|
1 |
Report on Internal Presidents Meeting and Conference |
| |
Two main issues arose from the Conference:
- Getting close to the EU - specifically obtaining EU funding.
This process will start through attempting to obtain funding
for Eurocacs 2002 in Hungary. If this is successful other
areas will be considered.
An important issue was to ensure that any profits resulting
from this bid remains within Europe. This has added to the
growing support for a European ISACA office.
- International standards setting:
- Building on previous involvement in BS7799.
- Standards are bottom-up and cannot enforced from an
organisational level.
- Encouraged to be involved in standard setting.
- Board responsibility for standards is required. This is
currently being performed by Joe Wright. There was a view
that this has currently a low profile and feedback on
activity in this area should be included in future meeting
agendas.
- From a local chapter perspective, involvement in standard
setting could possibly best be achieved through involvement
with the Institute of Directors.
|
|
2 |
Responsibilities |
| |
All responsibilities will remain the same for the new year,
with the following changes/confirmations:
Jo Wright: Secretary and Standards
Bill Hawkins: Remain responsible for the Library
John Mitchell: Past President and Academic Relations |
| |
All Board members to review the Manual on the website and have
it updated where it is out of date. Changes can be made and
submitted to Allan Boardman. To be completed by September meeting. |
| |
A section in the Manual is required on Standards. To be written
by Joe Wright and John Mitchell. |
| |
Written reports are required for all meetings, especially if
the member is not able to attend. These reports should be
submitted 7 days before the meeting where possible. |
| |
Moving the monthly meeting to coincide with the monthly
members' meeting was discussed. It was decided that this is not
feasible as the board members are required to be available
subsequent to the members' meeting to answer questions. |
| |
Karen Sharpe is unable to attend the majority of members'
meeting for the upcoming year. She proposed that the meetings be
moved to another date and this was accepted. Future members'
meetings will be held on the 4th Thursday of each month
as opposed to the 3rd Thursday. |
| |
There is no indication that this will impact on members'
attendance and ABN Amro has indicated that they can accommodate
meetings on the revised dates. |
| |
Board members indicated that attending the members' meetings
starting at 4:30pm requires them to leave work very early. A
proposal to move the meetings to 5pm was accepted with the proviso
that it will be reviewed should there be a significant fall-off in
members' attendance or a large number of complaints. |
| |
The members' meetings for 2001/2002 are as follows:
27 September
25 October
22 November
13 December
24 January
28 February
21 March
25 April
23 May
27 June |
| |
Charles Mansour is to draw up an attendance rota and distribute
this to the Board. Board members can arrange individually to swap
dates if these are not convenient. |
| |
Board members on attendance duty will be required to collect
attendance fees from non-members attending the meetings, amongst
other tasks. Charles Mansour will draw up a checklist of duties
for board members on attendance duty. The checklist will be
distributed/published on the website for comment. |
|
3 |
Events |
| |
The theme for the 2000/2001 members' events will be Tools and
Techniques. |
| |
Following a brain storming exercise, the following events were
decided on: |
| |
Month |
Topic |
Presenter |
| |
September |
Security Policies |
Brian Shorten |
| |
October |
COBIT (Audit Plan) |
Charles Mansour |
| |
November |
Selling Recommendations |
John Mitchell to arrange with Lindsay Mercer (BAA) |
| |
December |
IT Fraud & Forensics |
Charles Mansour to arrange |
| |
January |
E-systems Testing & Change Management |
Gideon Pretorius to arrange |
| |
February |
CAATS |
Archie Watt to arrange |
| |
March |
Project Audit |
John Mitchell |
| |
April |
3rd Party Vendor outsourcing |
Karen Sharpe to arrange |
| |
May |
Firewalls & Middleware |
Karen Sharpe to arrange with Yag Kanani (DTT) |
| |
June |
Desktop Audit |
Steve Bailey |
| |
Board members responsible for arranging speakers should confirm
to Gideon Pretorius by 13 July and at the time provide the
following for each speaker:
- Presentation title
- Short description of presentation
- Presenter
- Biopic for presenter
|
| |
Where possible, speakers should be encouraged to submit an
article to DataWatch. |
| |
The following topics were not assigned to a specific event and
were considered to be more appropriate as DataWatch articles:
- Auditing SAP/Oracle
- Audit standards
|
| |
The following topics were not assigned to events and were noted
for possible future events:
- Public infrastructure
- Cryptography & PKI
- Business objects/Middleware
- Mobile security
|
| |
Cards will be distributed to members in the summer mailshot
using previous year's design. This needs to be finalised by the
Events committee by end July. |
| |
Board meetings will continue to be held on the first Wednesday
