Due to an overwhelming response to this event, we have to stop accepting reservations!  Participation has reached capacity...we thank all of those planning on coming this Friday!  Please let the Programs Committee know if this is a topic that should be revisited.  We appreciate the excitement surrounding this event and we look forward to seeing you on Friday.

Summary

Risk Managers, Internal Auditors, CFOs, and CIOs have been requesting SAS 70 reports from their processors and systems vendors for years.  Once they obtain these reports, the work has just begun.  Crowe Chizek will take the attendees through a SAS 70 report focusing on the critical points to consider in evaluating a SAS 70.  We will cover the scope of the report, evaluation of control objectives as they relate to the user organization, review the testing types used in SAS 70 reviews, discuss User Control Considerations, discuss the timeframe covered under the report and when a roll forward or letter from the vendor is required.  We will provide a sample evaluation framework so that Internal Auditors, Risk Managers, CFOs, and CIOs will be able critically review the SAS 70 reports and document the basis of their conclusion.  Further they will be able to easily document their process used so that your organizations’ auditors will be able to read and understand the conclusions.  Attendees will be armed with a process and understanding to critically evaluate a SAS 70 report and determine if the report suitably addresses their organization’s risks.

About George F. Wiegand, Jr. CPA, CISA - Crowe Chizek & Company, LLC

George is a Senior Manager in the Risk and Performance Services Group of Crowe Chizek.  George works in the group’s Attestation Competency Center (ACC) for information security and technology based controls.  The ACC is support for all areas of computer-based controls to Crowe’s financial audits, third party audits (SAS 70s), ATM Network certifications (TG-3), Payment Card Industry (PCI, aka VISA Cardholder Information Security Program) compliance reviews and other risk based procedures for the financial services industry.  George leads and supervises SAS 70 reviews and support for all areas of computer based controls to Crowe’s financial audits.  George joined the firm in 1991 and has over 15 years of experience spending the majority of these years in the financial services industry.  His clients include financial services, insurance, manufacturing concerns and governmental organizations. 

George has an undergraduate degree in Accounting from Purdue University.  He has instructed on information technology controls and is currently active in the continuing professional education and training programs at Crowe Chizek.  George is a member of ISACA (Information Systems Audit and Control Association) and is a past member of the ISACA Standards Board Task Force, IIA (Institute of Internal Auditors) and the AICPA (American Institute of Certified Public Accountants).

George is based in our Indianapolis, Indiana office and is both a CPA and CISA (Certified Information Systems Auditor).