January 2007

Next Meeting - Thursday, January 11, 2007
Crowne Plaza at Midway and LBJ, Dallas

Joint Meeting with the North Texas Information Systems Audit and Controls Association (ISACA) Chapter - Technology Hot Topics

Lunch Meeting 12:00pm - 1:20pm
Registration begins at 11:30pm

SEC Enforcement Trends

Rose Romero, SEC District Administrator, Fort Worth District Office

Ms. Romero is the current SEC District Administrator and a former Assistant United States Attorney. Ms. Romero will provide an overview of recent SEC enforcement activities in the region as well as describe the implications of the SOX legislation on those actions. As a lead-in to the post-session round table discussion directly following the luncheon, Ms. Romero will outline the impact of discovery on SEC investigations and discuss how she expects the new electronic discovery rules to affect SEC investigations.

Rose Romero is the District Administrator for the Fort Worth District Office of the U.S. SEC. Before beginning her duties at the SEC on March 6, 2006, Romero was Executive Assistant United States Attorney for the Northern District of Texas. In that role, she advised the U.S. Attorney in a range of areas of management and administration and oversaw all criminal and civil programs initiated by the Northern District.

Romero joined the U.S. Attorney’s Office in 1989 as an Assistant U.S. Attorney and investigated and prosecuted numerous cases involving white collar fraud, telemarketing fraud, bank fraud, narcotics and money laundering. In 1996, she was appointed Deputy Criminal Chief, Narcotic and Violent Crimes Section, where she served until 1999. Romero then was selected to work as a resident legal advisor to the U.S. Ambassador to Ecuador where she advised the Ambassador on legal and political issues and assisted local officials in drafting civil and criminal legislation aimed at punishing financial crimes, money laundering and narcotics trafficking. Prior to her appointment to her present position, she also served as District Senior Litigation Counsel in the U.S. Attorney’s Office.

Romero received her BS from Texas Christian University and her JD from Southern Methodist University. She also served in the United States Air Force.

Pre-Meeting 10:30am

Business Continuity Planning
Roger M. Buss, Tatum Technology Partner

Business continuity plans are no longer a luxury, but an essential element of a well-defined risk management program. For many businesses, the decision to invest in this area is being forced upon them by legislation, third parties (e.g., insurers) or the occurrence of a disaster or near disaster. The goal of business continuity planning is to ensure that critical business processes can be recovered and resumed when disaster strikes. In other words, business continuity planning is the act of proactively strategizing methods to prevent, if possible, and manage the consequences of a disaster, limiting the consequences to the extent that a business can absorb the impact.

The loss of mission-critical systems can result in a significant loss of revenue and opportunities. Being able to recover systems quickly, accurately, and completely is critical to the ongoing success of any business. However, business continuity planning is broader than disaster recovery planning, the latter being primarily focused on IT systems recovery, whereas the former addresses recovery of the entire range of critical business processes essential to the continued operation of the company. Business continuity planning encompasses business resumption planning, disaster recovery planning, and crisis management.

Each company should develop a written, comprehensive business continuity plan that addresses all the critical operations and functions of the business. We will examine the steps required to develop a proper plan, and the business benefits which result from the development, communication, testing and maintenance of the plan.

We will also discuss audits of the business continuity plan. An audit of business continuity is essentially an audit of the plan with reference to the adequacy, completeness and appropriateness of the plan; availability of the processes and people to implement the plan; its testing; and the verification of the various day-to-day functions that need to be performed to make the plan effective and ready at all times.

Roger Buss is a Technology Leadership Partner and national segment leader for Tatum’s IT Governance and Controls Practice. He is a seasoned Information Technology executive with over 20 years of IT leadership experience in a variety of industries including financial services and health care. He has significant experience in managing large IT organizations and driving major IT initiatives in applications development, systems consolidation and revitalization, and new technology implementation. He has consistently demonstrated strong strategic planning, organizational development, vendor management and budgeting skills. He also has significant experience in IT audit and controls evaluations, including Sarbanes-Oxley Act requirements. For a $600 million property casualty insurer, he implemented a critically-needed web portal for policy rate/quote/issue for the company’s independent agents, and completed a major multi-year systems consolidation for a $100 million acquired business. For another major insurer, he orchestrated a comprehensive migration and conversion of core systems and a major network upgrade. For a $400M legal services firm, he managed an extensive Sarbanes-Oxley IT compliance effort, including IT general controls and application controls assessment, remediation and testing. For a major home health care equipment supplier, he recruited and led a large development team in successfully building and delivering a suite of mission-critical applications against aggressive timelines. For a $75M high-tech manufacturer, he created an IT strategic blueprint, evaluated several IT outsourcing strategies, mentored a newly-appointed IT director, and documented IT policies and controls.