of each month except in July and August. Specific dates are:
5 September
3 October
7 November
5 December
9 January
6 February
6 March
3 April
1 May
5 June |
| |
Board meetings will be held at Deloitte & Touche starting
at 6pm. |
| |
Chargeable events |
| |
2 x 5 day events will be held with the themes:
- Computer Audit Fundamentals
- Enhanced Computer Auditing
|
| |
The events will consist of linked modules that can be attended
in entirety or separately. |
| |
The Aeonian Training Centre should be available for the events,
based on the final dates at a cost of £49 per person per day,
excluding VAT. A Litepro is also available at £150 per day,
excluding VAT. |
| |
The possible dates are:
Event 1: 17 September
Event 2: 5 or 19 November |
| |
The first event (September) will be aimed at approx. 20 people
with the following topics:
17th Risk Management and Control in IT by Derek
Oliver
18th Computer Fraud by John Mitchell
19th Systems Development Auditing by Derek Oliver
20th CAATS by John Mitchell
21st Business Continuity Planning to be arranged by
Karen Sharpe |
| |
The second event (November) will also be aimed at approx. 20
people:
Day 1 E-commerce by John Mitchell
Day 2 Internet Risks and Control - speaker to be arranged by Karen
Sharpe
Day 3 Change management by Derek Oliver
Day 4 Information Security by Derek Oliver
Day 5 IT governance by John Mitchell |
| |
John Mitchell is to revise the business cases for each of the
events and submit this to the Events committee and Archie Watt. |
| |
Archie Watt is to confirm the availability of the venue. |
| |
John Mitchell to confirm the availability of all speakers. |
| |
The Events committee is to approve the business case and submit
this to Archie Watt and Karen Sharpe. For the September event this
has to be completed by end June and for the November event by mid
July. |
| |
Nancy should forward the format of previous events
booking/information document to John Mitchell for updating. |
| |
The Events committee is to start considering possible
chargeable events for 2002 and discuss this at the first board
meeting. |
| |
The Events committee has further responsibility to ensure that
speakers at monthly events are available and to provide them with
a checklist. |
|
4 |
Finance |
| |
Archie Watt reviewed the current financial information of the
Chapter. The following comments were made:
- Flyers and mailshot income has dropped off significantly
(from approx. income of £2000 to cost of £2000-3000).
- DataWatch income is continuing to increase.
- Income from Events has been removed from the financial
statements due to the uncertainty at the time of preparation
of whether the events will occur.
- The drop in the Exchange rate has increased the value of
holding in US$. This has also affected income from members
remitted in US$ (between 80% and 90% of members). This has
lead to a FX gain of £1400.
- There is still uncertainty about the costs of meetings as no
bills have been forthcoming. This has been held at £500 + VAT
per meeting.
|
| |
International subscriptions have been increased by US$5 for the
next year. |
| |
Reserves are remaining constant, however, the cost of servicing
members is currently not met out of membership dues but is
supplemented by other income. |
| |
The current reserve policy of approx. 150% of net costs was
discussed in detail. Currently reserves stand at approx. 100% of
gross expenses. |
| |
John Mitchell submitted a proposal that the official policy on
reserves should state that 100% of gross annual projected
expenditure should be maintained as reserves. This was seconded by
John Hunter and carried by vote. This proposal has to be ratified
at the next board meeting. |
| |
The format of the financial statements were considered to be
appropriate and provide more detail than most chapters' financial
statements. Archie Watt was requested to split postage and
administration costs in future financial statements. |
|
5 |
Publications |
| |
Shiraz Mistry of Acumen Recruitment has approached DataWatch
through Karen Sharpe to include a research questionnaire on the
status of the IT Audit Market with a follow up article once the
research has been completed. His has indicated that:
- His company's name will not included in the initial
questionnaire
- The company's name will be included in the article
- The questionnaire will not ask for respondents' names and
employers.
|
| |
The board indicated that they were not keen on this proposal.
Actions agreed are:
- A copy of the questionnaire will be requested and reviewed
at a board meeting
- Contact will be made with Information Security to assess
their experience of earlier research attempts.
|
| |
The board made it clear that their reservations are based on:
- The requirement to be associated with reputable
organisations only;
- Protection of members; and
The impact on the relationship with Barclay Simpson (the board
also made it clear that they do consider that this relationship
alone should prevent the board from accepting the proposal). |
| |
Datawatch – General |
| |
- This is doing well with thanks going to Nancy (officially
recorded). Also the International Chairman Conference was very
well received. Responsibilities remain unchanged.
