the northwest news...the user’s requests for webpages and redirects him or her to a web-based...
TRANSCRIPT
New Year’s greetings to one and all!
Most of you are hard at work day and night addressing year-end audit work, issuing those final reports from last year and starting audits for 2012. Historically, we take a hiatus in January to let you address more pressing matters.
Our calendar for the first half of 2012 is outstanding. New topics, a return visit from our chapter’s favorite fraud expert, capped off by the first (of hopefully many) joint IIA / ACFE Fraud Conference.
Based on the chapter survey there was a strong demand for a roundtable for seniors and supervisors. The managers, directors and CAE’s seem to have more than their share of these forums. The chapter has specially designed an event tailor-made to the challenges and tremendous opportunities that seniors and supervisors face in 2012. I hope to see you on February 15th in Schaumburg.
March 8th the chapter is very proud to present a cornerstone full day seminar with John Hall. The session is entitled “Fraud 2012: What’s Out There and What Auditors Can Do About It”. Experience one of John’s sessions first hand. His outstanding training abilities, hands-on experience, and highly interactive approach translate into one of the highlights of the year for our chapter.
As you have seen by the save the date email, the chapter is very excited about the upcoming IIA /ACFE Fraud conference on May 11th. Guest Keynote Speakers include:
Denny Beran, Chairman of the Board, Institute of Internal Auditors James Ratley, President, Association of Certified Fraud Examiners
The full list of speakers will be communicated shortly. It will be an event worthy of sending your entire team.
Although the temperature is frigid outside (fall couldn’t last forever), things are definitely heating up for the members of the NW Metro Chicago Chapter.
Brian Babendir
Chapter President
PRESIDENT PERSPECTIV ES
Inside this issue:
President Perspectives 1
3 Ways to Prevent Employee
Frustration and Disengagement 2
Certification Resources 3
Network access control policy:
Handling smartphone access
control
4
Changes to Continuing Profes-
sional Education
6
The North West Metro Chicago I IA Chapter
THE NORTHWEST NEWS JANUARY/FEBRUARY 2012
ISSUE 5 , VOLUME 1
Upcoming Events
Feb. 15: First Annual Roundtable for Internal Audit Seniors and Supervisors; RSM McGladrey , Schaumburg.
March 8: Fraud 2012: What’s Out There and What Auditors Can Do About It ; Sears, Hoffman Estates.
May 11: 1st Annual Joint IIA/ACFE Fraud Conference; Sears, Hoffman Estates.
3 Ways to Prevent Employee Frustration and Disengagement—Joanne Sammer
Page 2
THE NORTHWEST NEWS
In our last post, we discussed the significant lack of engagement across employee groups and how employees become frustrated. Now, we will take a closer look at how companies can reverse this trend toward high levels of frustration and low levels of productivity among employees.
"In many organizations, there is a significant pocket of frustration among employees and leaders who feel that they are being held back by unnecessary rules or an unsupportive working environment," says Mark Royal, senior principal with the Hay Group in Chicago and co-author with Tom Agnew of "The Enemy of Engagement: Put an End to Workplace Frustration — and Get the Most from Your Employees" (AMACOM). "Getting rid of those barriers and obstacles to performance is a real opportunity for an organization to motivate employees and unleash their energy and creativity. This, in turn, can yield tangible financial benefits for the organization."
Engaging employees is just one part of the process for improving performance. "Companies must not only engage or motivate employees but also enable or support those employees’ strong contributions," says Royal. Doing so can lead to higher revenue growth and lower turnover. Royal states that companies ranking in the top quartile on both engagement and enablement achieve revenue growth that is 4.5 times greater than companies ranking high on engagement alone. In addition, companies that both engage and enable employees have voluntary turnover rates that 54 percent less than their peers.
Royal estimates that frustrated employees make at least 20 percent of the total workforce and that nearly one-third of employees report they do not have the necessary resources and information to successfully do their jobs, which is a frequent precursor to frustration.