Roger has an MBA from the Kellogg School at Northwestern University, and holds both Certified Public Accountant and Chartered Property Casualty Underwriter designations.

Post-Meeting 1:30pm

The New Rules of Discovery for Electronically Stored Information
Panel Speakers: Rose Romero, SEC District Administrator
Fort Worth District Office Austin Hutton, Hutton Consulting
Peter Vogel, Gardere Wynne Sewell LLP

This round table discussion will focus on the changes to federal rules of civil procedure regarding electronically stored information. The discussion will include the intents and scope of the changes as well as the intended and unintended outcomes for the new rules. In addition the panelists will discuss how these new rules can be expected to affect how companies identify, classify, and manage data; how to plan for and respond to electronic discovery; and how to minimize the unanticipated costs. W. Austin Hutton, CISA, CISM Mr. Hutton has more than 20 years of senior leadership experience in Information Technology. His career includes broad based experience managing global technology organizations for American Express and Pepsi Restaurants (now YUM brands) His experience includes developing and managing global transaction networks, voice networks, and a variety of enterprise class infrastructure and application development services.

In the past eight years Austin Hutton's  consulting experience includes several enterprise reengineering efforts, organizational transition planning technical and operational analysis for mergers and acquisitions as wells as IT architectural planning. Mr. Hutton has also served as the contract CIO for a Fortune 50 subsidiary.

Mr. Hutton has conducted multiple Sarbanes-Oxley and IT governance engagements in a variety of roles and is a regular speaker at industry functions. In addition to co-authoring four articles on IT governance in the past several years, Mr. Hutton conducts seminars on the implications of new legislation on IT planning and operations. Mr. Hutton is a CISA and a CISM.

Peter S. Vogel has been involved with the computer industry since 1967. For the past 28 years Peter combined his Masters in Computer Science and past experience as a mainframe programmer, systems analyst, and management consultant together with effective legal skills negotiating contracts and in court. The result is an attorney who has the technological expertise and business understanding of his clients - from the inside.

Peter's clients often seek his advice about practical business issues relating to technology. These often include software patents, copyrights, trade secret protection, ERP implementation projects, Internet security, website business management, and outsourcing. Because he is a seasoned IT professional with an accounting and marketing background, Peter often consults about IT and Internet marketing and financial issues. His experience as an Adjunct Professor in the Law of the Internet keep him current on the fast moving evolution of the Internet.

Peter is Chair of the Electronic Discovery and Document Retention Group and co-Chair of the Internet and Computer Technology Practice Group at GARDERE WYNNE SEWELL - where he helps clients navigate business and technology issues through the legal mazes of intellectual property, contracts, government regulation, and litigation from cradle to grave. Because of his unique background and expertise, Peter is often appointed as an Arbitrator, Court Ordered Mediator, and Special Master in Internet, intellectual property, and computer technology litigation. In addition to helping businesses throughout the world, Peter has also devoted a substantial amount of time and energy serving government agencies and non-profit organizations by addressing their computer and Internet issues. Peter:

• Chairs the Texas Supreme Court Judicial Committee on Information Technology whose mission is to put Internet on the desktops of all 3,100 judges in Texas. (www.courts.state.tx.us/oca~cit)
• Served on the Texas Task Force for the Uniform Electronic Transaction Act (UETA)
• Served as founding chair of the Computer & Technology Section of the State Bar of Texas
• Writes and lectures nationally on computer law topics including software intellectual property, discovery of computer evidence, Internet, and e-Commerce

In 1994, Peter was President of the Dallas Bar Association and also served on the Board of Directors of the State Bar of Texas. Peter teaches courses on the Law of the eCommerce as an Adjunct Professor at SMU Law School, and is on the founding Board of Advisors of the SMU Computer Law Review and Technology Journal.

In June 2004 Peter received a Lifetime Achievement Award for Promoting Technology in the Law from the Computer & Technology Section of the STATE BAR OF TEXAS. In addition, Peter has been regularly recognized as one of America's Leading Business Lawyers in CWERS, a Best Lawyer in America, a Top Lawyer in Dallas, and a Texas Super Lawyer.