- There is a continuous requirement for each board member to
submit one article and source one during the next year. Next
copy date is 14th September 2001.
- Possible printer changes may reduce our costs
- There is no current concerns about costs and no
requirement to do external benchmarking.
- There is a suggestion for reward of regular contributors.
|
| |
CPE Hours |
| |
- A suggestion was made that there is a requirement to record
member meeting attendance and training courses for CPE proving
purposes.
- Due to the overhead required for this activity and the
limited benefit, a decision was taken not start record members
attendance.
- For publications there is no requirement for recording as
publication is sufficient of the article is proof enough for
CPE purposes.
|
| |
Provision of Datawatch to other Chapters |
| |
- Hungary is happy with accessing archive copies on website
- Currently Datawatch is provided to Northern England, the
Midlands and Ireland who are paying £1.50 (£3 in January)
per copy plus postage.
- There is a proposal to provide other chapters with content
for own publication. This has not been pursued further.
- Instead, the website version will be further distribution to
European chapters with invitation to approach us if they are
interested in own publication.
? Karen to take up at next President’s meeting
→ Allan to arrange for a link on international
website
- Data Protection issues on website to be addressed with
Archie and Joe by Allan
|
|
6 |
Website |
| |
- A general comment was expressed that content on the website
is getting old and needs updating.
- The availability of alternative Internet sources makes SIGs
almost redundant. Instead of further updating these, old SIG
content will be archived and made available through the
website.
- Conferences – where information is available submit to
Alan. Potential advertising revenue is being lost – restrict
to ISACA information and other chapter items and BCS
- The move of the security news feed to the main page has been
very eye-catching. (Information provided by Infosec).
- A specific area for Board members is now available and will
be password protected in future.
- Any further information that needs to be published should be
submitted to Alan.
- Allan will investigate getting events on the international
website.
|
|
7 |
Research |
| |
COBIT 4 has not yet started:
- The Maturity model currently being worked on
- This can be supported via ISACA
- Work is being performed in 2 phases with costs of £20k and
£25k respectively
- Support can be both academically and financially
- In the past there had been no viable projects for support
– this project is identified with locally and would be a
proper investment.
- Involvement will raise the reputation of ISACA amongst the
right people.
- Based on the earlier decision (previous meeting) to invest,
this is accepted.
- Proposal accepted to invest $3,000.
|
|
8 |
Eurocacs 2003 |
| |
- There is a general feeling that Eurocacs 2003 should be held
in London (should be recommended by global programme
committee)
- Involvement from local chapter depends entirely on the
chapter ranging from nothing to complete involvement.
- The following is required:
- Programme committee → independent from Chapter
- Organising committee → could be independent
- Rolling Meadows does most of the organising work
- 2 possible venues in London are available: QE2 or ExCel
- Should have 200+ people including 100 from the UK
- The local chapter has responsibility for sponsorship for
events and the welcome reception.
- The chapter will also have some input into the gala event.
- The conference is run for profit with an allocation to the
local chapter which increases in line with profits.
- Lobbying is required to get support from the global
programme committee. Archie is to make contact with members
and discuss their views on London hosting this event.
- Decision to be taken in September but would require
provisional booking of conference centre and hotels.
- Timing of conference: March 2003
- Archie to speak to Steve on what he has arranged and to
speak to QE2
- Concern about lack of interest from European delegates due
to London cost – might consider international conference due
to American participation.
|
|
9 |
External/Inter-Chapter Relations and Alliances |
| |
- At a workshop at the Presidents meeting discussions were
held on attempts to broaden range of people attending
meetings. Hong Kong had success through alliances and
cross-participation
- Agreements are in place with BCS and ICAEW (IT faculty).
Attempted with IIA but no success yet due to fragmented
structure and perceived competition in computing
qualifications.
- Attempt to improve relations with security professionals
such as ISC².
- Karen, with Allan’s support, will make contact with ISC²
and also ICAEW
|
|
10 |
Academic Relations |
| |
This is a new area to attempt to get to students before
qualification through building of relationships with universities
and supplying of items such as COBIT: There are 5 universities in
UK that provide IS control courses but most provide only Computer
Science.
John Mitchell will act as a contact between international and
local universities, concentrating on Southern universities which
provide the IS Control Course.
No incentives are being applied to students. |
|
11 |
Subscriptions for 2002 |
| |
Based on discussions and required break-even points, the
subscriptions for 2002 are to be increased to to $180 or £115 +
£5 for cheque handling.
There is a requirement to give members an indication on what
the US does with money allocated to them.
Discussion of Nancy’s increase to be held at next board
meeting
Reserves are to be maintained at 100% of predicted expenditure. |