Here are three moves companies can take to prevent employee frustration and eventual lack of engagement:
1. Hold managers accountable for removing barriers to employee efforts. If employees don’t have what they need to be successful, they become frustrated. It is up to managers to identify what employees need and provide it,
while also removing the barriers to maximum employee effectiveness.
2. Require ongoing performance conversations. Annual reviews and goal setting are not enough to generate the ongoing feedback most employees seek. Royal notes that employees want to understand their impact on the bigger picture and the challenges they must tackle advance in the organization. Instead of annual reviews, he suggests that managers work to improve ongoing conversations about goals, priorities and challenges.
3. Ensure that managers find ways to clear the path to productivity for employees. Even when companies face tight budgets and other resource constraints, it is important to help employees find ways around those constraints to get the job done.
It is important to remember that enabling employees is a prerequisite for engaging those employees. Motivating employees and providing employees with the resources necessary to be successful is the right combination to optimize both employee satisfaction and productivity.
Joanne Sammer
Contributor to http://businessfinancemag.com
CAREER OPPORTUNITIES If your company is looking to fill an audit related position , we can post a short announcement in this section.
Anixter is seeking an Internal Auditor to our corporate headquarters team in Glenview, IL . This is a
great opportunity for a candidate with strong analytical, communication, project management and
interpersonal skills who is interested in taking on new challenges. ONLY RESUMES THAT INCLUDE
SALARY REQUIREMENTS WILL BE CONSIDERED. Visit our web site at www.anixter.com
Grant Thornton is interested in talking with Internal Audit professionals who are seeking a career in
IT risk advisory and business consulting. Please contact Colleen Johnson, Recruiting Manager at col-
Page 3
THE NORTHWEST NEWS
Frequently Asked Questions (FAQ) About Certification
Do you have questions about IIA certifications? If so, read through some common questions, and their answers, regarding The IIA's Certified Internal Auditor® (CIA®) exam and specialty exams. You will find many more answers to your questions in our Candidate Handbook. If you still have questions that you have not been able to find answers for, please email us at [email protected] or call us at +1-407-937-1111.
Not Yet Enrolled
Enrolled
Certified
Certification Resources
Network access control policy: Handling smartphone access control Mike Chapple, SEARCHSECURITY.COM
Page 4
THE NORTHWEST NEWS
From iPhone, to Droid, to BlackBerry, to Nexus One, it seems a new mobile device is born every week and employees are trying to put them on corporate wireless networks about 15 minutes after launch!
How does an organization cope with the risk posed by mobile devices and control their introduction onto enterprise networks? In this tip, we examine the role that network access control (NAC) systems play in the mobile environment.
Network access control (NAC) policy for mobile devices If you’re already using NAC in your environment, you’re probably familiar with the process used to authenticate a laptop or desktop computer:
1. User attempts to join a new device to the network.
2. The NAC server detects the new device and determines it is not already authenticated.
3. The user is prompted to install a NAC client on the endpoint.
4. The NAC client provides the user’s credentials to the NAC server for authentication.
5. The NAC client performs an assessment of the client’s security status and provides that to the NAC server.
6. The NAC server uses the credentials and assessment results to determine what, if any, network access the device should gain.
Unfortunately, this process breaks down at step three, when smartphones, tablets or similar “dumb” devices try to join the network, as it’s not possible to install a NAC client on such gadgets. In this case, NAC systems usually fall back to two possible approaches:
● In the “captive portal” approach, the NAC device intercepts the user’s requests for webpages and redirects him or her to a Web-based authentication page. Once the user authenticates, the device is granted access to the network, which allows authorized users to join any mobile device to the network.
● The alternative approach is to whitelist the MAC addresses of approved wireless devices. This involves much more
administrative overhead, requiring your IT staff to add the MAC address of each device to the NAC system every time a new device is deployed. However, this whitelisting option does give the enterprise a greater degree of control over network access.
The downside of both of these approaches is the NAC system has no ability to probe the security status of the device, greatly reducing the functionality that NAC traditionally offers in the laptop/desktop environment.