The best method to place and confirm your reservation is via the web site at http://www.dallasiia.org/Reserve.htm.

Secondary Method:

An optional method is to use the telephone, fax, or e-mail. However, a $2 phone/fax/e-mail fee will be assessed to each reservation.

Reservations and cancellations must be received by 5:00 pm on Friday, January 5, 2006.

We reserve the right to bill for "no-shows."

We Now Accept Credit Cards - Online Only

The IIA Dallas Chapter, in conjunction with PayPal, will now accept payment online for the monthly luncheons. There is no change in the cost to you for the lunch. We accept VISA, MasterCard, Discover, American Express, or eCheck. Note that some corporate-issued cards are not accepted by PayPal. This service is only available online at the time the reservation is made. This can be used to pay for individual or group reservations. Follow the instructions on our website. If you properly cancel a reservation before the meeting, the Chapter will either return the funds to you or reserve you for the next meeting. Any questions, contact Tom Keils at 214-880-3560 or tom.keils@bldr.com.

After you place your reservation online, you will see the link to pay via PayPal if desired.

Chapter News

Certification News - Congratulations!

New Certifications

Congratulations to the Dallas Chapter members who passed the exams in May 2006! Certificates to those who completed all requirements for certification were awarded at the November 2006 Dallas Chapter meeting. Certificates for those with requirements still pending will be mailed by the IIA upon completed of their requirements.

Chapter members who passed the examination included:

Mark Your Calendars!

The next CIA Review Course will again be led by Dr. Glen Sumners from Louisiana State University. The course will be held on April 20-23, 2007, at UT Dallas’ School of Management. Details on how to register will be coming in January. Keep checking the Dallas Chapter website for more details.

May 2007 Exams – Register by March 31st!

The exams will be held May 16-17, 2007. For all certification exams, see The IIA’s Website at: http://www.theiia.org/index.cfm?doc_id=12. The exams will be held at UT Dallas.

CIA Exam Proctors - Thank you!

Thank you to the following members for volunteering their time to proctor at the November CIA exam! The Dallas Chapter appreciates your service!

Name & Company
Danny Kreps, Rent-A-Center
David Jarnagin, ACS
Deryl Franklin, Jefferson Wells
Ernest Kinneer, Jefferson Wells
Jennifer Rossberg, UTD
Joseph Molina, Jefferson Wells
JP Springsted, Alliance Data Systems
Kelley Evans, EDS
Ken Helper, Rockwell Collins
Kimberly Wiersma, Credit Union of Texas
Magdalena Kovats, Resources Global Professionals
Mark Bryan, Jefferson Wells
Mark Reynolds, Grant Thornton
Mark Salamasick, UTD
Michael Gerleman, Alliance Data Systems
Mike Kennedy, JCPenney
Scott Sullins, JCPenney
Susan Campbell, AAFES
Susan White, Jefferson Wells
Tam Namir, Jefferson Wells
Thomas Ferry, Alliance Data Systems
William Villegas, DART

Report Your Speaking and Writing

It's time again for the survey to determine which IIA Dallas Chapter members have submitted articles or spoken since October 1. Each speaking engagement on internal auditing that a Dallas Chapter member completes will earn the Chapter 1 credit per CPD hour. Each full article, Roundtable article, Fraud Finding, etc. submitted that meets basic editorial guidelines will earn 5 credits. For each full article published 20 credits are earned. Each internal audit related article published in any other trade or professional journal that is authored by a chapter member is 5 credits.

To report your writing and speaking go to http://dallasiia.org/Speaking.htm and complete the provided form by January 15, 2007. Contact Gwen Land gwen_land@jeffersonwells.com if you have any questions.

Career Opportunities

Are you currently in the job market either voluntarily or involuntarily? Let the Employment Committee help you. Send us your resume and we will include you in our resume database. We receive calls from recruiters and hiring managers for open positions and will forward your resume if there is a match. We get calls for staff to director levels, IT to finance, local to out of town. All inquiries will be handled confidentially. If you have any questions, give us a call or e-mail us. We look forward to helping you.

Fred Herman, Employment Committee Chairman, 972-801-1208, fsjnherman@aol.com.

Comments, questions, suggestions?
Contact the webmaster@dallasiia.org

© Dallas Chapter Institute of Internal Auditors
P. O. Box 261747, Plano, TX 75026-1747

The following links will take you to our web site, http://dallasiia.org: