcing – The Hype and Reality "


Norm Kelson, CPA, CISA – Managing Director, The Kelson Group

IT outsourcing is a reality. Whether it includes outsourcing IT operations, application maintenance, systems development, applications services, information security, or networking, they all constitute

outsourcing.  The process and results are fraught with risks, but also have rewards. As an auditor, it is essential to understand the life cycle of an outsourcing project from initial due diligence to implementation AND the ongoing operational issues after implementation. The decision to and the ultimate execution of the outsourcing, effects the audit universe, compliance (e.g. SOx), as well as the processes affecting the business.


In this 1/2 day seminar, we will discuss the:

• Business of outsourcing

• Outsourcing project life cycle

• Effect on the audit universe

• Audit focus of ongoing IT outsourced activities

Several issues to focus on include:

• How to execute an audit of the various phases of the initial IT Outsource project

• Post implementation review of the effectiveness of the IT outsource contract

• Operational audits of the outsourced processes

• Specific concerns for compliance audits

• Common issues that have arisen, i.e. service level agreements, failure to comply, company

preparedness and ownership of processes, and escalation processes

• Additional issues where processes are distributed to foreign entities (offshoring)


Norm will share his experiences with a recent IT outsourcing project and the issues identified during the audit process.


About the Speaker

Norm Kelson is a 30 year veteran with extensive experience in IT assurance and governance as a consultant with a Big 4 firm and internal audit boutique, internal auditor executive, and industry advocate. He has been responsible for building and disseminating best practices to internal audit and governance stakeholders.  Norm is currently Managing Director of The Kelson Group, a consultancy specializing in IT Assurance and Governance. Previously, he was Director of IT Audit for the Dutch retailer Ahold, and was responsible for IT Audit services for all US retail operating companies (Stop & Shop, Giant Landover, Giant Foods – Carlisle, PA, Tops, and Peapod). He was a key member of two internal committees: one to establish internal audit professional practices and standards and the other to establish a global information security organization. 

As a member of both the Institute of Internal Auditors (IIA) and the Information Systems Audit and Control Association (ISACA), Norm is a frequent speaker and subject matter expert at their

conferences. He is a former Executive Vice President of the New England ISACA Chapter, and recipient of the John Beveridge Achievement Award, conferred by the New England

Chapter of ISACA to an individual “who has, over and beyond the norm, contributed his or her efforts to their Profession and ISACA”.


Additional Information



To renew online, please login to with your personalized login credentials. This will place you at the "My ISACA" area of the web site where a link to "My Renewals" is provided in the left-hand navigation menu. You will also have the opportunity to renew your certification during this process. For login assistance, please visit


Membership Department

ISACA International

This email address is being protected from spambots. You need JavaScript enabled to view it.

+1.847.253.1545 ext. 771


Certification Department

ISACA International

This email address is being protected from spambots. You need JavaScript enabled to view it.

+1.847.253.1545 ext. 772


Job Postings

 Senior Information Systems Auditor   #14050


Job Description

The Sr. Information Systems Auditor will work under the general supervision of the Audit Director to execute a coordinated audit approach of the various automated systems at St. Jude Children's Research Hospital as determined through the information security risk assessment.  This includes working both independently as well as proposing and coordination the efforts of external resources to complete information security audits under the direction of the Internal Audit Department.  For assigned audits, this position will plan, direct, and conduct an objective evaluation of diverse operations and controls to appraise the effectiveness of the system of internal control.  Additionally, this position will provide requested information systems support to any audit on the annual audit plan.  This position will work independently but collaboratively with other department auditors in accomplishing the completion of the annual audit plan as assigned by the Audit Director.  Responsible for performing IS Audit functions including: general control reviews, application/operating systems audits, network reviews, advice on control practices in system implementation projects, IT Services operational audits, audit department software support (ACL, Access, TeamMate, Crystal reports, etc.), information security projects, and business recovery planning.  (AC)


Minimum Qualifications

A Bachelor's degree in computer science, accounting/auditing or related field is required.  Master's degree in computer science, accounting/auditing, business administration, operations management or related field preferred. Since 1993 Tennessee has required 150 semester hours before taking the Uniform CPA Examination.  Eight (8) years recent accounting/auditing experience is required.  Familiarity with an audit software package (data analysis) required.  Demonstrated abilities and technical capacity to understand and communicate about information technology platforms.  Systems controls evaluation experience is desirable.

Professional certification (Certified Public Accountant, Certified Information Systems Auditor or Certified Internal Auditor) is required.  CISA certification required within two (2) years in this position.


Qualified applicants may apply for this position or others via our online process at      


An Equal Opportunity Employer


Next Meeting


Sept 10th ½ day training   "Audit IT Outsourced Environments"   (Regular meeting – continued on until approximately 2pm) Cost $50 for members  $75 non-members

Oct  15th  Ian Woodall, The Tao of Everest

Nov. 12th  Threat Modeling: 0wn Your System

Dec. ????

Jan  14th  "Two Sides to the Same Coin"  By Michael Kieffer of Brand Protect


Need CPE Opportunities?


ISACA International is hosting e-Symposium, click this link to register  Please note that individuals can earn three (3) CPE credits for participating in the e-Symposium.