Making the most of mobile NAC So, how can an enterprise leverage its existing NAC infrastructure to help secure mobile devices? I suggest a three-pronged approach that hinges upon differentiating between corporate-owned devices and personally owned devices. Your mileage may vary, depending upon the security needs of the organization, but this framework offers a starting point that you can use to build an appropriate mobile network access control policy and related controls for your business environment.
● Limit full wireless network access to company-owned smartphones. You’ll simply never be able to gain the level of confidence in personally owned devices that you can have in those owned and managed by your IT staff. For this reason, I encourage limiting full network access to those devices owned and managed by the company. The easiest way to enforce this requirement is with the MAC whitelisting approach described above.
● Supplement NAC with mobile device management. While NAC products generally don’t allow you to reach down into the configuration settings of smartphones for more thorough smartphone access control, mobile device management software does. I suggest deploying one of these products as a complement to NAC and using it to enforce encryption, screen locking and other security settings on your company-owned devices.
● Consider a quarantine network for personally owned devices. In many environments, practicality dictates allowing personally owned devices to access the network. If this is the case in your organization, you may wish to place these devices on a separate quarantine network that has limited access. While you might allow personally owned devices to freely access the Internet, you should carefully control what (if any) corporate resources they are able to access. After all, do you really want
(Continued on page 5)
Page 5
THE NORTHWEST NEWS
business secrets sitting on a phone that you don’t own?
While it is difficult to bring the advantages of NAC to the mobile phone environment, it’s certainly achievable. The three steps outlined above provide the basic framework needed to begin designing a smartphone management strategy that meets your business needs.
(Continued from page 4)
U.S. Intel Chief: Insider Leaks A Top Priority
By J. Nicholas Hoover InformationWeek
Building the architecture necessary to prevent anoth-er Wikileaks might take several years, director of na-tional intelligence James Clapper said at an event Thursday in Washington, D.C.
The Wikileaks scandal, in which 260,000 diplomatic
cables, many of them sensitive, were burned onto CD-
RWs and later published online, has accelerated work
toward ensuring that information sharing is secure,
Clapper said in a speech on information sharing at the
Center for Strategic and International Studies. Howev-
er, there is no silver bullet to preventing insider
threats.
Read article online
Do you need a cyber umbrella?
Mary K. Pratt (Computerworld (US))
If your company were hit with a cyber attack today, would it be able to foot the bill? The entire bill, in-cluding costs from regulatory fines, potential lawsuits, damage to your organizations' brand, and hardware and software repair, recovery and protection?
It's a question worth careful consideration, given that the price of cyber attacks is rising at an alarming rate. The second annual Cost of Cyber Crime study, re-leased last August by the Ponemon Institute, reported that the median annualized cost of cybercrime for a company is $5.9 million -- a 56% increase from the 2010 median figure.
Continue reading online
About the author:
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served
as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a fre-
quent contributor to SearchSecurity.com, a technical editor for Information Security magazine and the author of
several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
Page 6
THE NORTHWEST NEWS
On Tuesday, November 15, 2011, the Global Board approved the implementation of several key changes to the Continuing Professional Education (CPE) reporting process. The changes in the program align The IIA with industry best practices and will enhance the reporting experience for certified individuals.
Effective January 1, 2012, changes to the reporting period, CPE requirements, and the reporting process will be implemented. The
table below summarizes these changes.
The full list of changes as approved by the Board of Directors is available in The IIA’s Administrative Directive Number 4: 2011.
(Continued on page 7)
Changes to Continuing Professional Education (CPE)
Requirements and Reporting Processes to be Implemented in 2012
Page 7
THE NORTHWEST NEWS
Changes to CPE, cont.
WHAT DO THESE CHANGE S MEAN FOR YOU? The 2012 reporting year will be a transition year, bringing all certified individuals in line with the new CPE program. Candidates will
need to report for a varied amount of CPE based on when they last reported. The table below indicates the reporting requirement
for the December 31, 2012 deadline based on the certificant’s ID number and last reporting cycle.
(Continued from page 6)
Page 8
THE NORTHWEST NEWS
1st
ANNUAL JOINT IIA/ACFE FRAUD CONFERENCE
CHICAGO SPRING 2012
JOINTLY SPONSORED BY CHAPTERS OF
Friday May 11, 2012
Full Day Event
We are pleased to present to you Special Guest Keynote Speakers:
Denny Beran, Chairman of the Board, Institute of Internal Auditors
James Ratley, President, Association of Certified Fraud Examiners
Stay tuned for further details
The 1st Annual Roundtable for Internal Audit Seniors
and Supervisors!
Discuss the challenges and the tremendous opportunities facing seniors and
supervisors in 2012 and beyond.
Date: Wednesday, February 15th, 2012
Time: 1:30 Registration / Event runs from 2:00 am to 4:00 pm
Location: RSM McGladrey, 20 North Martingale, Lower Level Training
Room,
Schaumburg, IL
CPE: Attendees are eligible for 2 CPE Credits
Prerequisites: None
Cost: $20
Register: For more information or to register,
visit https://www.123signup.com/register?id=crqhd
Fraud 2012: What’s Out There and
What Auditors Can Do About It
Date: March 8, 2011 Location: Sears
3333 Beverly Rd.
Hoffman Estates, IL, 60179
Registration: 8:30
Training: 9:00 – 4:30
CPE: 8
Cost: $185
Register today!
https://www.123signup.com/register?id=crvyj
The Latest IT Security Trends and Challenges
1st Chicagoland Information Security Officer (ISO)
Roundtable
Crowe Horwath will host and facilitate a discussion
of the topic: “The Latest IT Security Trends and
Challenges.” To kick-off the session, Special
Agents Alyssa Doyle and Pete Traven with the FBI
will discuss of the latest information security
trends.
Contact/RSVP:
Please contact [email protected]
Date February 22, 2011
Location Crowe Horwath
One Mid America Pla-
za, Suite 700
Oak Brook, IL
Time 8:00 -10:30 AM
Board members
Brian Babendir President
Mark Alexander Academic Relations
Elliott Bujan Communications
John Turner Research, Publication and Certifications
Matthew Budy Operations
Frank Moriarty Enterprise Relations and Advocacy
Brian Duffy Membership
Curtis W. Siegel Director of Forums
Angela Banks-Buford Administration
Toula Panagakos Programs
Oliver J. Tang Finance
Term expiring in 2012
Tami McLane Michael Heraty
Sharon Bell Tracy Heming-Littwin
Term expiring in 2013
Frank Moriarty Adewale Ademokunla
Earl Potjeau James A. Ruzicka
Governors
CHAPTER SITE: WWW.THEIIA.ORG/NORTHWESTMETROCHICAGO
EMAIL: [email protected]
Page 9
THE NORTHWEST NEWS
Welcome, New Members
Brian Mohr 1/11/2012
Zipporah Hamlet 11/1/2011
Brian Tornga 11/3/2011
Joseph Hamilton 11/3/2011
Kush Desai 11/3/2011
Chris Oldiges 11/3/2011
Jeffrey Whiteside 11/10/2011
Chen Song 11/15/2011
Adam Trudo 11/30/2011
Meghann Cefaratti 12/5/2011
Chih-Chen Lee 12/5/2011
Sandra Fasnacht 12/6/2011
Heather Boyce Kearns 12/9/2011
Kimberly White 12/12/2011
Laurel Orenchak 12/12/2011
Michael Davis 12/12/2011
Jim Haan 12/12/2011
Nancy Rochwick 12/12/2011
Maxine Kirchgessner 12/12/2011
Michael Hueser 12/12/2011
Luke Penskar 12/12/2011
Sandy Oh 12/12/2011
Michael Barhaug 12/12/2011
John Wojcik 12/14/2011
Sarah Gainer 12/19/2011
Kathleen Grogan 12/27/2011
Robert Riecker 1/11/2012
Andrae Johnson 1/11/2012
Prapti Desai 1/11/2012
Jason McConnell 1/11/2012
Elena Ghinea 1/11/2012
Melissa Bumbales 1/11/2012
Yuriy Stasij 1/11/2012